[ldap] Ldapuser not available on LDAP client

Priyanka Mon, 01 May 2006 20:41:37 -0700

Hello everyone, 

I posted this query on the OpenLDAP mailing list and was redirected here.
I am currently using the openldap-2.2.13-2 package available by default
with the Fedora core 3 distribution. I am required to be using LDAP for
user management. To understand how it works, I initially implemented
OpenLDAP using the example.com
configuration as listed here:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS#Configuring_The_LDAP_Server



This worked perfectly fine with just one problem. I could not perform 'su
ldapuser' on the client. But the command 'iptables -F' solved that problem
and LDAP
started working perfectly fine.

After this, I configured the slapd.conf and ldap.conf as per my
organisation's needs. I have not used the default objectclasses and
attributes except 'objectClass' attribute from core.schema. I developed my
own schema which I have included below.

After following similar steps as mentioned in the above url, my server is
working perfectly fine (I can also see the hierarchy in LDAP
Browser/Editor and
modify my database using it). But I am now facing the same problem as
earlier, that a user (like ldapuser in above url) whose info is in the
LDAP database is not
available at the client. And this time, even flushing the iptables does
not help.

My /etc/nsswitch.conf file is similar to what it was when I used the
example.com configuration which worked! I have been trying all sorts of
things, but nothing has helped much and hence am writing here.

I hope to receive help soon as time is running out.

Thanks for the help,
Priyanka.

---------------------------------------------------
slapd.conf (I'll call my organisation ABC)

include         /etc/openldap/schema/core.schema
include        
/etc/openldap/MySchemaLDIF/local.schema

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

database        bdb
suffix          "orgName=ABC"
rootdn          "uniqueID=Manager,orgName=ABC"

rootpw          {SSHA}KvKqSiZ4oL4F9FsQVC5fT5o2IxOtTLvw
#rootpw         secret
directory       /var/lib/ldap/example.com

------------------------------------------------
ldap.conf (server)

HOST 127.0.0.1
BASE orgName=ABC

------------------------------------------------
local.schema

# ATTRIBUTE -1, Unicode string
attributetype 
( 
3.31.2006.2.1
NAME ( 'on' 'orgName' )
DESC 'Name of an organisation'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE  
)

# ATTRIBUTE -2, Unicode string
attributetype 
(   
3.31.2006.2.2
NAME 'orgAddress'
DESC 'Registered Address of an Organisation'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
)

# ATTRIBUTE -3, Numeric String
attributetype 
(
3.31.2006.2.3
NAME 'orgTelNo'
DESC 'Telephone Number of an organisation'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36  
)

# ATTRIBUTE -4, Unicode string
attributetype
(
3.31.2006.2.4
NAME 'orgDesc'
DESC 'Description of an organisation, the work being
done, its motto, etcetera'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
)

# ATTRIUBTE-5, Unicode string
attributetype
(
        3.31.206.2.5
        NAME ( 'dp' 'deptName' )
        DESC 'Name of a department within an
organisation'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
                                                      
                        
# ATTRIBUTE -6, Unicode string
attributetype
(
        3.31.2006.2.6
        NAME 'deptAddress'
        DESC 'Registered Address of a department in an
Organisation'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
                                                      
                        
# ATTRIBUTE -7, Numeric String
attributetype
(
        3.31.2006.2.7
        NAME 'deptTelNo'
        DESC 'Telephone Number of a department in an
organisation'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36  
)
                                                      
                        
# ATTRIBUTE -8, Unicode string
attributetype
(
        3.31.2006.2.8
        NAME 'deptDesc'
        DESC 'Description of a department within an
organisation, the work being done, etcetera'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)

# ATTRIBUTE -9, Unicode string
attributetype 
(
3.31.2006.2.9
NAME ( 'ct' 'catType' )
DESC 'Category within a department to which a person
in an organisation belongs; like TF/AF/Student,
etcetera'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)

# ATTRIBUTE -10, Unicode string
attributetype
(
        3.31.2006.2.10
        NAME 'catDesc'
        DESC 'Description of the category to which a
person belongs'
EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
)

# ATTRIBUTE -11, Unicode string
attributetype 
(
3.31.2006.2.11
NAME ( 'uqid' 'uniqueID' )
DESC 'UniqueID of a person within the organisational
DIT, like combination of first and last name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE 
)

# ATTRIBUTE -12, Numeric String
attributetype
(
        3.31.2006.2.12
        NAME ( 'gid' 'groupID' )
        DESC 'Group ID of a person within the
organisation, depends on the departmnent to which he
belongs'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 
        SINGLE-VALUE
)


# ATTRIBUTE -13, Unicode string
attributetype
(
3.31.2006.2.13
        NAME ( 'ln' 'lastName' )
        DESC 'Last name of the person'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
        SINGLE-VALUE
)

# ATTRIBUTE -14, Unicode string
attributetype 
( 
3.1.2006.2.14
        NAME ( 'fn' 'firstName' )
        DESC 'First name of the person'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
)

# ATTRIBUTE -15, Unicode string
attributetype
(       
3.31.2006.2.15
        NAME ( 'mn' 'middleName' )
        DESC 'Middle name of the person'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
)


# ATTRIBUTE -16, Unicode string
attributetype
(       
3.31.2006.2.16
        NAME ( 'dsgn' 'designation' )
        DESC 'Designation of the person in terms of
Prof./Dr.'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)

# ATTRIBUTE -17, Unicode string
attributetype
(       
3.31.2006.2.17
        NAME ( 'disp' 'displayNm' )
        DESC 'Name of the person to be displayed'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
)

# ATTRIBUTE -18, Numeric String
attributetype
(       
3.31.2006.2.18
NAME 'age'
        DESC 'Age of the person'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
SINGLE-VALUE
)


# ATTRIBUTE -19, Unicode string, ??? ignore case ???
attributetype
(       
3.31.2006.2.19
        NAME ( 'eid' 'emailID' )
        DESC 'Email ID of the person'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
)

# ATTRIBUTE-20, Numeric String
attributetype
(
3.31.2006.2.20
NAME 'telNo'
DESC 'Telephone Number of an individual'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 
)

# ATTRIBUTE-21, Octet String
attributetype
( 
3.31.2006.2.21
NAME 'userPass'
DESC 'RFC2256/2307: password of user'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}
)

# ATTRIBUTE-22, 
attributetype
( 
3.31.2006.2.22 
NAME 'loginSh'
DESC 'The path to the login shell'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
)

# ATTRIBUTE-23
attributetype
( 
3.31.2006.2.23
NAME 'homeDir'
DESC 'The absolute path to the home directory'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
SINGLE-VALUE
)

# ATTRIBUTE-24
attributetype
( 
3.31.2006.2.24
NAME 'uidNum'
DESC 'An integer uniquely identifying a user in an
administrative domain'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
SINGLE-VALUE
)

# ATTRIBUTE-25
attributetype
( 
3.31.2006.2.25
NAME 'gidNum'
DESC 'An integer uniquely identifying a group in an
administrative domain'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
SINGLE-VALUE
)



###################################################################

### OBJECT CLASS DEFINITIONS ###     

objectclass
(       
3.31.2006.1.1 
        NAME 'org'
DESC 'An organisation'
        SUP top STRUCTURAL      
        MUST orgName
MAY
        (  orgAddress $ orgTelNo $ orgDesc  )
)


objectclass 
(
3.31.2006.1.2
NAME 'department' 
DESC 'A department within an organisation'
STRUCTURAL
MUST deptName
MAY 
(  deptAddress $ deptTelNo $ deptDesc  )
)


objectclass
(
3.31.2006.1.3
NAME 'category'
DESC 'Category within a department to which a person
belongs i.e. technical faculty, academic faculty,
student, etcetera'
STRUCTURAL
MUST catType
MAY
(  catDesc  )
)


#removed must groupID
objectclass
(
3.31.2006.1.4
NAME 'people'
DESC 'A person within an organisation'
STRUCTURAL
MUST
(  uniqueID $ lastName $ uidNum $ gidNum $ homeDir )
MAY
(  firstName $ middleName $ designation $ displayNm $
age $ emailID $ telNo $userPass $ loginSh )
)


-------------------------------------------------

Waiting for a reply.

---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the 
SUBJECT of the message.

[ldap] Ldapuser not available on LDAP client

Reply via email to