My cn=config is attached here. I have added users *bob* & *george* with host objects *cms2 & cms3* respectively as shown in the below for cn=bob,ou=Users,dc=testlab,dc=com
cn: *bob* uid: bob objectClass: account objectClass: posixAccount uidNumber: 10001 gidNumber: 10001 homeDirectory: /home/bob loginShell: /bin/sh gecos: bob description: User account host:* cms2* userPassword: {SSHA}GtI94c1LAH6F1Wj3rqUGwjND1oUGa2hq
Also I have 2 machines u910desk & x15f12 added with with labledURI searching for hostobject value as 'cms2' & 'cms3' respectively as shown in the eg below for cn=u910desk,ou=Machines,dc=testlab, dc=com
cn: *u910desk* ipHostNumber: *172.17.5.232* member: cn=placeholder,dc=testlab,dc=com objectClass: top objectClass: groupOfNames objectClass: labeledURIObject objectClass: ipHost labeledURI: *ldap:///ou=Users,dc=testlab,dc=com??one?(host=cms2)*
Now if I attempt to *#ssh bob@172.17.5.23*2 it should allow me because bob contains hostobject :cms2 whereas if I do* '#ssh george@172.17.5.232'* it should fail because 172.17.5.232 is looking for host object 'cms2' whereas george contains host object :cms3. correct? But in practical scenario this is not happening. It still allows me to ssh to both machines using both users bob & george. Any clue what I must be missing here?
thanks Shamika
On Tue, Apr 6, 2010 at 4:04 PM, Shamika Joshi shamika.joshi@gmail.comwrote:
Yeah,now it worked for me too...May be there was typo or something... I get to actual dynlist configuration now & get back if there are any questions.
thanks alot for your help Shamika
On Tue, Apr 6, 2010 at 2:56 PM, Dieter Kluenter dieter@dkluenter.dewrote:
Am Mon, 5 Apr 2010 12:20:07 +0530 schrieb Shamika Joshi shamika.joshi@gmail.com:
Yes it is in /usr/lib/ldap
admins@x6:~$ locate dynlist /etc/ldap/dynlist.ldif /usr/lib/ldap/dynlist-2.4.so.2 /usr/lib/ldap/dynlist-2.4.so.2.5.1 /usr/lib/ldap/dynlist.la /usr/lib/ldap/dynlist.so /usr/share/man/man5/slapo-dynlist.5.gz
admins@x6:~$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W Enter LDAP Password: dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: none olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} *olcModulePath: /usr/lib/ldap* olcModuleLoad: {0}back_hdb
but still gives the same error, what could be the reason?
*admins@x6:~$ ldapmodify -x -D cn=admin,cn=config -W Enter LDAP Password: dn: cn=config changetype: modify add: olcModuleLoad olcModuleLoad: dynlist.la modifying entry "cn=config" ldap_modify: Object class violation (65) additional info: attribute 'olcModuleLoad' not allowed*
I just tested it on my system: $ ldapmodify -D cn=config -w xxx -ZZ -H ldap://magenta.avci.de dn: cn=module{0},cn=config changetype: modify add: olcModuleload olcModuleLoad: dynlist.la
modifying entry "cn=module{0},cn=config"
and a search produces: ldapsearch -LLL -D cn=config -w xxx -ZZ -H ldap://magenta.avci.de -b cn=module{0},cn=config -s base "*"
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/openldap/modules olcModuleLoad: {0}back_meta.la olcModuleLoad: {1}dynlist.la
-Dieter
-- Dieter Klünter | Systemberatung sip: +49.40.20932173 http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6