Menu
▾
▴
Re: [eGroupWare-users] Error saving the contact !!! Insufficient access: so_ldap: 520
|
From: Ralf B. <rb...@st...> - 2014-03-20 11:09:30
|
HI Mathieu, best way to debug LDAP problems is to set an increasing loglevel in slapd.conf (restart slapd) and watch the log while reproducing your problem. Error messages available to php are not always helpful. Ralf Am 20.03.14 10:51, schrieb Mathieu Stumpf: > I also tried to add this line to my configuration file : > > sasl-secprops none > > But don't seems to resolve my problem. Those said I'm not sure sasl is > really used on this box, > I didn't made any special configuration to do so, and the official > repository installation of > egroupware for debian doesn't seem to install needed packages to support > it : > > # dpkg -l '*sasl*' > Desired=Unknown/Install/Remove/Purge/Hold > | > Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend > |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) > ||/ Name Version > Architecture Description > +++-===============================-====================-====================-==================================================================== > un libauthen-sasl-perl > <none> (no description available) > un libsasl2 > <none> (no description available) > ii libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u > amd64 Cyrus SASL - authentication abstraction library > ii libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u > amd64 Cyrus SASL - pluggable authentication modules > un libsasl2-modules-gssapi-heimdal > <none> (no description available) > un libsasl2-modules-gssapi-mit > <none> (no description available) > un libsasl2-modules-ldap > <none> (no description available) > un libsasl2-modules-otp > <none> (no description available) > un libsasl2-modules-sql > <none> (no description available) > un sasl2-bin > <none> (no description available) > # apt-cache search php sasl|cut -f1 -d\ |xargs dpkg -l > dpkg-query: no packages found matching php-auth-sasl > dpkg-query: no packages found matching php-net-imap > dpkg-query: no packages found matching php-net-smtp > dpkg-query: no packages found matching php5-sasl > > > > > Le 20/03/2014 09:47, Mathieu Stumpf a écrit : >> I tried to add this line to my config file (I changed >> /usr/share/slapd/slapd.conf that I suppose to be the used config file ) : >> >> access to * by * write >> >> and restarted slapd and apache2 (just to be sure). But when I try to >> add a contact it still results into a Insufficient access: so_ldap: 520 >> >> I thought that adding this rule would bypass any write problem. >> >> Note that here I just want to be able to test groupdav synchronisation >> while using ldap as db for contacts and users, >> having a sane security configuration is not important for my tests (of >> course having one right now would avoid me >> to postpone this task). So if someone could suggest me a way to simply >> bypass write restrictions I would be grateful. >> >> Kind regards, >> mathieu >> >> Le 19/03/2014 09:50, Mathieu Stumpf a écrit : >>> >>>>>> I also tried with this schema, following the instructions in >>>>>> egroupware/phpgwapi/doc/ldap/README, but I ended with the following error: >>>>>> >>>>>> slapadd -l new.ldif >>>>>> slapadd: dn="cn=Default,ou=groups,dc=example,dc=net" (line=62): (65) invalid >>>>>> structural object class chain (posixGroup/groupOfNames) >>>>> Looks like you can not use posixGroup and groupOfNames together. >>>> >>>> Here is how I tried to do that : >>>> cd egroupware/phpgwapi/doc/ldap/ >>>> slapcat > my.ldif >>>> php ./nis2rfc2307bis.php my.ldif > new.ldif >>>> service slapd stop >>>> mkdir /tmp/ldap >>>> mv /var/lib/ldap/* /tmp/ >>>> slapadd -l new.ldif >>>> >>>> I probably shourd edit new.ldif, I will test that and let you know the result. >>> >>> So here is what I tried : >>> >>> # grep -vi "groupofnames" new.ldif >posixGrouped.ldif >>> # rm -fr /var/lib/ldap/* >>> # slapadd -l posixGrouped.ldif >>> 53235f3b Entry (cn=Default,ou=groups,dc=example,dc=net), >>> attribute 'member' not allowed >>> slapadd: dn="cn=Default,ou=groups,dc=example,dc=net" (line=62): >>> (65) attribute 'member' not allowed >>> _####### 35.90% eta none elapsed none >>> spd 91.0 k/s >>> Closing DB... >>> # grep -v "member" posixGrouped.ldif >posix_group_no_member.ldif >>> # rm -fr /var/lib/ldap/* >>> # slapadd -l posix_group_no_member.ldif >>> _#################### 100.00% eta none elapsed none >>> fast! >>> Closing DB... >>> # service slapd start >>> Starting OpenLDAP: slapd failed! >>> # tail /var/log/syslog|grep slapd >>> Mar 14 21:12:46 D29 slapd[6400]: @(#) $OpenLDAP: slapd (Apr 23 >>> 2013 12:16:04) >>> $#012#011root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd >>> Mar 14 21:12:46 D29 slapd[6401]: hdb_db_open: database >>> "dc=example,dc=net": alock package is unstable. >>> Mar 14 21:12:46 D29 slapd[6401]: backend_startup_one (type=hdb, >>> suffix="dc=example,dc=net"): bi_db_open failed! (-1) >>> Mar 14 21:12:46 D29 slapd[6401]: slapd stopped. >>> >>> >>> So here I'm stuck for the moment, I go back to my LDAP documentation. >>> >>> >>> ------------------------------------------------------------------------------ >>> Learn Graph Databases - Download FREE O'Reilly Book >>> "Graph Databases" is the definitive new guide to graph databases and their >>> applications. Written by three acclaimed leaders in the field, >>> this first edition is now available. Download your free book today! >>> http://p.sf.net/sfu/13534_NeoTech >>> >>> >>> _______________________________________________ >>> eGroupWare-users mailing list >>> eGr...@li... >>> https://lists.sourceforge.net/lists/listinfo/egroupware-users >> >> -- >> TeMPO Consulting >> 9, rue du Parc >> 67205 Oberhausbergen >> France >> >> http://www.tempo-consulting.fr >> Tel : +33 3 88 56 82 17 >> Fax : +33 3 88 56 46 64 >> >> >> ------------------------------------------------------------------------------ >> Learn Graph Databases - Download FREE O'Reilly Book >> "Graph Databases" is the definitive new guide to graph databases and their >> applications. Written by three acclaimed leaders in the field, >> this first edition is now available. Download your free book today! >> http://p.sf.net/sfu/13534_NeoTech >> >> >> _______________________________________________ >> eGroupWare-users mailing list >> eGr...@li... >> https://lists.sourceforge.net/lists/listinfo/egroupware-users > > -- > TeMPO Consulting > 9, rue du Parc > 67205 Oberhausbergen > France > > http://www.tempo-consulting.fr > Tel : +33 3 88 56 82 17 > Fax : +33 3 88 56 46 64 > > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > > > > _______________________________________________ > eGroupWare-users mailing list > eGr...@li... > https://lists.sourceforge.net/lists/listinfo/egroupware-users > -- Ralf Becker Director Software Development Stylite AG Morschheimer Strasse 15 | Tel. +49 6352 70629 0 D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30 Email: rb...@st... www.stylite.de | www.egroupware.org Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany |