Hi list,
I´m using slapd 2.4.11-1+lenny1, until now I was being using posixgroup as objectclass for my groups, now we need to integrate ldap with a new application which requires GroupofUniquesnames as objectclass.
My question is, can I have mix groups?. I mean, a group with two objectclass as posixgroup and GroupofUniquenames.
I´ve tried but I always get errors because of conflict with both objectclass. And I cant delete posixgroup objectclass because I need it to integrate with samba and other services.
Could someone head me to the right way?
Thanks for all
Alejandro Gándara
Alejandro Gándara Álvarez wrote:
Hi list,
I´m using slapd 2.4.11-1+lenny1, until now I was being using posixgroup as objectclass for my groups, now we need to integrate ldap with a new application which requires GroupofUniquesnames as objectclass.
My question is, can I have mix groups?. I mean, a group with two objectclass as posixgroup and GroupofUniquenames.
I´ve tried but I always get errors because of conflict with both objectclass. And I cant delete posixgroup objectclass because I need it to integrate with samba and other services.
Could someone head me to the right way?
Search the web for rfc2307bis.schema. rfc2307bis is an unoffical schema, but it works as a replacement for the old nis.schema.
Test an update on a separate LDAP-Server. I think best is, to dump the hole database, replace the objectclass and reload the database to a new Test-Server. If it's working fine, do the same on your real LDAP-Server.
You can not simple replace the schemas, because of the StructuralObjectclass of your current records.
Good luck.
PS I am using rfc2307bis for some years and don't have any problems.
Thanks for all
Alejandro Gándara
-----Mensaje original----- De: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] En nombre de harry.jede@arcor.de Enviado el: jueves, 10 de febrero de 2011 18:02 Para: openldap-technical@openldap.org Asunto: Re: Ldap with GroupOfUniqueNames + PosixGroups
Alejandro Gándara Álvarez wrote:
Hi list,
I´m using slapd 2.4.11-1+lenny1, until now I was being using posixgroup as objectclass for my groups, now we need to integrate ldap with a new application which requires GroupofUniquesnames as objectclass.
My question is, can I have mix groups?. I mean, a group with two objectclass as posixgroup and GroupofUniquenames.
I´ve tried but I always get errors because of conflict with both objectclass. And I cant delete posixgroup objectclass because I need it to integrate with samba and other services.
Could someone head me to the right way?
Search the web for rfc2307bis.schema. rfc2307bis is an unoffical schema, but it works as a replacement for the old nis.schema.
Test an update on a separate LDAP-Server. I think best is, to dump the hole database, replace the objectclass and reload the database to a new Test-Server. If it's working fine, do the same on your real LDAP-Server.
You can not simple replace the schemas, because of the StructuralObjectclass of your current records.
Good luck.
PS I am using rfc2307bis for some years and don't have any problems.
Thanks for all
Alejandro Gándara
Am Donnerstag, 10. Februar 2011 schrieb Alejandro Gándara Álvarez:
Hi,
Thanks for your answer I´ve tried what you said, I did the following steps:
1- Install new openldap server in other server (Version:2.4.17-2.1).
At this point nis.schema is defined in slapd.conf AND the openlap server has started once. True for Debin/Ubuntu.
2- I copied rfc2307bis.schema as the new nis.schema.
Don't do this. Next update via apt/aptitude or what ever you use will overide the nis.schema file :-( . COPY the rfc2307bis.schema to the schema directory and replace nis.schema with rfc2307bis.schema in slapd.conf.
3- I made dpkg-reconfigure slapd, to reconfigure everything with the new domain and creating a new BBDD.
That is the wrong way. "dpkg-reconfigure slapd" will NOT and NEVER create a new ldap database, if one exist.
- Stop slapd - You must backup & remove the content of the /var/lib/ldap/ directory. - Load the dump of your OLD server via slapadd - Start slapd
4- When It try to add the first entry I got the following messages Duplicate attributeType: "1.3.6.1.1.1.1.0"
Sure.
5-I went to /etc/ldap/schema and I ran grep -r "1.3.6.1.1.1.1.0" . and I only got one answer so Its right. This attribute is placed in nis.schema(rfc2307bis.schema).
Mmmh, your ols nis.schema exist still in the ldap database, because you have forgotten to start with an empty database.
Could you tell me where is my fault.
See above. Debian will start the openldap server right after slapd*.deb is installed. So its not your fault. One must know, how packages are installed and what happens during this phase. You may read the package install scripts, if you need to know what debian will do. You may focus on reading /var/lib/dpkg/info/slapd.config
ls /var/lib/dpkg/info/slapd.* /var/lib/dpkg/info/slapd.conffiles /var/lib/dpkg/info/slapd.postrm /var/lib/dpkg/info/slapd.config /var/lib/dpkg/info/slapd.preinst /var/lib/dpkg/info/slapd.list /var/lib/dpkg/info/slapd.prerm /var/lib/dpkg/info/slapd.md5sums /var/lib/dpkg/info/slapd.shlibs /var/lib/dpkg/info/slapd.postinst /var/lib/dpkg/info/slapd.templates
What each script does in general is explained here: http://www.debian.org/doc/debian-policy/ch-maintainerscripts.html
Thanks for all.
Alejandro Gándara
Hi list,
We use ldap for applications such as : Samba, Apache, Bugzilla, Openfire, Asterisk and more services. Our groups have as Estructural objectcalss posixgroups. Now we want to integrate ldap with Nuxeo.
This mean we want to use Groups with groupOfUniquesNames as objectclass. So I have a few Questions?
* ¿Is a good choice use rcf2307bis, to get groupOfUniquesNames and posixgroups to work together? ¿Could it be a future problem?. *¿There is another option to get users working with samba without using posixgroups?
Thanks for all
Alejandro Gándara
On 2/14/2011 04:22, Alejandro Gándara Álvarez wrote:
Hi list,
We use ldap for applications such as : Samba, Apache, Bugzilla, Openfire, Asterisk and more services. Our groups have as Estructural objectcalss posixgroups. Now we want to integrate ldap with Nuxeo.
This mean we want to use Groups with groupOfUniquesNames as objectclass. So I have a few Questions?
- ¿Is a good choice use rcf2307bis, to get groupOfUniquesNames and
posixgroups to work together? ¿Could it be a future problem?. *¿There is another option to get users working with samba without using posixgroups?
Thanks for all
Alejandro Gándara
not sure if samba + groupOfUniqueNames will work, however, having GroupOfUniqueNames and posixGroup together in a single object shouldn't causwe any conflicts to keep samba from running. the only downside is that they need to be managed separately. also, unless you know you NEED groupOfUniqueNames (IE: Your application documentation tells you so), you probably want groupOfNames instead. groupOfUniqueNames doesn't do quite what it appears at first glance.
openldap-technical@openldap.org
-
Alejandro Gándara Álvarez -
Christ Schlacta -
harry.jede@arcor.de