Free busy & resource web-admin.
Jeroen van Meeuwen (Kolab Systems)
vanmeeuwen at kolabsys.com
Wed Jan 23 12:35:58 CET 2013
On 2013-01-22 18:18, Diane Trout wrote:
>>
>> Our defaults work against 389-ds, but as I recall OpenLDAP uses a
>> specific schema root dn you can query. You should be able to supply
>> that
>> schema root dn in /etc/kolab/kolab.conf's [ldap] section as a setting
>> named "schema_root_dn". Perhaps in OpenLDAP this is "cn=subschema"?
>
> The OpenLDAP schema root should be:
>
> cn=schema,cn=config
>
> You may need to adjust permissions to be able to read it. Look at the
> olcAccess attribute in slapd.d/cn=config/olcDatabase={0}config.ldif
> to see what
> can access the cn=config tree.
>
The Kolab Web Administration Panel's API side will attempt to use what
is specified as the "service_bind_dn" (and corresponding
"service_bind_pw") to read the schema, as is illustrated here:
http://git.kolab.org/kolab-wap/tree/lib/ext/Net/LDAP3.php#n1710
So there's no reason (yet) to give out too broad read access to this
tree.
Kind regards,
Jeroen van Meeuwen
--
Systems Architect, Kolab Systems AG
e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com
pgp: 9342 BF08
More information about the users
mailing list