(ITS#8749) Proxy: LDAP-querry doesn't work for e.g (userAccountControl:1.2.840.113556.1.4.803:=2)
by steffen.krahl@nexio.de
Full_Name: Steffen Krahl
Version: 2.4-2
OS: Ubuntu 16.04.3 LTS
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.168.136.108)
I'm using OpenLDAP with LDAP-backend as proxy for ActiveDirectory
It's working well so far, only LDAP-queries which should exclude deactivated
users don't work. It seems slapd does not accept queries like
(attribute:OID:=value)
in particular (&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
fails due to the part ":1.2.840.113556.1.4.803:". The query itself works fine
for ActiveDirectory itself.
to make blind test: (userAccountControl:1.2.840.113556.1.4.803:=2) will not get
any object back (but should)
I'm quite new to OpenLDAP, but it seems an issue.
performing upper query gets:
Oct 1 00:45:33 nxld01 slapd[3002]: str2filter "(&(sAMAccountType=
805306368)(?=error))"
Oct 1 00:45:33 nxld01 kernel: [49436.933735] slapd[3005]: segfault at 18 ip
00007ff4f783d512 sp 00007ff4f1afc810 error 4 in
libc-2.23.so[7ff4f77b9000+1c0000]
performing the following query
(&(objectClass=*)(userAccountControl:1.2.840.113556.1.4.803:=2))
will get following log wntry:
Oct 1 00:49:07 nxld01 slapd[3033]: str2filter
"(&(objectClass=*)(!(objectClass=*)))"
seems a little bit strange
BR
Steffen
6 years
Re: (ITS#8745) Need to join Windows server 2012 R2 to open lapd as a client
by ryan@openldap.org
On Thu, Sep 28, 2017 at 07:11:35AM +0000, ramkumar(a)mgtechsoft.com wrote:
>Request you to inform whether can we join windows 2012 server to Open Ldap as
>client?
>
>and if it is possible please share the procedure with us.
The ITS system is for reporting software bugs, not for support
questions. If you have a question about OpenLDAP, please contact the
openldap-technical(a)openldap.org mailing list.
In your specific case, it sounds like your question is actually about
Samba, not about OpenLDAP. As well, "opeldap.sdef.com" sounds like it
might be a typo, so please check your spelling carefully.
This ITS will be closed.
6 years
Re: (ITS#8748)
by quanah@symas.com
--On Friday, September 29, 2017 9:19 PM +0000 rouzier(a)gmail.com wrote:
> --94eb2c1913c4df2dad055a59bed1
> Content-Type: text/plain; charset="UTF-8"
>
> I, James Rouzier, hereby place the following modifications to OpenLDAP
> Software (and only these modifications) into the public domain. Hence,
> these modifications may be freely used and/or redistributed for any
> purpose with or without attribution and/or other notice.
Thanks!
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
6 years
(ITS#8748)
by rouzier@gmail.com
--94eb2c1913c4df2dad055a59bed1
Content-Type: text/plain; charset="UTF-8"
I, James Rouzier, hereby place the following modifications to OpenLDAP
Software (and only these modifications) into the public domain. Hence,
these modifications may be freely used and/or redistributed for any purpose
with or without attribution and/or other notice.
--94eb2c1913c4df2dad055a59bed1
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div>I, James Rouzier, hereby place the following mod=
ifications to OpenLDAP Software (and only these modifications) into the pub=
lic domain. Hence, these modifications may be freely used and/or redistribu=
ted for any purpose with or without attribution and/or other notice.</div><=
/div><div><br></div></div>
--94eb2c1913c4df2dad055a59bed1--
6 years
(ITS#8747) LDAP load balancer daemon (lloadd)
by ondra@openldap.org
Full_Name: Ondrej Kuznik
Version: master
OS:
URL: https://github.com/mistotebe/openldap/tree/lloadd
Submission from: (NULL) (82.10.24.68)
The 'lloadd' branch linked above contains the load balancer code that is now
ready for review.
This adds a new server to the OpenLDAP project, a load balancing proxy
(prototype). Also, the tls branch contains the work in progress toward
StartTLS/ldaps support (which works apart from certificate checking) and can be
merged once ITS#8746 has been closed.
To test, make sure you have libevent >= 2.0 installed and regenerate the
configure script which now accepts the --enable-balancer option. The code in
question has only been compiled/tested on Linux so far.
6 years
(ITS#8745) Need to join Windows server 2012 R2 to open lapd as a client
by ramkumar@mgtechsoft.com
Full_Name: Ramkumar Raman
Version: 2.4.28
OS: Ubuntu 12.04 LTS
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (14.143.3.78)
Hello Team,
I configured open ldap 2.4.28 with samba version 3.6.25 on Ubuntu 12.04 LTS
server.
And now window 7 to Windows 2008 R2 server I could able to join with open ldap.
But,
When we try to join windows server 2012 R2 server it is not happening and error
which
I am facing is as follows,
Error: /// The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate an Active Directory Domain
Controller (AD DC) for domain "opeldap.sdef.com":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.opeldap.sdef.com
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not
registered in DNS. These records are registered with a DNS server automatically
when a AD DC is added to a domain. They are updated by the AD DC at set
intervals. This computer is configured to use DNS servers with the following IP
addresses:
XXX.XX.XX.X
XXX.XX.XX.XXX
- One or more of the following zones do not include delegation to its child
zone:
opeldap.sdef.com
sdef.com
com
. (the root zone)
//
Request you to inform whether can we join windows 2012 server to Open Ldap as
client?
and if it is possible please share the procedure with us.
Thanks for your reply in advance.
Regards,
Ramkumar R
6 years
