Create new user via a user belonging to a specific group
by Stelios A.
Hello all,
An example user in my LDAP structure is like:
dn: cn=Full Name,ou=Users,dc=mydomain,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: top
givenName: Full
sn: Name
cn: Full Name
uid: fname
userPassword: {MD5}HNtFsPRLE3okNNjVm6lmpw==
uidNumber: 1004
gidNumber: 100
homeDirectory: /home/fname
loginShell: /bin/bash
mail: fname(a)mydomain.com
This user is under group of IT where I want to give him access to add
new entry into the OpenLDAP.
I'm connecting to LDAP server via his details and phpldapadmin and
trying to create a new user but I'm getting the following error:
Error number: 0x13 (LDAP_CONSTRAINT_VIOLATION)
Description: Some constraint would be violated by performing the
action. This can happen when you try to add a second value to a
single-valued attribute, for example.
My ACL's in the master ldap server are:
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=mydomain,dc=com" write
by dn="uid=syncrepl,ou=system,dc=mydomain,dc=com" write
by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com"
write
by dn="uid=authenticate,ou=system,dc=mydomain,dc=com" read
by anonymous auth
by self write
by * none
access to attrs=givenName,sn,cn
by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com"
write
by self write
by users auth
by anonymous auth
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=mydomain,dc=com" write
by group/groupOfUniqueNames/uniqueMember="cn=LDAP
Admins,ou=Groups,dc=mydomain,dc=com" write
by * read
I'm also using in this file the overlay unique for attributes uid,mail
and uidNumber in case that this has anything to do.
Any help is much appreciated.
Thanks
12 years, 7 months
some attributes forbidden in a schema
by nicolas@gibelin.fr
Hello,
I have some troubles in the creation of a ldap schema.
I would like something like that:
attributetype ( eloOrganizationalUnitAttribute:7.30.2008.1.22
NAME 'street'
DESC 'Cinema street'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
ORDERING caseIgnoreOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
SINGLE-VALUE )
attributetype ( eloOrganizationalUnitAttribute:7.30.2008.1.23
NAME 'postalCode'
DESC 'Cinema Zip code'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
ORDERING caseIgnoreOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
SINGLE-VALUE )
When I restart slapd, I have an error (but no output was produced)
ans there is nothing niteresting in syslog.
If I change the attributes' names (street -> cstreet, postalCode ->
cpostalCode for instance), all works fine.
I could keep my schema like that but it's not very beautiful.
Do you know what's happen ? I have seen some
schema over the net
which use 'street' and 'postalCode' and without problems. I'm a bit
jalous :)
Thank you !
12 years, 7 months
Re: Windows AD --> Linux/OpenLDAP
by Gustavo Mendes de Carvalho
Hi Janskey,
You can try it using ldifde command, like this
ldifde -f exportuserfile.ldif -s ServerName -d "dc=foo,dc=com " \
-r " (&(objectCategory=Person)(objectClass=User)(givenName=*)) " \
-l " CN,givenName,objectClass,sAMAccountName "
If you have any doubt, try ldifde /?
Regards
> Date: Thu, 21 Aug 2008 06:32:58 -0700 (PDT)
> From: janskey <janskey_boy(a)yahoo.com>
> Subject: Windows AD --> Linux/OpenLDAP
> To: openldap-technical(a)openldap.org
> Message-ID: <543692.93491.qm(a)web51701.mail.re2.yahoo.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi All,
>
> I need advice on how I can migrate my AD to linux/OpenLDAP?
> Currently we're using Windows 2003 evaluation and its going to expire.
>
> cheers,
>
> janskey
---
Gustavo Mendes de Carvalho
email: gmcarvalho(a)gmail.com
12 years, 7 months
Windows AD --> Linux/OpenLDAP
by janskey
Hi All,
I need advice on how I can migrate my AD to linux/OpenLDAP?
Currently we're using Windows 2003 evaluation and its going to expire.
cheers,
janskey
12 years, 7 months
Can't bind to server even though everything is running and seems normal
by Kristen Walker
Hello,
I am sorry to bug this list about another problem with LDAP. This morning I
logged in to LDAP via phpldapadmin and added users and everything seemed
find. Now, a few hours later, I cannot seem to bind to the server to add
users via the web interface or command line.
Here is the output from the command line:
sudo ldapadd -x -D "cn=Manager,dc=sbceoportal,dc=org" -W -f
/home/upadmin/ldap/new_users.ldif
Enter LDAP Password:
ldap_bind: Can't contact LDAP server (-1)
I started openLDAP in debugging mode, and nothing seems out of the ordinary:
su root -c "/usr/local/libexec/slapd -d 65535"
@(#) $OpenLDAP: slapd 2.3.39 (Aug 14 2008 16:29:51) $
root@porthole:/etc/openldap/openldap-2.3.39/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: listener initialized ldap:///
daemon_init: 2 listeners opened
slapd init: initiated server.
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3,
2003)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3,
2003)
reading config file /usr/local/etc/openldap/slapd.conf
line 5 (include /usr/local/etc/openldap/schema/core.schema)
reading config file /usr/local/etc/openldap/schema/core.schema
line 77 (attributetype ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256:
knowledge information' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{32768} ))
line 86 (attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last
(family) name(s) for which the entity is known by' SUP name ))
line 92 (attributetype ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial
number of the entity' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ))
line 96 (attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256:
ISO-3166 country 2-letter code' SUP name SINGLE-VALUE ))
line 100 (attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256:
locality which this object resides in' SUP name ))
line 104 (attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC
'RFC2256: state or province which this object resides in' SUP name ))
line 110 (attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC
'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 114 (attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC
'RFC2256: organization this object belongs to' SUP name ))
line 118 (attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to' SUP name ))
line 122 (attributetype ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title
associated with the entity' SUP name ))
line 134 (attributetype ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search
guide, deprecated by enhancedSearchGuide' SYNTAX
1.3.6.1.4.1.1466.115.121.1.25 ))
line 140 (attributetype ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256:
business category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 146 (attributetype ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256:
postal address' EQUALITY caseIgnoreListMatch SUBSTR
caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ))
line 152 (attributetype ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal
code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 158 (attributetype ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post
Office Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 164 (attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC
'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 170 (attributetype ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256:
Telephone Number' EQUALITY telephoneNumberMatch SUBSTR
telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ))
line 174 (attributetype ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex
Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ))
line 178 (attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC
'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51
))
line 182 (attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX
1.3.6.1.4.1.1466.115.121.1.22 ))
line 188 (attributetype ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121
Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ))
line 194 (attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC
'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR
numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ))
line 199 (attributetype ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256:
registered postal address' SUP postalAddress SYNTAX
1.3.6.1.4.1.1466.115.121.1.41 ))
line 205 (attributetype ( 2.5.4.27 NAME 'destinationIndicator' DESC
'RFC2256: destination indicator' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ))
line 210 (attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC
'RFC2256: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE ))
line 216 (attributetype ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256:
presentation address' EQUALITY presentationAddressMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE ))
line 221 (attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' DESC
'RFC2256: supported application context' EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ))
line 225 (attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a
group' SUP distinguishedName ))
line 229 (attributetype ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the
object)' SUP distinguishedName ))
line 233 (attributetype ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256:
occupant of role' SUP distinguishedName ))
line 251 (attributetype ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256:
X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.8 ))
line 258 (attributetype ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509
CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.8 ))
line 263 (attributetype ( 2.5.4.38 NAME 'authorityRevocationList' DESC
'RFC2256: X.509 authority revocation list, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.121.1.9 ))
line 268 (attributetype ( 2.5.4.39 NAME 'certificateRevocationList' DESC
'RFC2256: X.509 certificate revocation list, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.121.1.9 ))
line 273 (attributetype ( 2.5.4.40 NAME 'crossCertificatePair' DESC
'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.121.1.10 ))
line 283 (attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256:
first name(s) for which the entity is known by' SUP name ))
line 287 (attributetype ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials
of some or all of names, but not the surname(s).' SUP name ))
line 291 (attributetype ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256:
name qualifier indicating a generation' SUP name ))
line 296 (attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC
'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.6 ))
line 303 (attributetype ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN
qualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ))
line 307 (attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256:
enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ))
line 312 (attributetype ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256:
protocol information' EQUALITY protocolInformationMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.42 ))
line 322 (attributetype ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique
member of a group' EQUALITY uniqueMemberMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.34 ))
line 328 (attributetype ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256:
house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ))
line 333 (attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256:
supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ))
line 338 (attributetype ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256:
delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ))
line 342 (attributetype ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of
DMD' SUP name ))
line 346 (attributetype ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th):
pseudonym for the object' SUP name ))
line 366 (objectclass ( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP
top STRUCTURAL MUST c MAY ( searchGuide $ description ) ))
line 371 (objectclass ( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality'
SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $
description ) ))
line 382 (objectclass ( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an
organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $
seeAlso $ businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ))
line 393 (objectclass ( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an
organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $
searchGuide $ seeAlso $ businessCategory $ x121Address $
registeredAddress $ destinationIndicator $ preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) ))
line 399 (objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP
top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $
seeAlso $ description ) ))
line 408 (objectclass ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256:
an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $
registeredAddress $ destinationIndicator $ preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l ) ))
line 419 (objectclass ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an
organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $
registeredAddress $ destinationIndicator $ preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $
roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $
postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $
description ) ))
line 425 (objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group
of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY (
businessCategory $ seeAlso $ owner $ ou $ o $ description ) ))
line 436 (objectclass ( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an
residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l ) ))
line 442 (objectclass ( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an
application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $
description ) ))
line 449 (objectclass ( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an
application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY
( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) ))
line 454 (objectclass ( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory
system agent (a server)' SUP applicationEntity STRUCTURAL MAY
knowledgeInformation ))
line 460 (objectclass ( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP
top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $
description ) ))
line 465 (objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC
'RFC2256: a strong authentication user' SUP top AUXILIARY MUST
userCertificate ))
line 471 (objectclass ( 2.5.6.16 NAME 'certificationAuthority' DESC
'RFC2256: a certificate authority' SUP top AUXILIARY MUST (
authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY
crossCertificatePair ))
line 477 (objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a
group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST (
uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
description ) ))
line 482 (objectclass ( 2.5.6.18 NAME 'userSecurityInformation' DESC
'RFC2256: a user security information' SUP top AUXILIARY MAY (
supportedAlgorithms ) ))
line 486 (objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
certificationAuthority AUXILIARY MAY ( deltaRevocationList ) ))
line 492 (objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top
STRUCTURAL MUST ( cn ) MAY ( certificateRevocationList $
authorityRevocationList $ deltaRevocationList ) ))
line 502 (objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST (
dmdName ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) ))
line 510 (objectclass ( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user'
SUP top AUXILIARY MAY userCertificate ))
line 516 (objectclass ( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate
authority' SUP top AUXILIARY MAY ( authorityRevocationList $
certificateRevocationList $ cACertificate $ crossCertificatePair ) ))
line 521 (objectclass ( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user'
SUP top AUXILIARY MAY deltaRevocationList ))
line 534 (objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC
'RFC2079: object that contains the URI attribute type' SUP top AUXILIARY MAY
( labeledURI ) ))
line 551 (attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail'
'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY
caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.26{256} ))
line 556 (objectclass ( 0.9.2342.19200300.100.4.19 NAME
'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top
AUXILIARY MUST userPassword ))
line 564 (attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc'
'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY
caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ))
line 569 (objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247:
domain component object' SUP top AUXILIARY MUST dc ))
line 574 (objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid
object' SUP top AUXILIARY MUST uid ))
line 582 (attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))
line 590 (attributetype ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress'
'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.26{128} ))
line 6 (include /usr/local/etc/openldap/schema/cosine.schema)
reading config file /usr/local/etc/openldap/schema/cosine.schema
line 130 (attributetype ( 0.9.2342.19200300.100.1.2 NAME
'textEncodedORAddress' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 168 (attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC
'RFC1274: general information' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ))
line 187 (attributetype ( 0.9.2342.19200300.100.1.5 NAME ( 'drink'
'favouriteDrink' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
))
line 205 (attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC
'RFC1274: room number' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 227 (attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC
'RFC1274: photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ))
line 248 (attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC
'RFC1274: category of user' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 264 (attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC
'RFC1274: host computer' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 279 (attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC
'RFC1274: DN of manager' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 ))
line 296 (attributetype ( 0.9.2342.19200300.100.1.11 NAME
'documentIdentifier' DESC 'RFC1274: unique identifier of document' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 312 (attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
DESC 'RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 329 (attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
DESC 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 344 (attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
DESC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ))
line 361 (attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
DESC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
))
line 380 (attributetype ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone'
'homeTelephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY
telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.50 ))
line 395 (attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC
'RFC1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 ))
line 411 (attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ))
line 480 (attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))
line 486 (attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))
line 501 (attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))
line 516 (attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))
line 531 (attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))
line 546 (attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ))
line 581 (attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
DESC 'RFC1274: DN of entry associated with domain' EQUALITY
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ))
line 599 (attributetype ( 0.9.2342.19200300.100.1.39 NAME
'homePostalAddress' DESC 'RFC1274: home postal address' EQUALITY
caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.41 ))
line 616 (attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
DESC 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 635 (attributetype ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile'
'mobileTelephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY
telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.50 ))
line 653 (attributetype ( 0.9.2342.19200300.100.1.42 NAME ( 'pager'
'pagerTelephoneNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY
telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.50 ))
line 671 (attributetype ( 0.9.2342.19200300.100.1.43 NAME ( 'co'
'friendlyCountryName' ) DESC 'RFC1274: friendly country name' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ))
line 691 (attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
DESC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 713 (attributetype ( 0.9.2342.19200300.100.1.45 NAME
'organizationalStatus' DESC 'RFC1274: organizational status' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 734 (attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
DESC 'RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR
caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ))
line 764 (attributetype ( 0.9.2342.19200300.100.1.47 NAME
'mailPreferenceOption' DESC 'RFC1274: mail preference option' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 ))
line 781 (attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
DESC 'RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ))
line 796 (attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC
'RFC1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ))
line 811 (attributetype ( 0.9.2342.19200300.100.1.50 NAME
'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ))
line 827 (attributetype ( 0.9.2342.19200300.100.1.51 NAME
'subtreeMinimumQuality' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ))
line 843 (attributetype ( 0.9.2342.19200300.100.1.52 NAME
'subtreeMaximumQuality' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ))
line 865 (attributetype ( 0.9.2342.19200300.100.1.53 NAME
'personalSignature' DESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX
1.3.6.1.4.1.1466.115.121.1.23 ))
line 884 (attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC
'RFC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 ))
line 900 (attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC
'RFC1274: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ))
line 916 (attributetype ( 0.9.2342.19200300.100.1.56 NAME
'documentPublisher' DESC 'RFC1274: publisher of document' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ))
line 1084 (objectclass ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson'
'newPilotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress
$ rfc822Mailbox $ favouriteDrink $ roomNumber $ userClass $
homeTelephoneNumber $ homePostalAddress $ secretary $ personalTitle $
preferredDeliveryMethod $ businessCategory $ janetMailbox $ otherMailbox
$ mobileTelephoneNumber $ pagerTelephoneNumber $ organizationalStatus $
mailPreferenceOption $ personalSignature ) ))
line 1110 (objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top
STRUCTURAL MUST userid MAY ( description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $ host ) ))
line 1142 (objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top
STRUCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso
$ localityName $ organizationName $ organizationalUnitName $
documentTitle $ documentVersion $ documentAuthor $ documentLocation $
documentPublisher ) ))
line 1165 (objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top
STRUCTURAL MUST commonName MAY ( roomNumber $ description $ seeAlso $
telephoneNumber ) ))
line 1191 (objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP
top STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber
$ localityName $ organizationName $ organizationalUnitName ) ))
line 1222 (objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top
STRUCTURAL MUST domainComponent MAY ( associatedName $ organizationName $
description $ businessCategory $ seeAlso $ searchGuide $ userPassword
$ localityName $ stateOrProvinceName $ streetAddress $
physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $ facsimileTelephoneNumber $
internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address ) ))
line 1252 (objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
SUP domain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $
telephoneNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOfficeBox $ streetAddress $ facsimileTelephoneNumber $
internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $
telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address ) ))
line 1275 (objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP
domain STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
SOARecord $ CNAMERecord ) ))
line 1293 (objectclass ( 0.9.2342.19200300.100.4.17 NAME
'domainRelatedObject' DESC 'RFC1274: an object related to an domain' SUP top
AUXILIARY MUST associatedDomain ))
line 1311 (objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
SUP country STRUCTURAL MUST friendlyCountryName ))
line 1345 (objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
SUP ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName ))
line 1361 (objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa
STRUCTURAL MAY dSAQuality ))
line 1382 (objectclass ( 0.9.2342.19200300.100.4.22 NAME
'qualityLabelledData' SUP top AUXILIARY MUST dsaQuality MAY (
subtreeMinimumQuality $ subtreeMaximumQuality ) ))
line 7 (include /usr/local/etc/openldap/schema/inetorgperson.schema)
reading config file /usr/local/etc/openldap/schema/inetorgperson.schema
line 36 (attributetype ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC
'RFC2798: vehicle license or registration plate' EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))
line 46 (attributetype ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber'
DESC 'RFC2798: identifies a department within an organization' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 ))
line 59 (attributetype ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC
'RFC2798: preferred name to be used when displaying entries' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ))
line 70 (attributetype ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC
'RFC2798: numerically identifies an employee within an organization'
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ))
line 81 (attributetype ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC
'RFC2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ))
line 92 (attributetype ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC
'RFC2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ))
line 107 (attributetype ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage'
DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ))
line 123 (attributetype ( 2.16.840.1.113730.3.1.40 NAME
'userSMIMECertificate' DESC 'RFC2798: PKCS#7 SignedData used to support
S/MIME' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ))
line 135 (attributetype ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC
'RFC2798: personal identity information, a PKCS #12 PFX' SYNTAX
1.3.6.1.4.1.1466.115.121.1.5 ))
line 155 (objectclass ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson'
DESC 'RFC2798: Internet Organizational Person' SUP organizationalPerson
STRUCTURAL MAY ( audio $ businessCategory $ carLicense $
departmentNumber $ displayName $ employeeNumber $ employeeType $
givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $
secretary $ uid $ userCertificate $ x500uniqueIdentifier $
preferredLanguage $ userSMIMECertificate $ userPKCS12 ) ))
line 16 (pidfile /usr/local/var/run/slapd.pid)
line 17 (argsfile /usr/local/var/run/slapd.args)
line 58 (database bdb)
bdb_db_init: Initializing BDB database
line 59 (suffix "dc=sbceoportal,dc=org")
>>> dnPrettyNormal: <dc=sbceoportal,dc=org>
=> ldap_bv2dn(dc=sbceoportal,dc=org,0)
<= ldap_bv2dn(dc=sbceoportal,dc=org)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=sbceoportal,dc=org)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=sbceoportal,dc=org)=0
<<< dnPrettyNormal: <dc=sbceoportal,dc=org>, <dc=sbceoportal,dc=org>
line 60 (rootdn "cn=Manager,dc=sbceoportal,dc=org")
>>> dnPrettyNormal: <cn=Manager,dc=sbceoportal,dc=org>
=> ldap_bv2dn(cn=Manager,dc=sbceoportal,dc=org,0)
<= ldap_bv2dn(cn=Manager,dc=sbceoportal,dc=org)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Manager,dc=sbceoportal,dc=org)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=manager,dc=sbceoportal,dc=org)=0
<<< dnPrettyNormal: <cn=Manager,dc=sbceoportal,dc=org>,
<cn=manager,dc=sbceoportal,dc=org>
line 64 (rootpw ***)
line 68 (directory /usr/local/var/openldap-data)
line 70 (index objectClass eq)
index objectClass 0x0004
>>> dnNormalize: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema)=0
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcSpSessionlog $ mailPreferenceOption ) )
1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcSpSessionlog $ mailPreferenceOption ) )
1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $
mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $
nSRecord $ sOARecord $ cNAMERecord $ janetMailbox ) )
1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $
mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $
nSRecord $ sOARecord $ cNAMERecord $ janetMailbox ) )
2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $
supportedApplicationContext ) )
2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29
NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber
$ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $
olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $
olcDbShmKey $ olcSpSessionlog $ mailPreferenceOption ) )
2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $
pager ) )
2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES userPassword )
2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout
$ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcSpSessionlog $ mailPreferenceOption ) )
2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $
olcReadOnly $ olcReverseLookup $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex $ olcSpNoPresent $ olcSpReloadHint ) )
2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $
homePostalAddress ) )
2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $
olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $
olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile
$ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE
$ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $
olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $
olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $
olcDbLockDetect $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber
$ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $
postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $
givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $
dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $
userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $
documentLocation $ personalTitle $ co $ uniqueIdentifier $
organizationalStatus $ buildingName $ documentPublisher $ carLicense $
departmentNumber $ displayName $ employeeNumber $ employeeType $
preferredLanguage ) )
2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $
olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $
olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile
$ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE
$ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $
olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $
olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $
olcDbLockDetect $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber
$ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $
postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $
givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $
dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $
userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $
documentLocation $ personalTitle $ co $ uniqueIdentifier $
organizationalStatus $ buildingName $ documentPublisher $ carLicense $
departmentNumber $ displayName $ employeeNumber $ employeeType $
preferredLanguage ) )
1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1
(distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME
'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $
subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $
seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $
olcUpdateDN $ member $ owner $ roleOccupant $ manager $ documentAuthor $
secretary $ associatedName $ dITRedirect ) )
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
supportedFeatures $ supportedApplicationContext ) )
slapd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=include{0}"
config_build_entry: "cn=include{1}"
config_build_entry: "cn=include{2}"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "cn={1}cosine"
config_build_entry: "cn={2}inetorgperson"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
backend_startup_one: starting "dc=sbceoportal,dc=org"
bdb_db_open: dc=sbceoportal,dc=org
bdb_db_open: dbenv_open(/usr/local/var/openldap-data)
slapd starting
daemon: added 4r listener=(nil)
daemon: added 7r listener=0x81b5290
daemon: added 8r listener=0x81b5350
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
And this is the output in the log file:
Aug 21 11:12:37 porthole slapd[32498]: daemon: shutdown requested and
initiated.
Aug 21 11:12:37 porthole slapd[32498]: slapd shutdown: waiting for 0 threads
to terminate
Aug 21 11:12:37 porthole slapd[32498]: slapd stopped.
Aug 21 11:12:50 porthole slapd[32513]: @(#) $OpenLDAP: slapd 2.3.39 (Aug 14
2008 16:29:51) $ ^Iroot@porthole:/etc/openldap/openldap-2.3.39/servers/slapd
Aug 21 11:12:50 porthole slapd[32514]: slapd starting
Aug 21 11:13:51 porthole slapd[32514]: daemon: shutdown requested and
initiated.
Aug 21 11:13:51 porthole slapd[32514]: slapd shutdown: waiting for 0 threads
to terminate
Aug 21 11:13:51 porthole slapd[32514]: slapd stopped.
Aug 21 11:14:02 porthole slapd[32522]: @(#) $OpenLDAP: slapd 2.3.39 (Aug 14
2008 16:29:51) $ ^Iroot@porthole:/etc/openldap/openldap-2.3.39/servers/slapd
Aug 21 11:14:02 porthole slapd[32523]: slapd starting
Aug 21 11:14:09 porthole slapd[32523]: daemon: shutdown requested and
initiated.
Aug 21 11:14:09 porthole slapd[32523]: slapd shutdown: waiting for 0 threads
to terminate
Aug 21 11:14:09 porthole slapd[32523]: slapd stopped.
Aug 21 11:14:15 porthole slapd[32528]: @(#) $OpenLDAP: slapd 2.3.39 (Aug 14
2008 16:29:51) $ ^Iroot@porthole:/etc/openldap/openldap-2.3.39/servers/slapd
Aug 21 11:14:15 porthole slapd[32528]: slapd starting
Any help is much appreciated!
Thanks,
Kristen
--
Kristen Walker
Digital Media Resources Developer
Instructional Media Services
Santa Barbara County Education Office
4400 Cathedral Oaks Road
P.O. Box 6307
Santa Barbara, CA 93160-6307
(805)964-4711 ext. 5244/FAX (805)683-3597
kwalker(a)sbceo.org
http://www.sbceoportal.org
12 years, 7 months
Prooblem loading dynamic module
by Ricardo Moreira
Hello,
I am new to openldap so any help is wellcome!
I am trying to build dynamic modules and I have got this error when trying
to load them:
lt_dlopenext failed: (back_monitor.la)
/usr/local/libexec/openldap/back_monitor-2.3.so.0: undefined symbol:
slapd_rq
/etc/openldap/slapd.conf: line 23: failed to load or initialize module
back_monitor.la
Could someone help me with this issue?
Here are some extra information:
- Source package: openldap-2.3.39.tgz
- Configure options:
configure --libdir=/usr/lib --libexecdir=/usr/local/libexec/openldap
--enable-dynamic --enable-modules --enable-monitor=mod --enable-shell=mod
- Ldd output:
ldd /usr/local/libexec/openldap/back_monitor.so
libldap_r-2.3.so.0 =>
/home/ricardo/openldap-work/libraries/libldap_r/.libs/libldap_r-2.3.so.0
(0x00aa2000)
liblber-2.3.so.0 =>
/home/ricardo/openldap-work/libraries/liblber/.libs/liblber-2.3.so.0
(0x00bc6000)
libc.so.6 => /lib/tls/libc.so.6 (0x0056b000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00111000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00124000)
libssl.so.4 => /lib/libssl.so.4 (0x008cc000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x00780000)
/lib/ld-linux.so.2 (0x002f0000)
libdl.so.2 => /lib/libdl.so.2 (0x00138000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00362000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x0013c000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x006a6000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00b9c000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x001c2000)
libz.so.1 => /usr/lib/libz.so.1 (0x00f85000)
- Slapd.conf:
modulepath /usr/local/libexec/openldap
moduleload back_monitor.la
--
:: Ricardo Moreira
12 years, 7 months
ACL: user who can just create but not delete entries
by Stefano Zanmarchi
Hi,
I'd like to create a special user ("cn=useradmin,dc=myorg,dc=com")
whose task would be creating new entries under "ou=people,dc=myorg,dc=com".
My problem is that useradmin will be used by a not completely trusted
application.
Can I prevent useradmin from deleting or modifying entries under
"ou=people,dc=myorg,dc=com"?
Thank you very much for your help,
Stefano
12 years, 7 months
LDAP lookup problem
by Stelios A.
Hello all,
I have a master and a slave Openldap server on an Ubuntu 8.0.4 server
with 2.4.9 version of Openldap.
I'm sing syncrepl to sync data between 2 servers. Data are transfered
from master to the slave without a problem and I'm able to query the
slave ldap via phpldapadmin without a problem.
Having said that, as soon as I add a new user to the master ldap that
is been replicated fine (I can see the user details on the slave
server) but when I run from bash 'id user1' I'm getting an 'id: user1:
No such user.
This is happening no matter if I stop and start nscd or ldap.
The sync part of the slave server is pasted below:
syncrepl rid=001
provider=ldap://192.168.1.0
type=refreshOnly
interval=00:00:01:00
searchbase="dc=mydomain,dc=edu,dc=com"
binddn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com"
bindmethod=simple
credentials=mypassword
updateref ldap://192.168.1.0
and the ACL's into slave are:
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=mydomain,dc=edu,dc=com" write
by dn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" write
by dn="uid=authenticate,ou=System,dc=mydomain,dc=edu,dc=com" read
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=mydomain,dc=edu,dc=com" write
by dn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" write
by * read
On master slave I can query any user fine. It just doesn't work on slave.
nsswitch.conf is same as master:
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis ldap
I have no clue how to troubleshoot this problem.
Any help is much appreciated.
Thanks a lot
12 years, 7 months
DN question
by Kós Tamás
Hi List!
I got a little bit off topic problem, but I hope you can help me about
it. We got an LDAP directory, with many names. We got some same CNs
for instance: John Smiths. The only difference is between the 2 names
is the e-mail address. How can I modify one of them? ldapmodify
request DN, but our enviroment DN seems to be DN: CN=John Smiths.
How can I include the e-mail address to the DN?
Any help appreciated.
Yours,
K.T.
--
What kind of person would do this?"
"Only one kind. Whoever this player is, he has played World of
Warcraft nearly every hour of every day for the past year and a half.
Gentlemen, we are dealing with someone here who... had absolutely no
life."
12 years, 7 months
Re: translucent overlay with local-only entries
by Sven Ulland
Gavin Henry wrote:
[...]
>> Are they really correct? With local-only entries working well (as
>> they should, with my recent version of openldap), I would assume
>> that local-only would return local-only entries, and that
>> local-and-remote would return both remote and local entries.
>
> So are you getting local entries at all?
I see local *modifications*, yes. Example: A remote entry with
uid=andrew is edited on the translucent extension with a new
description. When searching, I see the locally changed description
without problems.
On the other hand, when I create *entries* that only exist on the
translucent extension, I never see any sign of them when searching. I
do see them when running slapcat, so they are indeed present in the
local database.
This should be fixed with Howard's 2.4.8 patch some time ago, so I can
only assume there's something strange with my config or the 2.4.10
Debian build. I will try to build a vanilla OpenLDAP from source as
soon as I have time.
sven
12 years, 7 months