[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts


Thanks for these, I saw your email yesterday in reply to another thread so took them then :-)

I've started an upgrade process by doing the following:

shutdown ldap
slapcat -f /etc/openldap/slapd.conf -b "dc=ldn,dc=sw,dc=com" -l /export/home/stuart/full_msldap01.ldif
removed all files from /var/lib/ldap except DB_CONFIG file.
I couldn't remove the ldap 2.3 version packages as they're dependencies are mad, so left them in place and did an Install of the 2.4 packages.
lib64ldap2.4_2-2.4.22-1.el5.x86_64.rpm, openldap2.4-2.4.22-1.el5.x86_64.rpm, libldap2.4_2-2.4.22-1.el5.i386.rpm, openldap2.4-2.4.22-1.el5.i386.rpm, openldap2.4-clients-2.4.22-1.el5.x86_64.rpm, openldap2.4-servers-2.4.22-1.el5.x86_64.rpm, unixODBC-2.2.11-7.1.x86_64.rpm, openldap2.4-extra-schemas-1.3-10.el5.noarch.rpm, openldap2.4-servers-2.4.22-1.el5.x86_64.rpm.
updated the /etc/openldap2.4/sladp.conf and slapd.access.conf files to remove unwanted references to SAMBA, change domain, passwd etc.
Ran the service ldap check until it was OK.
Trying to re-load the ldif gave me some errors though:

slapadd -f /etc/openldap2.4/slapd.conf -l /export/home/stuart/full_msldap01.ldif
/usr/share/openldap2.4/schema/core.schema: line 100: AttributeType inappropriate SUPerior: "c"

I found this line and decided to hash it out but then it failed on another Country attribute and another then another in cosine.schema, so have stopped hashing and started typing.

Any reason why this would fail to like the 'c' AttributeType?



> From: bgmilne@staff.telkomsa.net
> To: openldap-technical@openldap.org
> Subject: Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
> Date: Wed, 5 May 2010 08:42:05 +0100
> CC: sjain@silverspringnet.com
> On Tuesday, 4 May 2010 20:18:31 Siddhartha Jain wrote:
> > Sticking to 2.3.x is entirely RH/CentOS created issue. It's a shame that
> > 2.4.x hasn't been introduced in RH/CentOS even two years after being
> > released.
> >
> > We rolled our own 2.4.x RPM for RH/CentOS using RH openldap spec files
> > and upgraded. YMMV.
> For people who don't want to roll their own, and who don't want to invalidate
> any support, packages that install in parallel are available:
> http://staff.telkomsa.net/packages/rhel5/openldap/
> (repo file: http://staff.telkomsa.net/packages/OpenLDAP.repo)
> Regards,
> Buchan

Get a free e-mail account with Hotmail. Sign-up now.