My cn=config is attached here. I have added users *bob* & *george* with host
objects *cms2 & cms3* respectively as shown in the below for
cn=bob,ou=Users,dc=testlab,dc=com
cn: *bob*
uid: bob
objectClass: account
objectClass: posixAccount
uidNumber: 10001
gidNumber: 10001
homeDirectory: /home/bob
loginShell: /bin/sh
gecos: bob
description: User account
host:* cms2*
userPassword: {SSHA}GtI94c1LAH6F1Wj3rqUGwjND1oUGa2hq
Also I have 2 machines u910desk & x15f12 added with with labledURI searching
for hostobject value as 'cms2' & 'cms3' respectively as shown in the eg
below for cn=u910desk,ou=Machines,dc=testlab, dc=com
cn: *u910desk*
ipHostNumber: *172.17.5.232*
member: cn=placeholder,dc=testlab,dc=com
objectClass: top
objectClass: groupOfNames
objectClass: labeledURIObject
objectClass: ipHost
labeledURI: *ldap:///ou=Users,dc=testlab,dc=com??one?(host=cms2)*
Now if I attempt to *#ssh [email protected]*2 it should allow me because bob
contains hostobject :cms2 whereas if I do* '#ssh [email protected]'* it
should fail because 172.17.5.232 is looking for host object 'cms2' whereas
george contains host object :cms3. correct?
But in practical scenario this is not happening. It still allows me to ssh
to both machines using both users bob & george. Any clue what I must be
missing here?
thanks
Shamika
On Tue, Apr 6, 2010 at 4:04 PM, Shamika Joshi <[email protected]>wrote:
> Yeah,now it worked for me too...May be there was typo or something...
> I get to actual dynlist configuration now & get back if there are any
> questions.
>
> thanks alot for your help
> Shamika
>
>
>
> On Tue, Apr 6, 2010 at 2:56 PM, Dieter Kluenter <[email protected]>wrote:
>
>> Am Mon, 5 Apr 2010 12:20:07 +0530
>> schrieb Shamika Joshi <[email protected]>:
>>
>> > Yes it is in /usr/lib/ldap
>> >
>> > adm...@x6:~$ locate dynlist
>> > /etc/ldap/dynlist.ldif
>> > /usr/lib/ldap/dynlist-2.4.so.2
>> > /usr/lib/ldap/dynlist-2.4.so.2.5.1
>> > /usr/lib/ldap/dynlist.la
>> > /usr/lib/ldap/dynlist.so
>> > /usr/share/man/man5/slapo-dynlist.5.gz
>> >
>> > adm...@x6:~$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W
>> > Enter LDAP Password:
>> > dn: cn=config
>> > objectClass: olcGlobal
>> > cn: config
>> > olcArgsFile: /var/run/slapd/slapd.args
>> > olcLogLevel: none
>> > olcPidFile: /var/run/slapd/slapd.pid
>> > olcToolThreads: 1
>> >
>> > dn: cn=module{0},cn=config
>> > objectClass: olcModuleList
>> > cn: module{0}
>> > *olcModulePath: /usr/lib/ldap*
>> > olcModuleLoad: {0}back_hdb
>> >
>> > but still gives the same error, what could be the reason?
>> >
>> > *adm...@x6:~$ ldapmodify -x -D cn=admin,cn=config -W
>> > Enter LDAP Password:
>> > dn: cn=config
>> > changetype: modify
>> > add: olcModuleLoad
>> > olcModuleLoad: dynlist.la
>> > modifying entry "cn=config"
>> > ldap_modify: Object class violation (65)
>> > additional info: attribute 'olcModuleLoad' not allowed*
>>
>> I just tested it on my system:
>> $ ldapmodify -D cn=config -w xxx -ZZ -H ldap://magenta.avci.de
>> dn: cn=module{0},cn=config
>> changetype: modify
>> add: olcModuleload
>> olcModuleLoad: dynlist.la
>>
>> modifying entry "cn=module{0},cn=config"
>>
>> and a search produces:
>> ldapsearch -LLL -D cn=config -w xxx -ZZ -H ldap://magenta.avci.de
>> -b cn=module{0},cn=config -s base "*"
>>
>> dn: cn=module{0},cn=config
>> objectClass: olcModuleList
>> cn: module{0}
>> olcModulePath: /usr/lib/openldap/modules
>> olcModuleLoad: {0}back_meta.la
>> olcModuleLoad: {1}dynlist.la
>>
>>
>> -Dieter
>>
>> --
>> Dieter Klünter | Systemberatung
>> sip: +49.40.20932173
>> http://www.dpunkt.de/buecher/2104.html
>> GPG Key ID:8EF7B6C6
>>
>>
>
adm...@x6:/etc/ldap$ ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W
Enter LDAP Password:
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
olcModuleLoad: {1}dynlist.la
dn: olcOverlay={0}dynlist,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynamicList
olcOverlay: {0}dynlist
olcDlAttrSet: {0}groupOfNames labeledURI member
