[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema for netscape roaming server



Hi,

I've done almost the same (as said previously :)

I had to add things by hand, as netscape wasn't able to add it (auth problem ??)

I still have an auth problem. When netscape quit, it tries to synchronize to the ldap server. I then have logs (only setting prefs in ldap) :


Mar 28 13:12:50 diamond slapd[54730]: conn=1 op=4 SRCH base="nsLIElementType=liprefs,nsLIProfilename=default,uid=www,ou=users,ou=lecentre.net,dc=lecentre,dc=net" scope=0 filter="(objectClass=*)"
Mar 28 13:12:50 diamond slapd[54730]: conn=1 op=4 SEARCH RESULT tag=101 err=0 text=
Mar 28 13:12:50 diamond slapd[54730]: conn=1 op=5 MOD dn="nsLIElementType=liprefs,nsLIProfilename=default,uid=www,ou=users,ou=lecentre.net,dc=lecentre,dc=net"


Mar 28 13:12:50 diamond slapd[54730]: conn=1 op=5 RESULT tag=103 err=50 text=
Mar 28 13:12:51 diamond slapd[54730]: conn=-1 fd=9 closed




So, it seems I can't modify what is under the dn I bind...
how to set this ?? I'm clueless :(

Thanks

Prune

Michael Clark wrote:

I'm using it, works great for me - everything I've tried works including
bookmarks, although I haven't tried Java Security or certificates.

I'm using a slightly different directory layout than the document at the link
mentioned suggests. ie.

Netscape Roaming Settings
Address:
ldap://myserver.com/nsLIProfilename=default,uid=$USERID,dc=metaparadigm,dc=com
User DN: uid=$USERID,dc=metaparadigm,dc=com

This is slightly simpler as the Netscape Roaming profile is now a child of the
user rather than in a seperate roaming tree. With this layout, I can have
multiple roaming profiles for a user. Also using the $USERID substitution, I can
do guest logins without needing to change roaming preferences on the browser.

As I remember, I just needed to add a objectclass: nsLIProfile to the user to
allow the profile as a child - then I added this to my user:

dn: nsLIProfileName=default,uid=some_user,dc=metaparadigm,dc=com
objectclass: top
objectclass: nsLIProfile
nsLIProfileName: default
owner: uid=some_user,dc=metaparadigm,dc=com

The reason I made the profile a child of the user was so I could get a 'by self
write' ACL working for profile updates although it didn't seem to work. Netscape
seems to do some funny stuff with authentication so you must have the ACL setup
right as it doesn't seem be bound as the user when doing the directory updates.
This works for me:

access to dn=".*,nsLIProfilename=.*,uid=.*,dc=metaparadigm,dc=com"
        by dnattr=owner write

~mc


-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of GOMBAS Gabor
Sent: Saturday, 24 March 2001 12:41 a.m.
To: openldap-software@OpenLDAP.org
Subject: Re: schema for netscape roaming server


On Fri, Mar 23, 2001 at 02:48:03PM +0000, Konstantin Chuguev wrote:


I think that's what you need:


http://home.kabelfoon.nl/~hvdkooij/Netscape_and_OpenLDAP_v2/netscape-a nd-openldap-v2.html

Is anybody using it? When I tried to play with it last year, I was not able
to store my bookmarks in LDAP since slapd rejected the update because of
bad attribute syntax. I had no time to debug it since then...

Gabor

--
Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary