Hi, (sorry for poor english)
I already ask here for meta and it's working (only have the date format conversion problem but we are about to find alternative)
So the ldap proxy can search for a user and provide attributes from an AD, Edir and openldap.
but now I want to add attributes to the edir and openldap users search result to have as much as from a AD user (example homeDrive)
I plan to use translucent to add these attributes, find that translucent cannot be used with meta so create new slapd instance.
I have add base and OU into this instance
I read carefully http://www.openldap.org/doc/admin24/overlays.html , and man slapo-translucent
I understand that they explain how to add attributes to only one group
here my questions
how can I add attributes to the translucent instance to all users in an OU (and sub) ?
is there another way to do what I want to do ?
thanks all for responses
Nicolas RENAULT wrote:
how can I add attributes to the translucent instance to all users in an OU (and sub) ?
See slapo-collect.
is there another way to do what I want to do ?
thanks all for responses
Le 06/08/2014 03:12, Howard Chu a écrit :
Nicolas RENAULT wrote:
how can I add attributes to the translucent instance to all users in an OU (and sub) ?
See slapo-collect.
is there another way to do what I want to do ?
thanks all for responses
thanks I think that this is what I want,
but I cannot find any exemple of the use for this overlay on google or other site, And the man slapo-collect, is not clear for me.
info : openldap 2.4.39 , as exemple, I want to add attribute 'networkAddress' and 'homeDrive' for all the inetOrgPerson from my Edir : ou=EDIR,OU=TOUT,dc=exemple,dc=fr
so questions :
* in slapd.conf (I use it because of meta ) : I have to add these lines ?
moduleload collect
...
overlay collect collectinfo cn=ancestor,ou=EDIR,OU=TOUT,dc=exemple,dc=fr networkAdress,homeDrive
(I choose ancestor for cn cause they talk about ancestor in the man command)
* don't understand how to create the ancestor ? just as an inetOrgPerson with the 2 attributes ?
* as 'homeDrive' or 'networkAddress' are not on inetOrgPerson schema (MAY or MUST) it will be a problem no ?
Thanks for reply or link to exemple.
Regards
Am Wed, 06 Aug 2014 18:16:07 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 06/08/2014 03:12, Howard Chu a écrit :
Nicolas RENAULT wrote:
how can I add attributes to the translucent instance to all users in an OU (and sub) ?
See slapo-collect.
is there another way to do what I want to do ?
thanks all for responses
thanks I think that this is what I want,
but I cannot find any exemple of the use for this overlay on google or other site, And the man slapo-collect, is not clear for me.
info : openldap 2.4.39 , as exemple, I want to add attribute 'networkAddress' and 'homeDrive' for all the inetOrgPerson from my Edir : ou=EDIR,OU=TOUT,dc=exemple,dc=fr
so questions :
- in slapd.conf (I use it because of meta ) : I have to add these
lines ?
moduleload collect
...
overlay collect collectinfo cn=ancestor,ou=EDIR,OU=TOUT,dc=exemple,dc=fr networkAdress,homeDrive
(I choose ancestor for cn cause they talk about ancestor in the man command)
- don't understand how to create the ancestor ? just as an
inetOrgPerson with the 2 attributes ?
- as 'homeDrive' or 'networkAddress' are not on inetOrgPerson schema
(MAY or MUST) it will be a problem no ?
Thanks for reply or link to exemple.
according to my private documentation, slapd has to be build with -DLDAP_COLLECTIVE_ATTRIBUTES, this information might be outdated.
This is a sample ldif: dn: cn=office,dc=example,dc=com objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=Human Resources" minimum 2} c-l: Berlin c-street: Main Street
-Dieter
Le 07/08/2014 09:09, Dieter Klünter a écrit :
Am Wed, 06 Aug 2014 18:16:07 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 06/08/2014 03:12, Howard Chu a écrit :
Nicolas RENAULT wrote:
how can I add attributes to the translucent instance to all users in an OU (and sub) ?
See slapo-collect.
is there another way to do what I want to do ?
thanks all for responses
thanks I think that this is what I want,
but I cannot find any exemple of the use for this overlay on google or other site, And the man slapo-collect, is not clear for me.
info : openldap 2.4.39 , as exemple, I want to add attribute 'networkAddress' and 'homeDrive' for all the inetOrgPerson from my Edir : ou=EDIR,OU=TOUT,dc=exemple,dc=fr
so questions :
- in slapd.conf (I use it because of meta ) : I have to add these
lines ?
moduleload collect
...
overlay collect collectinfo cn=ancestor,ou=EDIR,OU=TOUT,dc=exemple,dc=fr networkAdress,homeDrive
(I choose ancestor for cn cause they talk about ancestor in the man command)
- don't understand how to create the ancestor ? just as an
inetOrgPerson with the 2 attributes ?
- as 'homeDrive' or 'networkAddress' are not on inetOrgPerson schema
(MAY or MUST) it will be a problem no ?
Thanks for reply or link to exemple.
Thanks for informations ! back to work and to this old question.
according to my private documentation, slapd has to be build with -DLDAP_COLLECTIVE_ATTRIBUTES, this information might be outdated.
how can i know if the openldap 2.4.39 that i use is build with support for the collective attribute ?
This is a sample ldif: dn: cn=office,dc=example,dc=com objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=Human Resources" minimum 2} c-l: Berlin c-street: Main Street
-Dieter
When i try to add thinks like the example , a got an error
" ldap error code 65 'C-postalAddress' can only appear in collectiveAttributeSubentry "
Am Tue, 14 Oct 2014 14:38:13 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 07/08/2014 09:09, Dieter Klünter a écrit :
Am Wed, 06 Aug 2014 18:16:07 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 06/08/2014 03:12, Howard Chu a écrit :
Nicolas RENAULT wrote:
how can I add attributes to the translucent instance to all users in an OU (and sub) ?
See slapo-collect.
is there another way to do what I want to do ?
thanks all for responses
thanks I think that this is what I want,
but I cannot find any exemple of the use for this overlay on google or other site, And the man slapo-collect, is not clear for me.
info : openldap 2.4.39 , as exemple, I want to add attribute 'networkAddress' and 'homeDrive' for all the inetOrgPerson from my Edir : ou=EDIR,OU=TOUT,dc=exemple,dc=fr
so questions :
- in slapd.conf (I use it because of meta ) : I have to add these
lines ?
moduleload collect
...
overlay collect collectinfo cn=ancestor,ou=EDIR,OU=TOUT,dc=exemple,dc=fr networkAdress,homeDrive
(I choose ancestor for cn cause they talk about ancestor in the man command)
- don't understand how to create the ancestor ? just as an
inetOrgPerson with the 2 attributes ?
- as 'homeDrive' or 'networkAddress' are not on inetOrgPerson
schema (MAY or MUST) it will be a problem no ?
Thanks for reply or link to exemple.
Thanks for informations ! back to work and to this old question.
according to my private documentation, slapd has to be build with -DLDAP_COLLECTIVE_ATTRIBUTES, this information might be outdated.
how can i know if the openldap 2.4.39 that i use is build with support for the collective attribute ?
in order to check statically included modules and databases: ./slapd -VVV
-Dieter
Le 14/10/2014 17:17, Dieter Klünter a écrit :
Am Tue, 14 Oct 2014 14:38:13 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 07/08/2014 09:09, Dieter Klünter a écrit :
Am Wed, 06 Aug 2014 18:16:07 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 06/08/2014 03:12, Howard Chu a écrit :
Nicolas RENAULT wrote:
how can I add attributes to the translucent instance to all users in an OU (and sub) ?
See slapo-collect.
is there another way to do what I want to do ?
thanks all for responses
thanks I think that this is what I want,
but I cannot find any exemple of the use for this overlay ongoogle or other site, And the man slapo-collect, is not clear for me.
info : openldap 2.4.39 , as exemple, I want to add attribute 'networkAddress' and 'homeDrive' for all the inetOrgPerson from my Edir : ou=EDIR,OU=TOUT,dc=exemple,dc=fr
so questions :
- in slapd.conf (I use it because of meta ) : I have to add these
lines ?
moduleload collect
...
overlay collect collectinfo cn=ancestor,ou=EDIR,OU=TOUT,dc=exemple,dc=fr networkAdress,homeDrive
(I choose ancestor for cn cause they talk about ancestor in the man command)
- don't understand how to create the ancestor ? just as an
inetOrgPerson with the 2 attributes ?
- as 'homeDrive' or 'networkAddress' are not on inetOrgPerson
schema (MAY or MUST) it will be a problem no ?
Thanks for reply or link to exemple.
Thanks for informations ! back to work and to this old question.
according to my private documentation, slapd has to be build with -DLDAP_COLLECTIVE_ATTRIBUTES, this information might be outdated.
how can i know if the openldap 2.4.39 that i use is build with support for the collective attribute ?
in order to check statically included modules and databases: ./slapd -VVV
-Dieter
ok, the result of the command : ------------------------------------------- @(#) $OpenLDAP: slapd 2.4.39 $ opensuse-buildservice@opensuse.org
Included static overlays: ppolicy syncprov Included static backends: config ldif monitor bdb hdb ldap mdb relay --------------------------------------------
so no static overlay collect but I use a lot a overlay in my conf with moduleload directive :
(from my slapd.conf)
-------------------- include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/collective.schema include /etc/openldap/schema/contrib/exemple.schema defaultsearchbase dc=example,dc=fr pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256 modulepath /usr/lib/openldap/modules/ moduleload back_ldap moduleload back_meta moduleload rwm moduleload valsort #moduleload accesslog moduleload memberof moduleload dynlist moduleload sssvlv #moduleload pcache moduleload collect overlay sssvlv .... overlay collect collectinfo cn=collect_OU_NAME,dc=example,dc=fr co,PostalCode .... --------------------------------------------
someone see something wrong ?
if all is good with this declaration of collect, do I have to add an objectclass "collectiveAttributeSubentry" somewhere in the schema or it is provided by the module ?
ok, the result of the command :
@(#) $OpenLDAP: slapd 2.4.39 $ opensuse-buildservice@opensuse.org
Included static overlays: ppolicy syncprov Included static backends: config ldif monitor bdb hdb ldap mdb relay
so no static overlay collect but I use a lot a overlay in my conf with moduleload directive :
(from my slapd.conf)
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/collective.schema include /etc/openldap/schema/contrib/exemple.schema defaultsearchbase dc=example,dc=fr pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256 modulepath /usr/lib/openldap/modules/ moduleload back_ldap moduleload back_meta moduleload rwm moduleload valsort #moduleload accesslog moduleload memberof moduleload dynlist moduleload sssvlv #moduleload pcache moduleload collect overlay sssvlv .... overlay collect collectinfo cn=collect_OU_NAME,dc=example,dc=fr co,PostalCode ....
someone see something wrong ?
if all is good with this declaration of collect, do I have to add an objectclass "collectiveAttributeSubentry" somewhere in the schema or it is provided by the module ?
Hello,
I try others things without success. if someone have an idea/clue/tips to help me.
so I decide to build openldap 2.4.40 on a just-installed computer (opensuse 13.1 <-- client request) now slapd -VVV give me :
@(#) $OpenLDAP: slapd 2.4.40 (Oct 17 2014 15:08:43) $ root@linux-nn6c.site:/root/openldap-2.4.40/servers/slapd
Included static overlays: accesslog auditlog collect constraint dds deref dyngroup dynlist memberof ppolicy pcache refint retcode rwm seqmod sssvlv syncprov translucent unique valsort Included static backends: config ldif monitor bdb hdb ldap mdb meta relay
as you can see i build with a lot of overlay and backend (maybe to much )
I take the slapd.conf from the server I used.
-------------------- include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/collective.schema include /etc/openldap/schema/contrib/exemple.schema defaultsearchbase dc=example,dc=fr pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256 modulepath /usr/lib/openldap/modules/ moduleload back_ldap moduleload back_meta moduleload rwm moduleload valsort #moduleload accesslog moduleload memberof moduleload dynlist moduleload sssvlv #moduleload pcache moduleload collect overlay sssvlv .... overlay collect collectinfo cn=office,dc=example,dc=fr l,street
* do I have to use "moduleload" directive with overlay build that I made ? * when i try to add :
dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=SOME_OU" minimum 2} c-l: Berlin c-street: Main Street
--------------------------
the result is :
adding new entry "cn=office,dc=example,dc=fr" ldap_add: Object class violation (65) additional info: objectClass: value #2 invalid per syntax
so I suppose that "objectClass: collectiveAttributeSubentry" as to be declare in the schema. Y/N ?
if I look in RFC3671, I find this objectclass declaration :
objectclass ( 2.5.17.2 NAME 'collectiveAttributeSubentry' AUXILIARY)
so I add it from a file (exemple.schema) see slapd.conf ,
now when I try to add de ldif :
ldap_add: Object class violation (65) additional info: 'c-l' can only appear in collectiveAttributeSubentry
--------------------------------------
Sorry to ask over and over but a don't understand the way it works. What do i forget to do to make it works ?
thanks for reply
Am Fri, 17 Oct 2014 17:40:20 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
[...]
@(#) $OpenLDAP: slapd 2.4.40 (Oct 17 2014 15:08:43) $ root@linux-nn6c.site:/root/openldap-2.4.40/servers/slapd
Included static overlays: accesslog auditlog collect constraint dds deref dyngroup dynlist memberof ppolicy pcache refint retcode rwm seqmod sssvlv syncprov translucent unique valsort Included static backends: config ldif monitor bdb hdb ldap mdb meta relay
as you can see i build with a lot of overlay and backend (maybe to much )
I take the slapd.conf from the server I used.
[...]
modulepath /usr/lib/openldap/modules/ moduleload back_ldap moduleload back_meta moduleload rwm moduleload valsort #moduleload accesslog moduleload memberof moduleload dynlist moduleload sssvlv #moduleload pcache moduleload collect overlay sssvlv .... overlay collect collectinfo cn=office,dc=example,dc=fr l,street
These are not valid module names, thus no module will be included. Search /usr/lib/openldap/modules for proper module names.
-Dieter
Le 17/10/2014 23:02, Dieter Klünter a écrit :
Am Fri, 17 Oct 2014 17:40:20 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
[...]
@(#) $OpenLDAP: slapd 2.4.40 (Oct 17 2014 15:08:43) $ root@linux-nn6c.site:/root/openldap-2.4.40/servers/slapd
Included static overlays: accesslog auditlog collect constraint dds deref dyngroup dynlist memberof ppolicy pcache refint retcode rwm seqmod sssvlv syncprov translucent unique valsort Included static backends: config ldif monitor bdb hdb ldap mdb meta relay
as you can see i build with a lot of overlay and backend (maybe to much )
I take the slapd.conf from the server I used.
[...]
modulepath /usr/lib/openldap/modules/ moduleload back_ldap moduleload back_meta moduleload rwm moduleload valsort #moduleload accesslog moduleload memberof moduleload dynlist moduleload sssvlv #moduleload pcache moduleload collect overlay sssvlv .... overlay collect collectinfo cn=office,dc=example,dc=fr l,street
These are not valid module names, thus no module will be included. Search /usr/lib/openldap/modules for proper module names.
-Dieter
hello,
thank for reply, in debug mode slapd say :
5444c2fd module_load: (rwm) already present (static) 5444c2fd line 18 (moduleload valsort) 5444c2fd module_load: (valsort) already present (static) 5444c2fd line 20 (moduleload memberof) 5444c2fd module_load: (memberof) already present (static) 5444c2fd line 21 (moduleload dynlist)
So I remove all moduleload directives , after that when i start openldap and test if rwm , memberof , dynlist, ... works, all is good except the collect overlay.
as I say on the last post, when I try to add this ldif :
------------------- dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=SOME_OU" minimum 2} c-l: Berlin c-street: Main Street
--------------------------
the result is :
adding new entry "cn=office,dc=example,dc=fr" ldap_add: Object class violation (65) additional info: objectClass: value #2 invalid per syntax
so I suppose that "objectClass: collectiveAttributeSubentry" as to be declare in the schema. Y/N ?
if I look in RFC3671, I find this objectclass declaration :
objectclass ( 2.5.17.2 NAME 'collectiveAttributeSubentry' AUXILIARY)
As I can't find it in any .schema file (even in collective.schema), I try to add it from a file (exemple.schema) ,
now when I try to add de ldif :
ldap_add: Object class violation (65) additional info: 'c-l' can only appear in collectiveAttributeSubentry
--------------------------------------
any idea ?
ask me if you want that I post some part of slapd.conf or others log part.
And sorry for bad english.
Regards,
Am Mon, 20 Oct 2014 11:33:37 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 17/10/2014 23:02, Dieter Klünter a écrit :
Am Fri, 17 Oct 2014 17:40:20 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
[...]
@(#) $OpenLDAP: slapd 2.4.40 (Oct 17 2014 15:08:43) $ root@linux-nn6c.site:/root/openldap-2.4.40/servers/slapd
Included static overlays: accesslog auditlog collect constraint dds deref dyngroup dynlist memberof ppolicy pcache refint retcode rwm seqmod sssvlv syncprov translucent unique valsort Included static backends: config ldif monitor bdb hdb ldap mdb meta relay
as you can see i build with a lot of overlay and backend (maybe to much )
I take the slapd.conf from the server I used.
[...]
modulepath /usr/lib/openldap/modules/ moduleload back_ldap moduleload back_meta moduleload rwm moduleload valsort #moduleload accesslog moduleload memberof moduleload dynlist moduleload sssvlv #moduleload pcache moduleload collect overlay sssvlv .... overlay collect collectinfo cn=office,dc=example,dc=fr l,street
These are not valid module names, thus no module will be included. Search /usr/lib/openldap/modules for proper module names.
-Dieter
hello,
thank for reply, in debug mode slapd say :
5444c2fd module_load: (rwm) already present (static) 5444c2fd line 18 (moduleload valsort) 5444c2fd module_load: (valsort) already present (static) 5444c2fd line 20 (moduleload memberof) 5444c2fd module_load: (memberof) already present (static) 5444c2fd line 21 (moduleload dynlist)
So I remove all moduleload directives , after that when i start openldap and test if rwm , memberof , dynlist, ... works, all is good except the collect overlay.
as I say on the last post, when I try to add this ldif :
dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=SOME_OU" minimum 2} c-l: Berlin c-street: Main Street
the result is :
adding new entry "cn=office,dc=example,dc=fr" ldap_add: Object class violation (65) additional info: objectClass: value #2 invalid per syntax
so I suppose that "objectClass: collectiveAttributeSubentry" as to be declare in the schema. Y/N ?
No, it is declared in the source code.
if I look in RFC3671, I find this objectclass declaration :
objectclass ( 2.5.17.2 NAME 'collectiveAttributeSubentry' AUXILIARY)
As I can't find it in any .schema file (even in collective.schema), I try to add it from a file (exemple.schema) ,
now when I try to add de ldif :
ldap_add: Object class violation (65) additional info: 'c-l' can only appear in collectiveAttributeSubentry
any idea ?
ask me if you want that I post some part of slapd.conf or others log part.
collectiveAttrbibuteSubentry is declared in schema_prep.c. When I tested collective attributes, a few years ago, slapd had to be build with -DLDAP_COLLECTIVE_ATTRIBUTES. I don't know whether this is still the case.
-Dieter
Dieter Klünter wrote:
collectiveAttrbibuteSubentry is declared in schema_prep.c. When I tested collective attributes, a few years ago, slapd had to be build with -DLDAP_COLLECTIVE_ATTRIBUTES. I don't know whether this is still the case.
I've tested this yesterday and I had to build with -DLDAP_COLLECTIVE_ATTRIBUTES to make 'collectiveAttrbibuteSubentry' appear in the subschema subentry.
Ciao, Michael.
Le 21/10/2014 09:23, Michael Ströder a écrit :
Dieter Klünter wrote:
collectiveAttrbibuteSubentry is declared in schema_prep.c. When I tested collective attributes, a few years ago, slapd had to be build with -DLDAP_COLLECTIVE_ATTRIBUTES. I don't know whether this is still the case.
I've tested this yesterday and I had to build with -DLDAP_COLLECTIVE_ATTRIBUTES to make 'collectiveAttrbibuteSubentry' appear in the subschema subentry.
Ciao, Michael.
thanks for reply
so now the noob question : how do I build with -DLDAP_COLLECTIVE_ATTRIBUTES ? with our clue I try to restart the process with :
configure :
./configure --enable-syslog --enable-modules --enable-rewrite --enable-ldap --enable-meta --enable-collect --enable-dyngroup --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv --enable-valsort -DLDAP_COLLECTIVE_ATTRIBUTES
result : configure: error: unrecognized option: `-DLDAP_COLLECTIVE_ATTRIBUTES'
so I look on "configure --help" and "less INSTALL" , try to google DLDAP_COLLECTIVE_ATTRIBUTES and at last try a grep on the directory openldap-2.4.40/ but cannot find ref on how to build openldap with DLDAP_COLLECTIVE_ATTRIBUTES ..
finally and for archives :
./configure --enable-syslog --enable-modules --enable-rewrite --enable-ldap --enable-meta --enable-collect --enable-dyngroup --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv --enable-valsort CFLAGS="-DLDAP_COLLECTIVE_ATTRIBUTES"
after that , make depend, make , make install
Works ! that is the good process ?
now i can add the ldif with the example the you give me without errors.
but it doesn't appli collectives attributes :
I have create this to test overlay collect :
## dcObject is an AUXILIARY objectclass and MUST ## have a STRUCTURAL objectclass (organization in this case)
dn: dc=example,dc=fr dc: example o: example proxy LDAP Server description: Root entry for example proxy LDAP server objectClass: top objectclass: dcObject objectclass: organization
## FIRST Level hierarchy
dn: ou=TOUT,dc=example,dc=fr ou: TOUT description: OU pour contenir tout les annuaires objectClass: top objectClass: organizationalUnit
## FIRST Level hierarchy - Manager
dn: cn=Manager,dc=example,dc=fr cn: Manager description: Rootdn objectclass: organizationalRole
after that I add this (from example provide in reply) :
dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=TOUT" minimum 2} c-l: Berlin c-street: Main Street
and
dn: cn=user_test,ou=TOUT,dc=example,dc=fr sn: test cn: user_test objectClass: user objectClass: organizationalPerson objectClass: person objectClass: top
and in slapd.conf just for tests :
include /etc/openldap/schema/collective.schema ....... database bdb suffix "dc=example,dc=fr" rootdn "cn=Manager,dc=example,dc=fr" rootpw "xxxxx" directory /usr/local/var/openldap-base limits * size=1000 overlay collect collectinfo cn=office,dc=example,dc=fr l,street
with that , when I do an ldap search :
ldapsearch -H ldap://localhost -x -D "cn=Manager,dc=example,dc=fr" -W -b "ou=TOUT,dc=example,dc=fr" "(&(objectClass=user)(cn=user_test))" # extended LDIF # # LDAPv3 # base <ou=TOUT,dc=example,dc=fr> with scope subtree # filter: (&(objectClass=user)(cn=user_test)) # requesting: ALL #
# user_test, TOUT, example.fr dn: cn=user_test,ou=TOUT,dc=example,dc=fr sn: test cn: user_test objectClass: user objectClass: organizationalPerson objectClass: person objectClass: top
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
no trace for the l and street attributes. any idea ?
Thanks again for reply
Am Tue, 21 Oct 2014 14:35:14 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 21/10/2014 09:23, Michael Ströder a écrit :
Dieter Klünter wrote:
collectiveAttrbibuteSubentry is declared in schema_prep.c. When I tested collective attributes, a few years ago, slapd had to be build with -DLDAP_COLLECTIVE_ATTRIBUTES. I don't know whether this is still the case.
I've tested this yesterday and I had to build with -DLDAP_COLLECTIVE_ATTRIBUTES to make 'collectiveAttrbibuteSubentry' appear in the subschema subentry.
Ciao, Michael.
thanks for reply
so now the noob question : how do I build with -DLDAP_COLLECTIVE_ATTRIBUTES ? with our clue I try to restart the process with :
configure :
./configure --enable-syslog --enable-modules --enable-rewrite --enable-ldap --enable-meta --enable-collect --enable-dyngroup --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv --enable-valsort -DLDAP_COLLECTIVE_ATTRIBUTES
result : configure: error: unrecognized option: `-DLDAP_COLLECTIVE_ATTRIBUTES'
so I look on "configure --help" and "less INSTALL" , try to google DLDAP_COLLECTIVE_ATTRIBUTES and at last try a grep on the directory openldap-2.4.40/ but cannot find ref on how to build openldap with DLDAP_COLLECTIVE_ATTRIBUTES ..
finally and for archives :
./configure --enable-syslog --enable-modules --enable-rewrite --enable-ldap --enable-meta --enable-collect --enable-dyngroup --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv --enable-valsort CFLAGS="-DLDAP_COLLECTIVE_ATTRIBUTES"
after that , make depend, make , make install
Works ! that is the good process ?
now i can add the ldif with the example the you give me without errors.
but it doesn't appli collectives attributes :
I have create this to test overlay collect :
## dcObject is an AUXILIARY objectclass and MUST ## have a STRUCTURAL objectclass (organization in this case)
dn: dc=example,dc=fr dc: example o: example proxy LDAP Server description: Root entry for example proxy LDAP server objectClass: top objectclass: dcObject objectclass: organization
## FIRST Level hierarchy
dn: ou=TOUT,dc=example,dc=fr ou: TOUT description: OU pour contenir tout les annuaires objectClass: top objectClass: organizationalUnit
## FIRST Level hierarchy - Manager
dn: cn=Manager,dc=example,dc=fr cn: Manager description: Rootdn objectclass: organizationalRole
after that I add this (from example provide in reply) :
dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=TOUT" minimum 2} c-l: Berlin c-street: Main Street
and
dn: cn=user_test,ou=TOUT,dc=example,dc=fr sn: test cn: user_test objectClass: user objectClass: organizationalPerson objectClass: person objectClass: top
and in slapd.conf just for tests :
include /etc/openldap/schema/collective.schema ....... database bdb suffix "dc=example,dc=fr" rootdn "cn=Manager,dc=example,dc=fr" rootpw "xxxxx" directory /usr/local/var/openldap-base limits * size=1000 overlay collect collectinfo cn=office,dc=example,dc=fr l,street
attributes should be c-l,c-street
with that , when I do an ldap search :
ldapsearch -H ldap://localhost -x -D "cn=Manager,dc=example,dc=fr" -W -b "ou=TOUT,dc=example,dc=fr" "(&(objectClass=user)(cn=user_test))" # extended LDIF # # LDAPv3 # base <ou=TOUT,dc=example,dc=fr> with scope subtree # filter: (&(objectClass=user)(cn=user_test)) # requesting: ALL #
# user_test, TOUT, example.fr dn: cn=user_test,ou=TOUT,dc=example,dc=fr sn: test cn: user_test objectClass: user objectClass: organizationalPerson objectClass: person objectClass: top
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
no trace for the l and street attributes. any idea ?
The entries should be in cn=office,dc=example,dc=fr
-Dieter
Le 21/10/2014 17:42, Dieter Klünter a écrit :
Am Tue, 21 Oct 2014 14:35:14 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 21/10/2014 09:23, Michael Ströder a écrit :
Dieter Klünter wrote:
collectiveAttrbibuteSubentry is declared in schema_prep.c. When I tested collective attributes, a few years ago, slapd had to be build with -DLDAP_COLLECTIVE_ATTRIBUTES. I don't know whether this is still the case.
I've tested this yesterday and I had to build with -DLDAP_COLLECTIVE_ATTRIBUTES to make 'collectiveAttrbibuteSubentry' appear in the subschema subentry.
Ciao, Michael.
thanks for reply
so now the noob question : how do I build with -DLDAP_COLLECTIVE_ATTRIBUTES ? with our clue I try to restart the process with :
configure :
./configure --enable-syslog --enable-modules --enable-rewrite --enable-ldap --enable-meta --enable-collect --enable-dyngroup --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv --enable-valsort -DLDAP_COLLECTIVE_ATTRIBUTES
result : configure: error: unrecognized option: `-DLDAP_COLLECTIVE_ATTRIBUTES'
so I look on "configure --help" and "less INSTALL" , try to google DLDAP_COLLECTIVE_ATTRIBUTES and at last try a grep on the directory openldap-2.4.40/ but cannot find ref on how to build openldap with DLDAP_COLLECTIVE_ATTRIBUTES ..
finally and for archives :
./configure --enable-syslog --enable-modules --enable-rewrite --enable-ldap --enable-meta --enable-collect --enable-dyngroup --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv --enable-valsort CFLAGS="-DLDAP_COLLECTIVE_ATTRIBUTES"
after that , make depend, make , make install
Works ! that is the good process ?
now i can add the ldif with the example the you give me without errors.
but it doesn't appli collectives attributes :
I have create this to test overlay collect :
## dcObject is an AUXILIARY objectclass and MUST ## have a STRUCTURAL objectclass (organization in this case)
dn: dc=example,dc=fr dc: example o: example proxy LDAP Server description: Root entry for example proxy LDAP server objectClass: top objectclass: dcObject objectclass: organization
## FIRST Level hierarchy
dn: ou=TOUT,dc=example,dc=fr ou: TOUT description: OU pour contenir tout les annuaires objectClass: top objectClass: organizationalUnit
## FIRST Level hierarchy - Manager
dn: cn=Manager,dc=example,dc=fr cn: Manager description: Rootdn objectclass: organizationalRole
after that I add this (from example provide in reply) :
dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=TOUT" minimum 2} c-l: Berlin c-street: Main Street
and
dn: cn=user_test,ou=TOUT,dc=example,dc=fr sn: test cn: user_test objectClass: user objectClass: organizationalPerson objectClass: person objectClass: top
and in slapd.conf just for tests :
include /etc/openldap/schema/collective.schema ....... database bdb suffix "dc=example,dc=fr" rootdn "cn=Manager,dc=example,dc=fr" rootpw "xxxxx" directory /usr/local/var/openldap-base limits * size=1000 overlay collect collectinfo cn=office,dc=example,dc=fr l,street
attributes should be c-l,c-street
ok so now the line is
collectinfo cn=office,dc=example,dc=fr c-l,c-street
with that , when I do an ldap search :
ldapsearch -H ldap://localhost -x -D "cn=Manager,dc=example,dc=fr" -W -b "ou=TOUT,dc=example,dc=fr" "(&(objectClass=user)(cn=user_test))" # extended LDIF # # LDAPv3 # base <ou=TOUT,dc=example,dc=fr> with scope subtree # filter: (&(objectClass=user)(cn=user_test)) # requesting: ALL #
# user_test, TOUT, example.fr dn: cn=user_test,ou=TOUT,dc=example,dc=fr sn: test cn: user_test objectClass: user objectClass: organizationalPerson objectClass: person objectClass: top
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
no trace for the l and street attributes. any idea ?
The entries should be in cn=office,dc=example,dc=fr
sorry but I don't understand :
I create the object cn=office,dc=example,dc=fr
dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=TOUT" minimum 2} c-l: Berlin c-street: Main Street
with the subtreeSpecification to apply to "ou=TOUT" on dc=example,dc=fr.
no ?
I read the man
"Collective attributes are added to entries returned by a search operation when the entry is within the scope of the related ancestor"
I think that your reply refer to this part, but can you provide an working example or adapt my example to a working state ?
Thanks for reply
Am Wed, 22 Oct 2014 18:41:41 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 21/10/2014 17:42, Dieter Klünter a écrit :
Am Tue, 21 Oct 2014 14:35:14 +0200 schrieb Nicolas RENAULT nicolas_renault@yahoo.fr:
Le 21/10/2014 09:23, Michael Ströder a écrit :
Dieter Klünter wrote:
collectiveAttrbibuteSubentry is declared in schema_prep.c. When I tested collective attributes, a few years ago, slapd had to be build with -DLDAP_COLLECTIVE_ATTRIBUTES. I don't know whether this is still the case.
I've tested this yesterday and I had to build with -DLDAP_COLLECTIVE_ATTRIBUTES to make 'collectiveAttrbibuteSubentry' appear in the subschema subentry.
Ciao, Michael.
thanks for reply
so now the noob question : how do I build with -DLDAP_COLLECTIVE_ATTRIBUTES ? with our clue I try to restart the process with :
configure :
./configure --enable-syslog --enable-modules --enable-rewrite --enable-ldap --enable-meta --enable-collect --enable-dyngroup --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv --enable-valsort -DLDAP_COLLECTIVE_ATTRIBUTES
result : configure: error: unrecognized option: `-DLDAP_COLLECTIVE_ATTRIBUTES'
so I look on "configure --help" and "less INSTALL" , try to google DLDAP_COLLECTIVE_ATTRIBUTES and at last try a grep on the directory openldap-2.4.40/ but cannot find ref on how to build openldap with DLDAP_COLLECTIVE_ATTRIBUTES ..
finally and for archives :
./configure --enable-syslog --enable-modules --enable-rewrite --enable-ldap --enable-meta --enable-collect --enable-dyngroup --enable-memberof --enable-proxycache --enable-rwm --enable-sssvlv --enable-valsort CFLAGS="-DLDAP_COLLECTIVE_ATTRIBUTES"
after that , make depend, make , make install
Works ! that is the good process ?
now i can add the ldif with the example the you give me without errors.
but it doesn't appli collectives attributes :
I have create this to test overlay collect :
## dcObject is an AUXILIARY objectclass and MUST ## have a STRUCTURAL objectclass (organization in this case)
dn: dc=example,dc=fr dc: example o: example proxy LDAP Server description: Root entry for example proxy LDAP server objectClass: top objectclass: dcObject objectclass: organization
## FIRST Level hierarchy
dn: ou=TOUT,dc=example,dc=fr ou: TOUT description: OU pour contenir tout les annuaires objectClass: top objectClass: organizationalUnit
## FIRST Level hierarchy - Manager
dn: cn=Manager,dc=example,dc=fr cn: Manager description: Rootdn objectclass: organizationalRole
after that I add this (from example provide in reply) :
dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=TOUT" minimum 2} c-l: Berlin c-street: Main Street
and
dn: cn=user_test,ou=TOUT,dc=example,dc=fr sn: test cn: user_test objectClass: user objectClass: organizationalPerson objectClass: person objectClass: top
and in slapd.conf just for tests :
include /etc/openldap/schema/collective.schema ....... database bdb suffix "dc=example,dc=fr" rootdn "cn=Manager,dc=example,dc=fr" rootpw "xxxxx" directory /usr/local/var/openldap-base limits * size=1000 overlay collect collectinfo cn=office,dc=example,dc=fr l,street
attributes should be c-l,c-street
ok so now the line is
collectinfo cn=office,dc=example,dc=fr c-l,c-street
with that , when I do an ldap search :
ldapsearch -H ldap://localhost -x -D "cn=Manager,dc=example,dc=fr" -W -b "ou=TOUT,dc=example,dc=fr" "(&(objectClass=user)(cn=user_test))" # extended LDIF # # LDAPv3 # base <ou=TOUT,dc=example,dc=fr> with scope subtree # filter: (&(objectClass=user)(cn=user_test)) # requesting: ALL #
# user_test, TOUT, example.fr dn: cn=user_test,ou=TOUT,dc=example,dc=fr sn: test cn: user_test objectClass: user objectClass: organizationalPerson objectClass: person objectClass: top
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
no trace for the l and street attributes. any idea ?
The entries should be in cn=office,dc=example,dc=fr
sorry but I don't understand :
I create the object cn=office,dc=example,dc=fr
dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: extensibleObject objectClass: collectiveAttributeSubentry cn: office subtreeSpecification: {base "ou=TOUT" minimum 2} c-l: Berlin c-street: Main Street
with the subtreeSpecification to apply to "ou=TOUT" on dc=example,dc=fr.
no ?
I read the man
"Collective attributes are added to entries returned by a search operation when the entry is within the scope of the related ancestor"
I think that your reply refer to this part, but can you provide an working example or adapt my example to a working state ?
Thanks for reply
dn: cn=office,dc=example,dc=fr objectClass: subentry objectClass: collectiveAttributeSubentry subtreeSpecification: {base "ou=TOUT" minimum 0 maximum 2} cn: office c-l: Berlin c-street: Main Street
dn:ou=TOUT,cn=office,dc=example,dc=fr objectClass: organizationalUnit ou: TOUT
dn: cn=user_test,ou=TOUT,cn=office,dc=example,dc=fr sn: test cn: user_test objectClass: organizationalPerson
The attribute type subtreeSpecification my have an empty value.
-Dieter
openldap-technical@openldap.org
-
Dieter Klünter -
Howard Chu -
Michael Ströder -
Nicolas RENAULT