Hi
Sorry, new member and just started using ldap (openldap). I am not sure whether I can ask this question here as the name of the list specifies "technical", if not please tell me list(s) where I can do so.
For starters I have read the O'reilly book, I tried to figure out my questions using the help in the FAQ's, I searched to net ... but I am a little out of my depth in the moment.
I am trying to get LDAP to work to help authentication in wordpress and moodle, with wordpress being the main part and moodle uses LDAP for the authentication (subscription based) and some info for each student from LDAP.
So far I can add entries to LDAP from wordpress, I can login to wordpress using LDAP.
I have got it to work to allow access to moodle when the correct username (uid) and password is found in LDAP but I want to add some info about each student to LDAP, one the country and the other being the city (and later some more).
So far I can add enough information for subscribers (billing address, uid, telephone etc) using the standard schemas and object classes, but I need a little mode info for each. This is what I have:
dn: dc=MyDomain,dc=com,dc=au dc: MyDomain objectClass: domain
dn: o=Subscriptions,dc=MyDomain,dc=com,dc=au o: Subscriptions objectClass: organization
dn: ou=moodle,o=Subscriptions,dc=MyDomain,dc=com,dc=au ou: moodle objectClass: organizationalUnit
dn: uid=gemma, ou=moodle, o=Subscriptions, dc=MyDomain, dc=com, dc=au objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgPerson objectclass: emailPerson objectclass: NameViewPerson cn=Gemma Turtle sn=Turtle givenName=Gemma Turtle uid=gemma countryCode=AU
I end up with an error "invalid structural object class chain", which I think means the country needs to be higher up the tree, but then I would have to create the tree branches for every country (for each person)?
Subscribers will come from different countries and countless cities (which I haven't added yet) as this is part of the target audience.
I am not sure how to structure this. Are there any ldif file around I can have a look that deal with subscriptions like this?
Jobst
On 11/22/12 16:27 +1100, Jobst Schmalenbach wrote:
So far I can add entries to LDAP from wordpress, I can login to wordpress using LDAP.
So far I can add enough information for subscribers (billing address, uid, telephone etc) using the standard schemas and object classes, but I need a little mode info for each. This is what I have:
dn: dc=MyDomain,dc=com,dc=au dc: MyDomain objectClass: domain
dn: o=Subscriptions,dc=MyDomain,dc=com,dc=au o: Subscriptions objectClass: organization
dn: ou=moodle,o=Subscriptions,dc=MyDomain,dc=com,dc=au ou: moodle objectClass: organizationalUnit
dn: uid=gemma, ou=moodle, o=Subscriptions, dc=MyDomain, dc=com, dc=au objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgPerson objectclass: emailPerson objectclass: NameViewPerson cn=Gemma Turtle sn=Turtle givenName=Gemma Turtle uid=gemma countryCode=AU
I end up with an error "invalid structural object class chain", which I think means the country needs to be higher up the tree, but then I would have to create the tree branches for every country (for each person)?
That error is discussed here:
http://www.openldap.org/doc/admin24/appendix-common-errors.html#ldap%20add:%...
The problem is not the structure of your DIT, but rather your choice of objectClasses:
objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgPerson objectclass: emailPerson objectclass: NameViewPerson
person is "SUP top STRUCTURAL" organizationalPerson is "SUP person STRUCTURAL" inetOrgPerson is "SUP organizationalPerson STRUCTURAL"
these form a valid structural chain
emailPerson and NameViewPerson do not show up in the list of schemas that I use, but I suspect one or the other is a Structural objectClass that does not SUP from inetOrgPerson.
Find out which attributes you need from the offending objectClass, and consider making a new Auxiliary objectClass containing those attributes.
See chapter 13 of the Administrator's Guide for an example.
On Thu, Nov 22, 2012 at 12:18:17AM -0600, Dan White (dwhite@olp.net) wrote:
On 11/22/12 16:27 +1100, Jobst Schmalenbach wrote:
So far I can add entries to LDAP from wordpress, I can login to wordpress using LDAP.
[snip]
objectclass: person objectclass: organizationalPerson objectclass: inetorgPerson objectclass: emailPerson objectclass: NameViewPerson
person is "SUP top STRUCTURAL" organizationalPerson is "SUP person STRUCTURAL" inetOrgPerson is "SUP organizationalPerson STRUCTURAL"
these form a valid structural chain
took me a while to "get it" ... the way you wrote it down - close and the order - made the penny drop, thanks.
emailPerson and NameViewPerson do not show up in the list of schemas that I use, but I suspect one or the other is a Structural objectClass that does not SUP from inetOrgPerson.
shouldn't have been in there, I was trying different things that I found - they were a "left over" - working but did not give me what I wanted.
Find out which attributes you need from the offending objectClass, and consider making a new Auxiliary objectClass containing those attributes.
Understood! Did that, took me a few hours to put it altogether - and then the penny dropped again. Now I have got an object class filled with ALL the things I wanted:
objectclass ( CustomerObject:1.2012.11.19.1 NAME 'Customer' DESC 'Customer' SUP person STRUCTURAL MUST ( email ) MAY ( country $ city $ firstname $ lastname $ language $ description $ website $ department $ mobile $ mobileTelephoneNumber $ postalAddress $ address1 $ address2 $ state $ postcode $ facebook $ twitter $ googleplus $ nickname $ displayname ))
See chapter 13 of the Administrator's Guide for an example.
yeah and http://www.rfc-editor.org/rfc/rfc2252.txt ;-)
thanks for your help Jobst
Am Thu, 22 Nov 2012 16:27:06 +1100 schrieb Jobst Schmalenbach jobst@barrett.com.au:
Hi
Sorry, new member and just started using ldap (openldap). I am not sure whether I can ask this question here as the name of the list specifies "technical", if not please tell me list(s) where I can do so.
For starters I have read the O'reilly book, I tried to figure out my questions using the help in the FAQ's, I searched to net ... but I am a little out of my depth in the moment.
I am trying to get LDAP to work to help authentication in wordpress and moodle, with wordpress being the main part and moodle uses LDAP for the authentication (subscription based) and some info for each student from LDAP.
So far I can add entries to LDAP from wordpress, I can login to wordpress using LDAP.
I have got it to work to allow access to moodle when the correct username (uid) and password is found in LDAP but I want to add some info about each student to LDAP, one the country and the other being the city (and later some more).
So far I can add enough information for subscribers (billing address, uid, telephone etc) using the standard schemas and object classes, but I need a little mode info for each. This is what I have:
dn: dc=MyDomain,dc=com,dc=au dc: MyDomain objectClass: domain
dn: o=Subscriptions,dc=MyDomain,dc=com,dc=au o: Subscriptions objectClass: organization
dn: ou=moodle,o=Subscriptions,dc=MyDomain,dc=com,dc=au ou: moodle objectClass: organizationalUnit
dn: uid=gemma, ou=moodle, o=Subscriptions, dc=MyDomain, dc=com, dc=au objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgPerson objectclass: emailPerson objectclass: NameViewPerson cn=Gemma Turtle sn=Turtle givenName=Gemma Turtle uid=gemma countryCode=AU
I presume the equals sign is a typo.
I end up with an error "invalid structural object class chain", which I think means the country needs to be higher up the tree, but then I would have to create the tree branches for every country (for each person)?
Subscribers will come from different countries and countless cities (which I haven't added yet) as this is part of the target audience.
I am not sure how to structure this. Are there any ldif file around I can have a look that deal with subscriptions like this?
It is not a matter of ldif design it is a matter of object class design. An entry may only have one structural object class chain. In your case it is person, organizationalPerson, inetorgPerson, this structure is valid. If the other two classes emailPerson and nameViewPerson are declared structural as well, that would cause an error. As this object classes are not standard track classes but private, you may change the classes from structural to auxiliary. An other question would be, why do you define a attribute type countryCode while there is an attribute type countryName allready in core schema.
-Dieter
Hi,
countryCode=AU
I presume the equals sign is a typo.
yes, sorry the equal signs are a typo, I sit in front of a few screens, I copied that by "view" - and it was late ;-)
structure is valid. If the other two classes emailPerson and nameViewPerson are declared structural as well, that would cause an error. As this object classes are not standard track classes but
both auxiliary - I was trying some other objects I had seen on the net.
An other question would be, why do you define a attribute type countryCode while there is an attribute type countryName allready in core schema.
I was trying a string, I did not want the "two letter code". In the wordpress AND moodle date base it's a string.
I figured it out, I created my own object. Jobst
On Thu, Nov 22, 2012 at 08:37:49AM +0100, Dieter Kl?nter (dieter@dkluenter.de) wrote:
Am Thu, 22 Nov 2012 16:27:06 +1100 schrieb Jobst Schmalenbach jobst@barrett.com.au:
Hi
Sorry, new member and just started using ldap (openldap). I am not sure whether I can ask this question here as the name of the list specifies "technical", if not please tell me list(s) where I can do so.
For starters I have read the O'reilly book, I tried to figure out my questions using the help in the FAQ's, I searched to net ... but I am a little out of my depth in the moment.
I am trying to get LDAP to work to help authentication in wordpress and moodle, with wordpress being the main part and moodle uses LDAP for the authentication (subscription based) and some info for each student from LDAP.
So far I can add entries to LDAP from wordpress, I can login to wordpress using LDAP.
I have got it to work to allow access to moodle when the correct username (uid) and password is found in LDAP but I want to add some info about each student to LDAP, one the country and the other being the city (and later some more).
So far I can add enough information for subscribers (billing address, uid, telephone etc) using the standard schemas and object classes, but I need a little mode info for each. This is what I have:
dn: dc=MyDomain,dc=com,dc=au dc: MyDomain objectClass: domain
dn: o=Subscriptions,dc=MyDomain,dc=com,dc=au o: Subscriptions objectClass: organization
dn: ou=moodle,o=Subscriptions,dc=MyDomain,dc=com,dc=au ou: moodle objectClass: organizationalUnit
dn: uid=gemma, ou=moodle, o=Subscriptions, dc=MyDomain, dc=com, dc=au objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgPerson objectclass: emailPerson objectclass: NameViewPerson cn=Gemma Turtle sn=Turtle givenName=Gemma Turtle uid=gemma countryCode=AU
I presume the equals sign is a typo.
I end up with an error "invalid structural object class chain", which I think means the country needs to be higher up the tree, but then I would have to create the tree branches for every country (for each person)?
Subscribers will come from different countries and countless cities (which I haven't added yet) as this is part of the target audience.
I am not sure how to structure this. Are there any ldif file around I can have a look that deal with subscriptions like this?
It is not a matter of ldif design it is a matter of object class design. An entry may only have one structural object class chain. In your case it is person, organizationalPerson, inetorgPerson, this structure is valid. If the other two classes emailPerson and nameViewPerson are declared structural as well, that would cause an error. As this object classes are not standard track classes but private, you may change the classes from structural to auxiliary. An other question would be, why do you define a attribute type countryCode while there is an attribute type countryName allready in core schema.
-Dieter
-- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
openldap-technical@openldap.org
-
Dan White -
Dieter Klünter -
Jobst Schmalenbach