[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
From: Shamika Joshi <shamika.joshi@gmail.com>
Date: Tue, 6 Apr 2010 16:54:34 +0530
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type; bh=gZqCvppHS9ClSpcp7GgTstOeSxapvztkvcbiDXFsfsI=; b=hdhtcOqmlfVenzO2ByN32sWDWWi7Q8kv8L/3m5SJMAisqg4Uyivn9Rdeh+jV9+SwAy z8AbIcEH4yd+GcUHlkn5R6wCZIOkDkuYY1Bgjch6y8OJfLLLQmKoa0IXeriQ7bJkuOmU T/rR4W5iusOIVh2lsDCA0sNGgCE74FLpYWeNg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=vVgN6L85uuZZVM6gfU6GNG5p2Kjwn0kPxjjAHYPm0z0/oVCLwEcQiKjukA7nda36Dt pZBoA8A9hIat7BdnqPyYkQ05tWC0XRaSp1+lZW9onHHhl75HkRU0RYHeTjjaT/GqjSQe SHhulBaKXddAK66ESHPNOE8kYgRMqCzy4rxgs=
In-reply-to: <o2s30f711301004060334n28732187td4bc919c7162cc86@mail.gmail.com>
References: <t2l30f711301004010619r96fc760aw4c00fcb96561bfd3@mail.gmail.com> <87bpe3w8eu.fsf@magenta.l4b.de> <q2z30f711301004012347l8c692eccwe852a53a81676b12@mail.gmail.com> <878w95g556.fsf@magenta.l4b.de> <p2j30f711301004042350vcf30fc8cmba428e9cfa5c9999@mail.gmail.com> <20100406112637.00b2b9c5@magenta.l4b.de> <o2s30f711301004060334n28732187td4bc919c7162cc86@mail.gmail.com>

My cn=config is attached here. I have added users bob & george with host objects cms2 & cms3 respectively as shown in the below for cn=bob,ou=Users,dc=testlab,dc=com

cn: bob
uid: bob
objectClass: account
objectClass: posixAccount
uidNumber: 10001
gidNumber: 10001
homeDirectory: /home/bob
loginShell: /bin/sh
gecos: bob
description: User account
host: cms2
userPassword: {SSHA}GtI94c1LAH6F1Wj3rqUGwjND1oUGa2hq

Also I have 2 machines u910desk & x15f12 added with with labledURI searching for hostobject value as 'cms2' & 'cms3' respectively as shown in the eg below for cn=u910desk,ou=Machines,dc=testlab, dc=com

cn: u910desk
ipHostNumber: 172.17.5.232
member: cn=placeholder,dc=testlab,dc=com
objectClass: top
objectClass: groupOfNames
objectClass: labeledURIObject
objectClass: ipHost
labeledURI: ldap:///ou=Users,dc=testlab,dc=com??one?(host=cms2)

Now if I attempt to #ssh bob@172.17.5.232 it should allow me because bob contains hostobject :cms2 whereas if I do '#ssh george@172.17.5.232' it should fail because 172.17.5.232 is looking for host object 'cms2' whereas george contains host object :cms3. correct?
But in practical scenario this is not happening. It still allows me to ssh to both machines using both users bob & george. Any clue what I must be missing here?

thanks
Shamika

On Tue, Apr 6, 2010 at 4:04 PM, Shamika Joshi <shamika.joshi@gmail.com> wrote:

Yeah,now it worked for me too...May be there was typo or something...
I get to actual dynlist configuration now & get back if there are any questions.

thanks alot for your help
Shamika

On Tue, Apr 6, 2010 at 2:56 PM, Dieter Kluenter <dieter@dkluenter.de> wrote:
Am Mon, 5 Apr 2010 12:20:07 +0530
schrieb Shamika Joshi <shamika.joshi@gmail.com>:

> Yes it is in /usr/lib/ldap
>
> admins@x6:~$ locate dynlist
> /etc/ldap/dynlist.ldif
> /usr/lib/ldap/dynlist-2.4.so.2
> /usr/lib/ldap/dynlist-2.4.so.2.5.1
> /usr/lib/ldap/dynlist.la
> /usr/lib/ldap/dynlist.so
> /usr/share/man/man5/slapo-dynlist.5.gz
>
> admins@x6:~$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W
> Enter LDAP Password:
> dn: cn=config
> objectClass: olcGlobal
> cn: config
> olcArgsFile: /var/run/slapd/slapd.args
> olcLogLevel: none
> olcPidFile: /var/run/slapd/slapd.pid
> olcToolThreads: 1
>
> dn: cn=module{0},cn=config
> objectClass: olcModuleList
> cn: module{0}
> *olcModulePath: /usr/lib/ldap*
> olcModuleLoad: {0}back_hdb
>
> but still gives the same error, what could be the reason?
>
> *admins@x6:~$ ldapmodify -x -D cn=admin,cn=config -W
> Enter LDAP Password:
> dn: cn=config
> changetype: modify
> add: olcModuleLoad
> olcModuleLoad: dynlist.la
> modifying entry "cn=config"
> ldap_modify: Object class violation (65)

> additional info: attribute 'olcModuleLoad' not allowed*

I just tested it on my system:
$ ldapmodify -D cn=config -w xxx -ZZ -H ldap://magenta.avci.de

dn: cn=module{0},cn=config

changetype: modify
add: olcModuleload
olcModuleLoad: dynlist.la

modifying entry "cn=module{0},cn=config"

and a search produces:
ldapsearch -LLL -D cn=config -w xxx -ZZ -H ldap://magenta.avci.de
-b cn=module{0},cn=config -s base "*"

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}

olcModulePath: /usr/lib/openldap/modules
olcModuleLoad: {0}back_meta.la
olcModuleLoad: {1}dynlist.la

-Dieter

--
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

admins@x6:/etc/ldap$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W
Enter LDAP Password:
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
olcModuleLoad: {1}dynlist.la

dn: olcOverlay={0}dynlist,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynamicList
olcOverlay: {0}dynlist
olcDlAttrSet: {0}groupOfNames labeledURI member

Follow-Ups:
- Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
  - From: Dieter Kluenter <dieter@dkluenter.de>

References:
- Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
  - From: Shamika Joshi <shamika.joshi@gmail.com>
- Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
  - From: Shamika Joshi <shamika.joshi@gmail.com>
- Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
  - From: Shamika Joshi <shamika.joshi@gmail.com>
- Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
  - From: Shamika Joshi <shamika.joshi@gmail.com>

Prev by Date: Re: Using "overlay dynlist" with Ubuntu Karmic 9.10 LDAP server using slapd.d (not slapd.conf) ?
Next by Date: Re: Partial replication
Index(es):
- Chronological
- Thread