Thanks Quanah:
I'm using Debian Stable's repository and would prefer to stay in sync with the repo to ease the maintenance process.
AFAIK Debian usually applies critical patches in its own packaging version so maybe some of those issues are already addressed. My exact version is 2.4.23-7.2, which I think that means that is version 7.2 of Debian package or something like this. I'll take some time and check it just in case there is something really nasty that I should be aware of, thank you very much.
Going back to unique overlay. I finally managed to configure it, as you say I just added a new module entry but I wasn't seeing the corresponding configuration objectclasses needed. After restarting slapd they appeared.
Thank you very much.
2011/11/9 Quanah Gibson-Mount quanah@zimbra.com
--On Monday, November 07, 2011 7:05 PM +0100 Igor Blanco < iblanco@binovo.es> wrote:
Hello everyone,
I'm trying to configure the uniqueness overlay in Debian Squeeze (OpenLDAP 2.4.23) using "cn=config" but I can't figure how to do it and can't find any good doc about it, the FAQ-O-Matic wasn't very helpful this time.
I've added a new "olcModuleLoad=unique" attribute in "cn=module{0},cn=config" and it hasn't complained, but how and where do I set "olcUniqueURI" ? in "olcDatabase={1}hdb,cn=config" ? This attribute does not seem to be present in my OpenLDAP installation, do I have to add any new schema?
Any reference to documentation explaining how to configure "unique" overlay within "cn=config" would be much appreciated. A dump of a "cn=config" branch correctly configured would be fantastic.
First, I would seriously advise you to upgrade to 2.4.26. 2.4.23 has numerous, serious issues. You may also want to grab the patch for ITS#7030 from the git repo (<http://www.openldap.org/**devel/gitweb.cgi?p=openldap. **git;a=commitdiff;h=**eae46d35d252f5e7cfd623984f0896**e951d507c9http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eae46d35d252f5e7cfd623984f0896e951d507c9
)
As for adding unique, it's pretty trivial. I have a perl script that does it using Net::LDAP, but you can trivially change this for ldapadd:
my $ldap = Net::LDAP->new('ldapi://%**2fopt%2fzimbra%2fopenldap%**2fvar%2frun%2fldapi/') or die "$@"; my $mesg = $ldap->bind("cn=config", password=>"$ldap_root_**password"); $mesg->code && die "Bind: ". $mesg->error . "\n"; my $dn="cn=module{0},cn=config"; $mesg = $ldap->modify( $dn, add =>{olcModuleLoad => 'unique.la'}, ); my $bdn="olcDatabase={2}hdb,cn=**config"; $mesg = $ldap ->search( base=>"$bdn", filter=>"(objectClass=**olcUniqueConfig)", scope=>"sub", attrs => ['1.1'], );
my $size = $mesg->count; if ($size == 0) { $dn="olcOverlay=unique,$bdn"; $mesg = $ldap->add( "$dn", attr => [ 'olcUniqueURI' => 'ldap:///?mail?sub', 'objectclass' => ['olcOverlayConfig', 'olcUniqueConfig', ], ] ); $mesg->code && warn "failed to add entry: ", $mesg->error ; } $ldap->unbind;
The basic idea is you add a new entry, olcOverlay=unique,<base database DN> with the objectClasses and the unique URI.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--On Wednesday, November 16, 2011 1:40 PM +0100 Igor Blanco iblanco@binovo.es wrote:
Thanks Quanah:
I'm using Debian Stable's repository and would prefer to stay in sync with the repo to ease the maintenance process.
AFAIK Debian usually applies critical patches in its own packaging version so maybe some of those issues are already addressed.
Debian applies security fixes, which are few and far between. Your sort of "policy" is broken in its most basic form, and even the debian developers note this.
http://www.openldap.org/faq/data/cache/1456.html
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Igor Blanco -
Quanah Gibson-Mount