[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5556) ldapadd/slapadd create objects without RDN
> Well, pre-2.4.9 versions would reject the Add operation... Is it
> 2.4.10 built from the OpenLDAP source, or some prepackaged binary?
I built RPMs from the source, without any patches:
DB:
../dist/configure \
--enable-shared \
--disable-static \
--program-prefix=slapd \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/sbin \
--datadir=/var/lib \
--sysconfdir=/etc \
--localstatedir=/var/lib \
--libdir=/usr/lib \
--includedir=/usr/include \
--mandir=/usr/share/man \
--disable-posixmutexes \
--with-mutex=x86/gcc-assembly \
OL:
./configure \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/sbin \
--datadir=/var/lib \
--sysconfdir=/etc \
--localstatedir=/var/lib \
--libdir=/usr/lib \
--includedir=/usr/include \
--mandir=/usr/share/man \
--enable-backends=mod \
--enable-cleartext \
--enable-crypt \
--enable-ipv6 \
--enable-ldap \
--enable-local \
--enable-modules \
--enable-overlays=mod \
--enable-slapd \
--enable-rewrite \
--enable-syslog \
--with-tls \
--with-threads \
> Maybe an overlay or something interferes with auto-adding the naming
> attrs? Please post your slapd.conf too, after removing passwords etc.
My sanitized slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/krb5-kdc.schema
include /etc/openldap/schema/kerberosobject.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/autofs.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/kolab.schema
include /etc/openldap/schema/evolutionperson.schema
include /etc/openldap/schema/calendar.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/dnszone.schema
include /etc/openldap/schema/dhcp.schema
include /etc/openldap/schema/postfix-mail.schema
access to dn.exact=""
by * read
access to dn.subtree="cn=Subschema"
by * read
access to dn.subtree="ou=people,dc=openldap,dc=example,dc=com"
by group="cn=replicator
accounts,ou=group,dc=openldap,dc=example,dc=com" read
by peername.ip=10.12.31.6 anonymous read
by peername.ip=10.12.31.7 anonymous read
access to dn.subtree="ou=vmail,dc=openldap,dc=example,dc=com"
by group="cn=replicator
accounts,ou=group,dc=openldap,dc=example,dc=com" read
by peername.ip=10.12.31.6 anonymous read
by peername.ip=10.12.31.7 anonymous read
access to dn.subtree="ou=idmap,dc=openldap,dc=example,dc=com"
by group="cn=idmap admins,ou=group,dc=openldap,dc=example,dc=com"
write
by group="cn=replicator
accounts,ou=group,dc=openldap,dc=example,dc=com" read
by users read
by * auth
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by group="cn=replicator
accounts,ou=group,dc=openldap,dc=example,dc=com" read
by anonymous auth
by * none
access to *
by group="cn=admins,ou=group,dc=openldap,dc=example,dc=com" write
by group="cn=replicator
accounts,ou=group,dc=openldap,dc=example,dc=com" read
by self read
by anonymous auth
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
#sizelimit unlimited
#timelimit unlimited
modulepath /usr/sbin/openldap
moduleload ppolicy.la
moduleload syncprov.la
moduleload back_bdb.la
moduleload back_monitor.la
TLSRandFile /dev/random
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/pki/tls/certs/server01.crt
TLSCertificateKeyFile /etc/pki/tls/private/server01.key
TLSCACertificateFile /etc/pki/tls/certs/domain-server01.crt
security ssf=128
loglevel 256
database config
rootdn cn=config
rootpw secret
#serverid 1 ldap://server03.example.com
#serverid 2 ldap://server01.example.com
#syncrepl rid=001
# provider=ldap://server01.example.com
# binddn="cn=config"
# bindmethod=simple
# credentials=secret
# searchbase="cn=config"
# type=refreshAndPersist
# starttls=yes
# tls_reqcert=never
# retry="5 5 300 5"
# timeout=5
#syncrepl rid=002
# provider=ldap://server03.example.com
# binddn="cn=config"
# bindmethod=simple
# credentials=secret
# searchbase="cn=config"
# type=refreshAndPersist
# starttls=yes
# tls_reqcert=never
# retry="5 5 300 5"
# timeout=5
#mirrormode true
#overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 100
database monitor
rootdn cn=monitor
rootpw secret
database bdb
suffix "dc=openldap,dc=example,dc=com"
rootdn "cn=manager,dc=openldap,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
serverid 3 ldap://server01.example.com
serverid 4 ldap://server03.example.com
cachesize 10000
checkpoint 256 5
syncrepl rid=003
provider=ldap://server01.example.com
binddn="uid=replicator,ou=service-accounts,dc=openldap,dc=example,dc=com"
bindmethod=simple
credentials=secret
searchbase="dc=openldap,dc=example,dc=com"
type=refreshAndPersist
starttls=yes
tls_reqcert=never
interval=00:00:00:10
retry="5 5 300 5"
timeout=5
syncrepl rid=004
provider=ldap://server03.example.com
binddn="uid=replicator,ou=service-accounts,dc=openldap,dc=example,dc=com"
bindmethod=simple
credentials=secret
searchbase="dc=openldap,dc=example,dc=com"
type=refreshAndPersist
starttls=yes
tls_reqcert=never
interval=00:00:00:10
retry="5 5 300 5"
timeout=5
mirrormode true
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
index objectClass eq
index cn,mail,surname,givenname eq,subinitial
index uidNumber,gidNumber,memberuid,member,uniqueMember eq
index uid eq,subinitial
index sambaSID,sambaDomainName,displayName eq
index entryCSN,entryUUID eq
index mailid eq
limits group="cn=replicator accounts,ou=group,dc=openldap,dc=example,dc=com"
size=unlimited
time=unlimited
Thanks!
--
Josh Miller, RHCE