openldap-software October 2006

openldap-software@openldap.org

91 participants
100 discussions

Issue while starting "slapd"
by Monica_Rana 16 Oct '06

16 Oct '06

Hi All, After successful installation of openldap 2.3.27 on Solaris 8, when i try to start the ldap service, it throws the following error. # ./slapd ld.so.1: ./slapd: fatal: libdb-4.4.so: open failed: No such file or directory Killed If anyone has any idea on what is causing this issue, please guide. Regards, Monica Rana **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS******** End of Disclaimer ********INFOSYS***

5 4

slapd, bdb, 32-bit -> 64-bit
by Frode Nordahl 16 Oct '06

16 Oct '06

Hello, I am trying to use a slapd BDB database created on a 32-bit intel system on a 64-bit (amd64/EMT64) system. Running slapcat on the database works fine, but when the server is started, ldapsearch is unable to find anything. I understand that there are architectural differences between a 32- bit and 64-bit systems, but I don't think Berkeley DB have any problems with having its data being interchanged between the platforms. We are running OpenLDAP in a distributed environment where every server has a local copy of the LDAP database for performance and reliability reasons. The database is 6 GB, so it is non-trivial export it to LDIF and import it again on the 64-bit systems. (It takes way too long). I am setting up one server to just be a spare LDAP slave so we easilly can take it down and copy the database to any new system added to the cluster without causing any downtime anywhere. But this is not possible as long as I cannot use the same database on 32-bit and 64-bit systems. Would it be possible to make this work at all? Could this be caused by a platform-dependent variable type being used somewhere, rather than a fixed sized variable type, making slapd interpret the same data diffrently on different platforms? -- Frode Nordahl

5 14

How was developers' day 2006
by Emiel van de Laar 16 Oct '06

16 Oct '06

Hi all, How was the OpenLDAP developers' day? :) I wasn't able to attend but am curious about the discussions and presentations. Could someone write a brief summary of the highlights. Perhaps there are slides available or audio/video. Thanks in advance. Regards, Emiel van de Laar

3 2

Re: Slapd.d Config File
by Pierangelo Masarati 15 Oct '06

15 Oct '06

Ted Johnson wrote: > ----- Original Message ---- > From: Pierangelo Masarati <ando(a)sys-net.it> > To: Ted Johnson <whatawonderfulworldweliveintoo(a)yahoo.com> > Cc: OpenLDAP-software(a)openldap.org > Sent: Sunday, October 15, 2006 5:28:09 PM > Subject: Re: Slapd.d Config File > > Ted Johnson wrote: > > * Does someone out there in OpenLDAP-land have a slapd.d conf file > > they could share? > Try "/usr/local/libexec/slapd -f slapd.conf -F ./slapd.d > your-already-existing-empty-configuration-dir" In my original mail I've never specified what path you were supposed to find slapd in. > > Interesting. It complained there was no slapd binary. Where your binaries are located, and what path you use is not relevant to this discussion. > Now, that worried me. I ran a search and found a binary here: > /usr/local/libexec/slapd > Now, since it wasn't in a bin dir, I didn't think that would work, but > I didn't think it would hurt anything either, so I ran your command > but with an absolute path to that binary, and violá! there were the files. > > > * Are the following still correct? > > pidfile /var/run/ldap/slapd.pid > > argsfile /var/run/ldap/slapd.args > > modulepath /usr/lib/openldap > > pam_ldap > pam_ldap has never been a valid slapd.conf directive > > How does one include modules, then? I don't understand what "pam_ldap" may have to do with slapd's modules. Also, I don't understand why you talk about modules if you don't have any idea of what they're supposed to do. Note that, unless you build slapd with module support, and you build components as modules, they will be statically built into slapd. The fact that you use statically built-in or run-time loaded modules, in any case, has nothing to do with a general discussion on using cn=config; I suggest to keep the two discussions separate. > Also, do you know of a good reference that would list all the modules > with which OpenLDAP works and a description of them? Googled and got zip. ./configure --help. > > > sasl-host ldap.2012.vi > > TLSRandFile /dev/random > > TLSCipherSuite HIGH:MEDIUM:+SSLv2 > > TLSCertificateFile /etc/ssl/openldap/ldap.pem > > TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem > > TLSCACertificatePath /etc/ssl/openldap/ > > TLSCACertificateFile /etc/ssl/cacert.pem > > TLSCACertificateFile /etc/ssl/openldap/ldap.pem > > TLSVerifyClient demand # ([never]|allow|try|demand) > a hash mark ('#') followed by text is interpreted as an argument to the > command that starts the line, not as a comment (as I assume you mean it). > > No. Thanks. > > > loglevel 256 > > database bdb > > suffix "dc=2012,dc=vi" > > rootdn "cn=admin,dc=2012,dc=vi" > > directory /var/lib/ldap > > index objectClass eq,pres > > access: to dn.base="/var/lib/ldap" by root read > No colon (':') after "access" is allowed in the "access" access control > directive > > database monitor > The above seems to be a collection of partially incorrect slapd.conf > statements. Provided you fix what's wrong, it should be fine to > generate the cn=config database following indications above. Note that > you don't have to generate the cn=config database unless you intend to > use it, and I suggest you don't until you understand all the > implications and its general usefulness. From your message, it appears > you didn't understand it yet, and you got the false perception that the > traditional way of configuring slapd is no longer valid, which is > absolutely not true. > > Well, I was just following directions ;) ***This list*** told me to > ask my beginner questions at ldap(a)umich.edu. The questions you just asked are OpenLDAP specific, and in fact you got OpenLDAP specific answers (as good as mine can be, at least). I don't see how that list could have helped you thru details of very recent OpenLDAP development. I'm not saying you can't ask beginner's questions; of course they're welcome as soon as they can lead to improving your (and others') understanding of how things work. It seems to me that starting with cn=config while you don't appear to have a clear understanding of how OpenLDAP's slapd works sounds a bit too ambitious. All in all, cn=config is a __very__ new feature. My point is that there's tons of info out there about how to configure slapd via slapd.conf(5), and yet too little about how to do it using cb=config (and the most authoritative documentation for both is the Admin Guide <http://www.openldap.org/doc/admin23/>). So I suggest you stick with slapd.conf(5) by now; it's up to you to follow advice, though :). > *That* list recommended all sorts of material to study. And there is a > __lot__ of confusion created from following these divergent > suggestions. Unfortunately, the documentation on openldap.org is > __very__limited__ and needs to be supplemented. The project is open; the FAQ <http://www.openldap.org/faq/data/cache/1.html> is interactive, and <http://www.openldap.org/devel/contributing.html> details how to contribute, if you think the documentation needs to be supplemented. Saying that may sound a bit offensive to all persons that spent their spare time in writing a fair amount of documentation (> 3 MB of man pages; 16 chapters of Admin Guide; ~2000 nodes of FAQ; ...). If you can suggest specific improvements to specific portions of documentation, feel free to post them; if all you have to say is "__very__limited__", well... (silently counting to a billion...) > Maybe easy for you guys, but I live on top of a mountain in the middle > of nowhere in the Dominican Republic with my trusty satellite > dish...and getting books here via Amazon takes longer than you'd think > and costs a fortune. So, I have to rely on what's available > online...and in this case, it's been disappointing, to say the least. All documentation on OpenLDAP.org is plain HTML or txt (man pages), so downloading it shouldn't be a big deal. Note that all the indications you got so far from me have been taken from the Admin Guide <http://www.openldap.org/doc/admin23/>. I don't know what documentation you read so far, but if you didn't read (and understand) the Admin Guide I strongly urge you to do so. Man pages like slapd.conf(5), slapd.access(5) and backend (and overlay) specific pages, like slapd-bdb(5) may be of help in understanding the details of each statement. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

howto replication ldap
by chechu chechu 15 Oct '06

15 Oct '06

hi I trying tu build replication, i got it in simple mode, but when I try with ssl or ssl + sasl, i can't get it someone know where i can find a howto for buildiong step to step or if someone want guide me to build it... thanks

2 2

Slapd.d Config File
by Ted Johnson 15 Oct '06

15 Oct '06

74Hi; After about 150 hours of researching LDAP/OpenLDAP, I have finally come to the realization, among many others, that I need to build a slapd.d configuration file, not a slapd.conf configuration file. There are differences, but the documentation I've read thus far unfortunately clouds the issues. I have the following questions: * Does someone out there in OpenLDAP-land have a slapd.d conf file they could share? That would help me more than the rest of these questions. * Do I want to include LDIF schema files, or SCHEMA schema files, or both? * Which format do I use below: A or B? A) include /usr/share/openldap/schema/core.schema B) olcInclude /usr/share/openldap/schema/core.schema Or is *this* correct? C) include: file:///usr/local/etc/openldap/schema/core.ldif * What is the difference between the attributeTypes/objectClasses in the *.schema files and the olcAttributeTypes/olcObjectClasses in the *.ldif files? What was the point in renaming them? To cut down on confusion? (I dare say it didn't.) * Do I still need an ldap.conf file? * Are the following still correct? pidfile /var/run/ldap/slapd.pid argsfile /var/run/ldap/slapd.args modulepath /usr/lib/openldap pam_ldap sasl-host ldap.2012.vi TLSRandFile /dev/random TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/ssl/openldap/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem TLSCACertificatePath /etc/ssl/openldap/ TLSCACertificateFile /etc/ssl/cacert.pem TLSCACertificateFile /etc/ssl/openldap/ldap.pem TLSVerifyClient demand # ([never]|allow|try|demand) loglevel 256 database bdb suffix "dc=2012,dc=vi" rootdn "cn=admin,dc=2012,dc=vi" directory /var/lib/ldap index objectClass eq,pres access: to dn.base="/var/lib/ldap" by root read database monitor Pulling my hair out, Ted

2 1

Post-read to collect generated DN of back-config entries
by Pierangelo Masarati 13 Oct '06

13 Oct '06

Michael, as we discussed few hours ago, you may use the postread control to capture the DN of an entry that's just been added, since the "X-ORDERED 'SIBLINGS'" will add a leading {<digits>} to the distinguished value. I've just committed a couple of fixes to HEAD that allow to 1) use the control (the absence of o_bd was causing access control to fail in the internal search that looks up the freshly added data) 2) use "1.1" as requested attribute to just lookup the DN, if you're fine with that; to make things more general, you might want to require the entryDN instead. The example code that adds the postread control and parses the result is in clients/tools/common.c. Maybe it could be worth having a pair of library calls much like we have for pagedResults: ldap_create_page_control() and ldap_parse_page_control() (and their building blocks) so that they can simply be called from within the python wrapper. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati(a)sys-net.it ------------------------------------------

1 0

RE: Install CA Certificate
by Aaron Smith 13 Oct '06

13 Oct '06

DOH! What a stupid mistake. That's exactly it. If I use the actual OpenLdap ldapsearch, I can get it to work connecting to ldaps://n1-wrath.sandbox.com:3269. Now I just need to get auth_ldap in Apache to do the same! But at least I'm getting closer. Thanks. -------------------------------------------------------------------- Aaron Smith Aaron.Smith(a)kzoo.edu System Administrator (269) 337-7496 Kalamazoo College -----Original Message----- From: Aaron Richton [mailto:richton@nbcs.rutgers.edu] Sent: Thursday, October 12, 2006 6:20 PM To: Aaron Smith Cc: openldap-software(a)openldap.org Subject: Re: Install CA Certificate > Where do I need to put a CA certificate so that Openldap can find it > properly? I have openldap version 2.3.27 that was compiled using > openssl support on a Solaris 10 machine. Trying to do secure LDAP > transactions with ldapsearch results in > > SSL initialization failed: error -8192 (An I/O error occurred during > security authorization.) I'd try "-d -1" to see what the client is thinking, or possibly truss to see if you and it are disagreeing as to the location of ldap.conf, and (if ldap.conf is getting opened properly) to see if the open() on the CACERT is working. With that said, I don't think I've ever seen a message like that from OpenLDAP ldapsearch(1). Are you sure you aren't running Solaris 10's /usr/bin/ldapsearch instead?

1 0

RE: Install CA Certificate
by Aaron Smith 13 Oct '06

13 Oct '06

Ah, but I'm trying to get this client to connect to Active Directory on a Microsoft Domain controller, not OpenLdap slapd. :) But Aaron Richter found my problem. -------------------------------------------------------------------- Aaron Smith Aaron.Smith(a)kzoo.edu System Administrator (269) 337-7496 Kalamazoo College -----Original Message----- From: Francisco Saito [mailto:fksaito@gmail.com] Sent: Friday, October 13, 2006 2:04 AM To: Aaron Richton Cc: Aaron Smith; openldap-software(a)openldap.org Subject: Re: Install CA Certificate Hello, Can you show your slapd.conf? Your client side configuration looks ok. But have you said to slapd where are the certs? http://www.openldap.org/doc/admin23/tls.html Thanks, Francisco Saito On 10/12/06, Aaron Richton <richton(a)nbcs.rutgers.edu> wrote: > > Where do I need to put a CA certificate so that Openldap can find it > > properly? I have openldap version 2.3.27 that was compiled using > > openssl support on a Solaris 10 machine. Trying to do secure LDAP > > transactions with ldapsearch results in > > > > SSL initialization failed: error -8192 (An I/O error occurred during > > security authorization.) > > I'd try "-d -1" to see what the client is thinking, or possibly truss to > see if you and it are disagreeing as to the location of ldap.conf, and (if > ldap.conf is getting opened properly) to see if the open() on the CACERT > is working. > > With that said, I don't think I've ever seen a message like that from > OpenLDAP ldapsearch(1). Are you sure you aren't running Solaris 10's > /usr/bin/ldapsearch instead? >

1 0

ldap_modify No such object(32) matched DN
by Syed Khader 13 Oct '06

13 Oct '06

Hi, I a newbie and i'm trying to implement openldap. i'm trying to add a new ou=people under dc=test,dc=com using the following ldapmodify -x -D "cn=Manager,dc=test,dc=com" -W -f /root/Desktop/example.ldif it says modifying entry "dc=test,dc=com" modifying entry "cn=Manager,dc=test,dc=com" modifying entry "ou=people, dc=test,dc=com" ldap_modify: No such object (32) matched DN: dc=test,dc=com My example.ldif file is as follows dn: dc=test,dc=com objectclass: dcObject objectclass: organization o: google dc: test dn: cn=Manager,dc=test,dc=com objectclass: organizationalRole cn: Manager dn: ou=people, dc=test, dc=com objectClass: organizationalUnit ou=people My Slapd.conf file is like this( just pasting what is required) include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema database bdb suffix "dc=test,dc=com" rootdn "cn=manager,dc=test,dc=com" Am i missing any schema or anything wrong in my ldif file. Plz Help :) Thanks in advance. Abdul.

4 4

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software October 2006