| |
| |
| |
|
Comments:
<0> hello there, i just wanted to implement a addressbook into my ldap directory (ou=Addressbook,dc=rnet,dc=lan), but I can't get the permissions to work that Kontakt can create and edit entrys under this ou (user to access is cn=addressbook,ou=DSA,dc=rnet,dc=lan)
<0> does someone know a resource on howto manage correct acls for this task?
<1> ldap_bind: Can't contact LDAP server (-1)
<1> LDAP Success
<1> SQL Success
<1> when i am adding user in ldap it shows the above error before adding user
<1> why is it so???
<2> hello
<2> I'm trying to set up an OpenLDAP server on my Debian Etch box
<2> for an NIS replacement
<2> I ran the migration scripts, but they fail
<3> ...
<2> I'm wondering if I need aditional schemas, for instance, for POSIXUser
<3> mwk3: what is the errormessage you get? nis.schema have the objectcl***es and attributes needed by migrationtools
<2> uh
<2> well, now I get "Already exists (68)"
<2> trying to run it again
<3> already exist means that object has been added before
<2> yeah, well... that's not what I got the first time, obviously
<4> mwk3, ok two issues first.. if you look at migrationtools, they want to add stuff under organizational units..
<2> yeah, that's fine by my
<4> like ou=hosts,dc=domain,dc=com or ou=people and so on.. you understand ?
<2> *me
<2> it made the OUs, but there's nothing in them
<4> Ah if you did, then it shouldn't fail.. but listen, since you're using debian
<4> help yourself with my guide:
<5> *tada*
<4> http://colt.projectgamma.com/ldap-howto/debian-ldap-setup.html
<3> grmbl :)
<5> hi Gagatan :)
<4> You can do this without dealing with migration tools at all, for the first test ;)
<2> yeah, I was hoping to make a clean break from my NIS domain, actually
<2> but I didn't want to not have important stuff in LDAP
<2> I'm also using Kerberos, which works, actually
<2> thanks, I'll try your guide and let you know how it turns out
<4> ok
<6> how do i make id lookin in ou's other than just Users ?
<7> RiXtEr: add them to /etc/libnss-ldap.conf or /etc/ldap.conf
<7> RiXtEr: i have an extra hosts one. the order is important
<6> simonrvn, i have it setup like nss_base_p***wd ou=Users,dc=weaubleau,dc=k12,dc=mo,dc=us?sub
<6> nss_base_shadow ou=Users,dc=weaubleau,dc=k12,dc=mo,dc=us?sub
<6> nss_base_group ou=Groups,dc=weaubleau,dc=k12,dc=mo,dc=us?sub
<6> nss_base_hosts ou=Computers,dc=weaubleau,dc=k12,dc=mo,dc=us?sub
<7> please don't paste here. /topic
<6> but it won't find a user if i add it to the Computers ou
<6> ah my bad :(
<6> did that make any sense?
<7> add another nss_base_p***wd line
<8> RiXtEr: you can add two nss_base_p***wd lines, one for users and one for computers
<8> nss_base_hosts is not for computer accounts
<6> ah
<6> ok
<7> it's /etc/hosts
<8> it's probably for /etc/hosts information (and I never used nor do I know if this directive really exists)
<7> yes
<6> so i need a line like nss_base_Computers ou=Computers.etc
<7> no
<8> <7> add another nss_base_p***wd line
<6> ah
<6> ok
<6> duh ;(
<6> :)
<9> what is the prefered way of deleting a lot of groupmemberships for a user? I know howto delete the user and his privat group with ldapdelete, but I can't figure out an easy way of deleting all his groupmemberships, other than manually with ldapmodify one by one.
<8> that's it
<8> or use the referential integrity overlay (if your groups membership attribute is of the DN syntax)
<10> of course, in the future, you could store group membership in the entry, and then use the dyngroup or dynlist overlays (***uming openldap) to instantiate them via a ldap URI
<10> then removing the user removes them from any groups they were in. ;)
<8> JoBbZ: dyngroup doesn't work if I do a search like (oc=groupofnames)(member=uid=foo,...), right? I have to do the search knowing about the group membership attribute in the entry itself
<8> i.e., (oc=inetorgperson)(that_attribute=groupname) instead or something like this
<10> ahasenack: Hm, not to my understanding
<10> it is supposed to look like a normal static group to searches
<8> it works if I do a query like "what are the members of this group?"
<8> but not "to which groups does this user belong to?"
<10> supposed to. except dyngroup only allows compare operations
<10> i.e., is UserA a member of group X
<10> dynlist lets you do searches against it
<10> 2.4 will have dyngroup/dynlist merged
<8> when I tried, this didn't work: (&(objectCl***=groupOfNames)(member=uid=andreas,ou=people,dc=example,dc=com))
<8> oh, wanting "cn" in return to that query
<10> yeah, probably not going to work, since dyngroup only does compare
<8> but a search like (&(objectCl***=groupOfNames)(cn=mydyngroup)) member worked
<10> hm
<10> not supposed to work that way.
<8> it listed all members
<8> the previous search probably won't work because the server would have to expand all available dyngroups :(
<10> yeah, there may be that too. ;)
<10> when I requested dyngroup to be written, it was to meet a Stanford need
<10> which was to have dynamic groups that compare operations for membership could be made against
<10> no support for ldapsearch
<10> Pierangelo added dynlist to make them listable
<8> how would this compare operation work?
<8> I mean, to answer what kind of questions?
<8> to test if a user belongs to a specific group?
<10> yeah
<10> we have legal issues to deal with, in US federal law
<10> we can't publish some group memberships
<10> but applications can test if a particular user is a member
<8> so you test for a particular group as well
<10> yeah
<10> but we know the group name in advance
<10> of course
<10> we've never actually finished the work on our end to use the dynlist functionality
<10> afk meeting
<11> hi, can one of you gibe me a hint how to use openldap as a certificate store (CA, Server certs, User Certs)???
<12> hi, can one of you gibe me a hint how to use openldap as a certificate store (CA, Server certs, User Certs)???
Return to
#ldap
or
Go to some related
logs:
#linux
pacman repository rpmkey smart
ubuntu how to use usb headset
parsing a touple
ethconf linux
#web
libIrrlicht.a is out of date
padlock emblem linux
m5229 rev. c7 dma
gentoo kioslave sysinfo
|
|