Hi Chris,
Thank you for your continues help. I appreciate it very much.
I have a question regarding the line: olcRootPW: secret
Should secret be used literally (as in secret), or do I put a password hash there?
Sincerely,
Igor Shmukler
On Thu, Nov 13, 2014 at 3:18 PM, Chris Card ctcard@hotmail.com wrote:
Hi Igor,
Date: Thu, 13 Nov 2014 14:45:23 +0200 Subject: Re: adding VLV support to OpenLDAP 2.4.31 From: igor.shmukler@gmail.com To: openldap-technical@openldap.org CC: ctcard@hotmail.com; hans.moser@ofd-z.niedersachsen.de; andrew.findlay@skills-1st.co.uk
Hello Andrew, Chris, Marc and everyone,
Our system administrator accidentally blew the machine away. then reinstalled Ubuntu from scratch I personally installed and configured OpenLDAP server. I was able to add users and groups. Yet, I am again unable to add sssvlv support.
If I run the script as cn=admin,dc=test,dc=com, I get the below error. vq@vq-HVM-domU:~$ ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f sssvlv.ldif Enter LDAP Password: adding new entry "olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Running it as cn=config gives me another error: vq@vq-HVM-domU:~$ ldapadd -x -D cn=config -W -f sssvlv.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
There is a change, though. I see "olcRootDN: cn=admin,dc=test,dc=com and olcRootPW" when I do slapcat. I did not see those before.
As per Marc's suggestion, I am attaching the output of slapcat(8). While I learned a bit about OpenLDAP configuration, my "skills" are clearly insufficient to figure out how to add sssvlv support.
My sssvlv.ldif is below: dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
Edit your slapcat output and find this part:
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: fb40d480-ff68-1033-8514-977390a9c614 creatorsName: cn=config createTimestamp: 20141113101004Z entryCSN: 20141113101004.425496Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20141113101004Z
Change it to
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break olcRootDN: cn=config olcRootPW: secret structuralObjectClass: olcDatabaseConfig entryUUID: fb40d480-ff68-1033-8514-977390a9c614 creatorsName: cn=config createTimestamp: 20141113101004Z entryCSN: 20141113101004.425496Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20141113101004Z
Stop slapd, and apply new config with
slapadd -F <dir>/slapd.d -l <slapcat file> -b cn=config
Start slapd, and then you should be able to do
ldapadd -x -w secret -D cn=config -f sssvlv.ldif
Chris