Re: Reg aci field missing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/22/2013 04:43 AM, s.varadha rajan wrote:
Hi Team,

We have implemented 389-ds in Ubuntu 12.04 LTS. Everything is working fine.we have created ou called "groups " such as ou=groups,dc=xxx,dc=com. same 389-ds (1.2.1-0ubuntu2)implemented in the  Ubuntu linux 10.04 LTS and  we can see the "aci" attributes in the groups OU. Same aci is not available in the "1.2.10.4-0ubuntu3.1".

For example, if i connected my older ldap server through phpldapadmin and select any group from "ou=groups,dc=xxx,dc=com" ,  i can see the below fields from aci attribute,

(targetattr="*") (target="ldap:///cn=*,ou=services,ou=groups,dc=xxx,dc=com") (version 3.0;acl "<group name>"; allow (write)(userdn="ldap:///uid=<user name>,ou=people,dc=xxx,dc=com");)
(targetattr="*") (target="ldap:///cn=*,ou=services,ou=groups,dc=xxx,dc=com") (version 3.0;acl "<group name>"; allow (write)(userdn="ldap:///uid=<user name>,ou=people,dc=xxx,dc=com");)
(targetattr="*") (target="ldap:///cn=*,ou=services,ou=groups,dc=xxx,dc=com") (version 3.0;acl "<group name>"; allow (write)(userdn="ldap:///uid=<user name>,ou=people,dc=xxx,dc=com");)

For getting the same details, if i connect to my new LDAP server through phpldapadmin, "aci" attribute itself not displayed.

Is it the attribute is related to samba ?

The aci attribute?  No.

Refered some of the blogs through net, if i search through ldapsearch,

ldapsearch -x -h localhost -p <port no>  -s base -b "cn=schema" "objectclass=*" | grep -i samba -> output is displayed in the old server with some values.same command if i apply in new server, no output.

For schema, 389 is now compliant with the LDAPv3 RFCs.  These state that the schema attributes such as attributeTypes, objectClasses, etc. are OPERATIONAL attributes and must be explicitly requested by the search command.  So

ldapsearch -x -h localhost -p <port no>  -s base -b "cn=schema" "objectclass=*" attributeTypes objectClasses | grep -i samba

The other thing about cn=schema is that the ldapsearch LDIF output is wrapped at 78 characters which makes grep difficult.  See http://richmegginson.livejournal.com/18726.html

For "aci", it too is an operational attribute - in order to see it:

ldapsearch -x -h localhost -p <port no> -b "dc=xxx,dc=com" "aci=*" aci


My question may be silly,pls don't mistake.what could be the reason ?

Regards,
Varad


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux