<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 04/22/2013 04:43 AM, s.varadha rajan
wrote:<br>
</div>
<blockquote
cite="mid:CAFEmfGxqzW80N01EStfO3daP9vZ5vbWomnG_5A_wB71K2CPqvw@mail.gmail.com"
type="cite">Hi Team,<br>
<br>
We have implemented 389-ds in Ubuntu 12.04 LTS. Everything is
working fine.we have created ou called "groups " such as
ou=groups,dc=xxx,dc=com. same 389-ds (1.2.1-0ubuntu2)implemented
in the Ubuntu linux 10.04 LTS and we can see the "aci"
attributes in the groups OU. Same aci is not available in the
"1.2.10.4-0ubuntu3.1".<br>
<br>
For example, if i connected my <b>older ldap server</b> through
phpldapadmin and select any group from "ou=groups,dc=xxx,dc=com"
, i can see the below fields from aci attribute,<br>
<br>
(targetattr="*")
(target=<a class="moz-txt-link-rfc2396E" href="ldap:///cn=*,ou=services,ou=groups,dc=xxx,dc=com">"ldap:///cn=*,ou=services,ou=groups,dc=xxx,dc=com"</a>)
(version 3.0;acl "<group name>"; allow
(write)(userdn="<a class="moz-txt-link-freetext" href="ldap:///uid=">ldap:///uid=</a><user
name>,ou=people,dc=xxx,dc=com");)<br>
(targetattr="*")
(target=<a class="moz-txt-link-rfc2396E" href="ldap:///cn=*,ou=services,ou=groups,dc=xxx,dc=com">"ldap:///cn=*,ou=services,ou=groups,dc=xxx,dc=com"</a>)
(version 3.0;acl "<group name>"; allow
(write)(userdn="<a class="moz-txt-link-freetext" href="ldap:///uid=">ldap:///uid=</a><user
name>,ou=people,dc=xxx,dc=com");)<br>
(targetattr="*")
(target=<a class="moz-txt-link-rfc2396E" href="ldap:///cn=*,ou=services,ou=groups,dc=xxx,dc=com">"ldap:///cn=*,ou=services,ou=groups,dc=xxx,dc=com"</a>)
(version 3.0;acl "<group name>"; allow
(write)(userdn="<a class="moz-txt-link-freetext" href="ldap:///uid=">ldap:///uid=</a><user
name>,ou=people,dc=xxx,dc=com");)<br>
<br>
For getting the same details, if i connect to my new LDAP server
through phpldapadmin, "aci" attribute itself not displayed.<br>
<br>
Is it the attribute is related to samba ?</blockquote>
<br>
The aci attribute? No.<br>
<br>
<blockquote
cite="mid:CAFEmfGxqzW80N01EStfO3daP9vZ5vbWomnG_5A_wB71K2CPqvw@mail.gmail.com"
type="cite">Refered some of the blogs through net, if i search
through ldapsearch,<br>
<br>
ldapsearch -x -h localhost -p <port no> -s base -b
"cn=schema" "objectclass=*" | grep -i samba -> output is
displayed in the old server with some values.same command if i
apply in new server, no output.<br>
</blockquote>
<br>
For schema, 389 is now compliant with the LDAPv3 RFCs. These state
that the schema attributes such as attributeTypes, objectClasses,
etc. are OPERATIONAL attributes and must be explicitly requested by
the search command. So<br>
<br>
ldapsearch -x -h localhost -p <port no> -s base -b
"cn=schema" "objectclass=*" attributeTypes objectClasses | grep -i
samba<br>
<br>
The other thing about cn=schema is that the ldapsearch LDIF output
is wrapped at 78 characters which makes grep difficult. See
<a class="moz-txt-link-freetext" href="http://richmegginson.livejournal.com/18726.html">http://richmegginson.livejournal.com/18726.html</a><br>
<br>
For "aci", it too is an operational attribute - in order to see it:<br>
<br>
ldapsearch -x -h localhost -p <port no> -b "dc=xxx,dc=com"
"aci=*" aci<br>
<br>
<blockquote
cite="mid:CAFEmfGxqzW80N01EStfO3daP9vZ5vbWomnG_5A_wB71K2CPqvw@mail.gmail.com"
type="cite">
<br>
My question may be silly,pls don't mistake.what could be the
reason ? <br>
<br>
Regards,<br>
Varad<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>