[Date Prev][Date Next] [Chronological] [Thread] [Top]

Netscape Roaming Access Success

I recently received help from Kartik Subbaro on getting Roaming Access working
with OpenLdap v. 1.2.5.  Thanks to Kartik and others who posted messages to this
group.  Here is the text of my conversation with Kartik.  Perhaps it will help

Phil Allred wrote:
> Kartik,
> I'm something of an OpenLDAP newbie.  I've been working on the roaming access
> w/OpenLDAP and read your recent postings toe the openldap-software list with
> interest.  Thank you for posting the patch.
> I re-compiled openldap with your patch, but still no luck.  I think I'm having
> problems because I don't have the acl's right.  I keep getting "write access
> denied by default" errors in my debug output.
> I'm wondering if you could send me (or post to the list) a working .LDIF file,
> with slapd.conf and slapd.at.conf and slapd.oc.conf files?

Here are the basic steps. Step 4 should hopefully resolve your ACL
issue. I might have left out some things -- check deja.com 
and the openldap.org archives for more info.

1. Make sure you have OpenLDAP 1.2.5 or better:

(The workaround that I suggested is included in this release).

2. Install this patch:


3. Follow the instructions in 


[Change the type of "nsLIVersion" from integer to bin]

4. Edit slapd.conf, making sure you have this line:

lastmod on

Here are some extremely trivial (and extremely insecure) ACLs for
slapd.conf, to eliminate permissions as an issue for testing:

access to * by * write
access to * by * compare
access to * by * read

(it seems to be necessary to place the write line before the read


Please note that the file,
ftp://ftp.openldap.org/incoming/Albert-FitzPatrick-990519.tar.gz isn't really a
tar file.  It's gzip'ed, but it will give you an error when you try to un-tar
it.  After running gzip -d on it, I simply renamed the file to
Albert-FitzPatrick-990519 and moved it to my ldap/servers/slapd directory and

patch < Albert-FitzPatrick-990519

I then re-made the file.

I have posted ftp://ftp.openldap.org/incoming/roaming-073099.tar.gz, which
contains my slapd.conf, slapd.at.conf, slapd.oc.conf, and stcl.ldif.  Note that
as Kartik mentions above, access is pretty much wide open in this configuration.

Thanks again, Kartik and others.

Phil Allred
South Texas College of Law, Affiliated with Texas A&M University
Houston TX