Fedora directory users - Jun 2006 - phpldapadmin acl configuration

Hello,

I''ve tried to setup phpldapadmin but it fails after login with this
error :
---
Our attempts to find your SCHEMA for "attributetypes" have FAILED.
---

I''ve read that Fedora DS works with phpldapadmin and that this error
can be due to wrong acl :
http://wiki.pldapadmin.com/tiki-view_faq.php?faqId=1#q11

I''ve created a special user phpldapadmin but don''t know what
rights to
give to him as I haven''t found cn=subschema

Would someone have an idea ?

Regards,
-- 
Mikael Kermorgant

Mikael,

I just got phpLdapAdmin working with fds today.  I installed fds on fc4 and
followed the setup for example.com.

When I configured PLA, I had to define the server ''base''
setting in
/var/www/html/phpldapadmin/config/config.php
(''dc=example,dc=com'') because
PLA said it could not find the rootDSE.  But I was able to authenticate
using the cn=Directory Manager that was created during setup.

I also found I needed to edit /etc/php.ini to increase the memory for PHP.
I was getting errors in the http server log.

If someone has a tip about phpldapadmin being able to get the naming
contexts from rootDSE, I''d appreciate it.

Thanks,

Toby

On 6/16/06, Mikael Kermorgant <mikael.kermorgant@gmail.com>
wrote:
>
> Hello,
>
> I''ve tried to setup phpldapadmin but it fails after login with
this error
> :
> ---
> Our attempts to find your SCHEMA for "attributetypes" have
FAILED.
> ---
>
> I''ve read that Fedora DS works with phpldapadmin and that this
error
> can be due to wrong acl :
> http://wiki.pldapadmin.com/tiki-view_faq.php?faqId=1#q11
>
> I''ve created a special user phpldapadmin but don''t know
what rights to
> give to him as I haven''t found cn=subschema
>
> Would someone have an idea ?
>
> Regards,
> --
> Mikael Kermorgant
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Thanks Toby !

Increasing the memory limit in php.ini was the solution for me.
For the record, as I''ve removed anonymous access, I had to add this
acl to get phpldapadmin working :

(targetattr = "subschemaSubentry || aliasedObjectName ||
hasSubordinates || objectClasses || namingContexts || matchingRuleUse
|| ldapSchemas || attributeTypes || serverRoot || modifyTimestamp ||
icsAllowRights || matchingRules || creatorsName || dn || ldapSyntaxes
|| createTimestamp")
(version 3.0;
acl "Acces anonyme au schema";
allow (read,compare,search)
(userdn = "ldap:///anyone")
;)

(Maybe modifying userdn to the bind user I use in phpldapadmin could
work, I have to try it).

Best regards,

Mikael

Great!  Thanks for the info on anonymous access as that will be useful for
me also.

I should add to this thread that the memory errors encountered by PLA caused
it to complain about not being able to read the root and even when I
specified a base in the config.php, it did not display the tree of directory
nodes in the left navigation area.  I changed /etc/php.ini to specify 32M
instead of 8M.  I''ll have to go back and remove the
''base'' setting in
config.php to see if PLA successfully reads the root now.

Toby

On 6/17/06, Mikael Kermorgant <mikael.kermorgant@gmail.com>
wrote:
>
> Thanks Toby !
>
> Increasing the memory limit in php.ini was the solution for me.
> For the record, as I''ve removed anonymous access, I had to add
this
> acl to get phpldapadmin working :
>
> (targetattr = "subschemaSubentry || aliasedObjectName ||
> hasSubordinates || objectClasses || namingContexts || matchingRuleUse
> || ldapSchemas || attributeTypes || serverRoot || modifyTimestamp ||
> icsAllowRights || matchingRules || creatorsName || dn || ldapSyntaxes
> || createTimestamp")
> (version 3.0;
> acl "Acces anonyme au schema";
> allow (read,compare,search)
> (userdn = "ldap:///anyone")
> ;)
>
> (Maybe modifying userdn to the bind user I use in phpldapadmin could
> work, I have to try it).
>
> Best regards,
>
> Mikael
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

2006/6/17, Toby Kraft <toby.kraft@gmail.com>:
> Great!  Thanks for the info on anonymous access as that will be useful for
> me also.
>
> I should add to this thread that the memory errors encountered by PLA
caused
> it to complain about not being able to read the root and even when I
> specified a base in the config.php, it did not display the tree of
directory
> nodes in the left navigation area.  I changed /etc/php.ini to specify 32M
> instead of 8M.  I''ll have to go back and remove the
''base'' setting in
> config.php to see if PLA successfully reads the root now.
Glad to hear the acl will be useful, I''ve suffered a bit to find it out
;)
For the sake of precision, I''ve modified the acl by changing
restricting access to a specific user (which phpldapadmin should bind
with) but it does not work.

Best regards,

-- 
Mikael Kermorgant