[Date Prev][Date Next] [Chronological] [Thread] [Top]

Netscape Roaming Access Success

To: openldap-software@OpenLDAP.org
Subject: Netscape Roaming Access Success
From: "Phil Allred" <allred@stcl.tamu.edu>
Date: Fri, 30 Jul 1999 11:10:27 -0500
Organization: South Texas College of Law, affiliated with Texas A&M University
References: <Pine.LNX.3.95.990730114530.8412C-100000@opera.iinet.net.au> <37A1881B.7B3948A0@gmx.net>

I recently received help from Kartik Subbaro on getting Roaming Access working
with OpenLdap v. 1.2.5.  Thanks to Kartik and others who posted messages to this
group.  Here is the text of my conversation with Kartik.  Perhaps it will help
others:

------------------------------
Phil Allred wrote:
> 
> Kartik,
> 
> I'm something of an OpenLDAP newbie.  I've been working on the roaming access
> w/OpenLDAP and read your recent postings toe the openldap-software list with
> interest.  Thank you for posting the patch.
> 
> I re-compiled openldap with your patch, but still no luck.  I think I'm having
> problems because I don't have the acl's right.  I keep getting "write access
> denied by default" errors in my debug output.
> 
> I'm wondering if you could send me (or post to the list) a working .LDIF file,
> with slapd.conf and slapd.at.conf and slapd.oc.conf files?

Here are the basic steps. Step 4 should hopefully resolve your ACL
issue. I might have left out some things -- check deja.com 
and the openldap.org archives for more info.

1. Make sure you have OpenLDAP 1.2.5 or better:

ftp://www.openldap.org/pub/OpenLDAP/openldap-release/openldap-1.2.5.tgz
(The workaround that I suggested is included in this release).

2. Install this patch:

ftp://ftp.openldap.org/incoming/Albert-FitzPatrick-990519.tar.gz

3. Follow the instructions in 

http://help.netscape.com/products/client/communicator/manual_roaming2.html

[Change the type of "nsLIVersion" from integer to bin]

4. Edit slapd.conf, making sure you have this line:

lastmod on

Here are some extremely trivial (and extremely insecure) ACLs for
slapd.conf, to eliminate permissions as an issue for testing:

access to * by * write
access to * by * compare
access to * by * read

(it seems to be necessary to place the write line before the read
line)

        -Kartik
-----------------------

Please note that the file,
ftp://ftp.openldap.org/incoming/Albert-FitzPatrick-990519.tar.gz isn't really a
tar file.  It's gzip'ed, but it will give you an error when you try to un-tar
it.  After running gzip -d on it, I simply renamed the file to
Albert-FitzPatrick-990519 and moved it to my ldap/servers/slapd directory and
did

patch < Albert-FitzPatrick-990519

I then re-made the file.

I have posted ftp://ftp.openldap.org/incoming/roaming-073099.tar.gz, which
contains my slapd.conf, slapd.at.conf, slapd.oc.conf, and stcl.ldif.  Note that
as Kartik mentions above, access is pretty much wide open in this configuration.

Thanks again, Kartik and others.

Phil Allred
South Texas College of Law, Affiliated with Texas A&M University
Houston TX

References:
- Getting started with new database - problems
  - From: Peter Robinson <ribbo@iinet.net.au>
- Re: Getting started with new database - problems
  - From: Frank.Matthiess@t-online.de (Frank Matthieß)

Prev by Date: Re: IRIX OS/OpenLDAP integration
Next by Date: IRIX OS/OpenLDAP integration
Index(es):
- Chronological
- Thread