> Date: Sat, 5 Jun 2010 11:39:22 -0700 > From: hyc@symas.com > To: bgmilne@staff.telkomsa.net > CC: openldap-technical@openldap.org; jonathan@phillipoux.net; stuart_cherrington@hotmail.co.uk > Subject: Re: User restriction > > Buchan Milne wrote: > > On Friday, 4 June 2010 13:47:42 Jonathan Clarke wrote: > >> On 04/06/2010 11:49, Stuart Cherrington wrote: > > > >> As far as I know, "nss_base_passwd" is not a valid keyword in ldap.conf > >> for OpenLDAP clients. > >> > >> If you're configuring this on a Linux server, I think you'll find the > >> equivalent configuration in /etc/libnss_ldap.conf or similar. > > > > Upstream default is /etc/ldap.conf, libnss-ldap.conf is an unnecessary Debian- > > ism. > > The upstream default has been an endless source of confusion for the better > part of a decade. Renaming ala Debian is the right answer. > > OK - Thanks for all your comments so far, the whole LDAP structure is starting to become clearer but not as simple as I'd like. As Aron suggested, I used the ldapcompare command to see if I could pull the 'member' information from the schema but it fails. An ldapsearch shows the following: ldapsearch -x -b 'ou=auth,dc=ldn,dc=sw,dc=com' -h 10.2.250.15 -D cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxxx # extended LDIF # # LDAPv3 # base <ou=auth,dc=ldn,dc=sw,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # auth, ldn.sw.com dn: ou=auth,dc=ldn,dc=sw,dc=com ou: auth objectClass: organizationalUnit objectClass: top # access, auth, ldn.sw.com dn: cn=access,ou=auth,dc=ldn,dc=sw,dc=com objectClass: groupOfNames objectClass: top cn: access member: uid=stuart,ou=people,dc=ldn,dc=sw,dc=com member: cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com member: uid=rpratt,ou=people,dc=ldn,dc=sw,dc=com member: uid=jason,ou=people,dc=ldn,dc=sw,dc=com member: uid=pstuart,ou=people,dc=ldn,dc=sw,dc=com member: uid=pfield,ou=people,dc=ldn,dc=sw,dc=com member: uid=nereelot,ou=people,dc=ldn,dc=sw,dc=com member: uid=scolebro,ou=people,dc=ldn,dc=sw,dc=com member: uid=bpower,ou=people,dc=ldn,dc=sw,dc=com member: uid=ihunt,ou=people,dc=ldn,dc=sw,dc=com member: uid=emoreton,ou=people,dc=ldn,dc=sw,dc=com member: uid=lcable,ou=people,dc=ldn,dc=sw,dc=com member: uid=pmurray,ou=people,dc=ldn,dc=sw,dc=com # search result search: 2 result: 0 Success You can clearly see the first Member line is myself. If I now try: ldapcompare2.4 -v -x -h 10.2.250.15 -D cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxxxxx "ou=auth,dc=ldn,dc=sw,dc=com" member:uid=stuart,ou=people,dc=ldn,dc=sw,dc=com ldap_initialize( ldap://10.2.250.15 ) DN:ou=auth,dc=ldn,dc=sw,dc=com, attr:member, value:uid=stuart,ou=people,dc=ldn,dc=sw,dc=com Compare Result: No such attribute (16) UNDEFINED Any pointers here would be useful. Thanks, Stuart. Get a new e-mail account with Hotmail - Free. Sign-up now. |