[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: adding VLV support to OpenLDAP 2.4.31

Hi Igor,

----------------------------------------
> Date: Thu, 13 Nov 2014 14:45:23 +0200
> Subject: Re: adding VLV support to OpenLDAP 2.4.31
> From: igor.shmukler@gmail.com
> To: openldap-technical@openldap.org
> CC: ctcard@hotmail.com; hans.moser@ofd-z.niedersachsen.de; andrew.findlay@skills-1st.co.uk
>
> Hello Andrew, Chris, Marc and everyone,
>
> Our system administrator accidentally blew the machine away. then
> reinstalled Ubuntu from scratch I personally installed and configured
> OpenLDAP server. I was able to add users and groups. Yet, I am again
> unable to add sssvlv support.
>
> If I run the script as cn=admin,dc=test,dc=com, I get the below error.
> vq@vq-HVM-domU:~$ ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f sssvlv.ldif
> Enter LDAP Password:
> adding new entry "olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config"
> ldap_add: Invalid syntax (21)
> additional info: objectClass: value #0 invalid per syntax
>
> Running it as cn=config gives me another error:
> vq@vq-HVM-domU:~$ ldapadd -x -D cn=config -W -f sssvlv.ldif
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> There is a change, though. I see "olcRootDN: cn=admin,dc=test,dc=com
> and olcRootPW" when I do slapcat. I did not see those before.
>
> As per Marc's suggestion, I am attaching the output of slapcat(8).
> While I learned a bit about OpenLDAP configuration, my "skills" are
> clearly insufficient to figure out how to add sssvlv support.
>
> My sssvlv.ldif is below:
> dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config
> objectClass: olcSssVlvConfig
> olcOverlay: sssvlv
> olcSssVlvMax: 10
> olcSssVlvMaxKeys: 5
>
Edit your slapcat output and find this part:

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: fb40d480-ff68-1033-8514-977390a9c614
creatorsName: cn=config
createTimestamp: 20141113101004Z
entryCSN: 20141113101004.425496Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20141113101004Z

Change it to

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth manage by * break
olcRootDN: cn=config
olcRootPW: secret
structuralObjectClass: olcDatabaseConfig
entryUUID: fb40d480-ff68-1033-8514-977390a9c614
creatorsName: cn=config
createTimestamp: 20141113101004Z
entryCSN: 20141113101004.425496Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20141113101004Z

Stop slapd, and apply new config with 

   slapadd -F <dir>/slapd.d -l <slapcat file> -b cn=config

Start slapd, and then you should be able to do

   ldapadd -x -w secret -D cn=config -f sssvlv.ldif

Chris