setting up admin password on openldap
by Naufal Sheikh
Hi,
Can any one please give me a pointer on how to setup an admin password on
ldap. my sladp.config file does not hold any password and the line is
hashed. It gives an error about something needing to be in suffix. I am not
sure what it is, but it is working fine on the production system from which
I am trying to migrate.
I have successfully installed openldap on my linux system and it never asked
me for any password in the installation. Also I have imported the ldiff from
the production system. It has an entry of admin but has no password, while
on production system somehow the password is set.
Any pointers will be appreciated
Thanks
Naufal
15 years, 11 months
Re: extended characterset/binary/base64 support
by Dieter Kluenter
"Naufal Sheikh" <naufalzamir(a)gmail.com> writes:
> Nah,
>
> when i import my ldif, it cannot parse all the entryies which have
> extended chatacter set in their clientOrg attribute
Do you get any error messages?
Could you give an example?
-Dieter
> On 10/19/07, Dieter Kluenter <dieter(a)dkluenter.de> wrote:
>> "Naufal Sheikh" <naufalzamir(a)gmail.com> writes:
>>
>> > Hello,
>> >
>> > I used slapcat command to create an ldiff file. Now ehen I am using
>> > slapadd to import that ldiff file into my new server. it cannot parse
>> > entries wchih have an attribute (clientOrg) value in extended
>> > characterset/base64/binary... I am not sure what it is called. In
>> > ldiff file those attribute and attribute values are seperated by
>> > double colons, which I think is also pointing to the fact that the
>> > value is a extended character set.
>>
>> This is base64 which you can easily read with a tool like mmencode.
>> >
>> > The original ldap server is running fine. Do i need to compile my new
>> > ldap server with some additional support module, or is their any
>> > option with slapaddd which I can use to convert the enrties in ldiff
>> > or some thing..... If some can pleae point me to the right
>> > direction. I have been reading many emails and articles, but I am
>> > still not sure what to do.
>>
>> Just import the ldif file with slapadd, base64 coded attribute values
>> are properly recognized.
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6
15 years, 11 months
Access Control by group
by Jason Dearborn
I'd like to grant members of an Administrator group full access to
everything in LDAP.
According to the ldap FAQ, the default objectclass is "groupOfNames" and the
default attribute checked is "member". To match my config I'd need to
change the values to "posixGroup" and "memberUid" respectively. It looks
like you can do that with the following syntax:
<who> ::= group[/<objectclass>[/<attrname>][.<style>]]=<pattern>]
I can't find any examples on the web and I've been
unsuccessful experimenting with various syntatical permutations. slapd
won't start with any of the following:
access to *
by group/posixGroup="Admins,ou=Group,dc=example,dc=com" write
access to *
by group/posixGroup/memberUid="Admins,ou=Group,dc=example,dc=com" write
I'm running OpenLDAP 2.2.13-2
Has anyone been able to make this work?
TIA,
Jason
15 years, 11 months
Regarding slapd.conf
by Anjali Arora
Hi,
I am not able to understand how to create hierarchy in openldap...
We can mention multiple suffix but what is the use and how it will relate to
the rootdn
b'coz we can mention suffix in slapd.conf which is under rootdn...then how
mutilple suffix contain different values..
Please help me out
With Regards,
Anjali
15 years, 11 months
case sensitive dn
by jorge sanchez
Hi all,
just a short question:
Is that possible to have case sensitive DN's for example
dn: ou=something,o=something
and
dn: ou=SOMETHING,o=SOMETHING
I am getting error when trying to add dn "ou=SOMETHING,o=SOMETHING" to LDAP
when there is already an dn "ou=something,o=something" present.
Thanks,
Jorge
15 years, 11 months
Re: Paged results and multiple bdb backends.
by Brandon Hume
Okay, before I file a bug report, I just want to make sure that what I'm
seeing is not the way it's meant to be.
When running:
$ ldapsearch -x -b dc=bofh,dc=ca -h ldap-test -E pr=2 '(objectclass=*)' dn
I see:
[....]
# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.319 false MAkCAQAEBAIAAAA=
control: 1.2.840.113556.1.4.319 false MAUCAQAEAA==
control: 1.2.840.113556.1.4.319 false MAkCAQAEBP////8=
Press [size] Enter for the next {2|size} entries.
... in other words, one control: reponse for each backend in the tree.
And assuming that the last field is the Base64-encoded value of the
cursor/lastid, some of those values look to be garbage (0xffffffff and
so on). If the client software is taking the wrong value and repeating
it back when asking for the next page, that would explain why I'm being
told the page value is invalid.
Can anyone else confirm this behaviour with 2.3.38?
15 years, 11 months
Re: Most stable loglevel
by matthew sporleder
> On 10/25/07, matthew sporleder <msporleder(a)gmail.com> wrote:
> > On 10/25/07, Sumith Narayanan <sumith.narayanan(a)gmail.com> wrote:
> > > Hi All,
> > >
> > > I am running $OpenLDAP: slapd 2.3.27 and Berkeley DB (Version:
> > > 4.4.20) on MacOSX 10.4.
> > >
> > > The process crashes with memory leak often. The maximum it can go with
> > > 32 bit processor is 2 GB of memory and then it crashes. However , I
> > > have found that the it starts leaking more and crashing often (1-2 hr
> > > ) when the loglevel is 256 or 512. When it is at 32 it crashes once in
> > > 2 days or so.
> > >
> > > Did anyone experience this before ? If so , what should be the
> > > loglevel when my intention is to make the process more stable.
> > >
> > > Please note that the server which crashes is getting updated 5-6 % of
> > > total transaction.
> > >
> > > Any help , suggestions will be appreciated.
> > >
> >
> > I have found that many people misinterpret an oversized cache with a
> > memory leak. Tune down your system so it doesn't use so much memory.
> >
>
On 10/26/07, Sumith Narayanan <sumith.narayanan(a)gmail.com> wrote:
> Hi Mattew,
>
> We have 3 DBs and alltogether we are using less than 250 MB memory.
>
> When the process starts , it stabilzes with 250 MB and then it starts
> increasing.
>
> After putting the log level to 32 , it is slowly increasing , over a
> period of 2 days or so to 2 GB and then it crashes.
>
> If I increase the log level it goes to 2 GB in 1 hour or so.
It sounds like your syslog config is somehow messed up, or osx's
syslog is not very good and you should try installing something like
syslog-ng.
15 years, 11 months
Regarding Multimaster slapd communication
by Anjali Arora
Hi,
How multimaster communication is done in openLDAP....
How to specify master in the slapd.conf file
replica attribute is for replication but how to specify another master in
slpad.conf file
Waiting for Reply
Thanks and Regards,
Anjali
15 years, 11 months
Most stable loglevel
by Sumith Narayanan
Hi All,
I am running $OpenLDAP: slapd 2.3.27 and Berkeley DB (Version:
4.4.20) on MacOSX 10.4.
The process crashes with memory leak often. The maximum it can go with
32 bit processor is 2 GB of memory and then it crashes. However , I
have found that the it starts leaking more and crashing often (1-2 hr
) when the loglevel is 256 or 512. When it is at 32 it crashes once in
2 days or so.
Did anyone experience this before ? If so , what should be the
loglevel when my intention is to make the process more stable.
Please note that the server which crashes is getting updated 5-6 % of
total transaction.
Any help , suggestions will be appreciated.
Thanks, Sumith.
15 years, 11 months