Re: schema for netscape roaming server

[prune <prune@lecentre.net>]

Hi,

I'm writing directly to you.

I changed ACL and it seems to be working. My only problem is that I 
can't see any entry in ldap, even after the first use of the roaming 
profile...

anyway. I really would like to do the same as you did, which seems to be 
the best thing to do !
I would like to know if you could send me an ldif file, so I can build it.

I tried something... finaly, it seems to still be an auth problem :

...
slapd[53427]: conn=205 op=10 ADD 
dn="NSLIELEMENTTYPE=LIPREFS,NSLIPROFILENAME=DEFAULT,UID=WWW,OU=USERS,OU=LECENTRE.NET,DC=LECENTRE,DC=NET"

slapd[53427]: conn=205 op=10 RESULT tag=105 err=50 text=no write access 
to parent

slapd[53427]: conn=205 op=11 SRCH 
base="nsLIElementType=bookmarks,nsLIProfilename=default,uid=www,ou=users,ou=lecentre.net,dc=lecentre,dc=net" 
scope=0 filter="(objectClass=*)"

slapd[53427]: conn=205 op=11 RESULT tag=101 err=32 text=


Here is my auth scheme in slapd.conf :


 access to *
         by self write
         by anonymous auth



maybe I should add something like :

access to 
dn="nsLIProfilename=default,uid=*,ou=users,ou=lecentre.net,dc=lecentre,dc=net"
         by dnattr=owner write

???

please help !!!! :)

Prune

Michael Clark wrote:

> I'm using it, works great for me - everything I've tried works including
> bookmarks, although I haven't tried Java Security or certificates.
>
> I'm using a slightly different directory layout than the document at the link
> mentioned suggests. ie.
>
> Netscape Roaming Settings
> Address:
> ldap://myserver.com/nsLIProfilename=default,uid=$USERID,dc=metaparadigm,dc=com
> User DN: uid=$USERID,dc=metaparadigm,dc=com
>
> This is slightly simpler as the Netscape Roaming profile is now a child of the
> user rather than in a seperate roaming tree. With this layout, I can have
> multiple roaming profiles for a user. Also using the $USERID substitution, I can
> do guest logins without needing to change roaming preferences on the browser.
>
> As I remember, I just needed to add a objectclass: nsLIProfile to the user to
> allow the profile as a child - then I added this to my user:
>
> dn: nsLIProfileName=default,uid=some_user,dc=metaparadigm,dc=com
> objectclass: top
> objectclass: nsLIProfile
> nsLIProfileName: default
> owner: uid=some_user,dc=metaparadigm,dc=com
>
> The reason I made the profile a child of the user was so I could get a 'by self
> write' ACL working for profile updates although it didn't seem to work. Netscape
> seems to do some funny stuff with authentication so you must have the ACL setup
> right as it doesn't seem be bound as the user when doing the directory updates.
> This works for me:
>
> access to dn=".*,nsLIProfilename=.*,uid=.*,dc=metaparadigm,dc=com"
>         by dnattr=owner write
>
> ~mc
>
>
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of GOMBAS Gabor
> > Sent: Saturday, 24 March 2001 12:41 a.m.
> > To: openldap-software@OpenLDAP.org
> > Subject: Re: schema for netscape roaming server
> >
> >
> > On Fri, Mar 23, 2001 at 02:48:03PM +0000, Konstantin Chuguev wrote:
> >
> >
> > > I think that's what you need:
> >
> > http://home.kabelfoon.nl/~hvdkooij/Netscape_and_OpenLDAP_v2/netscape-a
> > nd-openldap-v2.html
> >
> > Is anybody using it? When I tried to play with it last year, I was not able
> > to store my bookmarks in LDAP since slapd rejected the update because of
> > bad attribute syntax. I had no time to debug it since then...
> >
> > Gabor
> >
> > --
> > Gabor Gombas                                       Eotvos Lorand University
> > E-mail: gombasg@inf.elte.hu                        Hungary