On Mon, Jun 7, 2010 at 4:44 AM, Stuart Cherrington < [email protected]> wrote:
> > > > Date: Sat, 5 Jun 2010 11:39:22 -0700 > > From: [email protected] > > To: [email protected] > > CC: [email protected]; [email protected]; > [email protected] > > Subject: Re: User restriction > > > > > Buchan Milne wrote: > > > On Friday, 4 June 2010 13:47:42 Jonathan Clarke wrote: > > >> On 04/06/2010 11:49, Stuart Cherrington wrote: > > > > > >> As far as I know, "nss_base_passwd" is not a valid keyword in > ldap.conf > > >> for OpenLDAP clients. > > >> > > >> If you're configuring this on a Linux server, I think you'll find the > > >> equivalent configuration in /etc/libnss_ldap.conf or similar. > > > > > > Upstream default is /etc/ldap.conf, libnss-ldap.conf is an unnecessary > Debian- > > > ism. > > > > The upstream default has been an endless source of confusion for the > better > > part of a decade. Renaming ala Debian is the right answer. > > > > > > OK - Thanks for all your comments so far, the whole LDAP structure is > starting to become clearer but not as simple as I'd like. As Aron suggested, > I used the ldapcompare command to see if I could pull the 'member' > information from the schema but it fails. > > An ldapsearch shows the following: > > ldapsearch -x -b 'ou=auth,dc=ldn,dc=sw,dc=com' -h 10.2.250.15 -D > cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxxx > # extended LDIF > # > # LDAPv3 > # base <ou=auth,dc=ldn,dc=sw,dc=com> with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # auth, ldn.sw.com > dn: ou=auth,dc=ldn,dc=sw,dc=com > ou: auth > objectClass: organizationalUnit > objectClass: top > > # access, auth, ldn.sw.com > dn: cn=access,ou=auth,dc=ldn,dc=sw,dc=com > objectClass: groupOfNames > objectClass: top > cn: access > member: uid=stuart,ou=people,dc=ldn,dc=sw,dc=com > member: cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com > member: uid=rpratt,ou=people,dc=ldn,dc=sw,dc=com > member: uid=jason,ou=people,dc=ldn,dc=sw,dc=com > member: uid=pstuart,ou=people,dc=ldn,dc=sw,dc=com > member: uid=pfield,ou=people,dc=ldn,dc=sw,dc=com > member: uid=nereelot,ou=people,dc=ldn,dc=sw,dc=com > member: uid=scolebro,ou=people,dc=ldn,dc=sw,dc=com > member: uid=bpower,ou=people,dc=ldn,dc=sw,dc=com > member: uid=ihunt,ou=people,dc=ldn,dc=sw,dc=com > member: uid=emoreton,ou=people,dc=ldn,dc=sw,dc=com > member: uid=lcable,ou=people,dc=ldn,dc=sw,dc=com > member: uid=pmurray,ou=people,dc=ldn,dc=sw,dc=com > > # search result > search: 2 > result: 0 Success > > You can clearly see the first Member line is myself. If I now try: > > ldapcompare2.4 -v -x -h 10.2.250.15 -D > cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxxxxx > "ou=auth,dc=ldn,dc=sw,dc=com" > member:uid=stuart,ou=people,dc=ldn,dc=sw,dc=com > > ldap_initialize( ldap://10.2.250.15 ) > DN:ou=auth,dc=ldn,dc=sw,dc=com, attr:member, > value:uid=stuart,ou=people,dc=ldn,dc=sw,dc=com > Compare Result: No such attribute (16) > UNDEFINED > > Any pointers here would be useful. > > Thanks, > > Stuart. > > > > ------------------------------ > Get a new e-mail account with Hotmail - Free. Sign-up > now.<http://clk.atdmt.com/UKM/go/197222280/direct/01/> > I suggest reading these two threads and it might answer your question. First Thread: http://www.openldap.org/lists/openldap-technical/200912/msg00022.html Continuation of First Thread: http://www.openldap.org/lists/openldap-technical/201006/msg00018.html Sorry for not re-typing all of that but i have other things to be doing this morning. - Adam
