[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: translucent overlay add an attribute to all users in a OU and subtree

Am Mon, 20 Oct 2014 11:33:37 +0200
schrieb Nicolas RENAULT <nicolas_renault@yahoo.fr>:

> Le 17/10/2014 23:02, Dieter Klünter a écrit :
> > Am Fri, 17 Oct 2014 17:40:20 +0200
> > schrieb Nicolas RENAULT <nicolas_renault@yahoo.fr>:
> >
> > [...]
> >
> >>    @(#) $OpenLDAP: slapd 2.4.40 (Oct 17 2014 15:08:43) $
> >>       root@linux-nn6c.site:/root/openldap-2.4.40/servers/slapd
> >>
> >> Included static overlays:
> >>       accesslog
> >>       auditlog
> >>       collect
> >>       constraint
> >>       dds
> >>       deref
> >>       dyngroup
> >>       dynlist
> >>       memberof
> >>       ppolicy
> >>       pcache
> >>       refint
> >>       retcode
> >>       rwm
> >>       seqmod
> >>       sssvlv
> >>       syncprov
> >>       translucent
> >>       unique
> >>       valsort
> >> Included static backends:
> >>       config
> >>       ldif
> >>       monitor
> >>       bdb
> >>       hdb
> >>       ldap
> >>       mdb
> >>       meta
> >>       relay
> >>
> >> as you can see i build with a lot of overlay and backend (maybe to
> >> much )
> >>
> >> I take the slapd.conf from the server I used.
> > [...]
> >> modulepath      /usr/lib/openldap/modules/
> >> moduleload      back_ldap
> >> moduleload      back_meta
> >> moduleload      rwm
> >> moduleload      valsort
> >> #moduleload     accesslog
> >> moduleload      memberof
> >> moduleload      dynlist
> >> moduleload      sssvlv
> >> #moduleload     pcache
> >> moduleload      collect
> >> overlay sssvlv
> >> ....
> >> overlay collect
> >> collectinfo cn=office,dc=example,dc=fr    l,street
> > These are not valid module names, thus no module will be included.
> > Search /usr/lib/openldap/modules for proper module names.
> >
> > -Dieter
> >
> hello,
> 
> thank for reply, in debug mode slapd say :
> 
> 5444c2fd module_load: (rwm) already present (static)
> 5444c2fd line 18 (moduleload    valsort)
> 5444c2fd module_load: (valsort) already present (static)
> 5444c2fd line 20 (moduleload     memberof)
> 5444c2fd module_load: (memberof) already present (static)
> 5444c2fd line 21 (moduleload      dynlist)
> 
> So I remove all moduleload directives , after that when i start
> openldap and test if rwm , memberof , dynlist, ... works, all is good
> except the collect overlay.
> 
> as I say on the last post, when I try to add this ldif :
> 
> -------------------
> dn: cn=office,dc=example,dc=fr
> objectClass: subentry
> objectClass: extensibleObject
> objectClass: collectiveAttributeSubentry
> cn: office
> subtreeSpecification: {base "ou=SOME_OU" minimum 2}
> c-l: Berlin
> c-street: Main Street
> 
> --------------------------
> 
> the result is :
> 
> adding new entry "cn=office,dc=example,dc=fr"
> ldap_add: Object class violation (65)
>      additional info: objectClass: value #2 invalid per syntax
> 
> so I suppose that "objectClass: collectiveAttributeSubentry" as to be 
> declare in the schema. Y/N ?

No, it is declared in the source code.
> 
> if I look in RFC3671, I find this objectclass declaration :
> 
> objectclass ( 2.5.17.2                         NAME 
> 'collectiveAttributeSubentry' AUXILIARY)
> 
> As I can't find it in any .schema file (even in collective.schema), I 
> try to add it from a file  (exemple.schema) ,
> 
> now when I try to add de ldif :
> 
> ldap_add: Object class violation (65)
>      additional info: 'c-l' can only appear in
> collectiveAttributeSubentry
> 
> --------------------------------------
> 
> any idea ?
> 
> ask me if you want that I post some part of slapd.conf or others log
> part.

collectiveAttrbibuteSubentry is declared in schema_prep.c. When I
tested collective attributes, a few years ago, slapd had to be build
with -DLDAP_COLLECTIVE_ATTRIBUTES. I don't know whether this is still
the case.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E