[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema for netscape roaming server



Hi,

I'm writing directly to you.

I changed ACL and it seems to be working. My only problem is that I can't see any entry in ldap, even after the first use of the roaming profile...

anyway. I really would like to do the same as you did, which seems to be the best thing to do !
I would like to know if you could send me an ldif file, so I can build it.


I tried something... finaly, it seems to still be an auth problem :

...
slapd[53427]: conn=205 op=10 ADD dn="NSLIELEMENTTYPE=LIPREFS,NSLIPROFILENAME=DEFAULT,UID=WWW,OU=USERS,OU=LECENTRE.NET,DC=LECENTRE,DC=NET"


slapd[53427]: conn=205 op=10 RESULT tag=105 err=50 text=no write access to parent

slapd[53427]: conn=205 op=11 SRCH base="nsLIElementType=bookmarks,nsLIProfilename=default,uid=www,ou=users,ou=lecentre.net,dc=lecentre,dc=net" scope=0 filter="(objectClass=*)"

slapd[53427]: conn=205 op=11 RESULT tag=101 err=32 text=


Here is my auth scheme in slapd.conf :


access to * by self write by anonymous auth



maybe I should add something like :

access to dn="nsLIProfilename=default,uid=*,ou=users,ou=lecentre.net,dc=lecentre,dc=net"
by dnattr=owner write


???

please help !!!! :)

Prune

Michael Clark wrote:

I'm using it, works great for me - everything I've tried works including
bookmarks, although I haven't tried Java Security or certificates.

I'm using a slightly different directory layout than the document at the link
mentioned suggests. ie.

Netscape Roaming Settings
Address:
ldap://myserver.com/nsLIProfilename=default,uid=$USERID,dc=metaparadigm,dc=com
User DN: uid=$USERID,dc=metaparadigm,dc=com

This is slightly simpler as the Netscape Roaming profile is now a child of the
user rather than in a seperate roaming tree. With this layout, I can have
multiple roaming profiles for a user. Also using the $USERID substitution, I can
do guest logins without needing to change roaming preferences on the browser.

As I remember, I just needed to add a objectclass: nsLIProfile to the user to
allow the profile as a child - then I added this to my user:

dn: nsLIProfileName=default,uid=some_user,dc=metaparadigm,dc=com
objectclass: top
objectclass: nsLIProfile
nsLIProfileName: default
owner: uid=some_user,dc=metaparadigm,dc=com

The reason I made the profile a child of the user was so I could get a 'by self
write' ACL working for profile updates although it didn't seem to work. Netscape
seems to do some funny stuff with authentication so you must have the ACL setup
right as it doesn't seem be bound as the user when doing the directory updates.
This works for me:

access to dn=".*,nsLIProfilename=.*,uid=.*,dc=metaparadigm,dc=com"
        by dnattr=owner write

~mc


-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of GOMBAS Gabor
Sent: Saturday, 24 March 2001 12:41 a.m.
To: openldap-software@OpenLDAP.org
Subject: Re: schema for netscape roaming server


On Fri, Mar 23, 2001 at 02:48:03PM +0000, Konstantin Chuguev wrote:


I think that's what you need:


http://home.kabelfoon.nl/~hvdkooij/Netscape_and_OpenLDAP_v2/netscape-a nd-openldap-v2.html

Is anybody using it? When I tried to play with it last year, I was not able
to store my bookmarks in LDAP since slapd rejected the update because of
bad attribute syntax. I had no time to debug it since then...

Gabor

--
Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary