[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP 2.0.7: Can't add entries of type userpassword
Please direct software use questions to the software mailing list.
At 05:16 PM 12/8/00 -0800, Jeremy Anderson wrote:
>Platform: Linux xyzzy.azika.com 2.2.14-5.0smp #1 SMP Tue Mar 7 21:01:40 EST 2000 i686 unknown
>
>Build: OpenLDAP 2.0.7 w/SSL support (OpenSSL 0.9.6) + SleepyCat Berkeley DB 3.1
>
>Problem: We attempt to add the following two ldif records to a clean
>database.
>
>File: voice.ldif
>-----------------
>dn: ou=voice, dc=azika, dc=com
>ou: voice
>objectClass: top
>objectClass: organizationalUnit
>
>File: sample.ldif
>------------------
>dn: uid=2065551212, ou=voice, dc=azika, dc=com
>uid: 2065551212
>objectClass: top
>objectClass: person
>objectclass=OrganizationalPerson
>userpassword: {UNIX}eRHDlmb6RuG9.
>sn: 2065551212
>cn: jeremy
>
>
>
>Added with:
>
>ldapadd -D "cn=admin, dc=azika, dc=com" -w secret -f voice.ldif
>ldapadd -D "cn=admin, dc=azika, dc=com" -w secret -f sample.ldif
>
>Results of ldapsearch:
>-----------------------------
>jeremy@xyzzy % ldapsearch '(uid=2065551212)'
>
>-----------------------------------
>version: 2
>
>#
># filter: uid=2065551212
># requesting: ALL
>#
>
># 2065551212, voice, dc=azika, dc=com
>dn: uid=2065551212, ou=voice, dc=azika, dc=com
>uid: 2065551212
>objectClass: top
>objectClass: person
>objectClass: OrganizationalPerson
>objectClass: inetOrgPerson
>sn: 2065551212
>cn: jeremy
>
># search result
>search: 2
>result: 0 Success
>
># numResponses: 2
># numEntries: 1
>
>--------------------------------------
>
>Please note that the userpassword entry disappeared without a trace.
>
>We have tested on a similar 1.2.11 installation with no problems.
>
>(All schema files are stock except for local.schema, which contains
> Solaris 8 PAM and customer junk. Shouldn't affect us a whit here).
>
>slapd.conf
>---------------------------------------
>
># $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kur
>t Exp $
>#
># See slapd.conf(5) for details on configuration options.
># This file should NOT be world readable.
>#
>include /usr/local/etc/openldap/schema/core.schema
>include /usr/local/etc/openldap/schema/cosine.schema
>include /usr/local/etc/openldap/schema/inetorgperson.schema
>include /usr/local/etc/openldap/schema/nis.schema
>include /usr/local/etc/openldap/schema/local.schema
>
># Define global ACLs to disable default read access.
>
># Do not enable referrals until AFTER you have a working directory
># service AND an understanding of referrals.
>#referral ldap://root.openldap.org
>
>pidfile /usr/local/var/slapd.pid
>argsfile /usr/local/var/slapd.args
>
># Load dynamic backend modules:
># modulepath /usr/local/libexec/openldap
># moduleload back_ldap.la
># moduleload back_ldbm.la
># moduleload back_passwd.la
># moduleload back_shell.la
>
># 489 - standard stuff (lags and drags)
># -1 = enable ALL debugging
>loglevel 0
>
>TLSCertificateFile /usr/local/ssl/certs/public.pem
>TLSCertificateKeyFile /usr/local/ssl/certs/private.pem
>
>#######################################################################
># ldbm database definitions
>#######################################################################
>
>database ldbm
>
>suffix "dc=azika, dc=com"
>
>rootdn "cn=admin, dc=azika, dc=com"
>
># Cleartext passwords, especially for the rootdn, should
># be avoid. See slappasswd(8) and slapd.conf(5) for details.
># Use of strong authentication encouraged.
>rootpw secret
>
># The database directory MUST exist prior to running slapd AND
># should only be accessable by the slapd/tools. Mode 700 recommended.
>directory /usr/local/var/openldap-ldbm
>
># Indices to maintain
>index default pres,eq
>index objectClass eq
>
># indexes for Solaris 8 stuff
>index membernisnetgroup pres,eq,sub
>#index nisnetgrouptriple pres,eq,sub
>index memberuid
>index macAddress
>#index uidNumber
>index uid
>#index gidNumber
>index ipHostNumber
>index ipNetworkNumber
>#index ipProtocolNumber
>#index oncRpcNumber
>index ipServiceProtocol
>#index ipServicePort
>index nisDomain
>index nisMapName
>index mail
>
>access to attr=cn,uid,uidNumber,gidNumber,homeDirectory
> by self read
> by * read
> by dn="cn=admin,dc=azika, dc=com" write
>
>access to attr=shadowLastChange,shadowMin,shadowMax,shadowWarning
> by self read
> by * read
> by dn="cn=admin,dc=azika, dc=com" write
>
> by self read
> by * read
> by dn="cn=admin,dc=azika, dc=com" write
>
>access to attr=userPassword
> by self read
> by dn="cn=admin,dc=azika, dc=com" write
>
># should be last
>access to *
> by self write
> by dn="cn=admin,dc=azika, dc=com" write
> by anonymous read
> by * read
>
>replogfile /usr/local/var/replica.log
>
># replica host=foobar.azika.com:389
># binddn="cn=admin,dc=azika, dc=com"
># bindmethod=simple
># credentials=nsp001
>
>
>local.schema
>---------------------------------------------------
>attributetype (
> 1.3.6.1.1.1.1.28
> NAME 'nisPublickey'
> DESC 'nisPublickey'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.1.1.1.29
> NAME 'nisSecretkey'
> DESC 'nisSecretkey'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.1.1.1.30
> NAME 'nisDomain'
> DESC 'nisDomain'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>
>attributetype ( 1.3.6.1.1.1.1.31 NAME 'DSLStaticIP'
> DESC 'DSL IP Address as a dotted quad, e.g. 192.168.23.5'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.32 NAME 'dialpasswd'
> DESC 'Password for dialup account. Not the same as userpasswd'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.33 NAME 'dslpasswd'
> DESC 'Password for DSL account. Not the same as userpasswd'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.34 NAME 'RBN-PVC_Profile_Name'
> DESC 'RBN-PVC_Profile_Name'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.35 NAME 'RBN-PVC_Encapsulation_Type'
> DESC 'RBN-PVC_Encapsulation_Type'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.36 NAME 'RBN-Bind_Type'
> DESC 'RBN-Bind_Type'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.37 NAME 'RBN-Bind_Auth_Protocol'
> DESC 'RBN-Bind_Auth_Protocol'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.15
> NAME 'SolarisLDAPServers'
> DESC 'SolarisLDAPServers'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.16
> NAME 'SolarisSearchBaseDN'
> DESC 'SolarisSearchBaseDN'
> EQUALITY distinguishedNameMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> SINGLE-VALUE)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.17
> NAME 'SolarisCacheTTL'
> DESC 'SolarisCacheTTL'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.18
> NAME 'SolarisBindDN'
> DESC 'SolarisBindDN'
> EQUALITY distinguishedNameMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> SINGLE-VALUE)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.19
> NAME 'SolarisBindPassword'
> DESC 'SolarisBindPassword'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.20
> NAME 'SolarisAuthMethod'
> DESC 'SolarisAuthMethod'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.21
> NAME 'SolarisTransportSecurity'
> DESC 'SolarisTransportSecurity'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.22
> NAME 'SolarisCertificatePath'
> DESC 'SolarisCertificatePath'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.24
> NAME 'SolarisDataSearchDN'
> DESC 'SolarisDataSearchDN'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.25
> NAME 'SolarisSearchScope'
> DESC 'SolarisSearchScope'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.26
> NAME 'SolarisSearchTimeLimit'
> DESC 'SolarisSearchTimeLimit'
> EQUALITY numericStringMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
> SINGLE-VALUE)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.27
> NAME 'SolarisPreferredServer'
> DESC 'SolarisPreferredServer'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.28
> NAME 'SolarisPreferredServerOnly'
> DESC 'SolarisPreferredServerOnly'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.5.1.29
> NAME 'SolarisSearchReferral'
> DESC 'SolarisSearchReferral'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE)
>
>attributetype (
> 2.16.840.1.113730.3.1.30
> NAME 'mgrpRFC822MailMember'
> DESC 'mgrpRFC822MailMember'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.1.1.12
> NAME 'nisNetIdUser'
> DESC 'nisNetIdUser'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.1.1.13
> NAME 'nisNetIdGroup'
> DESC 'nisNetIdGroup'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
> 1.3.6.1.4.1.42.2.27.1.1.14
> NAME 'nisNetIdHost'
> DESC 'nisNetIdHost'
> EQUALITY caseExactIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>objectclass (
> 1.3.6.1.1.1.2.14
> NAME 'NisKeyObject'
> DESC 'NisKeyObject'
> SUP top
> MUST (
> cn $
> nisPublickey $
> nisSecretkey
> )
> MAY (
> uidNumber $
> description
> ))
>
>
>objectclass (
> 1.3.1.6.1.1.1.2.15
> NAME 'nisDomainObject'
> DESC 'nisDomainObject'
> SUP top
> MUST (
> nisDomain
> ))
>
>
>objectclass (
> 1.3.6.1.4.1.42.2.27.5.2.7
> NAME 'SolarisNamingProfile'
> DESC 'SolarisNamingProfile'
> SUP top
> MUST (
> cn $
> SolarisLDAPServers $
> SolarisSearchBaseDN
> )
> MAY (
> SolarisBindDN $
> SolarisBindPassword $
> SolarisAuthMethod $
> SolarisTransportSecurity $
> SolarisCertificatePath $
> SolarisDataSearchDN $
> SolarisSearchScope $
> SolarisSearchTimeLimit $
> SolarisPreferredServer $
> SolarisPreferredServerOnly $
> SolarisCacheTTL $
> SolarisSearchReferral
> ))
>
>objectclass (1.3.6.1.1.1.2.13 NAME 'CustAccount' SUP top AUXILIARY
> DESC 'Additional attributes for Customer accounts'
> MAY ( dialpasswd $
> dslpasswd $
> dslstaticip $
> rbn-pvc_profile_name $
> rbn-pvc_encapsulation_type $
> rbn-bind_type $
> rbn-bind_auth_protocol
> )
> )
>
>
>Build parameters for OpenLDAP, etc.
>------------------------------------------------------
>jeremy@xyzzy % gcc -v
>Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs
>gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
>
>jeremy@xyzzy % CC=gcc \
> CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include -I/usr/local/ssl/include" \
> LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib -L/usr/local/ssl/lib" \
> ./configure --with-tls
>
>[output deleted. Available on request ]
>
>jeremy@xyzzy % make depend; make; make test
>
>[output deleted. Available on request ]
>
>Any information on a workaround would be appreciated