adding an attribute.
by Anant S Athavale
Dear List:
I use openldap 2.2.13 on RHEL and having 4000+ entries.
I have the following requirement.
1. Add one attribute for all the records.
2. Set a value to it, which is already set for another attribute of
the same record.
A SQL command of the following type would have done this job, if my
data was in SQL.
update data
set newattr=oldattr;
Is there any equivalent Openldap command, which can be used to do this.
Regards,
Anant Athavale.
14 years, 10 months
Re: openldap proxy: schema issue
by jerrrry@voila.fr
Hi,
Thanks for your help.
I create my own OID in a .schema file that i include in slapd.conf and it works great !
attributetype ( 1.3.6.1.4.1.4203.2.3.159562 NAME 'sbzoneid' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
with "159562" a number of my choice that is not already used by openldap.
Now i'm trying to get a ldaps connection with the backend ldap server.
I want my openldap proxy to check the backend certificate with the CA certificate that i put after TLSCACertificateFile.
The issue is that the ldaps connection works everytime without checking the backend server certificate.
The configuration line with TLSCACertificateFile has no effect on the ssl connection !
I saw that TLSVerifyClient enable to force the certificate check of the client conneting to my openldap proxy but i don't see how to force the openldap proxy to check the backend server certificate.
Then, i had 2 .cer CA certificate (a root and an intermediate) that i concat in 1 certificate. Does openldap support .cer ? or should i rename it in .pem ?
my slapd.conf:
TLSCACertificateFile /usr/local/etc/openldap/CAcert.cer
#TLSVerifyClient never
database ldap
suffix ou=personnes,o=sg
uri ldaps://192.168.239.210:1636
thank you for your help
jerrrry
> Message du 30/11/06 à 17h52
> De : "Kurt D. Zeilenga"
> A : jerrrry(a)voila.fr
> Copie à : openldap-software(a)openldap.org
> Objet : Re: openldap proxy: schema issue
>
> At 02:09 AM 11/30/2006, jerrrry(a)voila.fr wrote:
>
> >Hi everybody,
> >
> >I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP server.
> >
> >Unfortunately this (non-OpenLDAP) LDAP directory uses non standard attributes stored in a .ldif file.
> >
> >i have to use one of this non standard attributes in the slapd.conf file for binddn:
> >
> >database ldap
> >
> >uri ldap://192.168.239.210:1389
> >
> >suffix ou=personnes,o=sg
> >
> >binddn "sbzoneid=appli_test,ou=exploit,ou=personnes,o=sb"
> >
> >bindpw secret
> >
> >
> >maybe i have to convert this file in the openldap .schema format and include it in slapd.conf.
>
> If the LDIF contains RFC 4512 conformant schema descriptions,
> that conversion is straight forward. However, it seems that
> descriptions provided in the LDIF do not conform to RFC 4512.
>
> >A big issue seems to be that this ldif file doesn't use numericOIDs but string OID like:
> >
> >attributetype ( sbzoneid-oid NAME 'sbzoneid' SYNTAX 1.3.6.1.4.1.1466.115.12
>
> slapd(8) requires either an OID, or a valid OID macro (which
> will expand to the OID before the description is published in
> the schema)... because LDAP does (see RFC 4512).
>
> >so when runing "sladp -d 1" i get the error: OID could not be expanded: "sbzoneid-oid"
>
> As "sbzoneid-oid" isn't a numbericoid, it assumed it was an
> OID macro. But there is no such OID macro, hence the error.
>
> >or maybe with a more liberal parsing could be helpful ?
>
> The input is parsed just fine. The problem is semantics.
> The field requires an OID. "sbzoneid-oid" is neither an OID,
> nor something that represents an OID. Without an OID, slapd(8)
> wouldn't be able to publish valid schema descriptions for
> the schema element.
>
> >Do you have any idea to solve this problem ?
>
> Locate the proper OIDs for these schema elements and use them.
> Or, assign your own OIDs (from your own name space).
>
> Kurt
>
>
>
14 years, 10 months
Problem with OIDs....
by shilpa muramkar
For the previous directory server which we used we had not used any specific
OIDs.Now for openLDAP i need to have a specific OID.
I have tried out all possible sample OIDs and have failed.........so now i
have gone back to my usual string instead of an OID,,,,like,,,
attributetype( ssarole-oid
NAME 'ssarole'
DESC 'This attribute defines the role'
SYNTAX 'cis'
MULTI-VALUE )
attributetype( ssaugtype-oid
NAME 'ssaugtype'
DESC 'This is Usergroup Type'
SYNTAX 'cis'
SINGLE-VALUE )
..................
...............
bjectclass( ssauser-oid
NAME 'ssauser'
DESC 'SSA User'
SUP ssabase STRUCTURAL
MAY( telephonenumber $ title $ mobile $ displayname $
facsimiletelephonenumber $ preferredlanguage $ postaladdress $ c ) )
objectclass( supplier-oid
NAME 'supplier'
DESC 'SSA Supplier'
SUP ssauser STRUCTURAL
MUST businesspartnerid )
............
......................
but still the same problem persists.......that is either my schema file isnt
being referred by server or an error saying
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
KINDLY let me know as to how to get any OID for my purpose........or can i
get away with having strings as OIDs.......
abd where else should i look into .
WAITING FOR UR REPLY!!!!1
14 years, 10 months
Re: Problem with OIDs....
by Kurt D. Zeilenga
At 10:45 PM 11/30/2006, shilpa muramkar wrote:
>Now for openLDAP i need to have a specific OID.
The requirement comes from RFC 4512.
I suggest you read RFC 4512 as well as the Admin Guide section (9.2)
discussing custom LDAP schema design. The former covers the
particulars of LDAP attribute type and object class descriptions,
the latter provides some additional information, including
answers to the questions you posed.
Kurt
14 years, 10 months
