[pkg-kolab] Kolab + GOsa debugging

Mark Pavlichuk pav5088 at internode.on.net
Sat Oct 25 05:09:22 UTC 2008 

Price,Neil wrote:
> On 23 October 2008 05:51 PM Mark Pavlichuk wrote 
>
>   
>> <cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net>
>> oc_check_allowed type "member"
>> /etc/ldap/slapd.access: line 15: group: "member" not allowed by 
>> "1.3.6.1.4.1.19414.3.2.5".
>> <access clause> ::= access to <what> [ by <who> [ <access> ] 
>>     
>
> That does not seem to be to be a known OID, see this site
> http://www.alvestrand.no/objectid/1.3.6.1.4.1.html
>
> Try this 
>
> ldapsearch -x -s base -b "cn=subschema" "(objectclass=*)" matchingrules
> |grep "1.3.6.1.4.1"
>
> See if it gives you a clue as to what the OID is

  Unfortunately slapd won't start for me so I can't do an ldapsearch.

  I did a grep for 1.3.6.1.4.1.19414.3.2.5 and it's part of
kolab2.schema.  Fabian Hickert earlier brought my attention to the fact
that I needed to replace the Kolab provided schema with a GOsa provided
version.  The Kolab provided version contains :

objectclass ( 1.3.6.1.4.1.19414.3.2.5
  NAME 'kolabGroupOfNames'
  DESC 'Kolab group of names (DNs) derived from RFC2256'
  SUP groupOfNames STRUCTURAL
  MAY ( mail $
        kolabDeleteflag ) )

  The GOsa provided version is slightly different :

objectclass ( 1.3.6.1.4.1.19414.3.2.5
  NAME 'kolabGroupOfNames'
  DESC 'Kolab group of names (DNs) derived from RFC2256'
  SUP top AUXILIARY
  MAY ( mail $
        kolabDeleteflag ) )

  I have no idea about the implications of these differences.  The
contents of slapd.access (where the error occurs) are here :

##  Copyright (c) 2005 Klaraelvdalens Datakonsult AB
##     Written by Steffen Hansen <steffen at klaralvdalens-datakonsult.se>
##
## This program is Free Software under the GNU General Public License
(>=v2).
## Read the file COPYING that comes with this packages for details.

# Domain ACL statements for inclusion in slapd.conf

# Access to domain groups
access to
dn.children="cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
    by
group/kolabGroupOfNames="cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net" 

write
    by
group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=strategicit,dc=homelinux,dc=net" 

write
    by dn="cn=nobody,cn=internal,dc=strategicit,dc=homelinux,dc=net" read
    by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net" 

read
    by * search stop
# Domain specific access
access to
filter=(&(objectClass=kolabInetOrgPerson)(mail=*@strategicit.homelinux.net)(|(!(alias=*))(alias=*@strategicit.homelinux.net)))
    by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net" 

write
    by * break

access to
filter=(&(objectClass=kolabGroupOfNames)(mail=*@strategicit.homelinux.net))
    by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net" 

write
    by * break

access to
filter=(&(objectClass=kolabSharedFolder)(cn=*@strategicit.homelinux.net))
    by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net" 

write
    by * break

-- 
Mark Pavlichuk
Strategic IT
ph. (07)47242890
m. 0409 124577

More information about the pkg-kolab-devel mailing list