Navin navin.kumar@freescale.com writes:
Hi,
I am new to LDAP. Hence kindly do excuse if any of my terminology is different.
Issue:
I installed the openldap server through debian package. ie. did NOT get the source. Was able to add the record and display them. ie. the slaptest worked fine and also could able to search the database with ldapsearch command also.
[...]
# The base of your directory in database #1 suffix "dc=example,dc=com"
# rootdn directive for specifying a superuser on the database. This is needed # for syncrepl. rootdn "cn=admin,dc=example,dc=com" rootpw secret123 # Where the database file are physically stored for database #1 directory "/var/lib/ldap"
[...]
# These access lines apply to database #1 only access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=nodomain" write
Is this the content of your slapd.conf? Because this access rule will have no effect, compare the 'by' rule with the suffix.
attributetype ( 1.3.6.1.4.1.3317.4.3.1.9 NAME ( 'authFilterId' ) DESC 'radiusSchema: authFilterId' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
objectclass ( 2.16.840.1.113730.3.2.222 NAME 'auth' DESC 'Authentication database' SUP top STRUCTURAL MUST ( uid $ userPassword $ authFilterId))
Note that objectclass auth is structural.
LDAP ldif file: init.ldif
[...]
dn: uid=fsmith,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: radiusprofile
objectclass radiusprofile is unknown, this should be auth.
uid: fsmith sn: Smith givenName: Fred cn: Fred Smith displayName: Fred Smith uidNumber: 1001 gidNumber: 1001 userPassword: secret123 gecos: Fred Smith loginShell: /bin/bash homeDirectory: /home/fsmith shadowExpire: -1 shadowFlag: 0 shadowWarning: 7 shadowMin: 8 shadowMax: 999999 shadowLastChange: 10877 mail: fsmith@example.com authFilterId: fsmith initials: FS
Added the above records using the command: $ slapadd -l init.ldif Added successfully no errors on the command line.
When i searched the database using the command $ ldapsearch -xLLL -b "dc=example,dc=com" '(objectclass=*)'
I was able to see all the details present in the init.ldif file except the FilterId field:
authFilterId: fsmith
[...]
When adding this entry you should have received an error, because authFilterId is not an attribute type of the object classes assigned to this entry. Please be aware, that due to the fact that objectclass auth is structural you cannot add the objectclass to this entry.
-Dieter