[OGo-Users-DE] ldap- Zugriff auf ogo - contacts

Andreas Keller users-de@opengroupware.org
Thu, 12 Apr 2007 15:14:16 +0200 

Salve,

ich komme nicht weiter bei dem Versuch, mittels LDAP auf die
ogo-Kontaktdaten zuzugreifen. Szenario: LDAP-Authorisierung der ogo-user
funktioniert. Nach dem Einf=C3=BCgen der back-sql Infos in
etc/ldap/slapd.conf wid der erste User, der sich einlogged, =C3=BCber LDAP
authorisiert, dann st=C3=BCrzt slapd ab.
Auf die Fehlermeldung 'client encoding mismatch' habe ich mit 'createdb
ogo -E LATIN1' und 'alter user ogo SET client_encoding to
LATIN1;'reagiert - ohne Erfolg. Wer kann helfen?

Ich habe bisher erfolgreich ogo, ldap, postgresql 8.1, cyrus und postfix
installiert, und fast alles funktioniert miteinander, bis auf z.B.
dieses Problem.

Mfg Andreas Keller
__
Pfarrei St. Pirmin und St. Michael
Pfarrer Andreas Keller	www.andreaskeller.com



Versionen, Konfiguration und Fehlermeldung=20

Debian Sarge
ogo releases/opengroupware-1.1.6-yummy, releases/sope-4.5.9-maple
slapd 2.2.23
postgresql 8.1 (sarge-backports)
------------------
Konfigurationen:


#/etc/odbc.ini
[ogo]
Driver=3D /usr/lib/odbc/psqlodbc.so
Setup=3D /usr/lib/odbc/libodbcpsqlS.so
Description=3DThe OpenGroupware Database
Servername=3Dlocalhost
Port=3D5432
Protocol=3D7.4
FetchBufferSize=3D99
Username=3Dogo
Password=3Dogo.751
Database=3Dogo
ReadOnly=3Dno
RowVersioning       =3D No
ShowSystemTables    =3D No
ShowOidColumn       =3D No
FakeOidIndex        =3D No
ConnSettings        =3D



#/etc/ldap/slapd.conf
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

#######################################################################
# Global Directives:

# Features to permit
allow bind_v2

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/opengroupware.schema
include         /etc/ldap/schema/evolutionperson.schema


# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck     on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd.args

# Read slapd.conf(5) for possible values
loglevel        0

# Where the dynamically loaded modules are stored
modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      back_sql

#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend                <other>
backend         sql

#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend         bdb
checkpoint 512 30
##################################################
#   OGo Database back-sql
#   MUST be BEFORE your bdb or ldbm "regular" ldap database
database        sql
subordinate
suffix          "ou=3DContacts,ou=3DOpenGroupware,dc=3Dmelx,dc=3Dorg"
dbname  ogo
dbuser  ogo
# I tried before: dbpasswd secred
dbpasswd {MD5}sDW/lm3fMYVbG6YbPqlX0Q=3D=3D
lastmod off
#   new to OpenLDAP v2.1.x
has_ldapinfo_dn_ru      no
#   PostgreSQL
insentry_query  "insert into ldap_entries
(id,dn,oc_map_id,parent,keyval) values ((select max(id)+1 from
ldap_entries),?,?,?,?)"
upper_func      "upper"
strcast_func    "text"
concat_pattern  "?||?"


#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database        bdb

# The base of your directory in database #1
suffix          "dc=3Dmelx,dc=3Dorg"
rootdn          "cn=3Dadmin,dc=3Dmelx,dc=3Dorg"
rootpw          "{MD5}NnIytZaPyz/kUGvno4kxUg=3D=3D"
                                        # Das Password wird mit
slappasswd -h {MD5} angelegt


# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# Indexing options for database #1
index           objectClass eq

# Save the time that the entry gets modified, for database #1
lastmod         on

# Where to store the replica logs for database #1
# replogfile    /var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=3DuserPassword
        by dn=3D"cn=3Dadmin,dc=3Dmelx,dc=3Dorg" write
        by anonymous auth
        by self write
        by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms.  Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base=3D"" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
        by dn=3D"cn=3Dadmin,dc=3Dmelx,dc=3Dorg" write
        by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=3D".*,ou=3DRoaming,o=3Dmorsnet"
#        by dn=3D"cn=3Dadmin,dc=3Dmelx,dc=3Dorg" write
#        by dnattr=3Downer write

#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database        <other>

# The base of your directory for database #2
#suffix         "dc=3Ddebian,dc=3Dorg



#Fehlermeldung (slapd -d 16383):

...
...
<=3D=3Dbacksql_srch_query() returns SELECT DISTINCT
ldap_entries.id,ldap_static_entries.id,text('organizationalUnit') AS
objectClass,ldap_entries.dn AS dn FROM ldap_entries,ldap_static_entries
WHERE ldap_static_entries.id=3Dldap_entries.keyval AND
ldap_entries.oc_map_id=3D? AND upper(ldap_entries.dn) LIKE ? AND 1=3D1
Constructed query: SELECT DISTINCT
ldap_entries.id,ldap_static_entries.id,text('organizationalUnit') AS
objectClass,ldap_entries.dn AS dn FROM ldap_entries,ldap_static_entries
WHERE ldap_static_entries.id=3Dldap_entries.keyval AND
ldap_entries.oc_map_id=3D? AND upper(ldap_entries.dn) LIKE ? AND 1=3D1
id: '4'
(sub)dn: "%"
<=3D=3Dbacksql_oc_get_candidates(): 0
send_ldap_result: conn=3D2 op=3D1 p=3D3
send_ldap_result: err=3D0 matched=3D"" text=3D""
<=3D=3Dbacksql_search()
send_ldap_result: conn=3D2 op=3D1 p=3D3
send_ldap_result: err=3D0 matched=3D"" text=3D""
send_ldap_response: msgid=3D2 tag=3D101 err=3D0
ber_flush: 14 bytes to sd 10
  0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00
0....e........
ldap_write: want=3D14, written=3D14
  0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00
0....e........
conn=3D2 op=3D1 SEARCH RESULT tag=3D101 err=3D0 nentries=3D1 text=3D
daemon: activity on 2 descriptors
daemon: new connection on 13
conn=3D3 fd=3D13 ACCEPT from IP=3D127.0.0.1:34791 (IP=3D0.0.0.0:389)
daemon: added 13r
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=3D2
connection_read(10): checking for input on id=3D2
slapd: /home/torsten/packages/openldap/openldap2.2-2.2.23/libraries/liblber=
/io.c:485: ber_get_next: Assertion `((ber)->ber_opts.lbo_valid=3D=3D0x2)' f=
ailed.
Abgebrochen

---------------------------------------