[Fedora-directory-users] Can't create users, time for complete wipe and re-install?

Listbox listbox at hymerfania.com
Wed Jan 23 17:55:19 UTC 2008 

Thanks so much!
Now I'm looking in
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html#1199651 to see
what I might do to fix things. 
Here is the output from the commands you suggested. At least I can tell one
is bigger than the other :)

ldapsearch -x -D "cn=directory manager" -w mypassword -b o=netscaperoot
"aci=*" aci
# extended LDIF
#
# LDAPv3
# base <o=netscaperoot> with scope subtree
# filter: aci=*
# requesting: aci 
#

# NetscapeRoot
dn: o=NetscapeRoot
aci: (targetattr="*")(version 3.0; acl "Enable Configuration Administrator
Gro
 up modification"; allow (all) groupdn="ldap:///cn=Configuration
Administrator
 s, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";)
aci: (targetattr="*")(targetfilter=(o=NetscapeRoot))(version 3.0; acl
"Default
  anonymous access"; allow (read, search) userdn="ldap:///anyone";)
aci: (targetattr="*")(version 3.0; acl "Enable Group Expansion"; allow
(read, 
 search, compare) groupdnattr="uniquemember";)
aci: (targetattr = "*")(version 3.0; acl "SIE Group (trixter)"; allow (all)
gr
 oupdn = "ldap:///cn=slapd-trixter, cn=Fedora Directory Server, cn=Server
Grou
 p, cn=trixter.hymesruzicka.org, ou=hymesruzicka.org, o=NetscapeRoot";)

# TopologyManagement, NetscapeRoot
dn: ou=TopologyManagement, o=NetscapeRoot
aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous
access"; 
 allow (read, search, compare)userdn="ldap:///anyone";)

# Global Preferences, hymesruzicka.org, NetscapeRoot
dn: ou=Global Preferences, ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable anonymous access";
allow(read,sea
 rch) userdn="ldap:///anyone";)

# UserPreferences, hymesruzicka.org, NetscapeRoot
dn: ou=UserPreferences, ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr = "*")(version 3.0; acl "Allow saving of User Preferences";
a
 llow (add) userdn = "ldap:///all";)

# uid\3Dadmin\2C ou\3DAdministrators\2C ou\3DTopologyManagement\2C
o\3DNetsca
 peRoot, UserPreferences, hymesruzicka.org, NetscapeRoot
dn: ou="uid=admin, ou=Administrators, ou=TopologyManagement,
o=NetscapeRoot",o
 u=UserPreferences, ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all)
userdnattr="
 creatorsname";)

# cn\3Dadmin-serv-trixter\2C cn\3DFedora Administration Server\2C
cn\3DServer
  Group\2C cn\3Dtrixter.hymesruzicka.org\2C ou\3Dhymesruzicka.org\2C
o\3DNets
 capeRoot, UserPreferences, hymesruzicka.org, NetscapeRoot
dn: ou="cn=admin-serv-trixter, cn=Fedora Administration Server, cn=Server
Grou
 p, cn=trixter.hymesruzicka.org, ou=hymesruzicka.org,
o=NetscapeRoot",ou=UserP
 references, ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all)
userdnattr="
 creatorsname";)

# Server Group, trixter.hymesruzicka.org, hymesruzicka.org, NetscapeRoot
dn: cn=Server Group, cn=trixter.hymesruzicka.org, ou=hymesruzicka.org,
o=Netsc
 apeRoot
aci: (targetattr=*)(targetfilter=(nsconfigRoot=*))(version 3.0; acl "Enable
de
 legated access"; allow (read, search, compare) groupdn="ldap:///cn=Server
Gro
 up, cn=trixter.hymesruzicka.org, ou=hymesruzicka.org, o=NetscapeRoot";)
aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read,
s
 earch, compare) userdn="ldap:///cn=admin-serv-trixter, cn=Fedora
Administrati
 on Server, cn=Server Group, cn=trixter.hymesruzicka.org,
ou=hymesruzicka.org,
  o=NetscapeRoot";)

# PublicViews, 1.1, Admin, Global Preferences, hymesruzicka.org,
NetscapeRoot
dn: cn=PublicViews, ou=1.1, ou=Admin, ou=Global Preferences,
ou=hymesruzicka.o
 rg, o=NetscapeRoot
aci: (targetattr = "*")(version 3.0; acl "Allow Authenticated Users to Save
Pu
 blic Views"; allow (all) userdn = "ldap:///all";)

# slapd-trixter, Fedora Directory Server, Server Group,
trixter.hymesruzicka.
 org, hymesruzicka.org, NetscapeRoot
dn: cn=slapd-trixter, cn=Fedora Directory Server, cn=Server Group,
cn=trixter.
 hymesruzicka.org, ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read,
s
 earch, compare) groupdn="ldap:///cn=slapd-trixter, cn=Fedora Directory
Server
 , cn=Server Group, cn=trixter.hymesruzicka.org, ou=hymesruzicka.org,
o=Netsca
 peRoot";)
aci: (targetattr="uniquemember || serverProductName || userpassword ||
descrip
 tion")(targetfilter=(objectclass=netscapeServer))(version 3.0; acl "Enable
ac
 cess delegation"; allow (write) groupdn="ldap:///cn=slapd-trixter,
cn=Fedora 
 Directory Server, cn=Server Group, cn=trixter.hymesruzicka.org,
ou=hymesruzic
 ka.org, o=NetscapeRoot";)

# configuration, slapd-trixter, Fedora Directory Server, Server Group,
trixte
 r.hymesruzicka.org, hymesruzicka.org, NetscapeRoot
dn: cn=configuration,cn=slapd-trixter, cn=Fedora Directory Server, cn=Server
G
 roup, cn=trixter.hymesruzicka.org, ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow
(all
 ) groupdn="ldap:///cn=slapd-trixter, cn=Fedora Directory Server, cn=Server
Gr
 oup, cn=trixter.hymesruzicka.org, ou=hymesruzicka.org, o=NetscapeRoot";)

# cn\3Dslapd-trixter\2C cn\3DFedora Directory Server\2C cn\3DServer Group\2C

 cn\3Dtrixter.hymesruzicka.org\2C ou\3Dhymesruzicka.org\2C o\3DNetscapeRoot,

 UserPreferences, hymesruzicka.org, NetscapeRoot
dn: ou="cn=slapd-trixter, cn=Fedora Directory Server, cn=Server Group,
cn=trix
 ter.hymesruzicka.org, ou=hymesruzicka.org,
o=NetscapeRoot",ou=UserPreferences
 , ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all)
userdnattr="
 creatorsname";)

# cn\3DDirectory Manager, UserPreferences, hymesruzicka.org, NetscapeRoot
dn: ou="cn=Directory Manager",ou=UserPreferences, ou=hymesruzicka.org,
o=Netsc
 apeRoot
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all)
userdnattr="
 creatorsname";)

# Fedora Administration Server, Server Group, trixter.hymesruzicka.org,
hymes
 ruzicka.org, NetscapeRoot
dn: cn=Fedora Administration Server, cn=Server Group,
cn=trixter.hymesruzicka.
 org, ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr=*)(targetfilter=(nsNickName=*))(version 3.0; acl "Enable
dele
 gated access"; allow (read, search, compare) groupdn="ldap:///cn=Fedora
Admin
 istration Server, cn=Server Group, cn=trixter.hymesruzicka.org,
ou=hymesruzic
 ka.org, o=NetscapeRoot";)

# admin-serv-trixter, Fedora Administration Server, Server Group,
trixter.hym
 esruzicka.org, hymesruzicka.org, NetscapeRoot
dn: cn=admin-serv-trixter, cn=Fedora Administration Server, cn=Server Group,
c
 n=trixter.hymesruzicka.org, ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "Enable delegated access"; allow (read,
s
 earch, compare) groupdn="ldap:///cn=admin-serv-trixter, cn=Fedora
Administrat
 ion Server, cn=Server Group, cn=trixter.hymesruzicka.org,
ou=hymesruzicka.org
 , o=NetscapeRoot";)
aci: (targetattr="uniquemember || serverProductName || userpassword ||
descrip
 tion")(targetfilter=(objectclass=netscapeServer))(version 3.0; acl "Enable
ac
 cess delegation"; allow (write) groupdn="ldap:///cn=admin-serv-trixter,
cn=Fe
 dora Administration Server, cn=Server Group, cn=trixter.hymesruzicka.org,
ou=
 hymesruzicka.org, o=NetscapeRoot";)

# configuration, admin-serv-trixter, Fedora Administration Server, Server
Gro
 up, trixter.hymesruzicka.org, hymesruzicka.org, NetscapeRoot
dn: cn=configuration, cn=admin-serv-trixter, cn=Fedora Administration
Server, 
 cn=Server Group, cn=trixter.hymesruzicka.org, ou=hymesruzicka.org,
o=Netscape
 Root
aci: (targetattr=*)(version 3.0; acl "Enable delegated admin to access
configu
 ration"; allow (read, search) groupdn="ldap:///cn=Server Group,
cn=trixter.hy
 mesruzicka.org, ou=hymesruzicka.org, o=NetscapeRoot";)
aci: (targetattr=*)(version 3.0; acl "Enable Server configuration"; allow
(all
 ) groupdn="ldap:///cn=admin-serv-trixter, cn=Fedora Administration Server,
cn
 =Server Group, cn=trixter.hymesruzicka.org, ou=hymesruzicka.org,
o=NetscapeRo
 ot";)

# uid\3Ddiradmin\2Cou\3DAdministrators\2C ou\3DTopologyManagement\2C
o\3Dnets
 capeRoot, UserPreferences, hymesruzicka.org, NetscapeRoot
dn: ou="uid=diradmin,ou=Administrators, ou=TopologyManagement,
o=netscapeRoot"
 ,ou=UserPreferences, ou=hymesruzicka.org, o=NetscapeRoot
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all)
userdnattr="
 creatorsname";)

# search result
search: 2
result: 0 Success

# numResponses: 17
# numEntries: 16



ldapsearch -x -D "cn=directory manager" -w anotherpassword -b
"dc=hymesruzicka,dc=org" "aci=*" aci

# extended LDIF
#
# LDAPv3
# base <dc=hymesruzicka,dc=org> with scope subtree
# filter: aci=*
# requesting: aci 
#

# hymesruzicka.org
dn: dc=hymesruzicka, dc=org
aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous
access"; 
 allow (read, search, compare) userdn="ldap:///anyone";)
aci: (targetattr="carLicense || description || displayName ||
facsimileTelepho
 neNumber || homePhone || homePostalAddress || initials || jpegPhoto ||
labele
 dURL || mail || mobile || pager || photo || postOfficeBox || postalAddress
||
  postalCode || preferredDeliveryMethod || preferredLanguage ||
registeredAddr
 ess || roomNumber || secretary || seeAlso || st || street ||
telephoneNumber 
 || telexNumber || title || userCertificate || userPassword ||
userSMIMECertif
 icate || x500UniqueIdentifier")(version 3.0; acl "Enable self write for
commo
 n attributes"; allow (write) userdn="ldap:///self";)
aci: (targetattr ="*")(version 3.0;acl "Directory Administrators
Group";allow 
 (all) (groupdn = "ldap:///cn=Directory Administrators, dc=hymesruzicka,
dc=or
 g");)

# People, hymesruzicka.org
dn: ou=People, dc=hymesruzicka, dc=org
aci: (targetattr ="userpassword || telephonenumber ||
facsimiletelephonenumber
 ")(version 3.0;acl "Allow self entry modification";allow (write)(userdn =
"ld
 ap:///self");)
aci: (targetattr !="cn || sn || uid")(targetfilter
="(ou=Accounting)")(version
  3.0;acl "Accounting Managers Group Permissions";allow (write)(groupdn =
"lda
 p:///cn=Accounting Managers,ou=groups,dc=hymesruzicka, dc=org");)
aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human
Resources)")(ve
 rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR
M
 anagers,ou=groups,dc=hymesruzicka, dc=org");)
aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product
Testing)")(ver
 sion 3.0;acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA
Ma
 nagers,ou=groups,dc=hymesruzicka, dc=org");)
aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product
Development)"
 )(version 3.0;acl "Engineering Group Permissions";allow (write)(groupdn =
"ld
 ap:///cn=PD Managers,ou=groups,dc=hymesruzicka, dc=org");)

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

More information about the Fedora-directory-users mailing list