[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP/Samba 4 summary

To: Ralf Haferkamp <rhafer@suse.de>
Subject: Re: LDAP/Samba 4 summary
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 03 Dec 2007 21:48:36 +1100
Cc: openldap-devel@openldap.org
In-reply-to: <200711281220.29737.rhafer@suse.de>
References: <1191349969.4226.36.camel@localhost.localdomain> <1196201578.27047.9.camel@naomi> <1196208696.27047.19.camel@naomi> <200711281220.29737.rhafer@suse.de>

On Wed, 2007-11-28 at 12:20 +0100, Ralf Haferkamp wrote:
> On Mittwoch, 28. November 2007, Andrew Bartlett wrote:
> [..]
> > > Looking at the configuration, it seems this can only currently be
> > > configured once - ie, for memberOf.  Am I missing how to configure it to
> > > also handle an arbitrary number of other attributes?  Ideally I would
> > > process the AD schema into a configuration file with these details.
> I think you can just create multiple instances of the "memberof" Overlay. Like 
> this:
> 
> overlay memberof
> memberof-group-oc group
> memberof-member-ad member
> memberof-memberof-ad memberof
> overlay memberof
> memberof-group-oc another-oc
> memberof-member-ad another-member
> memberof-memberof-ad another-memberof

I'll try this out.  BTW, must the memberof-group-oc be unique?  Could I
set it to 'top' in all cases, to just key off the attribute?  This
should simplify the generation from the AD schema. 

> > To start with this module I've decided to just deal with memberOf.
> > However, I can't get the module to start, because while it allows
> > configuration of different schema in theory, it relies on the default
> > schema to exist in practice:
> >
> > [abartlet@naomi source]$ /usr/local/sbin/slaptest
> > -f  /home/data/samba/samba4/clean/source/st/dc/private/ldap/slapd.conf
> >  back-bdb/back-hdb monitor: "olmBDBAttributes" previously defined
> > "1.3.6.1.4.1.4203.666.1.55.0.1.1"
> >  back-bdb/back-hdb monitor: "olmBDBObjectClasses" previously defined
> > "1.3.6.1.4.1.4203.666.3.16.0.1.1"
> > memberof_db_init: unable to find objectClass="groupOfNames"
> > slaptest: bad configuration file!
> >
> > The problem is that groupOfNames doesn't exist in the AD-like schema I'm
> > loading.  This is with current CVS OpenLDAP.
> 
> Yeah, the memberof-Overlay needed the "groupOfNames" objectclass and 
> the "member" Attributetype to initialize correctly. I just committed a change 
> to HEAD to change that. This should fix your problem. Please test.

Sorry about the delay in getting back to you.  While I have other issues
(probably related to configuration and what things I'm trying to do), I
no longer have this error.  Thanks!

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: LDAP/Samba 4 summary
  - From: Ralf Haferkamp <rhafer@suse.de>

Prev by Date: test008 failed in HEAD
Next by Date: Re: test008 failed in HEAD
Index(es):
- Chronological
- Thread