Inserir atributo (ldap)

[cldn]

Olá pessoal.

Estou tentanto inserir dois atributos 'mailForwardingAddress' em umdeterminado registro na base ldap, mas recebo a seguinte msg:

ldap_modify: Constraint violation (19)
additional info: mailForwardingAddress: multiple values provided

A idéia seria esta:
mailForwardingAddress: [email protected]
mailForwardingAddress: [email protected]

Fazer um forwarding das msgs que chegarem na conta comercial para os endereços de e-mails em mailForwardingAddress. Só que preciso fazer para dois usuários, como mostrado, e nao estou conseguindo.

Quem puder judar, fico agradecido

Até mais!

[Fabio K. Lima]

cldn, segue ldif para fazer a alteracao que voce precisa:

-- inicio --
dn: uid=blah,dc=domain,dc=tld
changeType: modify
add: mailForwardingAddress
mailForwardingAddress: email1@domain
-
add: mailForwardingAddress
mailForwardingAddress: email2@domain
-- fim --

Att,

Fabio K. Lima
LPIC

[cldn]

Olá Fabio.

Alterei o ldif e ficou da seguinte maneira:

dn: uid=comercial,ou=Comercial,dc=dominio,dc=com,dc=br
changeType: modify
add: mailForwardingAddress
mailForwardingAddress: [email protected]

Entao executei o comando ldapmodify e recebi a seguinte mensagem:

# ldapmodify -xD 'cn=Manager,dc=dominio,dc=com,dc=br' -W -f /home/sysadmin/ldap/user-ldap.ldif
Enter LDAP Password:
modifying entry "uid=comercial,ou=Comercial,dc=dominio,dc=com,dc=br"
ldap_modify: Constraint violation (19)
additional info: attribute 'mailForwardingAddress' cannot have multiple values


Agora, este é o resultado da consulta do usuário comercial e seus atributos:

# ldapsearch -xWD 'cn=Manager,dc=dominio,dc=com,dc=br' 'uid=comercial'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=comercial
# requesting: ALL
#

# comercial, Comercial, dominio.com.br
dn: uid=comercial,ou=Comercial,dc=dominio,dc=com,dc=br
krbName: [email protected]
shadowLastChange: 13684
shadowMax: 99999
shadowWarning: 7
userPassword:: e0NSWVBUfVMvdTg4ZllmRlVSOVU=
uid: comercial
cn: comercial
sn: comercial
mail: [email protected]
objectClass: mailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount
loginShell: /dev/null
uidNumber: 1016
gidNumber: 100
homeDirectory: /home/comercial
mailForwardingAddress: [email protected]


Já tentei de várias e ainda nao consegui incluir o segundo 'mailForwardingAddress' .
Alguma sugestão?

ps.:Obrigado pela atenção.


Tks...

[Fabio K. Lima]

cldn, qual schema voce está usando ?
nas definicoes do seu schema, o atributo mailForwardingAddress nao permite duplicidade, por isso está ocorrendo a violacao. verifique melhor quais parametros voce deve setar pra varios atributos de encaminhamento de e-mail. No schema phamm, voce define os enderecos de encaminhamento no atributo maildrop

Att,

Fabio K. Lima

[cldn]

Olá Fabio.

Será que no slapd.conf tem como redefinir isto?


# cat /etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Modified by Christian Zoffoli <[email protected]>
# Version 0.2
#

include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /usr/share/openldap/schema/evolutionperson.schema
include /usr/share/openldap/schema/calendar.schema
include /usr/share/openldap/schema/sudo.schema
include /usr/share/openldap/schema/dnszone.schema
include /usr/share/openldap/schema/dhcp.schema

#include /usr/share/openldap/schema/rfc822-MailMember.schema
#include /usr/share/openldap/schema/pilot.schema
#include /usr/share/openldap/schema/qmail.schema
#include /usr/share/openldap/schema/mull.schema
#include /usr/share/openldap/schema/netscape-profile.schema
#include /usr/share/openldap/schema/trust.schema

include /etc/openldap/schema/local.schema


# Define global ACLs to disable default read access and provide default
# behaviour for samba/pam use
include /etc/openldap/slapd.access.conf

# Provide write access to replicators, and cover access to any other
# attributes (default anonymous read access may be undesirable)
access to dn.subtree="dc=example,dc=com"
by group="cn=Replicator,ou=Group,dc=example,dc=com"
by users read
by anonymous read

# Replicas running syncrepl as non-rootdn need unrestricted size/time limits:
limits group="cn=Replicator,ou=Group,dc=example,dc=com"
size=unlimited
time=unlimited

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#allow bind_v2

pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args

modulepath /usr/lib/openldap

# database backend modules available:
#moduleload back_dnssrv.la
#moduleload back_ldap.la
#moduleload back_meta.la
#moduleload back_monitor.la
#moduleload back_passwd.la
#moduleload back_sql.la

# overlay modules available:
#moduleload accesslog.la
#moduleload denyop.la
#moduleload dyngroup.la
#moduleload dynlist.la
#moduleload glue.la
#moduleload lastmod.la
#moduleload pcache.la
#moduleload ppolicy.la
#moduleload refint.la
#moduleload retcode.la
#moduleload rwm.la
#moduleload syncprov.la
#moduleload translucent.la
#moduleload unique.la

#contrib overlays
#moduleload smbk5pwd.so

# SASL config
#sasl-host ldap.example.com

# To allow TLS-enabled connections, create /etc/ssl/openldap/ldap.pem
# and uncomment the following lines.
#TLSRandFile /dev/random
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/ssl/openldap/ldap.crt
TLSCertificateKeyFile /etc/ssl/openldap/ldap.key
TLSCACertificatePath /etc/ssl/openldap/ca.crt
#TLSVerifyClient never never
#TLSCACertificateFile /etc/ssl/cacert.pem
#TLSCACertificateFile /etc/ssl/openldap/ldap.pem
#TLSVerifyClient never # ([never]|allow|try|demand)

# logging
#loglevel 256

#######################################################################
# database definitions
#######################################################################

database bdb
suffix "dc=dominio,dc=com,dc=br"
rootdn "cn=Manager,dc=dominio,dc=com,dc=br"
password-hash {CRYPT}

#rootdn "cn=Manager,o=My Organization Name,c=US"
#suffix "o=My Organization Name,c=US"

# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw {crypt}ijFYNcSNctBYg
rootpw {CRYPT}NXoLz58x4mbVs
#rootpw {SSHA}UMrXvVek1uvRs7jBVMJnRe3FZi3B9JM8

# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap

# Tuning settings, please see the man page for slapd-bdb for more information
# as well as the DB_CONFIG file in the database directory
# commented entries are at their defaults
# In-memory cache size in entries
#cachesize 1000
# Checkpoint the bdb database after 256kb of writes or 5 minutes have passed
# since the last checkpoint
checkpoint 256 5

# Indices to maintain
#index objectClass eq
index objectClass,uid,uidNumber,gidNumber,memberuid eq
index cn,mail,surname,givenname eq,subinitial
# samba searches on sid
#index sambaSID eq

# Basic ACL (deprecated in favour of ACLs in /etc/openldap/slapd.access.conf)
#access to dn.children="ou=accounts,dc=dominio,dc=com,dc=br"
# by dn="cn=dovecot,ou=accounts,dc=dominio,dc=com,dc=br" read
# by anonymous auth

#access to attr=userPassword
# by self write
# by anonymous auth
# by dn="uid=root,ou=People,dc=example,dc=com" write
# by * none

#access to attr=userPassword
# by dn="cn=Manager,ou=People,dc=dominio,dc=com,dc=br" read
# by anonymous auth
# by self write
# by * none

#access to *
# by dn="uid=root,ou=People,dc=example,dc=com" write
# by * read

#access to attr=userPassword
# by dn.base="cn=Manager,dc=dominio,dc=com,dc=br" write
# by anonymous auth
# by self write
# by * none
#access to *
# by self write
# by dn.base="cn=Manager,dc=dominio,dc=com,dc=br" write
# by * read

# ACL ensuring replicator has write access
#access to *
# by group="cn=Replicator,ou=Group,dc=example,dc=com" write
# by * read

# Replica configuration (if this server is a slave)
#updatedn "cn=ldap-master.example.com,ou=Hosts,dc=example,dc=com"
#updateref "ldap://ldap-master.example.com"

# Replication configuration (if this server is a master)
#replica host=ldap-slave1.example.com:389
# binddn="cn=ldap-master.example.com,ou=Hosts,dc=example,dc=com"
# bindmethod=simple credentials="mypassword"

# Uncomment to enable statistics gathering at basedn cn=monitor (load monitor
# module above too)
#database monitor


Um grande abraço.

[cldn]

Pessoal,

ainda estou com este problema.
Andei fazendo vários testes, mas nao consigo adicionar mais de um mailforwardingaddress ...

# ldapmodify -vxD 'cn=Manager,dc=dominio,dc=com,dc=br' -W -f /tmp/user.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
add mailForwardingAddress:
[email protected]
[email protected]
add add:
mailForwardingAddress
modifying entry "uid=comercial,dc=dominio,dc=com,dc=br"
modify complete
ldap_modify: Constraint violation (19)
additional info: mailForwardingAddress: multiple values provided


Já verifiquei em vários objetos (schemas) para retirar esta restrição tbm.
Atualmente, estou usando os seguintes schemas no openldap:

##
## SCHEMA AND OBJECTCLASS DEFINITIONS
##
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kerberosobject.schema


O que pode estar causando esta restrição ?


Abraços.