Hi Guys!
> Has anyone of you tried integrating Cisco VPN with >OpenLDAP for authorization?...
> I am having problems with it.. I have created my own >schemas. I am using fedora Core 4 with 2.6.11-1.1369_FC4
>version.
> My /etc/openldap/schema/new-attributes.schema
attributeType ( 1.2.840.113556.8000.795.2.1
NAME 'cVPN3000-Access-Hours'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType ( 1.2.840.113556.8000.795.2.3
NAME 'cVPN3000-Primary-DNS'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
>And the other schema >/etc/openldap/schema/new-object.schema I've created is:
objectClass (1.2.840.113556.1.8000.795.1.1
NAME 'cVPN3000-User-Authorization'
DESC 'Cisco Class Schema'
SUP inetOrgPerson
STRUCTURAL
MAY ( cVPN3000-Access-Hours $ cVPN3000-Primary-DNS ))
> I have included both of them in my >/etc/openldap/slapd.conf file:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/new-attributes.schema
include /etc/openldap/schema/new-object.schema
database ldbm
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw {SSHA}1wzadtOsf7S2eHGY3wwUg1/jQC8JOqBK
directory /var/lib/ldap/example.com
>I have another file in /etc/openldap/schema.ldif that >looks like this:
dn: cVPN3000-Access-Hours,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
changetype: add
adminDisplayName: cVPN3000-Access-Hours
attributeID: 1.2.840.113556.1.8000.795.2.1
attributeSyntax: 2.5.5.3
cn: cVPN3000-Access-Hours
instanceType: 4
isSingleValued: TRUE
lDAPDisplayName: cVPN3000-Access-Hours
distinguishedName:
cn=cVPN3000-Access-Hours,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
objectCategory:
cn=Attribute-Schema,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
objectClass: attributeSchema
oMSyntax: 27
name: cVPN3000-Access-Hours
showInAdvancedViewOnly: TRUE
dn: cn=cVPN3000-Primary-DNS,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
changetype: add
adminDisplayName: cVPN3000-Primary-DNS
attributeID: 1.2.840.113556.1.8000.795.2.3
attributeSyntax: 2.5.5.3
cn: cVPN3000-Primary-DNS
instanceType: 4
isSingleValued: TRUE
lDAPDisplayName: cVPN3000-Primary-DNS
distinguishedName:
cn=cVPN3000-Primary-DNS,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
objectCategory:
cn=Attribute-Schema,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
objectClass: attributeSchema
oMSyntax: 27
name: cVPN3000-Primary-DNS
showInAdvancedViewOnly: TRUE
dn:
cn=cVPN3000-User-Authorization,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
adminDisplayName: cVPN3000-User-Authorization
adminDescription: Cisco Class Schema
cn: cVPN3000-User-Authorization
defaultObjectCategory:
cn=cVPN3000-User-Authorization,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
defaultSecurityDescriptor:
D
A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
(A;;RPLCLORC;;;AU)
governsID: 1.2.840.113556.1.8000.795.1.1
instanceType: 4
lDAPDisplayName: cVPN3000-User-Authorization
mustContain: cn
mayContain: cVPN3000-Access-Hours
mayContain: cVPN3000-Primary-DNS
distinguishedName:
cn=cVPN3000-User-Authorization,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
objectCategory:
cn=Class-Schema,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
objectClass: classSchema
objectClassCategory: 1
possSuperiors: organizationalUnit
name: cVPN3000-User-Authorization
rDNAttID: cn
showInAdvancedViewOnly: TRUE
subClassOf: top
systemOnly: FALSE
> And another ldif file for users in >/etc/openldap/users.ldif:
dn: cn=nald_enva,ou=People,dc=example,dc=com
changetype: add
cVPN3000-Access-Hours: Corporate_time
cVPN3000-Primary-DNS: 202.47.132.9
objectClass: cVPN3000-User-Authorization
> My /etc/openldap/example.com.ldif looks like this:
dn: dc=example,dc=com
dc: example
description: Root LDAP entry for example.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=People,dc=example,dc=com
ou: People
description: All people in organisation
objectClass: organizationalUnit
> When I'm adding the ldif files to the ldap server, I was > getting an error:
adding new entry "cVPN3000-Access-Hours,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com"
ldap_add: Invalid DN syntax (34)
additional info: invalid DN
>I guess because of what I have in >/etc/openldap/example.co.ldif where I only have dn: >ou=People,dc=example,dc=com...?
>In my schema.ldif file, I have >dn:cn=cVPN3000-User-Authorization,cn=Schema,cn=Configuration,ou=People,dc=example,dc=com
>.. How to I create this?... I think, there's something >wrong with the onjectClass and attributeTypes I have >created... I guess my question is... How to I create an >objectClass and attribuTypes that define what I have in >my ldif files... because I was having problems adding >these ldif files in the ldap server...
>I need you help guys,.. I appreciate any help or >information you'll give me.. I know I sound kinda stupid >but i was just a newbie to this and don't have background >on designing/creating schemas...
>
>I look forward to hear from you....thank you very much..
Regards,
Ronald