[pkg-kolab] Kolab + GOsa debugging
Mark Pavlichuk
pav5088 at internode.on.net
Sat Oct 25 05:09:22 UTC 2008
Price,Neil wrote:
> On 23 October 2008 05:51 PM Mark Pavlichuk wrote
>
>
>> <cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net>
>> oc_check_allowed type "member"
>> /etc/ldap/slapd.access: line 15: group: "member" not allowed by
>> "1.3.6.1.4.1.19414.3.2.5".
>> <access clause> ::= access to <what> [ by <who> [ <access> ]
>>
>
> That does not seem to be to be a known OID, see this site
> http://www.alvestrand.no/objectid/1.3.6.1.4.1.html
>
> Try this
>
> ldapsearch -x -s base -b "cn=subschema" "(objectclass=*)" matchingrules
> |grep "1.3.6.1.4.1"
>
> See if it gives you a clue as to what the OID is
Unfortunately slapd won't start for me so I can't do an ldapsearch.
I did a grep for 1.3.6.1.4.1.19414.3.2.5 and it's part of
kolab2.schema. Fabian Hickert earlier brought my attention to the fact
that I needed to replace the Kolab provided schema with a GOsa provided
version. The Kolab provided version contains :
objectclass ( 1.3.6.1.4.1.19414.3.2.5
NAME 'kolabGroupOfNames'
DESC 'Kolab group of names (DNs) derived from RFC2256'
SUP groupOfNames STRUCTURAL
MAY ( mail $
kolabDeleteflag ) )
The GOsa provided version is slightly different :
objectclass ( 1.3.6.1.4.1.19414.3.2.5
NAME 'kolabGroupOfNames'
DESC 'Kolab group of names (DNs) derived from RFC2256'
SUP top AUXILIARY
MAY ( mail $
kolabDeleteflag ) )
I have no idea about the implications of these differences. The
contents of slapd.access (where the error occurs) are here :
## Copyright (c) 2005 Klaraelvdalens Datakonsult AB
## Written by Steffen Hansen <steffen at klaralvdalens-datakonsult.se>
##
## This program is Free Software under the GNU General Public License
(>=v2).
## Read the file COPYING that comes with this packages for details.
# Domain ACL statements for inclusion in slapd.conf
# Access to domain groups
access to
dn.children="cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
by
group/kolabGroupOfNames="cn=admin,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by
group/kolabGroupOfNames="cn=maintainer,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by dn="cn=nobody,cn=internal,dc=strategicit,dc=homelinux,dc=net" read
by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
read
by * search stop
# Domain specific access
access to
filter=(&(objectClass=kolabInetOrgPerson)(mail=*@strategicit.homelinux.net)(|(!(alias=*))(alias=*@strategicit.homelinux.net)))
by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by * break
access to
filter=(&(objectClass=kolabGroupOfNames)(mail=*@strategicit.homelinux.net))
by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by * break
access to
filter=(&(objectClass=kolabSharedFolder)(cn=*@strategicit.homelinux.net))
by
group/kolabGroupOfNames="cn=strategicit.homelinux.net,cn=domains,cn=internal,dc=strategicit,dc=homelinux,dc=net"
write
by * break
--
Mark Pavlichuk
Strategic IT
ph. (07)47242890
m. 0409 124577
More information about the pkg-kolab-devel
mailing list