Setting up LDAP server on suse 10

Start LDAP services using Yast

Start yast from terminal as
# yast


In 'Network Services' -> 'LDAP Server', Start the LDAP server. And Select 'Configure...'.

Create a new database like
* Base DN - dc=test,dc=com
* Set the password for root DN

Save and Exit yast.

Verify the DN has been created using
* ldapsearch -x -b dc=test,dc=com


Download MigrationTools as given in
http://tazlambert.wordpress.com/2008/05/08/ldap-server-openldap-in-opensuse-102/
And set the base as  in migration_common.ph


$DEFAULT_BASE = "dc=test,dc=com" #your base suffix or domain name

Then you can run:

chmod -Rf 770 /MigrationTools-47 
./migrate_base.pl > base.ldif

Edit the base.ldif to remove the first object which specifies the dc=test,dc=com as we have already set that up using yast. Remove the following lines form base.ldif

You have to edit base.ldif so that it will become like this:

dn: dc=test,dc=com
dc: test
objectClass: top
objectClass: domain
# ldapadd -x -W -D "cn=administrator,dc=test,dc=com" -f base.ldif




Create the passwd ldif as
./migrate_passwd.pl /etc/passwd > passwd.ldif
 ldapadd -x -W -D "cn=administrator,dc=test,dc=com" -f passwd.ldif

Group ldif file can be created as
./migrate_group.pl group.in > group.ldif 

ldapadd -x -W -D "cn=administrator,dc=test,dc=com" -f group.ldif

If while adding the group.ldif you receive an error saying
ldap_add: Object class violation (65)
        additional info: no structural object class provided


Then check in /etc/openldap/slapd.conf if rfc2307bis.schema is being used. If that is true then according to http://www.openldap.org/lists/openldap-technical/201004/msg00082.html, rfc2307bis defines posixAccount as AUXILLARY, comment out rfc2307bis.schema and use nis.schema

include         /etc/openldap/schema/nis.schema
 



Only POSIX ACLs supported over NFS

NFS server only supports posix acls, i.e, system.posix_acl_access and system.posix_acl_default. Other extended attributes are not supported through NFS server. There is strict checking in NFS that only these 2 ACLs can be set/get.

2220 int    
2221 nfsd_set_posix_acl(struct svc_fh *fhp, int type, struct posix_acl *acl)
2222 {      
2223         struct inode *inode = fhp->fh_dentry->d_inode;
2224         char *name;
2225         void *value = NULL;
2226         size_t size;
2227         int error;
2228        
2229         if (!IS_POSIXACL(inode) ||
2230             !inode->i_op->setxattr || !inode->i_op->removexattr)
2231                 return -EOPNOTSUPP;
2232         switch(type) {
2233                 case ACL_TYPE_ACCESS:
2234                         name = POSIX_ACL_XATTR_ACCESS;
2235                         break;
2236                 case ACL_TYPE_DEFAULT:
2237                         name = POSIX_ACL_XATTR_DEFAULT;
2238                         break;
2239                 default:
2240                         return -EOPNOTSUPP;
2241         } 
2242