iNetOrgPerson doesn't exist?
by Luca Stancapiano
Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com
objectClass: iNetOrgPerson
uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
4 months, 1 week
.so dynamic library versioning
by Sam Dave
Hello,
Thanks in advance for some clues on the below:
1.
Has there ever been a release of LMDB that adds/removes/changes API?
2.
On both Debian 10 (with lmdb 0.9.22) and Debian 11 (with lmdb 0.9.24) , under lib/ I see
liblmdb.so -> liblmdb.so.0 (symlink)
liblmdb.so.0 -> liblmdb.so.0.0.0 (symlink)
liblmdb.so.0.0.0 (the original file)
Has this always been at 0.0.0 since the beginning of LMDB? From the point of view of what the LMDB developers would expect, I mean. (I have no idea which distros were distributing LMDB in the early days)
3.
What are your intentions regarding this .so versioning in relation to adding/removing/changes to the API?
Something like this, perhaps? https://www.gnu.org/software/libtool/manual/html_node/Updating-version-in...
4.
Another Linux distribution (NixOS 22.11, with lmdb 0.9.29) has *only* this under lib/:
liblmdb.so (the original file)
Does this sound right to you?
What I mean is, when people compile LMDB down to an .so, would you expect them to normally add a version after the ".so"? (As they apparently did in Debian)
Regards,
Sam
5 months, 2 weeks
back_meta and overlay pcache
by Stefan Kania
Hello,
I try to configure a proxy-server with back_meta connecting to to
different AD-domains. I'm getting the result as expected if I do an
ldapsearch. But now I want to add caching for the data, so I configured
the following:
----------------
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/symas/run/slapd.args
olcLogLevel: any
olcPidFile: /var/symas/run/slapd.pid
olcToolThreads: 1
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /opt/symas/lib/openldap
olcModuleLoad: {0}back_ldap
olcModuleLoad: {1}back_meta
olcModuleLoad: {2}argon2
olcModuleLoad: {3}rwm.la
olcModuleLoad: {4}pcache.la
olcModuleLoad: {5}back_mdb.la
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
...
...
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * read
olcSizeLimit: 500
olcPasswordHash: {ARGON2}
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage
olcRootDN: cn=admin,cn=config
olcRootPW:
{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$cXdlcnJ0enV6dWlvMTIz$G/l0lynf7
ygdz0tG+E7S1fBibsFs/L80AUSisiGl/v4
dn: olcDatabase={1}meta,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMetaConfig
olcDatabase: {1}meta
olcSuffix: dc=example,dc=net
olcReadOnly: TRUE
olcRootDN: cn=admin,dc=example,dc=net
olcRootPW:
$argon2i$v=19$m=4096,t=3,p=1$c2dkc3Rld3Z0ZTV0NDU0NQ$F6NZb2w8O+6BOA3
L7zZ37mxFv7CPCXfHYuEiIxTYALY
olcMonitoring: FALSE
olcDbChaseReferrals: FALSE
olcDbProtocolVersion: 3
olcDbRebindAsUser: TRUE
dn: olcOverlay={0}rwm,olcDatabase={1}meta,cn=config
objectClass: olcOverlayConfig
objectClass: olcRwmConfig
olcOverlay: {0}rwm
olcRwmTFSupport: false
olcRwmMap: {0}objectClass posixAccount person
olcRwmMap: {1}attribute uid sAMAccountName
dn: olcOverlay={1}pcache,olcDatabase={1}meta,cn=config
objectClass: olcOverlayConfig
objectClass: olcPcacheConfig
olcOverlay: {1}pcache
olcPcache: mdb 100000 2 1000 100
olcPcacheAttrset: 0 mail postalAddress telephoneNumber givenName
olcPcacheAttrset: 1 uid employeeType
olcPcacheTemplate: "(&(mail=)(postalAddress=*)(telephoneNumber)" 0 3600
100 3
0 1600
olcPcacheTemplate: "(&(sn=)(givenName=))" 0 3600 100
olcPcacheTemplate: "(mail=)" 0 3600
olcPcacheTemplate: "(sn=)" 1 3600 100
olcPcacheTemplate: "(uid=)" 1 3600 1000 30 200
olcPcachePersist: TRUE
dn: olcDatabase={0}mdb,olcOverlay={1}pcache,olcDatabase={1}meta,cn=config
objectClass: olcMdbConfig
objectClass: olcPcacheDatabase
olcDatabase: {0}mdb
olcDbDirectory: /var/symas/pcache
olcDbIndex: objectClass eq
olcDbIndex: uid,employeeType,mail eq
olcDbIndex: postalAddress,telephoneNumber,givenName eq
dn: olcMetaSub={0}uri,olcDatabase={1}meta,cn=config
objectClass: olcMetaTargetConfig
olcMetaSub: {0}uri
olcDbURI: "ldap://192.168.56.202/ou=org,dc=example,dc=net"
olcDbIDAssertAuthzFrom: {0}*
olcDbIDAssertBind: mode=none flags=prescriptive,proxy-authz-non-critical
bindm
ethod=simple timeout=0 network-timeout=0
binddn="cn=proxy-orguser,cn=users,dc
=example2,dc=org" credentials="Passw0rd" keepalive=0:0:0
tcp-user-timeout=0
tls_reqcert=never tls_reqsan=allow tls_crlcheck=none
olcDbMap: {0}attribute uid sAMAccountName
olcDbRewrite: {0}suffixmassage "ou=org,dc=example,dc=net"
"dc=example2,dc=org"
olcDbKeepalive: 0:0:0
olcDbChaseReferrals: FALSE
olcDbProtocolVersion: 3
olcDbRebindAsUser: TRUE
dn: olcMetaSub={1}uri,olcDatabase={1}meta,cn=config
objectClass: olcMetaTargetConfig
olcMetaSub: {1}uri
olcDbURI: "ldap://192.168.56.203/ou=com,dc=example,dc=net"
olcDbIDAssertAuthzFrom: {0}*
olcDbIDAssertBind: mode=none flags=prescriptive,proxy-authz-non-critical
bindm
ethod=simple timeout=0 network-timeout=0
binddn="cn=proxy-comuser,cn=users,dc
=example3,dc=com" credentials="Passw0rd" keepalive=0:0:0
tcp-user-timeout=0 t
ls_reqcert=never tls_reqsan=allow tls_crlcheck=none
olcDbMap: {0}attribute uid sAMAccountName
olcDbRewrite: {0}suffixmassage "ou=com,dc=example,dc=net"
"dc=example3,dc=com"
olcDbKeepalive: 0:0:0
olcDbChaseReferrals: FALSE
olcDbProtocolVersion: 3
olcDbRebindAsUser: TRUE
----------------
The same pcache setup works with back_ldap.
What did I do wrong or did I miss something.
Using this setting with back_ldap, doing a ledapsearch, stopping the
domaincontroller, repeat the ldapserch, because the data is in cache I
still get the result.
Seting up back_meta, as soon as I stop the domaincontroller I got
nothing at all.
Do I have to set up a cache for every uri? Then what should be the DN?
Stefan
5 months, 3 weeks
Uninstall
by Eric Fetzer
OK, getting a little further. I've come to the realization that I need to
uninstall, reconfigure to include a few overlays, then reinstall. I'm on
RHEL 8.7, and thus built from source. What do I need to do to uninstall?
Guessing the first thing I need to remove is /etc/openldap.
Thanks,
Eric
5 months, 3 weeks
Re: Adding to the schema
by Eric Fetzer
So I'm still on this. Since I'm running cn=config rather than slapd.conf,
I'm confused as to where to put the:
overlay ppolicy
I don't have a: database mdb
Here's my slapd.ldif that I loaded in (with the added olcModuleload you
told me to add):
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/lib/openldap/slapd.args
olcPidFile: /var/lib/openldap/slapd.pid
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/libexec/openldap
olcModuleload: back_mdb.la
olcModuleload ppolicy.so
# Include more schemas in addition to default core
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/sudo.ldif
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
olcAccess: to dn.base="cn=Subschema" by * read
olcAccess: to *
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
manage
by * none
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootDN: cn=config
olcAccess: to *
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
manage
by * none
So where would I put the: overlay ppolicy
Thanks,
Eric
On Tue, Mar 7, 2023 at 12:21 PM Quanah Gibson-Mount <quanah(a)fast-mail.org>
wrote:
>
>
> --On Tuesday, March 7, 2023 12:16 PM -0700 Eric Fetzer
> <eric.fetzer(a)gmail.com> wrote:
>
> >
> > I'm using 2.6.4. Sorry, brand new at this, how do I enable it? I
> > don't see any references to it in the slapd.conf... I'm in the process
> > of converting an ISDS db to OpenLDAP. Kind of daunting so far...
>
>
> Generally speaking:
>
> In the portion of your configuration loading module:
>
> modulepath ....
> moduleload ppolicy.so
>
>
> In the database section of your configuration where you want to apply
> password policies
>
>
> database mdb
> ...
>
> overlay ppolicy
>
>
> Regards,
> Quanah
>
>
>
5 months, 3 weeks
olcDbCacheSize in back_mdb
by Stefan Kania
Looking at the openldap.org adminhandbook to 2.6 I found
https://openldap.org/doc/admin26/overlays.html#The%20Proxy%20Cache%20Engine
The configuration for the databas for pcache:
------------
dn: olcDatabase={0}mdb,olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config
objectClass: olcMdbConfig
objectClass: olcPcacheDatabase
olcDatabase: {0}mdb
olcDbDirectory: ./testrun/db.2.a
olcDbCacheSize: 20
olcDbIndex: objectClass eq
olcDbIndex: cn,sn,uid,mail pres,eq,sub
------------
But I'm getting:
-------------
adding new entry
"olcDatabase={0}mdb,olcOverlay={1}pcache,olcDatabase={1}ldap,cn=config"
ldap_add: Undefined attribute type (17)
additional info: olcDbCacheSize: attribute type undefined
-------------
The back_mdb module is loaded.
--
Here my config "WITHOUT" olcDbCacheSize:
----------------
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/symas/run/slapd.args
olcLogLevel: any
olcPidFile: /var/symas/run/slapd.pid
olcToolThreads: 1
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /opt/symas/lib/openldap
olcModuleLoad: {0}back_ldap
olcModuleLoad: {1}argon2
olcModuleLoad: {2}rwm.la
olcModuleLoad: {3}pcache.la
olcModuleLoad: {4}back_mdb.la
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
...
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * read
olcSizeLimit: 500
olcPasswordHash: {ARGON2}
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage
olcRootDN: cn=admin,cn=config
olcRootPW:
{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$cXdlcnJ0enV6dWlvMTIz$G/l0lynf7
ygdz0tG+E7S1fBibsFs/L80AUSisiGl/v4
dn: olcDatabase={1}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {1}ldap
olcSuffix: dc=example1,dc=net
olcReadOnly: TRUE
olcRootDN: cn=admin,dc=example1,dc=net
olcMonitoring: FALSE
olcDbURI: "ldaps://dc-net01.example.net:636"
olcDbIDAssertBind: mode=none flags=prescriptive,proxy-authz-critical
bindmeth
od=simple timeout=0 network-timeout=0
binddn="cn=proxy-user,cn=users,dc=examp
le1,dc=net" credentials="Passw0rd" keepalive=0:0:0 tls_reqcert=never
tls_reqs
an=allow
olcDbIDAssertAuthzFrom: {0}*
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: FALSE
olcDbProtocolVersion: 3
dn: olcOverlay={0}rwm,olcDatabase={1}ldap,cn=config
objectClass: olcOverlayConfig
objectClass: olcRwmConfig
olcOverlay: {0}rwm
olcRwmTFSupport: false
olcRwmMap: {0}objectClass posixAccount person
olcRwmMap: {1}attribute uid SAMACCOUNTNAME
olcRwmMap: {2}attribute EMPLOYEETYP DEPARTMENT
dn: olcOverlay={1}pcache,olcDatabase={1}ldap,cn=config
objectClass: olcOverlayConfig
objectClass: olcPcacheConfig
olcOverlay: {1}pcache
olcPcache: mdb 100000 1 1000 100
olcPcacheAttrset: 0 mail postalAddress telephoneNumber
olcPcacheTemplate: "(sn=)" 0 3600 0 0 0
olcPcacheTemplate: "(&(sn=)(givenName=))" 0 3600 0 0 0
olcPcacheTemplate: "(&(departmentNumber=)(secretary=))" 0 3600
olcPcachePersist: TRUE
dn: olcDatabase={0}mdb,olcOverlay={1}pcache,olcDatabase={1}ldap,cn=config
objectClass: olcMdbConfig
objectClass: olcPcacheDatabase
olcDatabase: {0}mdb
olcDbDirectory: /var/symas/pcache
olcDbIndex: objectClass eq
olcDbIndex: uid eq
----------------
Did I miss someting or is it wrong in the adminbook?
5 months, 3 weeks
Are there plans to support OpenSSL 3.0.x in OpenLDAP v2.5?
by Soichiro Shishido
Are there plans to support OpenSSL 3.0.x in OpenLDAP v2.5?
OpenSSL 1.1.1 will be discontinued this year on 2023-09-11. Also, according to the OpenLDAP Project Release Maintenance Policy, it appears that v2.6 will not be LTS for some time yet.
If OpenSSL 1.1.1 vulnerabilities are reported after 2023-09-12, and if we do not migrate to OpenSSL 3.0.x, OpenLDAP v2.5 will be left vulnerable.
5 months, 3 weeks
overlay pcache and cn=config
by Stefan Kania
Hello,
I've got the following working slapd.conf:
--------------------
include /opt/symas/etc/openldap/schema/core.schema
include /opt/symas/etc/openldap/schema/cosine.schema
include /opt/symas/etc/openldap/schema/inetorgperson.schema
include /opt/symas/etc/openldap/schema/misc.schema
include /opt/symas/etc/openldap/schema/nis.schema
include /opt/symas/etc/openldap/schema/msuser.schema
modulepath /opt/symas/lib/openldap
moduleload back_ldap
moduleload back_mdb
moduleload rwm.la
moduleload memberof.la
moduleload pcache.la
loglevel any
pidfile /var/symas/run/slapd.pid
argsfile /var/symas/run/slapd.args
database ldap
readonly yes
protocol-version 3
rebind-as-user yes
uri "ldap://192.168.56.201:389"
suffix "dc=example1,dc=net"
rootdn "cn=admin,dc=example1,dc=net"
idassert-bind bindmethod=simple
mode=none
binddn="CN=Administrator,cn=users,dc=example1,dc=net"
credentials=Passw0rd
tls_cacertdir=/opt/symas/etc/openldap
tls_reqcert=never
idassert-authzFrom "*"
overlay rwm
rwm-map attribute uid sAMAccountName
rwm-map objectClass posixAccount person
overlay memberof
memberof-group-oc groupOfuniqueNames
memberof-member-ad uniquemember
memberof-dangling error
overlay pcache
pcache mdb 100000 6 1000 100
pcachePersist TRUE
directory "/var/symas/pcache"
pcacheAttrset 0 1.1
pcacheTemplate (uid=) 0 3600
pcacheTemplate (&(|(objectClass=))) 0 3600
pcacheAttrset 1 employeetype givenName cn sn uid mail
pcacheTemplate (uid=) 1 3600
pcacheBind (uid=) 1 3600 sub dc=de
pcacheAttrset 2 givenName cn sn uid mail uidNumber
pcacheTemplate (objectClass=) 2 3600
pcacheAttrset 3 userPassword
pcacheTemplate (uid=) 3 3600
pcacheTemplate (objectClass=) 2 3600
pcacheAttrset 4 employeetype givenName cn sn uid mail
pcacheTemplate (uid=) 1 3600
pcacheAttrset 5 memberOf
pcacheTemplate (objectClass=*) 2 3600
--------------------
Search for an entry in AD is working:
----------------------
root@ldap-proxy01:~/server-setup/proxy# ldapsearch -x -b
dc=example1,dc=net cn=administrator -LLL dn
dn: cn=Administrator,cn=Users,dc=example1,dc=net
----------------------
Now I want to convert it to cn=config but Im getting the following error:
--------------------
root@ldap-proxy01:/opt/symas/etc/openldap# slaptest -F ./my-slapd.d/ -f
slapd.conf
Entry
(olcDatabase={0}mdb,olcOverlay={2}pcache,olcDatabase={1}ldap,cn=config):
object class 'olcMdbBkConfig' requires attribute 'olcBackend'
config_build_entry: build "olcDatabase={0}mdb" failed: "(null)"
config file testing succeeded
mdb_opinfo_get: err Permission denied(13)
--------------------
Then I try to create my own LDIFs:
basic config:
-----------------
dn: cn=config
objectClass: olcGlobal
cn: config
olcLogLevel: any
olcPidFile: /var/symas/run/slapd.pid
olcArgsFile: /var/symas/run/slapd.args
olcToolThreads: 1
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /opt/symas/lib/openldap
olcModuleLoad: back_mdb
olcModuleLoad: back_ldap
olcModuleLoad: back_monitor
olcModuleLoad: argon2
include: file:///opt/symas/etc/openldap/schema/core.ldif
include: file:///opt/symas/etc/openldap/schema/cosine.ldif
include: file:///opt/symas/etc/openldap/schema/nis.ldif
include: file:///opt/symas/etc/openldap/schema/inetorgperson.ldif
include: file:///opt/symas/etc/openldap/schema/msuser.ldif
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcSizeLimit: 500
olcAccess: {0}to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage
by * break
olcAccess: {1}to dn="" by * read
olcAccess: {2}to dn.base="cn=subschema" by * read
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcRootPW:
{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$cXdlcnJ0enV6dWlvMTIz$G/l0lynf7ygdz0tG+E7S1fBibsFs/L80AUSisiGl/v4
olcAccess: {0}to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage
dn: olcDatabase={1}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to dn.subtree="cn=monitor"
by dn.exact=cn=admin,cn=config read
by dn.exact=cn=admin,dc=example,dc=net read
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth read
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=example1,dc=net
olcAddContentAcl: FALSE
olcLastMod: FALSE
olcLastBind: FALSE
olcLastBindPrecision: 0
olcMaxDerefDepth: 15
olcReadOnly: TRUE
olcRootDN: cn=admin,dc=example1,dc=net
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
olcDbURI: "ldap://dc-net01.example.net:389"
olcDbStartTLS: none starttls=no
olcDbIDAssertBind: mode=none flags=prescriptive,proxy-authz-non-critical
bindm
ethod=simple timeout=0 network-timeout=0
binddn="cn=administrator,cn=users,dc
=example1,dc=net" credentials="Passw0rd" keepalive=0:0:0
tcp-user-timeout=0 t
ls_cacertdir="/opt/symas/etc/openldap" tls_reqcert=never
tls_reqsan=allow tls
_crlcheck=none
olcDbIDAssertAuthzFrom: *
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: FALSE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbSessionTrackingRequest: FALSE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbOnErr: continue
olcDbKeepalive: 0:0:0
-----------------
LDIF for rwm
------------------
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: rwm.la
dn: olcOverlay={0}rwm,olcDatabase={2}ldap,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcRwmConfig
olcOverlay: {0}rwm
olcRwmTFSupport: false
olcRwmMap: {0}objectClass posixAccount person
olcRwmMap: {1}attribute uid sAMAccountName
------------------
LDIF for pcache
------------------
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pcache.la
dn: olcOverlay={3}pcache,olcDatabase={2}ldap,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcPcacheConfig
olcOverlay: {3}pcache
olcPcache: mdb 100000 5 1000 100
olcPcacheAttrset: 0 employeeType givenName cn sn uid mail
olcPcacheAttrset: 1 givenName cn sn uid mail uidNumber
olcPcacheAttrset: 2 userPassword
olcPcacheAttrset: 3 employeeType givenName cn sn uid mail
olcPcacheAttrset: 4 memberOf
olcPcacheTemplate: "(objectClass=*)" 2 3600 0 0 0
olcPcacheTemplate: (&(objectClass=)(memberUid=)) 2 300
olcPcacheTemplate: (&(objectClass=)(uid=)) 0 300
dn: olcDatabase=mdb,olcOverlay={3}pcache,olcDatabase={2}ldap,cn=config
changetype: add
objectClass: olcMdbConfig
objectClass: olcPcacheDatabase
olcDbDirectory: /var/symas/pcache
olcDbIndex: pcacheQueryID eq
------------------
But wenn I do a ldapsearch I got the following result:
----------------
root@ldap-proxy01:~/server-setup/proxy# ldapsearch -x -b
dc=example1,dc=net cn=administrator -LLL dn
# refldap://example1.net/CN=Configuration,DC=example1,DC=net
# refldap://example1.net/DC=DomainDnsZones,DC=example1,DC=net
# refldap://example1.net/DC=ForestDnsZones,DC=example1,DC=net
----------------
I only got the Referrals from AD, but not the object I'm looking for.
It's nearly impossible to find a good documentation on how to setup
pcache overlay via cn=config. As i said with slapd.conf everyting works.
Any hint that get things working as expected?
When I'm starting the slapd the log is showing:
-----------
mdb_db_open: database "dc=example1,dc=net": dbenv_open(/var/symas/pcache).
-----------
Same Server different problem
I did not add memberof, because everytime I add the overlay with the
following LDIF (should be replaced by dynlist in the near future) But I
think it should work:
--------------
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof.la
dn: olcOverlay={1}memberof,olcDatabase={2}ldap,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcMemberOfConfig
olcOverlay: {1}memberof
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
--------------
The slapd chrashes and "slapcat -n0" is giving e the following error:
---------------
root@ldap-proxy01:~/server-setup/proxy# slapcat -n0
olcAttributeTypes: value #741 olcAttributeTypes: Duplicate
attributeType: " z*V"
config error processing cn={4}msuser,cn=schema,cn=config:
olcAttributeTypes: Duplicate attributeType: " z*V"
slapcat: bad configuration file!
---------------
5 months, 3 weeks
question about manpage slapo-dynlist
by Stefan Kania
Hi to all,
the manpage of the slapo-dynlist is showing the following example:
-----------
A dynamic group with dgIdentity authorization could be created
with an entry like
dn: cn=Dynamic Group,ou=Groups,dc=example,dc=com
objectClass: groupOfURLs
objectClass: dgIdentityAux
cn: Dynamic Group
memberURL:
ldap:///ou=People,dc=example,dc=com??sub?(objectClass=person)
dgIdentity: cn=Group Proxy,ou=Services,dc=example,dc=com
-----------
I can't find an explanation of the attribute "dgIdentity", it's not
mentioned what is "cn=Group Proxy,ou=Services,dc=example,dc=com".
Can someone explain it please.
Stefan
5 months, 4 weeks
