[Date Prev][Date Next]
Re: schema for netscape roaming server (fwd)
i have been successfull with these ACL settings:
access to dn="nsliProfileName=(.*),ou=roaming,dc=delaval,dc=com,dc=."
by dn="email@example.com,ou=people,dc=delaval,dc=com,dc=." write
by dnattr=owner write
access to *
by self write
by anonymous auth
by * read
On Wed, 28 Mar 2001, prune wrote:
> I've done almost the same (as said previously :)
> I had to add things by hand, as netscape wasn't able to add it (auth
> problem ??)
> I still have an auth problem. When netscape quit, it tries to
> synchronize to the ldap server. I then have logs (only setting prefs in
> ldap) :
> Mar 28 13:12:50 diamond slapd: conn=1 op=4 SRCH
> scope=0 filter="(objectClass=*)"
> Mar 28 13:12:50 diamond slapd: conn=1 op=4 SEARCH RESULT tag=101
> err=0 text=
> Mar 28 13:12:50 diamond slapd: conn=1 op=5 MOD
> Mar 28 13:12:50 diamond slapd: conn=1 op=5 RESULT tag=103 err=50
> Mar 28 13:12:51 diamond slapd: conn=-1 fd=9 closed
> So, it seems I can't modify what is under the dn I bind...
> how to set this ?? I'm clueless :(
> Michael Clark wrote:
> > I'm using it, works great for me - everything I've tried works including
> > bookmarks, although I haven't tried Java Security or certificates.
> > I'm using a slightly different directory layout than the document at the link
> > mentioned suggests. ie.
> > Netscape Roaming Settings
> > Address:
> > ldap://myserver.com/nsLIProfilename=default,uid=$USERID,dc=metaparadigm,dc=com
> > User DN: uid=$USERID,dc=metaparadigm,dc=com
> > This is slightly simpler as the Netscape Roaming profile is now a child of the
> > user rather than in a seperate roaming tree. With this layout, I can have
> > multiple roaming profiles for a user. Also using the $USERID substitution, I can
> > do guest logins without needing to change roaming preferences on the browser.
> > As I remember, I just needed to add a objectclass: nsLIProfile to the user to
> > allow the profile as a child - then I added this to my user:
> > dn: nsLIProfileName=default,uid=some_user,dc=metaparadigm,dc=com
> > objectclass: top
> > objectclass: nsLIProfile
> > nsLIProfileName: default
> > owner: uid=some_user,dc=metaparadigm,dc=com
> > The reason I made the profile a child of the user was so I could get a 'by self
> > write' ACL working for profile updates although it didn't seem to work. Netscape
> > seems to do some funny stuff with authentication so you must have the ACL setup
> > right as it doesn't seem be bound as the user when doing the directory updates.
> > This works for me:
> > access to dn=".*,nsLIProfilename=.*,uid=.*,dc=metaparadigm,dc=com"
> > by dnattr=owner write
> > ~mc
> >> -----Original Message-----
> >> From: owner-openldap-software@OpenLDAP.org
> >> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of GOMBAS Gabor
> >> Sent: Saturday, 24 March 2001 12:41 a.m.
> >> To: openldap-software@OpenLDAP.org
> >> Subject: Re: schema for netscape roaming server
> >> On Fri, Mar 23, 2001 at 02:48:03PM +0000, Konstantin Chuguev wrote:
> >>> I think that's what you need:
> >> http://home.kabelfoon.nl/~hvdkooij/Netscape_and_OpenLDAP_v2/netscape-a
> >> nd-openldap-v2.html
> >> Is anybody using it? When I tried to play with it last year, I was not able
> >> to store my bookmarks in LDAP since slapd rejected the update because of
> >> bad attribute syntax. I had no time to debug it since then...
> >> Gabor
> >> --
> >> Gabor Gombas Eotvos Lorand University
> >> E-mail: firstname.lastname@example.org Hungary