[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Netscape Roaming Access Success

To: Phil Allred <allred@stcl.tamu.edu>
Subject: Re: Netscape Roaming Access Success
From: Randy Fay <rfay@peakss.com>
Date: Thu, 12 Aug 1999 17:10:39 -0600
Cc: openldap-software@OpenLDAP.org
References: <Pine.LNX.3.95.990730114530.8412C-100000@opera.iinet.net.au> <37A1881B.7B3948A0@gmx.net> <37A1CE73.B62C78FF@stcl.tamu.edu>

OK, Now you're the expert on Roaming :-)

I've been working on this for some time, and netscape successfully
contacts the LDAP server, but can't create the "bookmarks" DN. 

Here's the log results when netscape is starting up. Note that it
correctly finds the nsliprofilename entry. It doesn't find the
bookmarks, because it's not there yet.

------------- Startup log ---------------
conn=1 fd=7 connection from imagic.pc.peakss.com (172.28.0.85) accepted.
conn=1 op=0 BIND dn="CN=RANDY FAY,OU=PEOPLE,O=PEAK SOFTWARE
SOLUTIONS,C=US" method=128
conn=1 op=0 RESULT err=0 tag=97 nentries=0
conn=1 op=1 SRCH base="NSLIPROFILENAME=RFAY,OU=ROAMING,O=PEAK SOFTWARE
SOLUTIONS,C=US" scope=0 filter="(objectclass=*)"
conn=1 op=1 RESULT err=0 tag=101 nentries=1
conn=1 op=2 SRCH base="NSLIPROFILENAME=RFAY,OU=ROAMING,O=PEAK SOFTWARE
SOLUTIONS,C=US" scope=0 filter="(objectclass=*)"
conn=1 op=2 RESULT err=0 tag=101 nentries=1
conn=1 op=3 SRCH
base="NSLIELEMENTTYPE=BOOKMARKS,NSLIPROFILENAME=RFAY,OU=ROAMING,O=PEAK
SOFTWARE SOLUTIONS,C=US" scope=0 filter="(objectclass=*)"
conn=1 op=3 RESULT err=32 tag=101 nentries=0
------------------------------------------

Here's the log results when netscape is closing up. It tries to find,
modify, then in desperation tries to create the bookmarks entry, but
can't do it. I'm convinced that if I know why then everything will work:

------------ Netscape shutdown log ----------
conn=1 op=4 SRCH
base="NSLIELEMENTTYPE=BOOKMARKS,NSLIPROFILENAME=RFAY,OU=ROAMING,O=PEAK
SOFTWARE SOLUTIONS,C=US" scope=0 filter="(objectclass=*)"
conn=1 op=4 RESULT err=32 tag=101 nentries=0
conn=1 op=5 MOD
dn="NSLIELEMENTTYPE=BOOKMARKS,NSLIPROFILENAME=RFAY,OU=ROAMING,O=PEAK
SOFTWARE SOLUTIONS,C=US"
conn=1 op=5 RESULT err=32 tag=103 nentries=0
conn=1 op=6 ADD
dn="NSLIELEMENTTYPE=BOOKMARKS,NSLIPROFILENAME=RFAY,OU=ROAMING,O=PEAK
SOFTWARE SOLUTIONS,C=US"
conn=1 op=6 RESULT err=32 tag=105 nentries=0
conn=1 op=7 UNBIND
----------------------------------------------

My slapd.conf is attached... It has the stuff you'd expect and the
access you specified.

The LDIF entries are:

$ ldapsearch -p 6000 -h zorak '(cn=*randy*)'
cn=Randy Fay, ou=people, o=Peak Software Solutions, c=us
cn=Randy Fay
givenname=Randy
sn=Fay
mail=rfay@peakss.com
mail=randy@theFays.com
objectclass=person
uid=rfay
homephone=937-1336
pagertelephonenumber=303-887-2118
mobiletelephonenumber=303-887-2118
telephonenumber=303.734.5075
telephonenumber=303.303.3033
description=Experimentor again with this database
jpegphoto=NOT ASCII
userpassword=forty

$ ldapsearch -p 6000 -h zorak '(nsliprofilename=rfay)'   
nsliprofilename=rfay, ou=roaming, o=peak software solutions,c=us
objectclass=top
objectclass=nsliprofile
nsliprofilename=rfay
owner=cn=randy fay,ou=people, o=peak software solutions, c=us


THANKS LOADS FOR ANY AND ALL HELP! I've been hacking at this on and off
for
months.



Phil Allred wrote:
> 
> I recently received help from Kartik Subbaro on getting Roaming Access working
> with OpenLdap v. 1.2.5.  Thanks to Kartik and others who posted messages to this
> group.  Here is the text of my conversation with Kartik.  Perhaps it will help
> others:
> 
> ------------------------------
> Phil Allred wrote:
> >
> > Kartik,
> >
> > I'm something of an OpenLDAP newbie.  I've been working on the roaming access
> > w/OpenLDAP and read your recent postings toe the openldap-software list with
> > interest.  Thank you for posting the patch.
> >
> > I re-compiled openldap with your patch, but still no luck.  I think I'm having
> > problems because I don't have the acl's right.  I keep getting "write access
> > denied by default" errors in my debug output.
> >
> > I'm wondering if you could send me (or post to the list) a working .LDIF file,
> > with slapd.conf and slapd.at.conf and slapd.oc.conf files?
> 
> Here are the basic steps. Step 4 should hopefully resolve your ACL
> issue. I might have left out some things -- check deja.com
> and the openldap.org archives for more info.
> 
> 1. Make sure you have OpenLDAP 1.2.5 or better:
> 
> ftp://www.openldap.org/pub/OpenLDAP/openldap-release/openldap-1.2.5.tgz
> (The workaround that I suggested is included in this release).
> 
> 2. Install this patch:
> 
> ftp://ftp.openldap.org/incoming/Albert-FitzPatrick-990519.tar.gz
> 
> 3. Follow the instructions in
> 
> http://help.netscape.com/products/client/communicator/manual_roaming2.html
> 
> [Change the type of "nsLIVersion" from integer to bin]
> 
> 4. Edit slapd.conf, making sure you have this line:
> 
> lastmod on
> 
> Here are some extremely trivial (and extremely insecure) ACLs for
> slapd.conf, to eliminate permissions as an issue for testing:
> 
> access to * by * write
> access to * by * compare
> access to * by * read
> 
> (it seems to be necessary to place the write line before the read
> line)
> 
>         -Kartik
> -----------------------
> 
> Please note that the file,
> ftp://ftp.openldap.org/incoming/Albert-FitzPatrick-990519.tar.gz isn't really a
> tar file.  It's gzip'ed, but it will give you an error when you try to un-tar
> it.  After running gzip -d on it, I simply renamed the file to
> Albert-FitzPatrick-990519 and moved it to my ldap/servers/slapd directory and
> did
> 
> patch < Albert-FitzPatrick-990519
> 
> I then re-made the file.
> 
> I have posted ftp://ftp.openldap.org/incoming/roaming-073099.tar.gz, which
> contains my slapd.conf, slapd.at.conf, slapd.oc.conf, and stcl.ldif.  Note that
> as Kartik mentions above, access is pretty much wide open in this configuration.
> 
> Thanks again, Kartik and others.
> 
> Phil Allred
> South Texas College of Law, Affiliated with Texas A&M University
> Houston TX

-- 
Randy Fay - rfay@peakss.com - www.peakss.com
7851 South Elati Street, Suite 200, Littleton, CO 80120
W:303.734.5075  H:303.937.1336  F:303.734.4244
Mail my pager 150 chars or less: 3038872118@mobile.att.net

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/usr/local/etc/openldap/slapd.at.conf
include		/usr/local/etc/openldap/slapd.oc.conf
include 	/usr/local/etc/openldap/ns-mcd-li-schema.conf
schemacheck	off

pidfile		/etc/slapd.pid
argsfile	/etc/slapd.args

defaultaccess write 

access to * by * write
access to * by * compare
access to * by * read

#######################################################################
# ldbm database definitions
#######################################################################

database	ldbm
suffix		"o=peak software solutions,c=us"
suffix		"dc=peakss,dc=com"
suffix		"o=Lucent Technologies,c=us"
suffix		"o=Isotel,c=ca"
suffix		"c=us"
suffix		"c=ca"
suffix		""
directory	/usr/tmp
index		ou
#index       cn
#index       sn
#index       uid

rootdn		"cn=root,o=peak software solutions,c=us"
updatedn	"cn=root,o=peak software solutions,c=us"
rootpw		junk
# cleartext passwords, especially for the rootdn, should
# be avoid.  See slapd.conf(5) for details.

Prev by Date: Re: Migration from Ph Server to OpenLDAP
Next by Date: Customizing installation
Index(es):
- Chronological
- Thread