ditaoctavia / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Documentation bugs for OpenLDAP setup #591

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Configure PWM with OpenLDAP using the OpenLDAP schema provided in the PWM 
Administration guide
2. Register a new user and login
3. Try setting Challenge responses

What is the expected output? What do you see instead?
Expected output would be a working flow.
What happens instead is that the firs issue is that on login I get "LDAP: error 
code 65 - attribute 'pwmResponseSet' not allowed", due to the fact that the 
schema in the admin guide misses a parentheses at the end, and the pwmUser 
class is not added to the schema.
After fixing that, I get two more issues:
LDAP: error code 18 - modify/delete: pwmEventLog: no equality matching rule
LDAP: error code 18 - modify/delete: pwmResponseSet: no equality matching rule

Which can be fixed adding EQUALITY octetStringMatch on the schema for those two 
attributes.

Also, it would be useful to document the LDIF version of the schema, rather 
than the old static configuration format.

I'm attaching the fixed schema (both static and ldif version) as a reference.

What version of PWM are you using?
1.7.0

What ldap directory and version are you using?
I tried OpenLDAP 2.4.31

Please paste any error log messages below:
see above

Original issue reported on code.google.com by sarcang...@gmail.com on 17 Jul 2014 at 10:08

Attachments:

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Forgot to attach the ldif version.

Original comment by sarcang...@gmail.com on 17 Jul 2014 at 10:12

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks. I have added you file with slight modifications (aligned the OID's with 
other files) plus an extra attribute (pwmOtpSecret) for the upcoming release.

Original comment by menno.pi...@gmail.com on 18 Jul 2014 at 6:28

GoogleCodeExporter commented 9 years ago
Thanks, should I fix the OIDs in my setup too or is that not neeed?

Original comment by sarcang...@gmail.com on 18 Jul 2014 at 7:43

GoogleCodeExporter commented 9 years ago
No, as long as they are unique, it should be OK. If you already have data, it 
might be complicated to change.

Original comment by menno.pi...@gmail.com on 18 Jul 2014 at 7:54

GoogleCodeExporter commented 9 years ago
perfect, thanks!

Original comment by sarcang...@gmail.com on 18 Jul 2014 at 8:04