Adding Objectclass account gives object class violation
I'm using samba-openldap on Ubuntu 9.10 Server. I have created following user:rick using smbldap-tools which use default samba.schema.eg shown below. Now I also want to use Host based authentication using pam_filter where I need to mention host entry which has to be present in that user record. pam_filter |(host=cms2)(host=cms3) However host attribute appears only if I add objectclass:account. If I go ahead to add that here for user:rick it gives me objectclass violation. What could be the way out of it? Any inputs would be highly appreciated cn: rick objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount sn: rick givenName: rick uid: rick uidNumber: 30003 gidNumber: 513 homeDirectory: /home/rick loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: rick sambaAcctFlags: [UX] sambaSID: S-1-5-21-1045966857-3925637060-4258372004-61006 sambaPrimaryGroupSID: S-1-5-21-1045966857-3925637060-4258372004-513 sambaLogonScript: logon.bat sambaProfilePath: \\x6\profiles\rick sambaHomePath: \\x6\rick sambaHomeDrive: H: sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE sambaNTPassword: 0CB6948805F797BF2A82807973B89537 sambaPwdLastSet: 1271227877 userPassword: test Thanks Shamika
Re: SASL EXTERNAL, sasldb2 and authz-regexp
Oliver Liebel schrieb: Am 14.04.2010 09:36, schrieb Götz Reinicke - IT-Koordinator: Dieter Kluenter schrieb: Götz Reinicke - IT-Koordinatorgoetz.reini...@filmakademie.de writes: Hi folks, [...] My consumer server should bind to the provider using sasl with the saslmech external. (Red Hat 5.x, cyrus-sasl-2.1.22, openldap-2.3.43-3 ) I'v changed the slapd.conf files on both servers: consumer: syncrepl ... bindmethod=sasl saslmech=EXTERNAL starttls=yes provider: authz-regexp dn=email=webmas...@filmakademie.de,cn=ldap2.filmakademie.de,ou=it officenet,o=filmakademie baden-wuerttemberg gmbh,l=ludwigbsburg,st=baden-wuerttemberg,c=de cn=replicator,dc=filmakademie,dc=de from first sight, looks like wrong authz-regexp: dn=email= Thats right AND I had a linebrake between both values. After changing both everything works like I thougt it should. Regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt
Re: Adding Objectclass account gives object class violation
Shamika Joshi shamika.jo...@gmail.com writes: I'm using samba-openldap on Ubuntu 9.10 Server. I have created following user:rick using smbldap-tools which use default samba.schema.eg shown below. Now I also want to use Host based authentication using pam_filter where I need to mention host entry which has to be present in that user record. pam_filter |(host=cms2)(host=cms3) However host attribute appears only if I add objectclass:account. If I go ahead to add that here for user:rick it gives me objectclass violation. What could be the way out of it? Any inputs would be highly appreciated [...] You either create your own auxiliary object class with attribute type host, or add objectclass extensibleObject with host attribute type. If you use extensibleObject be warned, this allows to add any attribute type. -Dieter -- Dieter Klünter | Systemberatung sip: +49.40.20932173 http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
Re: Adding Objectclass account gives object class violation
i'm sorry, but I'm beginner with openldap, dont have much knowldge about how to use schemas here... could you please explain in brief how to do that? On Wed, Apr 14, 2010 at 3:50 PM, Buchan Milne bgmi...@staff.telkomsa.netwrote: On Wednesday, 14 April 2010 09:58:45 Shamika Joshi wrote: I'm using samba-openldap on Ubuntu 9.10 Server. I have created following user:rick using smbldap-tools which use default samba.schema.eg shown below. Now I also want to use Host based authentication using pam_filter where I need to mention host entry which has to be present in that user record. pam_filter |(host=cms2)(host=cms3) However host attribute appears only if I add objectclass:account. If I go ahead to add that here for user:rick it gives me objectclass violation. What could be the way out of it? Any inputs would be highly appreciated Use hostObject objectclass from ldapns.schema, shipped with pam_ldap source. Regards, Buchan
RE: OpenLDAP Data Directory issue
Thanks for the reply. This I did as a part of platform AIS testing which includes that if the mount where the data directory is placed went offline then how will LDAP respond. Also where the data will get cached as I believe it should get cached in the data directory only? Though the reads were happening in this case but I checked inserting records as well and it worked. As I believe inserts should not happen at all in this case if data directory does not exists at all. Please suggest. Regards Rahul Manchanda -- Andes , Selfcare Platform Build Team tel: (+91) (20) 66018100 extn: 6178; e-mail: rahul.mancha...@bt.com Address: Tech Mahindra, Sharada Center, Erandwana Pune-4 -Original Message- From: Quanah Gibson-Mount [mailto:qua...@zimbra.com] Sent: Tuesday, April 13, 2010 9:00 PM To: Manchanda,RK,Rahul,DKE C; openldap-technical@openldap.org Subject: Re: OpenLDAP Data Directory issue --On Tuesday, April 13, 2010 4:39 PM +0100 rahul.mancha...@bt.com wrote: Hello, For a running LDAP if I delete the data directory still the LDAP is responding to reads and writes without giving any error. All logins in related to application are working fine. Is this picking the data from cache or actual data itself is getting stored somewhere. Can someone please provide his/her technical expertise on this behavior? It's unsupported and you should never delete it while LDAP is running. It likely is still cached in memory. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration
Re: OpenLDAP Data Directory issue
rahul.mancha...@bt.com wrote: Thanks for the reply. This I did as a part of platform AIS testing which includes that if the mount where the data directory is placed went offline then how will LDAP respond. Also where the data will get cached as I believe it should get cached in the data directory only? Though the reads were happening in this case but I checked inserting records as well and it worked. As I believe inserts should not happen at all in this case if data directory does not exists at all. Please suggest. Learn how Unix works. Deleting files doesn't actually remove them if a process still has a file descriptor open on those files. If you wanted to test the behavior of a mount point going offline then you should have done exactly that - unmount the mount point. You would have to use a force option if the mount point still has files open on it, and if you successfully dismount, slapd will certainly start failing operations with Internal Error soon after. Regards Rahul Manchanda -- Andes , Selfcare Platform Build Team tel: (+91) (20) 66018100 extn: 6178; e-mail: rahul.mancha...@bt.com Address: Tech Mahindra, Sharada Center, Erandwana Pune-4 -Original Message- From: Quanah Gibson-Mount [mailto:qua...@zimbra.com] Sent: Tuesday, April 13, 2010 9:00 PM To: Manchanda,RK,Rahul,DKE C; openldap-technical@openldap.org Subject: Re: OpenLDAP Data Directory issue --On Tuesday, April 13, 2010 4:39 PM +0100 rahul.mancha...@bt.com wrote: Hello, For a running LDAP if I delete the data directory still the LDAP is responding to reads and writes without giving any error. All logins in related to application are working fine. Is this picking the data from cache or actual data itself is getting stored somewhere. Can someone please provide his/her technical expertise on this behavior? It's unsupported and you should never delete it while LDAP is running. It likely is still cached in memory. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: Sincronizing two different structred trees
Worked perfectly, thank you very much!!! 2010/4/14 Buchan Milne bgmi...@staff.telkomsa.net On Tuesday, 13 April 2010 17:47:34 Rodrigo Renie Braga wrote: Hello list. I was wondering if it's possible to sincronize, using chaining or syncrepl, two different structured OpenLDAP servers, actually, both servers are equal on a specific sub-tree and it's that specific subtree that I'd like to sincronize. Something like: Server A dc=example,dc=com | - ou=users | | - ou=company Server B dc=other,dc=org | - ou=people | | - ou=company It's both company subtrees that i'd like to sinc... Is it possible? Sure, something like this (untested): # replicate ou=company,ou=users from server A as-is database (b|h)db suffix ou=company,ou=users,dc=example,dc=com syncrepl . uri=servera.. # present ou=company,ou=users,dc=example,dc=com as # ou=company,ou=people,dc=other,dc=org database relay suffix ou=company,ou=people,dc=other,dc=org subordinate overlay rwm rwm-suffixmassage ou=company,ou=people,dc=other,dc=org ou=company,ou=users,dc=example,dc=com # the rest of the dc=other,dc=org conents: database (b|h)db suffix dc=other,dc=org .
serviceSearchDescriptor problem.
Hey, I'm having a problem setting up an openLDAP database. I've installed it, configured it (that took a while, OpenLDAP should realy supply a script to do it manualy) and set my server to use it for authentication (as well as the /etc/passwd file). But now i want to configure the server to work with the sudoers file so users can use the sudo command. Here is where i'm having problems. I folowed this guide: http://georgia.ubuntuforums.org/showthread.php?p=9121830 http://georgia.ubuntuforums.org/showthread.php?p=9121830#post9121830And i came to the part where i need to insert this code into the database with ldapadd: dn: ou=SUDOers,dc=prvi-dijak,dc=si objectClass: top objectClass: organizationalUnit ou: SUDOers serviceSearchDescriptor: sudoers: ou=sudoers,dc=example,dc=com But here is where i run into a problem. The server always gives out an error, like this: ldapadd -f sudoWork/sudoMaster.ldif -h 127.0.0.1 -D cn=admin,dc=prvi-dijak,dc=si -W -x Enter LDAP Password: adding new entry ou=SUDOers,dc=prvi-dijak,dc=si ldap_add: Undefined attribute type (17) additional info: serviceSearchDescriptor: attribute type undefined And i have no idea why. I also tried to do it manualy. I added the organizationalUnit with phpLDAPadmin but i can not find the serviceSearchDescriptor attribute anywhere. Could you advise me on how to fix this problem? -- Good day, Miha Krajnc.