[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts

To: Stuart Cherrington <stuart_cherrington@hotmail.co.uk>
Subject: Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Wed, 5 May 2010 10:47:38 +0100
Cc: sjain@silverspringnet.com, openldap-technical@openldap.org
In-reply-to: <BAY119-W13D0D573314AB63DED04C1A3F40@phx.gbl>
References: <BAY119-W413D64273ADB67E79718EFA3F30@phx.gbl> <201005050842.05476.bgmilne@staff.telkomsa.net> <BAY119-W13D0D573314AB63DED04C1A3F40@phx.gbl>
User-agent: KMail/1.12.4 (Linux/2.6.31.12-desktop-3mnb; KDE/4.3.5; x86_64; ; )

On Wednesday, 5 May 2010 09:54:34 Stuart Cherrington wrote:
> Buchan,
> 
> Thanks for these, I saw your email yesterday in reply to another thread so
>  took them then :-)
> 
> I've started an upgrade process by doing the following:
> 
> shutdown ldap
> slapcat -f /etc/openldap/slapd.conf -b
> "dc=ldn,dc=sw,dc=com" -l /export/home/stuart/full_msldap01.ldif
> removed all files from /var/lib/ldap except DB_CONFIG file.

I would rather keep them, and use a version-specific directory path in the 
slapd.conf.

> I couldn't remove the ldap 2.3 version packages as they're dependencies are
>  mad,

No, most likely you have some packages that depend on libldap-2.3.so.0 (have 
been linked to it). This is precisely the reason I make the packages install 
in parallel.

>  so left them in place and did an Install of the 2.4 packages.
>  lib64ldap2.4_2-2.4.22-1.el5.x86_64.rpm,
>  openldap2.4-2.4.22-1.el5.x86_64.rpm, libldap2.4_2-2.4.22-1.el5.i386.rpm,
>  openldap2.4-2.4.22-1.el5.i386.rpm,
>  openldap2.4-clients-2.4.22-1.el5.x86_64.rpm,
>  openldap2.4-servers-2.4.22-1.el5.x86_64.rpm,
>  unixODBC-2.2.11-7.1.x86_64.rpm,
>  openldap2.4-extra-schemas-1.3-10.el5.noarch.rpm,
>  openldap2.4-servers-2.4.22-1.el5.x86_64.rpm. updated the
>  /etc/openldap2.4/sladp.conf and slapd.access.conf files to remove unwanted
>  references to SAMBA, change domain, passwd etc. Ran the service ldap check
>  until it was OK.
> Trying to re-load the ldif gave me some errors though:
> 
> slapadd -f /etc/openldap2.4/slapd.conf -l
> /export/home/stuart/full_msldap01.ldif
> /usr/share/openldap2.4/schema/core.schema:
> line 100: AttributeType inappropriate SUPerior: "c"

Did you over-write schema files from 2.4 with files from your 2.3 installation? 
The 2.4 schema file has the attribute c on line 100 commented out, as it is 
most likely built-in.

> I found this line and decided to hash it out but then it failed on another
>  Country attribute and another then another in cosine.schema, so have
>  stopped hashing and started typing.
> 
> Any reason why this would fail to like the 'c' AttributeType?

Depends what you did to the schema files.

$ rpm -Va openldap2.4-servers

should not show any schema files having been modified ....


Regards,
Buchan

Follow-Ups:
- RE: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
  - From: Stuart Cherrington <stuart_cherrington@hotmail.co.uk>

References:
- OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
  - From: Stuart Cherrington <stuart_cherrington@hotmail.co.uk>
- Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- RE: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
  - From: Stuart Cherrington <stuart_cherrington@hotmail.co.uk>

Prev by Date: RE: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
Next by Date: RE: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
Index(es):
- Chronological
- Thread