[dev] LDAP prefs issue
Jan Schneider
jan at horde.org
Tue Oct 9 10:26:47 UTC 2007
The prefs driver code tries to add the objectclasses top and
hordePerson to the user's entry if they don't exist. This is where the
error message is coming from.
Zitat von Martin Fraer <mdf at darksnow.net>:
> Incidently, the reason for all this ACL madness is so I don't have to
> bind as admin or supply a password to bind as my normal user. It is
> working brilliantly, apart form this error message. The odd thing is, it
> looks like it is trying to add objectclass to my LDAP entry while it is
> saving the changes, but it exists, hence the error.
>
> It is getting modified fine, so I don't understand the reason for the
> error. Looking further it might be a Horde issue rather than the ACL's.
>
> Currently an annoyance but I would like to firstly, understand what is
> happening and secondly, get rid of the error.
>
> Cheers.
> Martin Fraser.
>
> Martin Fraer wrote:
>> Hello all.
>>
>> I'm setting up Horde FRAMEWORK_3 again and I've hit on a small snag with
>> my LDAP setup.
>>
>> When trying to save any preferences I'm getting an error;
>>
>> Warning: ldap_mod_add() [function.ldap-mod-add]: Modify: Type or value
>> exists in /usr/share/php/Horde/Prefs/ldap.php on line 491
>>
>> My syslog for LDAP is showing something up with objectClass
>>
>>
>> Oct 4 15:39:21 hostname imapd: Connection, ip=[::ffff:127.0.0.1]
>> Oct 4 15:39:21 hostname imapd: LOGIN, user=user, ip=[::ffff:127.0.0.1],
>> protocol=IMAP
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 fd=13 ACCEPT from
>> IP=127.0.0.1:57727 (IP=0.0.0.0:389)
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=0 SRCH
>> base="ou=People,dc=domain,dc=local" scope=2 deref=0 filter="(uid=user)"
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=0 SRCH attr=dn
>> Oct 4 15:39:21 hostname slapd[13385]: <= bdb_equality_candidates: (uid)
>> index_param failed (18)
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=0 SEARCH RESULT
>> tag=101 err=0 nentries=1 text=
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=1 BIND
>> dn="uid=user,ou=People,dc=domain,dc=local" method=128
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=1 BIND
>> dn="uid=user,ou=People,dc=domain,dc=local" mech=SIMPLE ssf=0
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=1 RESULT tag=97 err=0
>> text=
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=2 SRCH
>> base="ou=People,dc=domain,dc=local" scope=2 deref=0 filter="(uid=user)"
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=2 SRCH attr=objectclass
>> Oct 4 15:39:21 hostname slapd[13385]: <= bdb_equality_candidates: (uid)
>> index_param failed (18)
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=2 SEARCH RESULT
>> tag=101 err=0 nentries=1 text=
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=3 MOD
>> dn="uid=user,ou=People,dc=domain,dc=local"
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=3 MOD attr=objectclass
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=3 RESULT tag=103
>> err=20 text=modify/add: objectClass: value #0 already exists
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=4 MOD
>> dn="uid=user,ou=People,dc=domain,dc=local"
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=4 MOD attr=hordePrefs
>> impPrefs
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=4 RESULT tag=103 err=0
>> text=
>> Oct 4 15:39:21 hostname imapd: LOGOUT, user=user,
>> ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=76, sent=567, time=0
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 op=5 UNBIND
>> Oct 4 15:39:21 hostname slapd[13385]: conn=14 fd=13 closed
>>
>>
>> So, I thought this might be an ACL issue. The relevant parts of my ACL
>> are as follows.
>>
>> # Horde prefs
>> access to
>> attrs=hordePrefs,impPrefs,turbaPrefs,gollemPrefs,kronolithPrefs,mnemoPrefs,trollPrefs,nagPrefs,klutzPrefs,jonahPrefs,hermesPrefs,junoPrefs,treanPrefs,whupsPrefs,ingoPrefs,geniePrefs,scryPrefs,anselPrefs,wickedPrefs,choraPrefs,agoraPrefs,goopsPrefs,merkPrefs,volosPrefs,mimpPrefs,mottlePrefs,nicPrefs,occamPrefs,odinPrefs,rakimPrefs,seshaPrefs,swooshPrefs,thorPrefs,ulaformPrefs
>> by self write
>>
>> access to attrs=objectclass
>> by dn="cn=admin,dc=domain,dc=local" write
>> by self write
>> by * read
>>
>> # The admin dn has full write access, everyone else
>> # can read everything.
>> access to *
>> by dn="cn=admin,dc=domain,dc=local" write
>> by * read
>>
>>
>> Most of that stuff directly to do with objectclass was me trying to
>> resolve this issue. I originally had objectclass under the self write
>> thing above, which worked fine for Horde but killed everything else (all
>> my PAM auth went down).
>>
>> So I'm pretty sure it is an ACL issue. Any of you LDAP experts have
>> anything to suggest.
>>
>> Thanks in advance for any help or advice you can give.
>>
>> Martin Fraser.
>>
>>
>
>
> --
> Horde developers mailing list - Join the hunt: http://horde.org/bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
>
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the dev
mailing list