[yast-devel] YaST2 LDAP and scripts
Hello, Is it possible to find a DOC or a LINK, to find out which Schema and Index the YaST2 Modules and scripts must have? Background: When I like to Install a separate LDAP Server (XEN) and configure other XEN Instances with LDAP support the changes are never written to the LDAP Server. Afterward I found only in the Logs the Error, Index missing or a Error Schema missing usw. When a doc exist it is possible to configure the LDAP server before installing a other XEN Instance? Thanks for the Help, -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
On 02/06/2012 03:20 PM, Günther J. Niederwimmer wrote:
Hello,
Is it possible to find a DOC or a LINK, to find out which Schema and Index the YaST2 Modules and scripts must have?
Background:
When I like to Install a separate LDAP Server (XEN) and configure other XEN Instances with LDAP support the changes are never written to the LDAP Server.
Afterward I found only in the Logs the Error, Index missing or a Error Schema missing usw.
When a doc exist it is possible to configure the LDAP server before installing a other XEN Instance?
Maybe not 100% related to your question but ... Today I was checking the DNS Server code for importing LDAP schema and I've found out that if the server is not local (127.0.0.X, ::1, localhost), the LDAP schema for DNS is never imported, code expects that a remote server handles importing the schema itself. To configure an LDAP server, running `yast2 ldap-server` should work. See, for instance, this documentation: http://doc.opensuse.org/documentation/html/openSUSE/opensuse-security/cha.se... Bye Lukas -- Lukas Ocilka, Appliances Department SUSE LINUX s.r.o., Praha -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
Hello Lucas, Am Montag, 13. Februar 2012, 17:02:54 schrieb Lukas Ocilka:
On 02/06/2012 03:20 PM, Günther J. Niederwimmer wrote:
Hello,
Is it possible to find a DOC or a LINK, to find out which Schema and Index the YaST2 Modules and scripts must have?
Background:
When I like to Install a separate LDAP Server (XEN) and configure other XEN Instances with LDAP support the changes are never written to the LDAP Server.
Afterward I found only in the Logs the Error, Index missing or a Error Schema missing usw.
When a doc exist it is possible to configure the LDAP server before installing a other XEN Instance?
Maybe not 100% related to your question but ...
Today I was checking the DNS Server code for importing LDAP schema and I've found out that if the server is not local (127.0.0.X, ::1, localhost), the LDAP schema for DNS is never imported, code expects that a remote server handles importing the schema itself.
This, I mean I have reported three or four years ago ;). This is NOT working with any YaST2 Server modules, that is why I have the question for the Index Variables in the ldap Scripts and the required ldap.schema for the YaSt2 Modules
To configure an LDAP server, running `yast2 ldap-server` should work. See, for instance, this documentation: http://doc.opensuse.org/documentation/html/openSUSE/opensuse-security/cha.se curity.ldap.html
Thanks, for Link but this I have found ;) -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
Dne Po 13. února 2012 19:26:25, Günther J. Niederwimmer napsal(a):
Hello Lucas,
Am Montag, 13. Februar 2012, 17:02:54 schrieb Lukas Ocilka:
On 02/06/2012 03:20 PM, Günther J. Niederwimmer wrote:
Hello,
Is it possible to find a DOC or a LINK, to find out which Schema and Index the YaST2 Modules and scripts must have?
I think Ralf knows most about our LDAP schemas. Jiri -- Jiri Suchomel SUSE LINUX, s.r.o. e-mail: jsuchome@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Praha 9, Czech Republic http://www.suse.cz -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
On 14.02.2012 09:14, Jiri Suchomel wrote:
Is it possible to find a DOC or a LINK, to find out which Schema and Index the YaST2 Modules and scripts must have?
I think Ralf knows most about our LDAP schemas.
I think this one is used: /etc/openldap/schema/dnszone.schema at least that's the official sdb ldap schema and I think we used that too in the past -- ciao, Uwe Gansert SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer Home: http://www.suse.de/~ug - Blog: http://suse.gansert.net -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
On 02/14/2012 10:05 AM, Uwe Gansert wrote:
I think this one is used: /etc/openldap/schema/dnszone.schema at least that's the official sdb ldap schema and I think we used that too in the past
That's for DNS Server but the generic one seems to be /etc/openldap/schema/yast.schema Lukas -- Lukas Ocilka, Appliances Department SUSE LINUX s.r.o., Praha -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
On 14.02.2012 10:12, Lukas Ocilka wrote:
/etc/openldap/schema/dnszone.schema at least that's the official sdb ldap schema and I think we used that too in the past
That's for DNS Server but the generic one seems to be
/etc/openldap/schema/yast.schema
ah right okay, I don't have that installed here and I was thinking we are still talking about DNS :) -- ciao, Uwe Gansert SUSE LINUX Products GmbH, HRB 16746 (AG Nürnberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer Home: http://www.suse.de/~ug - Blog: http://suse.gansert.net listening to: "Ebenholz, Schnee & Blut" by Stillste Stund -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
On 02/14/2012 10:18 AM, Uwe Gansert wrote:
That's for DNS Server but the generic one seems to be
/etc/openldap/schema/yast.schema
ah right okay, I don't have that installed here and I was thinking we are still talking about DNS :)
My SLE 11 SP1 having Users and DNS Server records stored in LDAP uses these schema files: * schema * core * cosine * inetorgperson * rfc2307bis * yast * dnszone HTH Lukas -- Lukas Ocilka, Appliances Department SUSE LINUX s.r.o., Praha -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
Hell Lucas, Am Dienstag, 14. Februar 2012, 10:23:10 schrieb Lukas Ocilka:
On 02/14/2012 10:18 AM, Uwe Gansert wrote:
That's for DNS Server but the generic one seems to be
/etc/openldap/schema/yast.schema
ah right okay, I don't have that installed here and I was thinking we are still talking about DNS :)
My SLE 11 SP1 having Users and DNS Server records stored in LDAP uses these schema files:
* schema * core * cosine * inetorgperson * rfc2307bis * yast * dnszone
yes this is the minimum by installing Openldap but the Problem is beginning when install like on a extra Server or XEN domU a mailserver. I can include the yast-mailserver.schema per Hand (this I know ;)), but the Index Variables are not created automatic, so I have to search the correct in the Logs, which error are logged and then create the correct Index in ldap-server. :(. -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
Hi Günther, Am Dienstag 14 Februar 2012, 09:14:07 schrieb Jiri Suchomel:
Dne Po 13. února 2012 19:26:25, Günther J. Niederwimmer napsal(a):
Hello Lucas,
Am Montag, 13. Februar 2012, 17:02:54 schrieb Lukas Ocilka:
On 02/06/2012 03:20 PM, Günther J. Niederwimmer wrote:
Hello,
Is it possible to find a DOC or a LINK, to find out which Schema and Index the YaST2 Modules and scripts must have?
I think Ralf knows most about our LDAP schemas.
Currently I think there is no documentation about what Indexes and Schema Files are created. Here is what I found grepping through the sources: samba: - Schema: samba3.schema - Indexes: "eq" on "sambaSID", "sambaPrimaryGroupSID" and "sambaDomainName" - Also adds ACL to protect the samba password attributes mail: - Schema: dnszone and suse-mailserver - Indexes: "eq" on "SuSEMailClient", "SUSEMailAcceptAddress", "zoneName", "SuSEMailDomainMasquerading", "relativeDomainName", "suseMailDomainType", "suseTLSPerSitePeer", "SuSEMailTransportDestination", "suseDeliveryToFolder", "suseDeliveryToMember" (though I have doubts if all of these are really needed, i.e. used in search filters) kerberos: - Schema: /usr/share/doc/packages/krb5/kerberos - Indexes: "eq" on "krbPrincipalName" - Also adds ACL for "krbPrincipalKey" and "krbExtraData" dns-server: - Index: none - Schema: dnszone dhcp-server: - Index: none - Schema: dhcp I would really appreciate if you could add the above information to either the wiki or file a feature request to have it added to the documentation of the respecitve YaST modules. If you find bugs in the above list or think some indexes are missing please file bug reports. regards, Ralf -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
Hello Ralf, thanks for your work, Am Donnerstag, 16. Februar 2012, 09:14:24 schrieb Ralf Haferkamp:
Hi Günther,
Am Dienstag 14 Februar 2012, 09:14:07 schrieb Jiri Suchomel:
Dne Po 13. února 2012 19:26:25, Günther J. Niederwimmer napsal(a):
Hello Lucas,
Am Montag, 13. Februar 2012, 17:02:54 schrieb Lukas Ocilka:
On 02/06/2012 03:20 PM, Günther J. Niederwimmer wrote:
Hello,
Is it possible to find a DOC or a LINK, to find out which Schema and Index the YaST2 Modules and scripts must have?
I think Ralf knows most about our LDAP schemas.
Currently I think there is no documentation about what Indexes and Schema Files are created. Here is what I found grepping through the sources:
can you tell me the search criteria in the source, I don't found anything :(. I must found the ACL. Is the configuration not possible over a Network, or is this not implemented. autofs: must have nisMapName, I hope eq (?) ACL ?
samba: - Schema: samba3.schema - Indexes: "eq" on "sambaSID", "sambaPrimaryGroupSID" and "sambaDomainName" - Also adds ACL to protect the samba password attributes
mail: - Schema: dnszone and suse-mailserver - Indexes: "eq" on "SuSEMailClient", "SUSEMailAcceptAddress", "zoneName", "SuSEMailDomainMasquerading", "relativeDomainName", "suseMailDomainType", "suseTLSPerSitePeer", "SuSEMailTransportDestination", "suseDeliveryToFolder", "suseDeliveryToMember" (though I have doubts if all of these are really needed, i.e. used in search filters)
kerberos: - Schema: /usr/share/doc/packages/krb5/kerberos - Indexes: "eq" on "krbPrincipalName" - Also adds ACL for "krbPrincipalKey" and "krbExtraData"
dns-server: - Index: none - Schema: dnszone
dhcp-server: - Index: none - Schema: dhcp
I would really appreciate if you could add the above information to either the wiki or file a feature request to have it added to the documentation of the respecitve YaST modules. If you find bugs in the above list or think some indexes are missing please file bug reports.
regards, Ralf -- mit freundlichen Grüßen / best Regards,
Günther J. Niederwimmer -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
Am Donnerstag 16 Februar 2012, 10:24:41 schrieb Günther J. Niederwimmer:
Hello Ralf,
thanks for your work,
Am Donnerstag, 16. Februar 2012, 09:14:24 schrieb Ralf Haferkamp:
Hi Günther,
Am Dienstag 14 Februar 2012, 09:14:07 schrieb Jiri Suchomel:
Dne Po 13. února 2012 19:26:25, Günther J. Niederwimmer napsal(a):
Hello Lucas,
Am Montag, 13. Februar 2012, 17:02:54 schrieb Lukas Ocilka:
On 02/06/2012 03:20 PM, Günther J. Niederwimmer wrote:
Hello,
Is it possible to find a DOC or a LINK, to find out which Schema and Index the YaST2 Modules and scripts must have?
I think Ralf knows most about our LDAP schemas.
Currently I think there is no documentation about what Indexes and Schema Files are created. Here is what I found grepping through the sources: can you tell me the search criteria in the source, I don't found anything :(. I just grepped for "LdapServer" or "LdapServerAccess" those are the names of the Modules that touch the LDAP Server's configuration.
I must found the ACL. For samba just add ACLs, denying access to everybody to the Attributes "sambaNTpassword" and "sambaLMpassword" attributes. You can to that with yast2-ldap-server by opening the repective database's subarch in the treeview and selecting "Access Control Configuration".
Is the configuration not possible over a Network, or is this not implemented. By default we setup OpenLDAP in a way that is does allow configuration changes over the Network. Just local "root" user is allowed to touch the configuration via the "ldapi:///" Unix Domain Socket. (Mainly for security reasons)
autofs: must have
nisMapName, I hope eq (?) That's already included by default (rfc2307bis).
ACL ? No, currently none.
-- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org
participants (5)
-
Günther J. Niederwimmer
-
Jiri Suchomel
-
Lukas Ocilka
-
Ralf Haferkamp
-
Uwe Gansert