[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: adding VLV support to OpenLDAP 2.4.31



Hi Chris,

Thank you for your continues help. I appreciate it very much.

I have a question regarding the line:
olcRootPW: secret

Should secret be used literally (as in secret), or do I put a password
hash there?

Sincerely,

Igor Shmukler


On Thu, Nov 13, 2014 at 3:18 PM, Chris Card <ctcard@hotmail.com> wrote:
> Hi Igor,
>
> ----------------------------------------
>> Date: Thu, 13 Nov 2014 14:45:23 +0200
>> Subject: Re: adding VLV support to OpenLDAP 2.4.31
>> From: igor.shmukler@gmail.com
>> To: openldap-technical@openldap.org
>> CC: ctcard@hotmail.com; hans.moser@ofd-z.niedersachsen.de; andrew.findlay@skills-1st.co.uk
>>
>> Hello Andrew, Chris, Marc and everyone,
>>
>> Our system administrator accidentally blew the machine away. then
>> reinstalled Ubuntu from scratch I personally installed and configured
>> OpenLDAP server. I was able to add users and groups. Yet, I am again
>> unable to add sssvlv support.
>>
>> If I run the script as cn=admin,dc=test,dc=com, I get the below error.
>> vq@vq-HVM-domU:~$ ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f sssvlv.ldif
>> Enter LDAP Password:
>> adding new entry "olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config"
>> ldap_add: Invalid syntax (21)
>> additional info: objectClass: value #0 invalid per syntax
>>
>> Running it as cn=config gives me another error:
>> vq@vq-HVM-domU:~$ ldapadd -x -D cn=config -W -f sssvlv.ldif
>> Enter LDAP Password:
>> ldap_bind: Invalid credentials (49)
>>
>> There is a change, though. I see "olcRootDN: cn=admin,dc=test,dc=com
>> and olcRootPW" when I do slapcat. I did not see those before.
>>
>> As per Marc's suggestion, I am attaching the output of slapcat(8).
>> While I learned a bit about OpenLDAP configuration, my "skills" are
>> clearly insufficient to figure out how to add sssvlv support.
>>
>> My sssvlv.ldif is below:
>> dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config
>> objectClass: olcSssVlvConfig
>> olcOverlay: sssvlv
>> olcSssVlvMax: 10
>> olcSssVlvMaxKeys: 5
>>
> Edit your slapcat output and find this part:
>
> dn: olcDatabase={0}config,cn=config
> objectClass: olcDatabaseConfig
> olcDatabase: {0}config
> olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
>  ,cn=auth manage by * break
> structuralObjectClass: olcDatabaseConfig
> entryUUID: fb40d480-ff68-1033-8514-977390a9c614
> creatorsName: cn=config
> createTimestamp: 20141113101004Z
> entryCSN: 20141113101004.425496Z#000000#000#000000
> modifiersName: cn=config
> modifyTimestamp: 20141113101004Z
>
> Change it to
>
> dn: olcDatabase={0}config,cn=config
> objectClass: olcDatabaseConfig
> olcDatabase: {0}config
> olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
>  ,cn=auth manage by * break
> olcRootDN: cn=config
> olcRootPW: secret
> structuralObjectClass: olcDatabaseConfig
> entryUUID: fb40d480-ff68-1033-8514-977390a9c614
> creatorsName: cn=config
> createTimestamp: 20141113101004Z
> entryCSN: 20141113101004.425496Z#000000#000#000000
> modifiersName: cn=config
> modifyTimestamp: 20141113101004Z
>
> Stop slapd, and apply new config with
>
>    slapadd -F <dir>/slapd.d -l <slapcat file> -b cn=config
>
> Start slapd, and then you should be able to do
>
>    ldapadd -x -w secret -D cn=config -f sssvlv.ldif
>
> Chris
>
>