FYI,
Based on a question to the list by Eygene Riabinkin and advice by Chris
Williams (QMUL) I updated the document
http://cern.ch/grid-deployment/cgi-bin/index.cgi?var=gis/vo-setup
to cover LDAP configuration requirements for more recent OS versions.
Regards
--
Maria Dimou-Zacharova http://cern.ch/dimou
CERN, CH-1211 Geneva 23, Switzerland
[log in to unmask], Tel: +41-22-7673356, Fax: +41-22-7674900
---------- Forwarded message ----------
Date: Tue, 30 Nov 2004 11:34:54 +0000 (GMT)
From: [log in to unmask]
To: [log in to unmask]
Subject: Re: [LCG-ROLLOUT] LDAP configuration for VO
Hi Maria,
I needed this because of the stricter type checking of later
LDAP servers (I'm RH9 based here, not 7.3). The two changes are required to
allow acceptance of the DN and IssuerDN attributeTypes (26 is the
registered syntax for these types).
Cheers
Chris
On Tue, 30 Nov 2004, Maria Dimou-Zacharova wrote:
> Hi Chris,
> I compared the edg-user.schema with the one we use and found the following
> differences:
>
> ====== diff edg.user.schema new-edg-user.schema | less
>
> 28d27
> <
> 37c36
> < SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
> ---
> > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
> 42c41
> < SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
> ---
> > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
>
> They correspond to the DN and IssuerDN attributeTypes.
> Your file is the new-edg-user.schema with the '.26' values. My
> documentation
> http://cern.ch/grid-deployment/cgi-bin/index.cgi?var=gis/vo-setup
> contains the version we are using for the lcg-registrar LDAP and the
> VOs DTEAM, SixT and NA4test. I can see no other difference in the files.
> I hesitate changing the schema or the documentation because it works
> for us. Why was this change needed for you?
>
> Regards
> - maria
>
> On Mon, 29 Nov 2004, Chris Williams wrote:
>
> > Hi Eygene,
> > I had the same problem and ended up fixing the edg-user.schema
> > (file attatched)
> >
> > Regards
> >
> > Chris W.
> >
> > On Sat, 27 Nov 2004, Eygene A. Ryabinkin wrote:
> >
> > > Good day.
> > > I'm trying to create a new VO and I have some problems with LDAP configuration.
> > > As stated in http://grid-deployment.web.cern.ch/grid-deployment/cgi-bin/index.cgi?var=gis/dteam-setup,
> > > we must use the following bootstrap LDIF file to initialise our LDAP directory:
> > > --%<--
> > > dn: o=dteam,dc=lcg,dc=org
> > > description: LCG Deployment Team VO
> > > objectclass: top
> > > objectclass: organization
> > > objectclass: domain
> > > dc: dteam
> > > o: dteam
> > >
> > >
> > > dn: ou=lcg1,o=dteam,dc=lcg,dc=org
> > > description: LCG Deployment Team VO Group
> > > objectclass: domain
> > > objectclass: organizationalUnit
> > > objectclass: groupofnames
> > > dc: lcg1
> > > ou: lcg1
> > > cn: lcg1
> > > owner: cn=manager,dc=lcg,dc=org
> > > member: cn=Bootstrap user,ou=people,o=dteam,dc=lcg,dc=org
> > >
> > >
> > > dn: ou=people,o=dteam,dc=lcg,dc=org
> > > description: All LCG Deployment Team People
> > > objectclass: organizationalUnit
> > > ou: People
> > > -->%--
> > > But, for example, the entry o=dteam,dc=lcg,dc=org will belong to two
> > > structural objectclasses, that is denied by LDAP, if I understand the
> > > specification correctly. If I'm trying to feed such LDIF to slapd it says:
> > > ldap_add: Invalid syntax (21)
> > > aditional info: objectclass: value #2 invalid per syntax
> > > Could someone enlight me on this? Maybe the administrators of an existing VO's
> > > can say something?
> > > Thanks.
> > > --
> > > rea
> > >
> >
> > -----------------------------------------------------------------------
> > Chris Williams
> > Tel/Fax : +44 (0)207 8825054
> > Department of Physics
> > Queen Mary College, Mile End Road, London, E1 4NS
> > -----------------------------------------------------------------------
>
>
-----------------------------------------------------------------------
Chris Williams
Tel/Fax : +44 (0)207 8825054
Department of Physics
Queen Mary College, Mile End Road, London, E1 4NS
-----------------------------------------------------------------------
|