openldap-software December 2006

openldap-software@openldap.org

60 participants
65 discussions

adding an attribute.
by Anant S Athavale 04 Dec '06

04 Dec '06

Dear List: I use openldap 2.2.13 on RHEL and having 4000+ entries. I have the following requirement. 1. Add one attribute for all the records. 2. Set a value to it, which is already set for another attribute of the same record. A SQL command of the following type would have done this job, if my data was in SQL. update data set newattr=oldattr; Is there any equivalent Openldap command, which can be used to do this. Regards, Anant Athavale.

3 2

LISA06
by Howard Chu 03 Dec '06

03 Dec '06

Just a quick reminder that I'll be running the LDAP Guru session at this year's LISA conference in Washington D.C. on Wednesday December 6. Come on down and bring your questions... http://www.usenix.org/events/lisa06/tech/ -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/

1 0

Re: openldap proxy: schema issue
by jerrrry＠voila.fr 01 Dec '06

01 Dec '06

Hi, Thanks for your help. I create my own OID in a .schema file that i include in slapd.conf and it works great ! attributetype ( 1.3.6.1.4.1.4203.2.3.159562 NAME 'sbzoneid' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) with "159562" a number of my choice that is not already used by openldap. Now i'm trying to get a ldaps connection with the backend ldap server. I want my openldap proxy to check the backend certificate with the CA certificate that i put after TLSCACertificateFile. The issue is that the ldaps connection works everytime without checking the backend server certificate. The configuration line with TLSCACertificateFile has no effect on the ssl connection ! I saw that TLSVerifyClient enable to force the certificate check of the client conneting to my openldap proxy but i don't see how to force the openldap proxy to check the backend server certificate. Then, i had 2 .cer CA certificate (a root and an intermediate) that i concat in 1 certificate. Does openldap support .cer ? or should i rename it in .pem ? my slapd.conf: TLSCACertificateFile /usr/local/etc/openldap/CAcert.cer #TLSVerifyClient never database ldap suffix ou=personnes,o=sg uri ldaps://192.168.239.210:1636 thank you for your help jerrrry > Message du 30/11/06 à 17h52 > De : "Kurt D. Zeilenga" > A : jerrrry(a)voila.fr > Copie à : openldap-software(a)openldap.org > Objet : Re: openldap proxy: schema issue > > At 02:09 AM 11/30/2006, jerrrry(a)voila.fr wrote: > > >Hi everybody, > > > >I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP server. > > > >Unfortunately this (non-OpenLDAP) LDAP directory uses non standard attributes stored in a .ldif file. > > > >i have to use one of this non standard attributes in the slapd.conf file for binddn: > > > >database ldap > > > >uri ldap://192.168.239.210:1389 > > > >suffix ou=personnes,o=sg > > > >binddn "sbzoneid=appli_test,ou=exploit,ou=personnes,o=sb" > > > >bindpw secret > > > > > >maybe i have to convert this file in the openldap .schema format and include it in slapd.conf. > > If the LDIF contains RFC 4512 conformant schema descriptions, > that conversion is straight forward. However, it seems that > descriptions provided in the LDIF do not conform to RFC 4512. > > >A big issue seems to be that this ldif file doesn't use numericOIDs but string OID like: > > > >attributetype ( sbzoneid-oid NAME 'sbzoneid' SYNTAX 1.3.6.1.4.1.1466.115.12 > > slapd(8) requires either an OID, or a valid OID macro (which > will expand to the OID before the description is published in > the schema)... because LDAP does (see RFC 4512). > > >so when runing "sladp -d 1" i get the error: OID could not be expanded: "sbzoneid-oid" > > As "sbzoneid-oid" isn't a numbericoid, it assumed it was an > OID macro. But there is no such OID macro, hence the error. > > >or maybe with a more liberal parsing could be helpful ? > > The input is parsed just fine. The problem is semantics. > The field requires an OID. "sbzoneid-oid" is neither an OID, > nor something that represents an OID. Without an OID, slapd(8) > wouldn't be able to publish valid schema descriptions for > the schema element. > > >Do you have any idea to solve this problem ? > > Locate the proper OIDs for these schema elements and use them. > Or, assign your own OIDs (from your own name space). > > Kurt > > >

3 2

Problem with OIDs....
by shilpa muramkar 01 Dec '06

01 Dec '06

For the previous directory server which we used we had not used any specific OIDs.Now for openLDAP i need to have a specific OID. I have tried out all possible sample OIDs and have failed.........so now i have gone back to my usual string instead of an OID,,,,like,,, attributetype( ssarole-oid NAME 'ssarole' DESC 'This attribute defines the role' SYNTAX 'cis' MULTI-VALUE ) attributetype( ssaugtype-oid NAME 'ssaugtype' DESC 'This is Usergroup Type' SYNTAX 'cis' SINGLE-VALUE ) .................. ............... bjectclass( ssauser-oid NAME 'ssauser' DESC 'SSA User' SUP ssabase STRUCTURAL MAY( telephonenumber $ title $ mobile $ displayname $ facsimiletelephonenumber $ preferredlanguage $ postaladdress $ c ) ) objectclass( supplier-oid NAME 'supplier' DESC 'SSA Supplier' SUP ssauser STRUCTURAL MUST businesspartnerid ) ............ ...................... but still the same problem persists.......that is either my schema file isnt being referred by server or an error saying ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax KINDLY let me know as to how to get any OID for my purpose........or can i get away with having strings as OIDs....... abd where else should i look into . WAITING FOR UR REPLY!!!!1

2 1

Re: Problem with OIDs....
by Kurt D. Zeilenga 30 Nov '06

30 Nov '06

At 10:45 PM 11/30/2006, shilpa muramkar wrote: >Now for openLDAP i need to have a specific OID. The requirement comes from RFC 4512. I suggest you read RFC 4512 as well as the Admin Guide section (9.2) discussing custom LDAP schema design. The former covers the particulars of LDAP attribute type and object class descriptions, the latter provides some additional information, including answers to the questions you posed. Kurt

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software December 2006