Carlos.
please always follow-up on the mailing list so others can learn and answer as well.
Carlos Santos wrote:
################################################################################
- #
- objectClass ( 1.3.6.1.4.1.5923.1.1.101
NAME 'dygroup'
DESC 'dynamic group'
SUP groupOfURLs
STRUCTURAL
MUST ( visibility $ groupname $ owner ) )
################################################################################
When using this and starting slapd with -d config,stats then it outputs:
51a8b922 line 53 (objectClass ( 1.3.6.1.4.1.5923.1.1.101 NAME 'dygroup' DESC 'dynamic group' SUP groupOfURLs STRUCTURAL MUST ( visibility $ groupname $ owner ) )) 51a8b922 /home/michael/ftp/Linux/Networking/LDAP/OpenLDAP/schema/experimental.schema: line 53 objectClass: AttributeType not found: "visibility"
So where's the attribute type description for 'visibility'?
=> always use debug options when starting slapd after working on custom schema definitions.
Ciao, Michael.
Thanks for the tip. I had the visibility in another schema file (which was also being included in slapd.conf).
I moved it to the dyngroup.schema file. This is how it looks now:
- - objectIdentifier NetscapeRoot 2.16.840.1.113730 - - objectIdentifier NetscapeLDAP NetscapeRoot:3 - objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1 - objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2 - - objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 - objectIdentifier DynGroupBase OpenLDAPExp11:8 - objectIdentifier DynGroupAttr DynGroupBase:1 - objectIdentifier DynGroupOC DynGroupBase:2 - - attributetype ( NetscapeLDAPattributeType:198 - NAME 'memberURL' - DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.' - SUP labeledURI ) - - attributetype ( DynGroupAttr:1 - NAME 'dgIdentity' - DESC 'Identity to use when processing the memberURL' - SUP distinguishedName SINGLE-VALUE ) - - attributeType ( DynGroupAttr:2 - NAME 'dgAuthz' - DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity' - EQUALITY authzMatch - SYNTAX 1.3.6.1.4.1.4203.666.2.7 - X-ORDERED 'VALUES' ) - - objectClass ( NetscapeLDAPobjectClass:33 - NAME 'groupOfURLs' - SUP top STRUCTURAL - MUST cn - MAY ( memberURL $ businessCategory $ description $ o $ ou $ - owner $ seeAlso $ member ) ) - - # The Haripriya dyngroup schema still needs a lot of work. - # We're just adding support for the dgIdentity attribute for now... - objectClass ( DynGroupOC:1 - NAME 'dgIdentityAux' - SUP top AUXILIARY - MAY ( dgIdentity $ dgAuthz ) ) - - ################################################################################ - # - attributeType ( 1.1.2.1.1 - NAME 'visibility' - SUP name ) - - # - - # - ################################################################################ - # - attributeType ( 1.1.2.1.2 - NAME 'groupname' - SUP name ) - - # - - ################################################################################ - - - ################################################################################ - # - objectClass ( 1.3.6.1.4.1.5923.1.1.101 - NAME 'dygroup' - DESC 'dynamic group' - SUP groupOfURLs - STRUCTURAL - MUST ( visibility $ groupname $ owner ) ) - - - ################################################################################ - - ####################################################################### - # - objectClass ( 1.3.6.1.4.1.5923.1.1.99 - NAME 'group' - DESC 'group' - SUP groupOfNames - STRUCTURAL - MUST ( visibility $ groupname $ owner ) ) - - - ################################################################################
However I have the same problem. It still doesn't show dygroup in the objectClass list whenever I try to crate a new entry.
2013/5/31 Michael Ströder michael@stroeder.com
Carlos.
please always follow-up on the mailing list so others can learn and answer as well.
Carlos Santos wrote:
################################################################################
- #
- objectClass ( 1.3.6.1.4.1.5923.1.1.101
NAME 'dygroup'
DESC 'dynamic group'
SUP groupOfURLs
STRUCTURAL
MUST ( visibility $ groupname $ owner ) )
################################################################################
When using this and starting slapd with -d config,stats then it outputs:
51a8b922 line 53 (objectClass ( 1.3.6.1.4.1.5923.1.1.101 NAME 'dygroup' DESC 'dynamic group' SUP groupOfURLs STRUCTURAL MUST ( visibility $ groupname $ owner ) )) 51a8b922
/home/michael/ftp/Linux/Networking/LDAP/OpenLDAP/schema/experimental.schema: line 53 objectClass: AttributeType not found: "visibility"
So where's the attribute type description for 'visibility'?
=> always use debug options when starting slapd after working on custom schema definitions.
Ciao, Michael.
Carlos Santos wrote:
However I have the same problem. It still doesn't show dygroup in the objectClass list whenever I try to crate a new entry.
Does slapd actually start? How do you find out whether the schema element is in the server's subschema subentry?
Ciao, Michael.
2013/5/31 Michael Ströder michael@stroeder.com
=> always use debug options when starting slapd after working on custom schema definitions.
Ciao, Michael.
Yes, slapd starts:
- Checking config file /etc/openldap2.4/slapd.conf: [ OK ] - Stopping slapd: [ OK ] - Starting slapd (ldap + ldaps): [ OK ]
When I go to the *Create a child entry *chose the *Default* template the * dygroup* doesn't show in the ObjectClasses list.
2013/5/31 Michael Ströder michael@stroeder.com
Carlos Santos wrote:
However I have the same problem. It still doesn't show dygroup in the objectClass list whenever I try to crate a new entry.
Does slapd actually start? How do you find out whether the schema element is in the server's subschema subentry?
Ciao, Michael.
2013/5/31 Michael Ströder michael@stroeder.com
=> always use debug options when starting slapd after working on custom schema definitions.
Ciao, Michael.
Carlos Santos wrote:
Yes, slapd starts:
- Checking config file /etc/openldap2.4/slapd.conf: [ OK ]
- Stopping slapd: [ OK ]
- Starting slapd (ldap + ldaps): [ OK ]
When I go to the *Create a child entry *chose the *Default* template the * dygroup* doesn't show in the ObjectClasses list.
It seems you're using some sort of a GUI client with unknown behaviour. Which client are you using?
I'd recommend to query the subschema subentry and examine that in detail.
OpenLDAP Faq-O-Matic - How can I fetch schema information from the server? http://www.openldap.org/faq/data/cache/1366.html
Ciao, Michael.
2013/5/31 Michael Ströder michael@stroeder.com
Carlos Santos wrote:
However I have the same problem. It still doesn't show dygroup in the objectClass list whenever I try to crate a new entry.
Does slapd actually start? How do you find out whether the schema element is in the server's subschema subentry?
Ciao, Michael.
2013/5/31 Michael Ströder michael@stroeder.com
=> always use debug options when starting slapd after working on custom schema definitions.
Ciao, Michael.
Hey, I forgot to mention that I am using phpLDAPadmin as a GUI.
All is working fine now. The dygroup objectClass wasn't in phpLDAPadmin because I forgot to restart it after changing the ldap schema.
Thanks for your help.
2013/6/3 Michael Ströder michael@stroeder.com
Carlos Santos wrote:
Yes, slapd starts:
- Checking config file /etc/openldap2.4/slapd.conf: [ OK ]
- Stopping slapd: [ OK ]
- Starting slapd (ldap + ldaps): [ OK ]
When I go to the *Create a child entry *chose the *Default* template the
dygroup* doesn't show in the ObjectClasses list.
It seems you're using some sort of a GUI client with unknown behaviour. Which client are you using?
I'd recommend to query the subschema subentry and examine that in detail.
OpenLDAP Faq-O-Matic - How can I fetch schema information from the server? http://www.openldap.org/faq/data/cache/1366.html
Ciao, Michael.
2013/5/31 Michael Ströder michael@stroeder.com
Carlos Santos wrote:
However I have the same problem. It still doesn't show dygroup in the objectClass list whenever I try to crate a new entry.
Does slapd actually start? How do you find out whether the schema element is in the server's
subschema
subentry?
Ciao, Michael.
2013/5/31 Michael Ströder michael@stroeder.com
=> always use debug options when starting slapd after working on
custom
schema definitions.
Ciao, Michael.
openldap-technical@openldap.org