Forum Replies Created

Viewing 1 post (of 1 total)
  • Author
    Posts
  • August 28, 2008 at 7:33 am in reply to: OD Access Control in Leopard Server #373914
    klausf
    Participant

    I’ve got exactly the same problem. But investigating further it seems to me that LDAP does not even read the configuration file /etc/openldap/slapd_macosxserver.conf.

    Symptom: Changes in the “access to”-statements in /etc/openldap/slapd_macosxserver.conf cannot be verified in the running server.

    After some unsuccessful tests I deliberately entered a syntax-error in slapd_macosxserver.conf and restarted slapd by issuing the command killall -HUP slapd. The logfile shows that the process is indeed restarted, ps shows that slapd now has got a different process-id. But there is no indication of the syntax-error in any of the logfiles.

    I did ‘touch timestamp’ in /etc/openldap:

    [code]
    -rw——-@ 1 root wheel 10944 Aug 28 09:18 slapd_macosxserver.conf
    -rw——-@ 1 root wheel 1964 Aug 28 09:18 slapd.conf
    drwxr-xr-x 141 root wheel 4794 Aug 28 09:18 ..
    -rw-r–r– 1 root wheel 0 Aug 28 09:19 timestamp
    drwxr-xr-x 16 root wheel 544 Aug 28 09:19 .
    [/code]

    and then killall -HUP slapd. Surprise slapd_macosxserver.conf is not read!!! :

    [code]
    -rw——-@ 1 root wheel 1964 Aug 28 09:18 slapd.conf
    drwxr-xr-x 141 root wheel 4794 Aug 28 09:18 ..
    -rw-r–r– 1 root wheel 0 Aug 28 09:19 timestamp
    -rw-r–r–@ 1 root wheel 73 Aug 28 09:19 rootDSE.ldif
    -rw-r–r– 1 root wheel 300 Aug 28 09:19 ldap.conf
    drwxr-xr-x 16 root wheel 544 Aug 28 09:19 .
    [/code]

    finally find . -anewer timestamp confirms and adds a lot of information
    [code]
    /ldap.conf
    ./rootDSE.ldif
    ./slapd.d/cn=config
    ./slapd.d/cn=config/cn=include{0}.ldif
    ./slapd.d/cn=config/cn=include{1}.ldif
    ./slapd.d/cn=config/cn=include{2}.ldif
    ./slapd.d/cn=config/cn=include{3}.ldif
    ./slapd.d/cn=config/cn=include{4}.ldif
    ./slapd.d/cn=config/cn=include{5}.ldif
    ./slapd.d/cn=config/cn=include{6}.ldif
    ./slapd.d/cn=config/cn=include{7}.ldif
    ./slapd.d/cn=config/cn=include{8}.ldif
    ./slapd.d/cn=config/cn=schema
    ./slapd.d/cn=config/cn=schema/cn={0}core.ldif
    ./slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
    ./slapd.d/cn=config/cn=schema/cn={2}nis.ldif
    ./slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif
    ./slapd.d/cn=config/cn=schema/cn={4}misc.ldif
    ./slapd.d/cn=config/cn=schema/cn={5}samba.ldif
    ./slapd.d/cn=config/cn=schema/cn={6}fmserver.ldif
    ./slapd.d/cn=config/cn=schema/cn={7}apple.ldif
    ./slapd.d/cn=config/cn=schema/cn={8}slapd_macosxserver.ldif
    ./slapd.d/cn=config/cn=schema/cn={9}customschema.ldif
    ./slapd.d/cn=config/cn=schema.ldif
    ./slapd.d/cn=config/olcDatabase={-1}frontend.ldif
    ./slapd.d/cn=config/olcDatabase={0}config.ldif
    ./slapd.d/cn=config/olcDatabase={1}bdb
    ./slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={0}unique.ldif
    ./slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={1}dynid.ldif
    ./slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={2}dynid.ldif
    ./slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={3}dynid.ldif
    ./slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={4}dynid.ldif
    ./slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={5}dynid.ldif
    ./slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={6}dynid.ldif
    ./slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={7}nestedgroup.ldif
    ./slapd.d/cn=config/olcDatabase={1}bdb.ldif
    ./slapd.d/cn=config.ldif
    [/code]

    Can anybody summorize how apple’s slapd configures itsself?

    Can anybody explain me how to limit the read access of certain user’s attributes?

    Greetings
    Klaus

  • Author
    Posts
Viewing 1 post (of 1 total)
Copyright © 2025 AFP548. All Rights Reserved.