Aleks
2015-08-06 18:46:45 UTC
Content preview: Hi dear list members. I need to create the following ldap-tree
#### dc=example dc=customers-ext,dc=example dc=MetaOrgTree01,dc=customers-ext,dc=example
dc=MetaOrgTree02,dc=customers-ext,dc=example ... dc=MetaOrgTree0n dc=customers,dc=example
dc=MetaOrgTree01,dc=customers,dc=example dc=MetaOrgTree02,dc=customers,dc=example
... dc=MetaOrgTree0n dc=appuser,dc=example # < this is a mdb uid=bindUser
############### [...]
Content analysis details: (-2.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL
was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[5.9.105.115 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: none.at]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Hi dear list members.
I need to create the following ldap-tree
####
dc=example
dc=customers-ext,dc=example
dc=MetaOrgTree01,dc=customers-ext,dc=example
dc=MetaOrgTree02,dc=customers-ext,dc=example
...
dc=MetaOrgTree0n
dc=customers,dc=example
dc=MetaOrgTree01,dc=customers,dc=example
dc=MetaOrgTree02,dc=customers,dc=example
...
dc=MetaOrgTree0n
dc=appuser,dc=example # < this is a mdb
uid=bindUser
###############
I was able to create the base setup with the following commands.
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/local/BDB/lib
/opt/local/openldap-2.4.41/sbin/slapadd -F
/opt/local/conf/openldap/ldap.example.at/ -l
ldifs/initial_ldap.example.at.ldif -n0
/opt/local/openldap-2.4.41/libexec/slapd -l local5 -F
/opt/local/conf/openldap/ldap.example.at/ -h "ldap://0.0.0.0:10689
ldapi://%2fvar%2fopt%2fopenldap%2frun%2fslapd-ldap.sock"
/opt/local/openldap-2.4.41/bin/ldapmodify -D 'cn=config' -w <PASSWORD>
-H ldapi://%2fvar%2fopt%2fopenldap%2frun%2fslapd-ldap.sock -v -f
meta-ldifs/MetaOrgTree01_meta.ldif
and now I'm not able to create the dc tree (
add_and_build_root_dc_tree.ldif )
/opt/local/openldap-2.4.41/bin/ldapmodify -D 'cn=config' -w <PASSWORD>
-H ldapi://%2fvar%2fopt%2fopenldap%2frun%2fslapd-ldap.sock -v -f
add_and_build_root_dc_tree.ldif
ldap_initialize(
ldapi://%2fvar%2fopt%2fopenldap%2frun%2fslapd-ldap.sock/??base )
add objectClass:
top
dcObject
organization
add o:
example
add description:
MyOrg
add dc:
parent
adding new entry "dc=example"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
##################
When I create a "olcDatabase=mdb,cn=config"
with
olcSuffix: dc=example
I'm able to create everything but when I try to add another meta target
in the db suffix I get the message following message
adding new entry "olcDatabase={5}meta,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: <olcSuffix> namingContext
"dc=MetaOrgTree02,dc=customers,dc=example" already served by a preceding
mdb database
Which is clear as the doc say this.
http://www.openldap.org/software/man.cgi?query=slapd-meta&sektion=5&apropos=0&manpath=OpenLDAP+2.4-Release
#########
These slapd.conf options apply to the META backend database. That is,
they must follow a "database meta" line and come before any
subsequent
"backend" or "database" lines.
#########
But how was expected to add another meta entry in a running and working
system?
Please can anyone help me to find a working solution.
The used ldifs:
http://download.none.at/initial_ldap.example.at.ldif
http://download.none.at/MetaOrgTree01_meta.ldif
http://download.none.at/add_and_build_root_dc_tree.ldif
openldap:
#####
openldap-2.4.41
./configure --enable-bdb --enable-ldap --enable-meta
--prefix=/opt/local/openldap-2.4.41 --enable-dynlist --enable-memberof
--with-tls=openssl --enable-rwm --enable-accesslog --enable-syncprov
LDFLAGS="-L/opt/local/BDB/lib -L/usr/sfw/lib -R/usr/sfw/lib"
CPPFLAGS="-I/opt/local/BDB/include
-I/opt/local/build/openssl-0.9.7a/include/"
SunOS 5.10 sun4v sparc SUNW,Sun-Fire-T200
###########
I hope I have explained the setup and the question understandable.
Maybe I think not ldap-isch enough
Thanks everybody for help.
Best regards
Aleks
#### dc=example dc=customers-ext,dc=example dc=MetaOrgTree01,dc=customers-ext,dc=example
dc=MetaOrgTree02,dc=customers-ext,dc=example ... dc=MetaOrgTree0n dc=customers,dc=example
dc=MetaOrgTree01,dc=customers,dc=example dc=MetaOrgTree02,dc=customers,dc=example
... dc=MetaOrgTree0n dc=appuser,dc=example # < this is a mdb uid=bindUser
############### [...]
Content analysis details: (-2.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL
was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[5.9.105.115 listed in list.dnswl.org]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: none.at]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Hi dear list members.
I need to create the following ldap-tree
####
dc=example
dc=customers-ext,dc=example
dc=MetaOrgTree01,dc=customers-ext,dc=example
dc=MetaOrgTree02,dc=customers-ext,dc=example
...
dc=MetaOrgTree0n
dc=customers,dc=example
dc=MetaOrgTree01,dc=customers,dc=example
dc=MetaOrgTree02,dc=customers,dc=example
...
dc=MetaOrgTree0n
dc=appuser,dc=example # < this is a mdb
uid=bindUser
###############
I was able to create the base setup with the following commands.
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/local/BDB/lib
/opt/local/openldap-2.4.41/sbin/slapadd -F
/opt/local/conf/openldap/ldap.example.at/ -l
ldifs/initial_ldap.example.at.ldif -n0
/opt/local/openldap-2.4.41/libexec/slapd -l local5 -F
/opt/local/conf/openldap/ldap.example.at/ -h "ldap://0.0.0.0:10689
ldapi://%2fvar%2fopt%2fopenldap%2frun%2fslapd-ldap.sock"
/opt/local/openldap-2.4.41/bin/ldapmodify -D 'cn=config' -w <PASSWORD>
-H ldapi://%2fvar%2fopt%2fopenldap%2frun%2fslapd-ldap.sock -v -f
meta-ldifs/MetaOrgTree01_meta.ldif
and now I'm not able to create the dc tree (
add_and_build_root_dc_tree.ldif )
/opt/local/openldap-2.4.41/bin/ldapmodify -D 'cn=config' -w <PASSWORD>
-H ldapi://%2fvar%2fopt%2fopenldap%2frun%2fslapd-ldap.sock -v -f
add_and_build_root_dc_tree.ldif
ldap_initialize(
ldapi://%2fvar%2fopt%2fopenldap%2frun%2fslapd-ldap.sock/??base )
add objectClass:
top
dcObject
organization
add o:
example
add description:
MyOrg
add dc:
parent
adding new entry "dc=example"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
##################
When I create a "olcDatabase=mdb,cn=config"
with
olcSuffix: dc=example
I'm able to create everything but when I try to add another meta target
in the db suffix I get the message following message
adding new entry "olcDatabase={5}meta,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: <olcSuffix> namingContext
"dc=MetaOrgTree02,dc=customers,dc=example" already served by a preceding
mdb database
Which is clear as the doc say this.
http://www.openldap.org/software/man.cgi?query=slapd-meta&sektion=5&apropos=0&manpath=OpenLDAP+2.4-Release
#########
These slapd.conf options apply to the META backend database. That is,
they must follow a "database meta" line and come before any
subsequent
"backend" or "database" lines.
#########
But how was expected to add another meta entry in a running and working
system?
Please can anyone help me to find a working solution.
The used ldifs:
http://download.none.at/initial_ldap.example.at.ldif
http://download.none.at/MetaOrgTree01_meta.ldif
http://download.none.at/add_and_build_root_dc_tree.ldif
openldap:
#####
openldap-2.4.41
./configure --enable-bdb --enable-ldap --enable-meta
--prefix=/opt/local/openldap-2.4.41 --enable-dynlist --enable-memberof
--with-tls=openssl --enable-rwm --enable-accesslog --enable-syncprov
LDFLAGS="-L/opt/local/BDB/lib -L/usr/sfw/lib -R/usr/sfw/lib"
CPPFLAGS="-I/opt/local/BDB/include
-I/opt/local/build/openssl-0.9.7a/include/"
SunOS 5.10 sun4v sparc SUNW,Sun-Fire-T200
###########
I hope I have explained the setup and the question understandable.
Maybe I think not ldap-isch enough
Thanks everybody for help.
Best regards
Aleks