[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP 2.0.7: Can't add entries of type userpassword



Platform:  Linux xyzzy.azika.com 2.2.14-5.0smp #1 SMP Tue Mar 7 21:01:40 EST 2000 i686 unknown

Build: OpenLDAP 2.0.7 w/SSL support (OpenSSL 0.9.6) + SleepyCat Berkeley DB 3.1

Problem:  We attempt to add the following two ldif records to a clean
database.

File: voice.ldif
-----------------
dn: ou=voice, dc=azika, dc=com
ou: voice
objectClass: top
objectClass: organizationalUnit

File: sample.ldif
------------------
dn: uid=2065551212, ou=voice, dc=azika, dc=com
uid: 2065551212
objectClass: top
objectClass: person
objectclass=OrganizationalPerson
userpassword: {UNIX}eRHDlmb6RuG9.
sn: 2065551212
cn: jeremy



Added with:

ldapadd -D "cn=admin, dc=azika, dc=com" -w secret -f voice.ldif
ldapadd -D "cn=admin, dc=azika, dc=com" -w secret -f sample.ldif

Results of ldapsearch:
-----------------------------
jeremy@xyzzy % ldapsearch '(uid=2065551212)'

-----------------------------------
version: 2

#
# filter: uid=2065551212
# requesting: ALL
#

# 2065551212, voice, dc=azika, dc=com
dn: uid=2065551212, ou=voice, dc=azika, dc=com
uid: 2065551212
objectClass: top
objectClass: person
objectClass: OrganizationalPerson
objectClass: inetOrgPerson
sn: 2065551212
cn: jeremy
 
# search result
search: 2
result: 0 Success
 
# numResponses: 2
# numEntries: 1

--------------------------------------

Please note that the userpassword entry disappeared without a trace.

We have tested on a similar 1.2.11 installation with no problems.

(All schema files are stock except for local.schema, which contains
 Solaris 8 PAM and customer junk.  Shouldn't affect us a whit here).

slapd.conf
---------------------------------------

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kur
t Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/local.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/local/libexec/openldap
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# 489  -  standard stuff (lags and drags)
# -1 = enable ALL debugging
loglevel 0

TLSCertificateFile      /usr/local/ssl/certs/public.pem
TLSCertificateKeyFile   /usr/local/ssl/certs/private.pem

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm

suffix          "dc=azika, dc=com"

rootdn          "cn=admin, dc=azika, dc=com"

# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret

# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory       /usr/local/var/openldap-ldbm

# Indices to maintain
index   default         pres,eq
index   objectClass     eq

# indexes for Solaris 8 stuff
index   membernisnetgroup       pres,eq,sub
#index   nisnetgrouptriple       pres,eq,sub
index   memberuid
index   macAddress
#index   uidNumber
index   uid
#index   gidNumber
index   ipHostNumber
index   ipNetworkNumber
#index   ipProtocolNumber
#index   oncRpcNumber
index   ipServiceProtocol
#index   ipServicePort
index   nisDomain
index   nisMapName
index   mail

access to attr=cn,uid,uidNumber,gidNumber,homeDirectory
        by self read
        by * read
        by dn="cn=admin,dc=azika, dc=com" write

access to attr=shadowLastChange,shadowMin,shadowMax,shadowWarning
        by self read
        by * read
        by dn="cn=admin,dc=azika, dc=com" write

        by self read
        by * read
        by dn="cn=admin,dc=azika, dc=com" write
 
access to attr=userPassword
        by self read
        by dn="cn=admin,dc=azika, dc=com" write
 
# should be last
access to *
        by self write
        by dn="cn=admin,dc=azika, dc=com" write
        by anonymous read
        by * read
 
replogfile      /usr/local/var/replica.log
 
# replica host=foobar.azika.com:389
#       binddn="cn=admin,dc=azika, dc=com"
#       bindmethod=simple
#       credentials=nsp001


local.schema
---------------------------------------------------
attributetype (
    1.3.6.1.1.1.1.28
    NAME 'nisPublickey'
    DESC 'nisPublickey'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.1.1.1.29
    NAME 'nisSecretkey'
    DESC 'nisSecretkey'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.1.1.1.30
    NAME 'nisDomain'
    DESC 'nisDomain'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)


attributetype ( 1.3.6.1.1.1.1.31 NAME 'DSLStaticIP'
        DESC 'DSL IP Address as a dotted quad, e.g.  192.168.23.5'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )

attributetype ( 1.3.6.1.1.1.1.32 NAME 'dialpasswd'
        DESC 'Password for dialup account. Not the same as userpasswd'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.1.1.1.33 NAME 'dslpasswd'
        DESC 'Password for DSL account. Not the same as userpasswd'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.1.1.1.34 NAME 'RBN-PVC_Profile_Name'
        DESC 'RBN-PVC_Profile_Name'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributetype ( 1.3.6.1.1.1.1.35 NAME 'RBN-PVC_Encapsulation_Type'
        DESC 'RBN-PVC_Encapsulation_Type'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributetype ( 1.3.6.1.1.1.1.36 NAME 'RBN-Bind_Type'
        DESC 'RBN-Bind_Type'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributetype ( 1.3.6.1.1.1.1.37 NAME 'RBN-Bind_Auth_Protocol'
        DESC 'RBN-Bind_Auth_Protocol'
        EQUALITY caseExactIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.15
    NAME 'SolarisLDAPServers'
    DESC 'SolarisLDAPServers'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.16
    NAME 'SolarisSearchBaseDN'
    DESC 'SolarisSearchBaseDN'
    EQUALITY distinguishedNameMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
    SINGLE-VALUE)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.17
    NAME 'SolarisCacheTTL'
    DESC 'SolarisCacheTTL'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.18
    NAME 'SolarisBindDN'
    DESC 'SolarisBindDN'
    EQUALITY distinguishedNameMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
    SINGLE-VALUE)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.19
    NAME 'SolarisBindPassword'
    DESC 'SolarisBindPassword'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.20
    NAME 'SolarisAuthMethod'
    DESC 'SolarisAuthMethod'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.21
    NAME 'SolarisTransportSecurity'
    DESC 'SolarisTransportSecurity'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.22
    NAME 'SolarisCertificatePath'
    DESC 'SolarisCertificatePath'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.24
    NAME 'SolarisDataSearchDN'
    DESC 'SolarisDataSearchDN'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.25
    NAME 'SolarisSearchScope'
    DESC 'SolarisSearchScope'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.26
    NAME 'SolarisSearchTimeLimit'
    DESC 'SolarisSearchTimeLimit'
    EQUALITY numericStringMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
    SINGLE-VALUE)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.27
    NAME 'SolarisPreferredServer'
    DESC 'SolarisPreferredServer'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.28
    NAME 'SolarisPreferredServerOnly'
    DESC 'SolarisPreferredServerOnly'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE)

attributetype (
    1.3.6.1.4.1.42.2.27.5.1.29
    NAME 'SolarisSearchReferral'
    DESC 'SolarisSearchReferral'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE)

attributetype (
    2.16.840.1.113730.3.1.30
    NAME 'mgrpRFC822MailMember'
    DESC 'mgrpRFC822MailMember'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.4.1.42.2.27.1.1.12
    NAME 'nisNetIdUser'
    DESC 'nisNetIdUser'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.4.1.42.2.27.1.1.13
    NAME 'nisNetIdGroup'
    DESC 'nisNetIdGroup'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype (
    1.3.6.1.4.1.42.2.27.1.1.14
    NAME 'nisNetIdHost'
    DESC 'nisNetIdHost'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

objectclass (
    1.3.6.1.1.1.2.14
    NAME 'NisKeyObject'
    DESC 'NisKeyObject'
    SUP top
    MUST (
        cn $
        nisPublickey $
        nisSecretkey
    )
    MAY (
        uidNumber $
        description
    ))


objectclass (
    1.3.1.6.1.1.1.2.15
    NAME 'nisDomainObject'
    DESC 'nisDomainObject'
    SUP top
    MUST (
        nisDomain
    ))


objectclass (
    1.3.6.1.4.1.42.2.27.5.2.7
    NAME 'SolarisNamingProfile'
    DESC 'SolarisNamingProfile'
    SUP top
    MUST (
        cn $
        SolarisLDAPServers $
        SolarisSearchBaseDN
    )
    MAY (
        SolarisBindDN $
        SolarisBindPassword $
        SolarisAuthMethod $
        SolarisTransportSecurity $
        SolarisCertificatePath $
        SolarisDataSearchDN $
        SolarisSearchScope $
        SolarisSearchTimeLimit $
        SolarisPreferredServer $
        SolarisPreferredServerOnly $
        SolarisCacheTTL $
        SolarisSearchReferral
    ))

objectclass (1.3.6.1.1.1.2.13 NAME 'CustAccount' SUP top AUXILIARY
        DESC 'Additional attributes for Customer accounts'
        MAY ( dialpasswd $
              dslpasswd $
              dslstaticip $
              rbn-pvc_profile_name $
              rbn-pvc_encapsulation_type $
              rbn-bind_type $
              rbn-bind_auth_protocol
         )
        )


Build parameters for OpenLDAP, etc.
------------------------------------------------------
jeremy@xyzzy % gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)

jeremy@xyzzy % CC=gcc \
        CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include -I/usr/local/ssl/include" \
        LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib -L/usr/local/ssl/lib"  \
        ./configure --with-tls

[output deleted.  Available on request ]

jeremy@xyzzy % make depend; make; make test

[output deleted.  Available on request ]

Any information on a workaround would be appreciated