Raju Mathur
Sun, 05 Aug 2001 21:02:17 -0700
Hmm, looks like you're running VishwaKarma 1.1. I'd recommend
upgrading to 2.0Beta7 -- that's quite stable and nearly ready for
release. I haven't released yet since I've been up to my neck in work
(yuck!) the past 2-3 weeks. Now no one's asking me to provide them
with my valuable time, so I can spend my days sleeping and lazing
around and my evenings enhancing VishwaKarma again ;-)
Anyway, the problem is in the 3rd and 4th ACL's in the slapd.conf: you
just have to reverse the order. I.e. it should look like:
access to dn="^hostname=.*,type=hostMap,dc=XXX$"
by * read
access to dn="type=hostMap,dc=XXX"
by dn="^reseller=.*,dc=XXX$" write
by * none
Please note, THIS IS ONLY FOR THE 1.x INSTALL VERSIONS! 2.x VERSIONS
ALREADY HAVE THE CORRECT ORDER IN THE INSTALL FILE. *cough* *cough*
(shouting isn't good for my throat)
Regards,
-- Raju
>>>>> "Klein" == J Klein <[EMAIL PROTECTED]> writes:
Klein> More information for other Kandalaya VishwaKarma users
Klein> . . . Raju recommended that I try version 0.22 or later. I
Klein> manually installed perl-ldap 0.22 and no longer receive the
Klein> "get_value" error.
Klein> However, I was still unable to create resellers. I receive
Klein> the following message after entering the reseller
Klein> information (name, quotas, ip, etc) and clicking 'Add
Klein> Reseller' button.
Klein> -- Adding Reseller test2... Creating Reseller test2...
Klein> Unable to create reseller test2. Please contact the system
Klein> administrator --
Klein> I figured that this had to do with a corrupted LDAP
Klein> database so I removed /var/lib/ldap/* and recreated the
Klein> LDAP database using ldif2ldbm -i MYLDIF. This did not fix
Klein> the problem. Same symptoms.
Klein> I can use the following line to view the database contents
Klein> added by the MYLDIF file when ACLs are NOT included in the
Klein> slapd.conf. When I put the ACLs back into the slapd.conf
Klein> file, this ldapsearch returns null results.
Klein> ldapsearch -b "dc=vktest,dc=datility,dc=net"
Klein> "objectclass=*"
Klein> I have altered my ACLs and am now able to create, edit, and
Klein> delete resellers. My old ACLs and my new ACLs are shown
Klein> below. I still need to clean up my new ACLs as I do not
Klein> know exactly which line fixed the problem (yet). I gave the
Klein> manager write privileges in each of the access statements.
Klein> And then added the last 5 or 6 lines from scratch.
Klein> # OLD ACLS - slapd.conf # # ACL's for VishwaKarma # access
Klein> to dn="reseller=(.*),dc=vktest,dc=datility,dc=net" by
Klein> dn="reseller=$1,dc=vktest,dc=datility,dc=net" write by *
Klein> none access to
Klein> dn="hostName=.*,reseller=(.*),dc=vktest,dc=datility,dc=net"
Klein> by dn="reseller=$1,dc=vktest,dc=datility,dc=net" write by *
Klein> none access to
Klein> dn="hostname=.*,type=hostMap,dc=vktest,dc=datility,dc=net"
Klein> by * read access to
Klein> dn="type=hostMap,dc=vktest,dc=datility,dc=net" by
Klein> dn="reseller=.*,dc=vktest,dc=datility,dc=net" write by *
Klein> none access to
Klein> dn="user=.*,hostname=(.*),reseller=(.*),dc=vktest,dc=datility,dc=net"
Klein> by self write by
Klein> dn="hostname=$1,reseller=$2,dc=vktest,dc=datility,dc=net"
Klein> write by dn="reseller=$2,dc=vktest,dc=datility,dc=net"
Klein> write by * none access to dn=".*" by
Klein> dn="cn=manager,dc=vktest,dc=datility,dc=net" write by *
Klein> none
Klein> # NEW ACLS - slapd.conf # # ACL's for VishwaKarma # access
Klein> to dn="reseller=(.*),dc=vktest,dc=datility,dc=net" by
Klein> dn="cn=manager,dc=vktest,dc=datility,dc=net" write by
Klein> dn="reseller=$1,dc=vktest,dc=datility,dc=net" write by *
Klein> none access to
Klein> dn="hostName=.*,reseller=(.*),dc=vktest,dc=datility,dc=net"
Klein> by dn="cn=manager,dc=vktest,dc=datility,dc=net" write by
Klein> dn="reseller=$1,dc=vktest,dc=datility,dc=net" write by *
Klein> none access to
Klein> dn="hostname=.*,type=hostMap,dc=vktest,dc=datility,dc=net"
Klein> by dn="cn=manager,dc=vktest,dc=datility,dc=net" write by *
Klein> read access to
Klein> dn="type=hostMap,dc=vktest,dc=datility,dc=net" by
Klein> dn="cn=manager,dc=vktest,dc=datility,dc=net" write by
Klein> dn="reseller=.*,dc=vktest,dc=datility,dc=net" write by *
Klein> none access to
Klein> dn="user=.*,hostname=(.*),reseller=(.*),dc=vktest,dc=datility,dc=net"
Klein> by self write by
Klein> dn="cn=manager,dc=vktest,dc=datility,dc=net" write by
Klein> dn="hostname=$1,reseller=$2,dc=vktest,dc=datility,dc=net"
Klein> write by dn="reseller=$2,dc=vktest,dc=datility,dc=net"
Klein> write by * none access to dn=".*" by
Klein> dn="cn=manager,dc=vktest,dc=datility,dc=net" write # by *
Klein> none by dn="cn=manager,dc=vktest,dc=datility,dc=net" read
Klein> access to dn=".*,dc=vktest,dc=datility,dc=net" by
Klein> dn="cn=manager,dc=vktest,dc=datility,dc=net" write by *
Klein> none
Klein> I will submit my final ACLs once I use trial and error to
Klein> figure out which lines are (not) necessary for my
Klein> particular installation. Hopefully this info will help
Klein> someone out there.
Klein> So far, so good. VK seems to work nicely.
Klein> Thanks,
Klein> Jason
Klein> --- Jason Klein [EMAIL PROTECTED]
Klein> ----- Original Message ----- From: "Raju Mathur"
Klein> <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday,
Klein> August 05, 2001 1:08 AM Subject: Re: Perl Net::LDAP
Klein> versions??
>> perl-ldap 0.15 doesn't have the get_value method. Please use
>> 0.22 or later (whichever works).
>>
>> Regards,
>>
>> -- Raju
>>
>> >>>>> "Klein" == J Klein <[EMAIL PROTECTED]> writes:
>>
Klein> Problem Update: (8/4/01) I was actually trying to build /
Klein> install perl-ldap-0.24.tar.gz. That must have been a typo
Klein> in my previous message.
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/