[pkg-kolab] Kolab + GOsa debugging
Mark Pavlichuk
pav5088 at internode.on.net
Thu Oct 23 15:50:56 UTC 2008
I've been trying to get Kolab deb packages working with GOsa and I get
the following error message. Unfortunately I don't know LDAP so I can't
interpret what it's telling me.
Output from slapd -d 16383 :
################
#
<snip...>
line 15 (access to
dn.children="cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
by
group/kolabGroupOfNames="cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write by
group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write by
dn="cn=nobody,cn=internal,dc=strategicit,dc=homelinux,dc=net"
read by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
read by * search stop)
>>> dnNormalize:
<cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net>
=> ldap_bv2dn(cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net,0)
<= ldap_bv2dn(cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net)=0
<<< dnNormalize: <cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net>
>>> dnNormalize: <cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net>
=> ldap_bv2dn(cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net,0)
<= ldap_bv2dn(cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net)=0
<<< dnNormalize: <cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net>
oc_check_allowed type "member"
/etc/ldap/slapd.access: line 15: group: "member" not allowed by
"1.3.6.1.4.1.19414.3.2.5".
<access clause> ::= access to <what> [ by <who> [ <access> ] [ <control>
] ]+
<what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>]
<attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] |
<attrlist>
<attrlist> ::= <attr> [ , <attrlist> ]
<attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children
<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]
[ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ]
[dnattr=<attrname>]
[realdnattr=<attrname>]
[group[/<objectclass>[/<attrname>]][.<style>]=<group>]
[peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>]
[domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]
[dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]]
[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]
<style> ::= exact | regex | base(Object)
<dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact |
regex
<attrstyle> ::= exact | regex | base(Object) | one(level) | sub(tree) |
children
<peernamestyle> ::= exact | regex | ip | ipv6 | path
<domainstyle> ::= exact | regex | base(Object) | sub(tree)
<access> ::= [[real]self]{<level>|<priv>}
<level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage
<priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+
<control> ::= [ stop | continue | break ]
dynacl:
<name>=ACI <pattern>=<attrname>
/etc/ldap/slapd.access: line 15: <access> handler exited with 1!
/etc/ldap/slapd.conf: line 117: <include> handler exited with 1!
slapd destroy: freeing system resources.
==> unique_db_destroy
slapd stopped.
connections_destroy: nothing to destroy.
#
####################
Line 117 of slapd.conf is "include /etc/ldap/slapd.access"
The slapd.access file contains the following :
#############
## Copyright (c) 2005 Klaraelvdalens Datakonsult AB
## Written by Steffen Hansen <steffen at klaralvdalens-datakonsult.se>
##
## This program is Free Software under the GNU General Public License
(>=v2).
## Read the file COPYING that comes with this packages for details.
# Domain ACL statements for inclusion in slapd.conf
# Access to domain groups
access to
dn.children="cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
by
group/kolabGroupOfNames="cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by
group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by dn="cn=nobody,cn=internal,dc=strategicit,dc=homelinux,dc=net"
read
by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
read
by * search stop
# Domain specific access
access to
filter=(&(objectClass=kolabInetOrgPerson)(mail=*@strategicit.homelinux.net)(|(!(alias=*))(alias=*@strategicit.homelinux.net)))
by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by * break
access to
filter=(&(objectClass=kolabGroupOfNames)(mail=*@strategicit.homelinux.net))
by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by * break
access to
filter=(&(objectClass=kolabSharedFolder)(cn=*@strategicit.homelinux.net))
by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by * break
#
#######
I have modified my slapd.conf to include the following schemas (note -
kolab2.schema is the one shipped with the GOsa packages) :
############
#
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/rfc2739.schema
include /usr/share/kolabd/schema/horde.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/samba3.schema
include /etc/ldap/schema/trust.schema
include /etc/ldap/schema/gosystem.schema
include /etc/ldap/schema/gofon.schema
include /etc/ldap/schema/goto.schema
include /etc/ldap/schema/gosa+samba3.schema
include /etc/ldap/schema/gofax.schema
include /etc/ldap/schema/goserver.schema
include /etc/ldap/schema/goto-mime.schema
include /etc/ldap/schema/kolab2.schema
#
##############
Any ideas?
--
Mark Pavlichuk
Strategic IT
ph. (07)47242890
m. 0409 124577
More information about the pkg-kolab-devel
mailing list