[Date Prev][Date Next] [Chronological] [Thread] [Top]
Netscape roaming with OpenLDAP 2

To: <openLDAP-software@OpenLDAP.org>
Subject: Netscape roaming with OpenLDAP 2
From: "nate" <ldap@aphroland.org>
Date: Tue, 19 Feb 2002 16:07:42 -0800 (PST)
Importance: Normal
hi.

i am trying to get netscape roaming to work with OpenLDAP v2. I
have read several websites including:
http://home.kabelfoon.nl/~hvdkooij/Netscape_and_OpenLDAP_v2/netscape-and-openldap-v2.html
but have not had much success. I am new to LDAP(just started
playing with it yesterday). I have addressbook features and
authentication(via PAM) working sofar.

Platform: Debian GNU/Linux 3.0 ("woody")
OpenLDAP Release: 2.0.22-2

I have replaced a bunch of the below settings with generic
entries for privacy's sake.

slapd config:
suffix "o=aphroland,c=us"
index cn,sn,uid pres,eq,sub
index objectClass eq
lastmod on

access to attribute=userPassword
        by dn="cn=admin,o=aphroland,c=us" write
        by anonymous auth
        by self write
        by * none

# The admin dn has full write access
access to *
        by dn="cn=admin,o=aphroland,c=us" write
        by self write
        by anonymous auth

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
access to dn=".*,ou=Roaming,o=aphroland,c=us"
        by dn="cn=admin,o=aphroland,c=us" write
        by dnattr=owner write


dn: cn=Jorge Jetson, ou=People, o=aphroland, c=us
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
jpegPhoto:< file:///home/aphro/genericuser.jpg
uid: jorgej
cn: Jorge Jetson
sn: Jetson
givenname: Jorge
title: Janitor
departmentNumber: Sprockets
userpassword: {MD5}yyprY0825/L3nViVaBmi2A==
telephoneNumber: 000-000-0000x1234
facsimiletelephonenumber: 000-000-0000
mobile: 000-000-0000
postaladdress: 1234 Left lane$sprocketsville$lala land
labeleduri: http://jorge.jetson.com
mail: jorge@jetson.com
mail: jorge@jetson.com
loginShell: /bin/bash
uidNumber: 1010
gidNumber: 1010
homeDirectory: /home/jorgej
gecos: Jorge Jetson
description: Janitor
localityName: lala land

dn: nsLIProfileName=Jorge Jetson,ou=Roaming,o=aphroland,c=us
objectclass: top
objectclass: nsLIProfile
nsLIProfileName: Jorge Jetson
owner: cn=Jorge Jetson,ou=People,o=aphroland,c=us

Netscape Configuration:
User Name: Jorge Jetson
LDAP server address: ldap://myserver.jetson.com/nsLIProfileName=Jorge
Jetson,ou=Roaming,o=aphroland,c=usUser DN: cn=Jorge Jetson,ou=People,o=aphroland,c=us

The debian default install of OpenLDAP adds the org unit
Roaming by default so its not part of my LDIF file that
i import into the DB initially.

The error i get on slapd (debug 4095) when i try to connect is:

ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)

this may be of interest too:
=> access_allowed: search access to "nsLIProfileName=Jorge
Jetson,ou=Roaming,o=aphroland,c=us" "objectClass" requested=> acl_get: [1] check attr objectClass
=> acl_get: [2] check attr objectClassJorge
Jetson,ou=Roaming,o=aphroland,c=us attr: objectClass=> acl_mask: access to entry "nsLIProfileName=Jorge
Jetson,ou=Roaming,o=aphroland,c=us", attr "objectClass" requested=> acl_mask: to all values by "CN=JORGE
JETSON,OU=PEOPLE,O=APHROLAND,C=US", (=n)<= check a_dn_pat: cn=admin,o=aphroland,c=us
=> string_expand: pattern:  cn=admin,o=aphroland,c=us
=> string_expand: expanded: cn=admin,o=aphroland,c=us
=> regex_matches: string:   CN=JORGE JETSON,OU=PEOPLE,O=APHROLAND,C=US
=> regex_matches: rc: 1 no matches
<= check a_dn_pat: self
<= check a_dn_pat: anonymous
<= acl_mask: no more <who> clauses, returning =n (stop)
=> access_allowed: search access denied by =n
<= test_filter 50
ldbm_search: candidate 8 does not match filter
====> cache_return_entry_r( 8 ): returned (0)


i am curious if the line:
=> access_allowed: search access denied by =n

may be what is causing the failed login ? my acls pretty
much match those in the instructions so im not sure why
it would be a ACL problem ..

The password works i believe as i can login to the
LDAP server in the netscape address book using the email
address and password ..

the password is 'coke'.

i've searched around and found some others who have had
the first error "ldap_read: want=1..." but didn't notice
anything that could be related to what i'm experiencing.

i've been using apache's mod_roaming for years, just wanted
to try out LDAP now that i'm playing with it.

any ideas appreciated!

thanks

nate
Prev by Date: Re: SQL queries of LDAP directory
Next by Date: double ou
Index(es):
- Chronological
- Thread