[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP 2.0.7: Can't add entries of type userpassword



Please direct software use questions to the software mailing list.

At 05:16 PM 12/8/00 -0800, Jeremy Anderson wrote:
>Platform:  Linux xyzzy.azika.com 2.2.14-5.0smp #1 SMP Tue Mar 7 21:01:40 EST 2000 i686 unknown
>
>Build: OpenLDAP 2.0.7 w/SSL support (OpenSSL 0.9.6) + SleepyCat Berkeley DB 3.1
>
>Problem:  We attempt to add the following two ldif records to a clean
>database.
>
>File: voice.ldif
>-----------------
>dn: ou=voice, dc=azika, dc=com
>ou: voice
>objectClass: top
>objectClass: organizationalUnit
>
>File: sample.ldif
>------------------
>dn: uid=2065551212, ou=voice, dc=azika, dc=com
>uid: 2065551212
>objectClass: top
>objectClass: person
>objectclass=OrganizationalPerson
>userpassword: {UNIX}eRHDlmb6RuG9.
>sn: 2065551212
>cn: jeremy
>
>
>
>Added with:
>
>ldapadd -D "cn=admin, dc=azika, dc=com" -w secret -f voice.ldif
>ldapadd -D "cn=admin, dc=azika, dc=com" -w secret -f sample.ldif
>
>Results of ldapsearch:
>-----------------------------
>jeremy@xyzzy % ldapsearch '(uid=2065551212)'
>
>-----------------------------------
>version: 2
>
>#
># filter: uid=2065551212
># requesting: ALL
>#
>
># 2065551212, voice, dc=azika, dc=com
>dn: uid=2065551212, ou=voice, dc=azika, dc=com
>uid: 2065551212
>objectClass: top
>objectClass: person
>objectClass: OrganizationalPerson
>objectClass: inetOrgPerson
>sn: 2065551212
>cn: jeremy
> 
># search result
>search: 2
>result: 0 Success
> 
># numResponses: 2
># numEntries: 1
>
>--------------------------------------
>
>Please note that the userpassword entry disappeared without a trace.
>
>We have tested on a similar 1.2.11 installation with no problems.
>
>(All schema files are stock except for local.schema, which contains
> Solaris 8 PAM and customer junk.  Shouldn't affect us a whit here).
>
>slapd.conf
>---------------------------------------
>
># $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kur
>t Exp $
>#
># See slapd.conf(5) for details on configuration options.
># This file should NOT be world readable.
>#
>include         /usr/local/etc/openldap/schema/core.schema
>include         /usr/local/etc/openldap/schema/cosine.schema
>include         /usr/local/etc/openldap/schema/inetorgperson.schema
>include         /usr/local/etc/openldap/schema/nis.schema
>include         /usr/local/etc/openldap/schema/local.schema
>
># Define global ACLs to disable default read access.
>
># Do not enable referrals until AFTER you have a working directory
># service AND an understanding of referrals.
>#referral       ldap://root.openldap.org
>
>pidfile         /usr/local/var/slapd.pid
>argsfile        /usr/local/var/slapd.args
>
># Load dynamic backend modules:
># modulepath    /usr/local/libexec/openldap
># moduleload    back_ldap.la
># moduleload    back_ldbm.la
># moduleload    back_passwd.la
># moduleload    back_shell.la
>
># 489  -  standard stuff (lags and drags)
># -1 = enable ALL debugging
>loglevel 0
>
>TLSCertificateFile      /usr/local/ssl/certs/public.pem
>TLSCertificateKeyFile   /usr/local/ssl/certs/private.pem
>
>#######################################################################
># ldbm database definitions
>#######################################################################
>
>database        ldbm
>
>suffix          "dc=azika, dc=com"
>
>rootdn          "cn=admin, dc=azika, dc=com"
>
># Cleartext passwords, especially for the rootdn, should
># be avoid.  See slappasswd(8) and slapd.conf(5) for details.
># Use of strong authentication encouraged.
>rootpw          secret
>
># The database directory MUST exist prior to running slapd AND
># should only be accessable by the slapd/tools. Mode 700 recommended.
>directory       /usr/local/var/openldap-ldbm
>
># Indices to maintain
>index   default         pres,eq
>index   objectClass     eq
>
># indexes for Solaris 8 stuff
>index   membernisnetgroup       pres,eq,sub
>#index   nisnetgrouptriple       pres,eq,sub
>index   memberuid
>index   macAddress
>#index   uidNumber
>index   uid
>#index   gidNumber
>index   ipHostNumber
>index   ipNetworkNumber
>#index   ipProtocolNumber
>#index   oncRpcNumber
>index   ipServiceProtocol
>#index   ipServicePort
>index   nisDomain
>index   nisMapName
>index   mail
>
>access to attr=cn,uid,uidNumber,gidNumber,homeDirectory
>        by self read
>        by * read
>        by dn="cn=admin,dc=azika, dc=com" write
>
>access to attr=shadowLastChange,shadowMin,shadowMax,shadowWarning
>        by self read
>        by * read
>        by dn="cn=admin,dc=azika, dc=com" write
>
>        by self read
>        by * read
>        by dn="cn=admin,dc=azika, dc=com" write
> 
>access to attr=userPassword
>        by self read
>        by dn="cn=admin,dc=azika, dc=com" write
> 
># should be last
>access to *
>        by self write
>        by dn="cn=admin,dc=azika, dc=com" write
>        by anonymous read
>        by * read
> 
>replogfile      /usr/local/var/replica.log
> 
># replica host=foobar.azika.com:389
>#       binddn="cn=admin,dc=azika, dc=com"
>#       bindmethod=simple
>#       credentials=nsp001
>
>
>local.schema
>---------------------------------------------------
>attributetype (
>    1.3.6.1.1.1.1.28
>    NAME 'nisPublickey'
>    DESC 'nisPublickey'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.1.1.1.29
>    NAME 'nisSecretkey'
>    DESC 'nisSecretkey'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.1.1.1.30
>    NAME 'nisDomain'
>    DESC 'nisDomain'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>
>attributetype ( 1.3.6.1.1.1.1.31 NAME 'DSLStaticIP'
>        DESC 'DSL IP Address as a dotted quad, e.g.  192.168.23.5'
>        EQUALITY caseIgnoreIA5Match
>        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.32 NAME 'dialpasswd'
>        DESC 'Password for dialup account. Not the same as userpasswd'
>        EQUALITY caseExactIA5Match
>        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.33 NAME 'dslpasswd'
>        DESC 'Password for DSL account. Not the same as userpasswd'
>        EQUALITY caseExactIA5Match
>        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.34 NAME 'RBN-PVC_Profile_Name'
>        DESC 'RBN-PVC_Profile_Name'
>        EQUALITY caseExactIA5Match
>        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.35 NAME 'RBN-PVC_Encapsulation_Type'
>        DESC 'RBN-PVC_Encapsulation_Type'
>        EQUALITY caseExactIA5Match
>        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.36 NAME 'RBN-Bind_Type'
>        DESC 'RBN-Bind_Type'
>        EQUALITY caseExactIA5Match
>        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
>
>attributetype ( 1.3.6.1.1.1.1.37 NAME 'RBN-Bind_Auth_Protocol'
>        DESC 'RBN-Bind_Auth_Protocol'
>        EQUALITY caseExactIA5Match
>        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.15
>    NAME 'SolarisLDAPServers'
>    DESC 'SolarisLDAPServers'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.16
>    NAME 'SolarisSearchBaseDN'
>    DESC 'SolarisSearchBaseDN'
>    EQUALITY distinguishedNameMatch
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
>    SINGLE-VALUE)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.17
>    NAME 'SolarisCacheTTL'
>    DESC 'SolarisCacheTTL'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.18
>    NAME 'SolarisBindDN'
>    DESC 'SolarisBindDN'
>    EQUALITY distinguishedNameMatch
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
>    SINGLE-VALUE)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.19
>    NAME 'SolarisBindPassword'
>    DESC 'SolarisBindPassword'
>    EQUALITY caseExactIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>    SINGLE-VALUE)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.20
>    NAME 'SolarisAuthMethod'
>    DESC 'SolarisAuthMethod'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.21
>    NAME 'SolarisTransportSecurity'
>    DESC 'SolarisTransportSecurity'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.22
>    NAME 'SolarisCertificatePath'
>    DESC 'SolarisCertificatePath'
>    EQUALITY caseExactIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>    SINGLE-VALUE)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.24
>    NAME 'SolarisDataSearchDN'
>    DESC 'SolarisDataSearchDN'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.25
>    NAME 'SolarisSearchScope'
>    DESC 'SolarisSearchScope'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>    SINGLE-VALUE)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.26
>    NAME 'SolarisSearchTimeLimit'
>    DESC 'SolarisSearchTimeLimit'
>    EQUALITY numericStringMatch
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
>    SINGLE-VALUE)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.27
>    NAME 'SolarisPreferredServer'
>    DESC 'SolarisPreferredServer'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.28
>    NAME 'SolarisPreferredServerOnly'
>    DESC 'SolarisPreferredServerOnly'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>    SINGLE-VALUE)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.5.1.29
>    NAME 'SolarisSearchReferral'
>    DESC 'SolarisSearchReferral'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>    SINGLE-VALUE)
>
>attributetype (
>    2.16.840.1.113730.3.1.30
>    NAME 'mgrpRFC822MailMember'
>    DESC 'mgrpRFC822MailMember'
>    EQUALITY caseIgnoreIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.1.1.12
>    NAME 'nisNetIdUser'
>    DESC 'nisNetIdUser'
>    EQUALITY caseExactIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.1.1.13
>    NAME 'nisNetIdGroup'
>    DESC 'nisNetIdGroup'
>    EQUALITY caseExactIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>attributetype (
>    1.3.6.1.4.1.42.2.27.1.1.14
>    NAME 'nisNetIdHost'
>    DESC 'nisNetIdHost'
>    EQUALITY caseExactIA5Match
>    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>
>objectclass (
>    1.3.6.1.1.1.2.14
>    NAME 'NisKeyObject'
>    DESC 'NisKeyObject'
>    SUP top
>    MUST (
>        cn $
>        nisPublickey $
>        nisSecretkey
>    )
>    MAY (
>        uidNumber $
>        description
>    ))
>
>
>objectclass (
>    1.3.1.6.1.1.1.2.15
>    NAME 'nisDomainObject'
>    DESC 'nisDomainObject'
>    SUP top
>    MUST (
>        nisDomain
>    ))
>
>
>objectclass (
>    1.3.6.1.4.1.42.2.27.5.2.7
>    NAME 'SolarisNamingProfile'
>    DESC 'SolarisNamingProfile'
>    SUP top
>    MUST (
>        cn $
>        SolarisLDAPServers $
>        SolarisSearchBaseDN
>    )
>    MAY (
>        SolarisBindDN $
>        SolarisBindPassword $
>        SolarisAuthMethod $
>        SolarisTransportSecurity $
>        SolarisCertificatePath $
>        SolarisDataSearchDN $
>        SolarisSearchScope $
>        SolarisSearchTimeLimit $
>        SolarisPreferredServer $
>        SolarisPreferredServerOnly $
>        SolarisCacheTTL $
>        SolarisSearchReferral
>    ))
>
>objectclass (1.3.6.1.1.1.2.13 NAME 'CustAccount' SUP top AUXILIARY
>        DESC 'Additional attributes for Customer accounts'
>        MAY ( dialpasswd $
>              dslpasswd $
>              dslstaticip $
>              rbn-pvc_profile_name $
>              rbn-pvc_encapsulation_type $
>              rbn-bind_type $
>              rbn-bind_auth_protocol
>         )
>        )
>
>
>Build parameters for OpenLDAP, etc.
>------------------------------------------------------
>jeremy@xyzzy % gcc -v
>Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs
>gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
>
>jeremy@xyzzy % CC=gcc \
>        CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include -I/usr/local/ssl/include" \
>        LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib -L/usr/local/ssl/lib"  \
>        ./configure --with-tls
>
>[output deleted.  Available on request ]
>
>jeremy@xyzzy % make depend; make; make test
>
>[output deleted.  Available on request ]
>
>Any information on a workaround would be appreciated