[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP 2.0.7: Can't add entries of type userpassword
Platform: Linux xyzzy.azika.com 2.2.14-5.0smp #1 SMP Tue Mar 7 21:01:40 EST 2000 i686 unknown
Build: OpenLDAP 2.0.7 w/SSL support (OpenSSL 0.9.6) + SleepyCat Berkeley DB 3.1
Problem: We attempt to add the following two ldif records to a clean
database.
File: voice.ldif
-----------------
dn: ou=voice, dc=azika, dc=com
ou: voice
objectClass: top
objectClass: organizationalUnit
File: sample.ldif
------------------
dn: uid=2065551212, ou=voice, dc=azika, dc=com
uid: 2065551212
objectClass: top
objectClass: person
objectclass=OrganizationalPerson
userpassword: {UNIX}eRHDlmb6RuG9.
sn: 2065551212
cn: jeremy
Added with:
ldapadd -D "cn=admin, dc=azika, dc=com" -w secret -f voice.ldif
ldapadd -D "cn=admin, dc=azika, dc=com" -w secret -f sample.ldif
Results of ldapsearch:
-----------------------------
jeremy@xyzzy % ldapsearch '(uid=2065551212)'
-----------------------------------
version: 2
#
# filter: uid=2065551212
# requesting: ALL
#
# 2065551212, voice, dc=azika, dc=com
dn: uid=2065551212, ou=voice, dc=azika, dc=com
uid: 2065551212
objectClass: top
objectClass: person
objectClass: OrganizationalPerson
objectClass: inetOrgPerson
sn: 2065551212
cn: jeremy
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
--------------------------------------
Please note that the userpassword entry disappeared without a trace.
We have tested on a similar 1.2.11 installation with no problems.
(All schema files are stock except for local.schema, which contains
Solaris 8 PAM and customer junk. Shouldn't affect us a whit here).
slapd.conf
---------------------------------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kur
t Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/local.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# 489 - standard stuff (lags and drags)
# -1 = enable ALL debugging
loglevel 0
TLSCertificateFile /usr/local/ssl/certs/public.pem
TLSCertificateKeyFile /usr/local/ssl/certs/private.pem
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=azika, dc=com"
rootdn "cn=admin, dc=azika, dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /usr/local/var/openldap-ldbm
# Indices to maintain
index default pres,eq
index objectClass eq
# indexes for Solaris 8 stuff
index membernisnetgroup pres,eq,sub
#index nisnetgrouptriple pres,eq,sub
index memberuid
index macAddress
#index uidNumber
index uid
#index gidNumber
index ipHostNumber
index ipNetworkNumber
#index ipProtocolNumber
#index oncRpcNumber
index ipServiceProtocol
#index ipServicePort
index nisDomain
index nisMapName
index mail
access to attr=cn,uid,uidNumber,gidNumber,homeDirectory
by self read
by * read
by dn="cn=admin,dc=azika, dc=com" write
access to attr=shadowLastChange,shadowMin,shadowMax,shadowWarning
by self read
by * read
by dn="cn=admin,dc=azika, dc=com" write
by self read
by * read
by dn="cn=admin,dc=azika, dc=com" write
access to attr=userPassword
by self read
by dn="cn=admin,dc=azika, dc=com" write
# should be last
access to *
by self write
by dn="cn=admin,dc=azika, dc=com" write
by anonymous read
by * read
replogfile /usr/local/var/replica.log
# replica host=foobar.azika.com:389
# binddn="cn=admin,dc=azika, dc=com"
# bindmethod=simple
# credentials=nsp001
local.schema
---------------------------------------------------
attributetype (
1.3.6.1.1.1.1.28
NAME 'nisPublickey'
DESC 'nisPublickey'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.1.1.1.29
NAME 'nisSecretkey'
DESC 'nisSecretkey'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.1.1.1.30
NAME 'nisDomain'
DESC 'nisDomain'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.1.1.1.31 NAME 'DSLStaticIP'
DESC 'DSL IP Address as a dotted quad, e.g. 192.168.23.5'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.32 NAME 'dialpasswd'
DESC 'Password for dialup account. Not the same as userpasswd'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.33 NAME 'dslpasswd'
DESC 'Password for DSL account. Not the same as userpasswd'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.34 NAME 'RBN-PVC_Profile_Name'
DESC 'RBN-PVC_Profile_Name'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.35 NAME 'RBN-PVC_Encapsulation_Type'
DESC 'RBN-PVC_Encapsulation_Type'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.36 NAME 'RBN-Bind_Type'
DESC 'RBN-Bind_Type'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.37 NAME 'RBN-Bind_Auth_Protocol'
DESC 'RBN-Bind_Auth_Protocol'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.42.2.27.5.1.15
NAME 'SolarisLDAPServers'
DESC 'SolarisLDAPServers'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.16
NAME 'SolarisSearchBaseDN'
DESC 'SolarisSearchBaseDN'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.17
NAME 'SolarisCacheTTL'
DESC 'SolarisCacheTTL'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.18
NAME 'SolarisBindDN'
DESC 'SolarisBindDN'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.19
NAME 'SolarisBindPassword'
DESC 'SolarisBindPassword'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.20
NAME 'SolarisAuthMethod'
DESC 'SolarisAuthMethod'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.21
NAME 'SolarisTransportSecurity'
DESC 'SolarisTransportSecurity'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.22
NAME 'SolarisCertificatePath'
DESC 'SolarisCertificatePath'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.24
NAME 'SolarisDataSearchDN'
DESC 'SolarisDataSearchDN'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.25
NAME 'SolarisSearchScope'
DESC 'SolarisSearchScope'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.26
NAME 'SolarisSearchTimeLimit'
DESC 'SolarisSearchTimeLimit'
EQUALITY numericStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.27
NAME 'SolarisPreferredServer'
DESC 'SolarisPreferredServer'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.28
NAME 'SolarisPreferredServerOnly'
DESC 'SolarisPreferredServerOnly'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
attributetype (
1.3.6.1.4.1.42.2.27.5.1.29
NAME 'SolarisSearchReferral'
DESC 'SolarisSearchReferral'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE)
attributetype (
2.16.840.1.113730.3.1.30
NAME 'mgrpRFC822MailMember'
DESC 'mgrpRFC822MailMember'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.4.1.42.2.27.1.1.12
NAME 'nisNetIdUser'
DESC 'nisNetIdUser'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.4.1.42.2.27.1.1.13
NAME 'nisNetIdGroup'
DESC 'nisNetIdGroup'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype (
1.3.6.1.4.1.42.2.27.1.1.14
NAME 'nisNetIdHost'
DESC 'nisNetIdHost'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
objectclass (
1.3.6.1.1.1.2.14
NAME 'NisKeyObject'
DESC 'NisKeyObject'
SUP top
MUST (
cn $
nisPublickey $
nisSecretkey
)
MAY (
uidNumber $
description
))
objectclass (
1.3.1.6.1.1.1.2.15
NAME 'nisDomainObject'
DESC 'nisDomainObject'
SUP top
MUST (
nisDomain
))
objectclass (
1.3.6.1.4.1.42.2.27.5.2.7
NAME 'SolarisNamingProfile'
DESC 'SolarisNamingProfile'
SUP top
MUST (
cn $
SolarisLDAPServers $
SolarisSearchBaseDN
)
MAY (
SolarisBindDN $
SolarisBindPassword $
SolarisAuthMethod $
SolarisTransportSecurity $
SolarisCertificatePath $
SolarisDataSearchDN $
SolarisSearchScope $
SolarisSearchTimeLimit $
SolarisPreferredServer $
SolarisPreferredServerOnly $
SolarisCacheTTL $
SolarisSearchReferral
))
objectclass (1.3.6.1.1.1.2.13 NAME 'CustAccount' SUP top AUXILIARY
DESC 'Additional attributes for Customer accounts'
MAY ( dialpasswd $
dslpasswd $
dslstaticip $
rbn-pvc_profile_name $
rbn-pvc_encapsulation_type $
rbn-bind_type $
rbn-bind_auth_protocol
)
)
Build parameters for OpenLDAP, etc.
------------------------------------------------------
jeremy@xyzzy % gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.91.66/specs
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
jeremy@xyzzy % CC=gcc \
CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include -I/usr/local/ssl/include" \
LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib -L/usr/local/ssl/lib" \
./configure --with-tls
[output deleted. Available on request ]
jeremy@xyzzy % make depend; make; make test
[output deleted. Available on request ]
Any information on a workaround would be appreciated