[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: slapd.conf WAS: ACL for PGP [Virus checked (@MLP)] [Virus checked]



Hi!

What is your mail up to the subject???

The problem is in your slapd.conf. See below.

slapd.conf:
"# Do not enable referrals until AFTER you have a working directory
 # service AND an understanding of referrals."
So disable referrals.

rootdn should be
rootdn          "cn=ehoxha,dc=colubris,dc=com"

Joachim






"Emilio Hoxha" <emilio.hoxha@colubris.com> am 08.01.2002 17:31:50


An:   "Alejandra Moreno" <alejandra.moreno@atrete.ch>, Joachim
      Koch/Login/DE/MLP@MLP
Kopie:    openldap-software@OpenLDAP.org

Thema:    RE: ACL for PGP  [Virus checked (@MLP)]  [Virus checked]



Hi Guys

I'm newbie in LDAP so bare with me please.
I'm trying to configure a very simple LDAP serevr (at least for now).I
have this slapd.conf file

servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
-->#referral       ldap://www2.ldap.colubris.com
loglevel 256


# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
# DISABLE referrals

#referral        ldap://root.openldap.org

pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/local/libexec/openldap
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

#
Sample Access Control
        Allow read access of root DSE
        Allow self write access
#       Allow authenticated users read access
#       Allow anonymous users to authenticate
#
access to * by * read
#access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default is:
#       Allow read by all
#
#rootdn can always write!

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
readonly        on
suffix          "dc=colubris,dc=com"
-->rootdn          "cn=ehoxha,dc=colubris,dc=com"
rootpw          ehoxha
directory /usr/local/var/openldap-ldbm
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
#directory      /usr/local/var/openldap-ldbm
# Indices to maintain
index   uid pres, eq objectClass
lastmod on
#access to attr=userPassword
#       by selfwrite
#       by anynomous auth
#       by dn="cn=root, dc=colubris, dc=com" write
#       by * none
#access to *
#       by self write
#       by dn="cn=root, dc=colubris, dc=com" write
#       by users read
#access to dn="(.*,)?dc=colubris,dc=com"
#attr=homePhone
#                by self write
#        by
#dn="(.*,)?dc=colubris,dc=com"search
#        by domain=.*\.colubris\.com read
#        access to dn="(.*,)?dc=colubris,dc=com"
#        by self write
#       by dn=".*,dc=colubris,dc=com" search
#        by anonymous auth
# access to attr=member,entry
#                by dnattr=member selfwrite



The problem is that when i wanna add a .ldif file i get this error

 ldapadd -x -D "cn=root, dc=saranda, dc=com" -W -f myldif.ldif
ldap_bind: Referral
and nothing new shows up in the slapd file

Thanks for any help



-----Original Message-----
From:     Alejandra Moreno
Sent:     Tue 1/8/2002 10:51 AM
To:  Joachim.Koch@mlp-ag.com
Cc:  openldap-software@OpenLDAP.org
Subject:  Re: ACL for PGP  [Virus checked (@MLP)]  [Virus checked]
Ahhh!!! I didn't know that! I will try it.

Alejandra


At 16:21 08.01.2002 +0100, you wrote:
>Hi!
>
>You are right, I looks terribly, and I do not recommend to build acls
like
>this,
>but OpenLDAP-ACLs are being processed from top to down, and the first
>acl that matches is been used. So I only give write permission to
everyone
>(including anonymous) to everything except
>
>      access to dn=".*,dc=ch" by * read
>
>Here is only read permission given.
>
>Please correct me, if i should be wrong.
>
>
>Joachim