[ldapvi] ldapvi - How to edit acl-entries within the cn=config backend
Axel Birndt
towerlexa at gmx.de
Thu May 20 19:00:38 CEST 2010
Dmitriy Kirhlarov schrieb:
> 20.05.2010 20:05, Axel Birndt пишет:
>> ab at ubuntunb:/etc$ ldapsearch -xWD cn=admin,dc=2axels-company,dc=de -H
>> ldap://localhost -LLLs one -b 'cn=config' ''
>> Enter LDAP Password:
>> No such object (32)
>
> 1. check server logs
> 2. try
> slapcat -b cn=config -F ${path_to_your_slapd.d}
This command is working fine. I got the complete content from the
ldap-directory.
I'am wondering about, that the ldap-tools are working fine, but tools
like ldapvi and web2ldap making problems.
It looks for me like a general problem, maybe in the context with the
/etc/ldap/ldap.conf file ??
ab at ubuntunb:/etc/ldap$ cat ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=2axels-company,dc=de
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
ab at ubuntunb:/etc/ldap$
>
>> are there any other configuration switches, which i've to configure?
>>
>> I set up my ldap server following these Howto:
>>
>> http://forum.ubuntuusers.de/topic/howto-openldap-unter-karmic/
>
> Don't know.
> 1. I can't read dialog
ok, i'am sorry for this. I don't remember, that you don't speak german.
Sorry.
> 2. Please read
> http://www.openldap.org/doc/admin24/slapdconf2.html
> try to start with slapd.conf and convert it to slapd.d (read #5.4)
I couldn't do this, because i have no slapd.conf. I set up my ldap
server directly with the cn=config backend.
The setup from the link above is working as following:
/root/db.ldif:
-->snip:
###########################################################
# DATABASE SETUP
###########################################################
# Load modules for database type
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=home,dc=com
olcRootDN: cn=admin,dc=home,dc=com
olcRootPW: 1234
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=admin,dc=home,d
c=ro" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=home,dc=com" write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
###########################################################
# DEFAULTS MODIFICATION
###########################################################
# Some of the defaults need to be modified in order to allow
# remote access to the LDAP config. Otherwise only root
# will have administrative access.
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {CRYPT}7hzU8RaZxaGi2
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
<----snap
ldapadd -Y EXTERNAL -H ldapi:/// -f /root/db.ldif
/tmp/base.ldif
-->snip:
# Tree root
dn: dc=home,dc=com
objectClass: dcObject
objectclass: organization
o: home.com
dc: home
description: Tree root
# LDAP admin
dn: cn=admin,dc=home,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: xxxx
description: LDAP administrator
<----snap
ldapadd -x -D cn=admin,dc=home,dc=com -W -f /tmp/base.ldif
Of course i changed the "dc=home,dc=com" to my needs.
These two commands are working fine:
ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W
I'am able to get the information and the ldapsearch-commands are working
--
Gruß Axel
------------------------------
=> einen Server härten? google mal nach Stahl härten oder was meinst Du
mit härten?
Aus:
http://www.administrator.de/index.php?content=69906
------------------------------
http://www.tty1.net/smart-questions_de.html
More information about the ldapvi
mailing list