[Bug 764297] New: Old Syntax in /sles11/singlehtml/book_security/book_security.html#cha.security.ldap
https://bugzilla.novell.com/show_bug.cgi?id=764297 https://bugzilla.novell.com/show_bug.cgi?id=764297#c0 Summary: Old Syntax in /sles11/singlehtml/book_security/book_security.html#ch a.security.ldap Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: SLES 11 Status: NEW Severity: Normal Priority: P5 - None Component: Documentation AssignedTo: ke@suse.com ReportedBy: gjn@gjn.priv.at QAContact: ke@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0 Hello, please change the example to the new syntax from ldap, with the old syntax it is no "help" and not possible to create a correct Entry. eg. 6.4.11.2. Kerberos Authentication and LDAP Access Control¶ # This is required for things to work _at all_ access to dn.base="" by * read # Let each user change their login shell access to dn="*,ou=people,dc=example,dc=com" attrs=loginShell by self write # Every user can read everything access to * by users read or authz-regexp uid=(.*),cn=GSSAPI,cn=auth uid=$1,ou=people,dc=example,dc=com Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=764297
https://bugzilla.novell.com/show_bug.cgi?id=764297#c2
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=764297
https://bugzilla.novell.com/show_bug.cgi?id=764297#c3
Günther J. Niederwimmer
https://bugzilla.novell.com/show_bug.cgi?id=764297
https://bugzilla.novell.com/show_bug.cgi?id=764297#c4
--- Comment #4 from Ralf Haferkamp
Is this my mistake or is something wrong? The LDIF I pasted expresses an LDAP Modify Operation, so feeding that into ldapadd is wrong. Use ldapmodify.
(As a sidenote, I haven't actually tested the LDIF myself I just created that one as an example so it might contain bugs. As I mentioned changing the ACLs is not required for the setup described in the manual, And that is the real bug in the manual. See comment#2) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=764297
https://bugzilla.novell.com/show_bug.cgi?id=764297#c5
--- Comment #5 from Günther J. Niederwimmer
https://bugzilla.novell.com/show_bug.cgi?id=764297
https://bugzilla.novell.com/show_bug.cgi?id=764297#c6
--- Comment #6 from Ralf Haferkamp
Hello Ralf,
Then I have wrote a wrong Bugzilla Entry ;).
But the exampla don't work also with ldapmodify
ldapmodify -Y EXTERNAL -H ldapi:/// -f regex_user.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={-1}frontend,cn=config" ldap_modify: Object class violation (65) additional info: attribute 'olcAuthzRegexp' not allowed
My example contained the wrong LDAP DN, sorry for that. Use "cn=config" instead of "olcDatabase={-1}frontend,cn=config" for the "olcAuthzRegexp". (Hint: the slapd-config man page give a pretty good overview about which setting belongs to which cn=config entry) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=764297
https://bugzilla.novell.com/show_bug.cgi?id=764297#c7
Karl Eichwalder
participants (1)
-
bugzilla_noreply@novell.com