Hi,
I am new to LDAP. Hence kindly do excuse if any of my terminology is
different.
Issue:
-----
I installed the openldap server through debian package. ie. did NOT get
the source.
Was able to add the record and display them.
ie. the slaptest worked fine and also could able to search the database
with ldapsearch
command also.
Also able to start and stop the daemon.
But i am having an issue regarding the retrieval of authFilterId
attribute stored in
the LDAP database.
Is authFilterId and FilterId attribute same?? Tried to retrieve both of
them but unable to get
the values of the attribute.
Added a schema by name auth.schema in the slapd.conf. This file was not
present in the default
installation of the openldap.
The below are the details of the configuration:
openldap server version: OpenLDAP: slapd 2.4.9
Operating System: Ubuntu 8.04
slapd.conf:
# This is the main slapd configuration file. See slapd.conf(5) for
more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include
/etc/ldap/schema/core.schema
include
/etc/ldap/schema/cosine.schema
include
/etc/ldap/schema/nis.schema
include
/etc/ldap/schema/inetorgperson.schema
#auth.schema added by me. Did not get installed by default
include
/etc/ldap/schema/auth.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile
/var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile
/var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# Where the dynamically loaded modules are stored
modulepath
/usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search
operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is
used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend
hdb
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend
<other>
#######################################################################
# Specific Directives for database #1, of type hdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database hdb
# The base of your directory in database #1
suffix
"dc=example,dc=com"
# rootdn directive for specifying a superuser on the database. This is
needed
# for syncrepl.
rootdn
"cn=admin,dc=example,dc=com"
rootpw secret123
# Where the database file are physically stored for database #1
directory
"/var/lib/ldap"
# The dbconfig settings are used to generate a DB_CONFIG file the
first
# time slapd starts. They do NOT override existing an existing
DB_CONFIG
# file. You should therefore change these settings in DB_CONFIG
directly
# or remove DB_CONFIG and restart slapd for changes to take
effect.
# For the Debian package we use 2MB as default but be sure to update
this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See
http://bugs.debian.org/303057 for more
# information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index
objectClass eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30
# Where to store the replica logs for database #1
#
replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
by
dn="cn=admin,dc=nodomain" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by
dn="cn=admin,dc=nodomain" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by
dn="cn=admin,dc=nodomain" write
# by dnattr=owner
write
#######################################################################
end of slapd.conf
Auth.schema File
Auth.schema: Manually included by me in the slapd.conf. This schema
file
added by me. It did not come in the default installation.
This is required as my proprietary ldap client needs it.
I am not sure of its exact use. but i guess its related to
radius.
attributetype ( 1.3.6.1.4.1.3317.4.3.1.9
NAME ( 'authFilterId' )
DESC 'radiusSchema:
authFilterId'
EQUALITY
caseIgnoreIA5Match
SYNTAX
1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
objectclass ( 2.16.840.1.113730.3.2.222
NAME 'auth'
DESC 'Authentication database'
SUP top
STRUCTURAL
MUST (
uid $ userPassword $ authFilterId))
########################################################
end of auth.schema
LDAP ldif file: init.ldif
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: example
ou: Example Dot Com
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secret123
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: uid=fsmith,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: radiusprofile
uid: fsmith
sn: Smith
givenName: Fred
cn: Fred Smith
displayName: Fred Smith
uidNumber: 1001
gidNumber: 1001
userPassword: secret123
gecos: Fred Smith
loginShell: /bin/bash
homeDirectory: /home/fsmith
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: fsmith@example.com
authFilterId: fsmith
initials: FS
Added the above records using the command:
$ slapadd -l init.ldif
Added successfully no errors on the command line.
When i searched the database using the command
$ ldapsearch -xLLL -b "dc=example,dc=com" '(objectclass=*)'
I was able to see all the details present in the init.ldif file
except the FilterId field:
authFilterId: fsmith
When i issue the command,
$ ldapsearch -xLLL -b "dc=example,dc=com" '(objectclass=*)'
'(authFilterId=*)'
then also it does not display the authFilterId attribute.
The slaptest when run in the debug level 16783 does not show any
errors.
The tail message of the slaptest o/p is:
....
slaptest startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=module{0}"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "cn={1}cosine"
config_build_entry: "cn={2}nis"
config_build_entry: "cn={3}inetorgperson"
config_build_entry: "cn={4}auth"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}hdb"
backend_startup_one: starting "dc=example,dc=com"
hdb_db_open: "dc=example,dc=com"
hdb_db_open: database "dc=example,dc=com":
dbenv_open(/var/lib/ldap).
config file testing succeeded
slaptest shutdown: initiated
====> bdb_cache_release_all
slaptest destroy: freeing system resources.
Kindly do suggest of how to retrieve the authFilterId attribute
value.
have a nice day,
navin