Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using sl

Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?

To: Dieter Kluenter <dieter@dkluenter.de>

Subject: Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?

From: Shamika Joshi <shamika.joshi@gmail.com>

Date: Mon, 5 Apr 2010 12:20:07 +0530

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type; bh=jeNeGN3b5uF4qP6D8EfUOjBNEMrKBuoHocOwC10SMlQ=; b=LfnUdIdZUrNzDvvkHeYmz5/VRjGydoOmfxkPm07un97yWNVEjeFeuz9pqPPx5vy0Fh tXRy7oe+shAPIye83QtKV7tGXJ/9offEj4joMmIQKxTFu1WqqocZPaKxcc/4wAVZl1QL yqG2oOdv1siqwDL1eytgqRIi6Xjn2Ei1PEgw8=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=GKwkWmDN40RIu1m1V7gtgM0Ds7u99yVgeZUu5IbjRYH2sgDHyYv3Y2emjG2DCgvNhY 9gH/ttptMa5EJYdkvG+cOEdbIqVAd1+dr+j3x37QUFTocKvuStVQeoQ09sXvRh4WTe8R xJ1Tki7zCpXDHggFfdIk0ta+nTVCsGl/tmQyU=

In-reply-to: <878w95g556.fsf@magenta.l4b.de>

References: <t2l30f711301004010619r96fc760aw4c00fcb96561bfd3@mail.gmail.com> <87bpe3w8eu.fsf@magenta.l4b.de> <q2z30f711301004012347l8c692eccwe852a53a81676b12@mail.gmail.com> <878w95g556.fsf@magenta.l4b.de>

admins@x6:~$ locate dynlist
/etc/ldap/dynlist.ldif
/usr/lib/ldap/dynlist-2.4.so.2
/usr/lib/ldap/dynlist-2.4.so.2.5.1
/usr/lib/ldap/dynlist.la
/usr/lib/ldap/dynlist.so
/usr/share/man/man5/slapo-dynlist.5.gz

admins@x6:~$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W
Enter LDAP Password:
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb

admins@x6:~$ ldapmodify -x -D cn=admin,cn=config -W
Enter LDAP Password:
dn: cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: dynlist.la
modifying entry "cn=config"
ldap_modify: Object class violation (65)
additional info: attribute 'olcModuleLoad' not allowed

On Fri, Apr 2, 2010 at 10:31 PM, Dieter Kluenter <dieter@dkluenter.de> wrote:

Shamika Joshi <shamika.joshi@gmail.com> writes:

> As you guys suggested, I attempted to load dynlist.la module, but it gives me
> folllowing error:
>
> admins@x6:~$ ldapmodify -x -D cn=admin,cn=config -W
> Enter LDAP Password:
> dn: cn={0}module,cn=config
> changetype: modify
> add: olcModuleLoad
> olcModuleLoad: dynlist.lamodifying entry "cn={0}module,cn=config"
> ldap_modify: No such object (32)
> matched DN: cn=config
>
> If I remove '{0}module,' from the dn it gives this error:
>
> admins@x6:~$
> admins@x6:~$
> admins@x6:~$ ldapmodify -x -D cn=admin,cn=config -W
> Enter LDAP Password:
> dn: cn=config
> changetype: modify
> add: olcModuleLoad
> olcModuleLoad: dynlist.lamodifying entry "cn=config"
> ldap_modify: Object class violation (65)
> additional info: attribute 'olcModuleLoad' not allowed
>
> I'm new to LDAP & dont have much knowldge about LDAP schema. Could you tell
> what must be causing this error? Pls check cn=config attached with this mail.
>
> Thanks
> Shamika
>
> On Thu, Apr 1, 2010 at 8:02 PM, Dieter Kluenter <dieter@dkluenter.de> wrote:
>
> Shamika Joshi <shamika.joshi@gmail.com> writes:
>
> > Hi
> > The desired implementation is to control user logins on different lab
> machines based on
> > the project groups.
> > Scenario: Bob is part of project group 'mars' & John is part of 'venus'
> then I have added
> > lab machines x1-x3 to group 'mars' & y1-y3 to group venus. Now I want
> John to only access
> > machines allocated for project 'mars' i.e x1 to x3 & John to access
> machines allocated
> > for 'venus' i.e y1 to y3
> >
> > I went through this link learned that it can be achieved using "overlay
> dynlist". Please
> > correct me if I've got it wrong.
> > However my lab server is Ubuntu 9.10 (karmic koala) and it is using
> slapd.d (not
> > slapd.conf)
> > So now if I want to attempt to use "overlay dynlist" how should I go
> about it? Has anyone
> > done this before? Any help will be appreciated.
>
> ldapmodify -D cn=config -W -H ldap://some.host
> dn: cn={0}module,cn=config
> changetype: modify
> add: olcModuleLoad
> olcModuleLoad: dynlist.la
>
> and ldapadd the following ldif, while olcDataBase and olcDlAttrSet may
> vary on your system.
>
> dn: olcOverlay=dynlist,olcDataBase={1}hdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcDynamicList
> olcOverlay: dynlist
> olcDlAttrSet: groupOfURLs memberURL

[...]
> admins@x6:~$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W

> Enter LDAP Password:
> dn: cn=config

> objectClass: olcGlobal
> cn: config
> olcArgsFile: /var/run/slapd/slapd.args
> olcLogLevel: none
> olcPidFile: /var/run/slapd/slapd.pid
> olcToolThreads: 1
>
> dn: cn=module{0},cn=config
> objectClass: olcModuleList
> cn: module{0}
> olcModulePath: /usr/lib/ldap
> olcModuleLoad: {0}back_hdb

[...]

check your module path whether the dynlist overlay ist installed at
all.

-Dieter

--
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6