openldap-software October 2007

openldap-software@openldap.org

84 participants
107 discussions

Berkeley DB version?
by Wes Rogers 25 Oct '07

25 Oct '07

I'm still using db-4-4.20 with all the patches for all my 2.3.38 instances. Is there a newer, recommended version by users on this list? Thanks, Wes

2 1

Re: extended characterset/binary/base64 support
by Naufal Sheikh 25 Oct '07

25 Oct '07

ok, thanks! On 10/25/07, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > --On Thursday, October 25, 2007 10:08 AM -0400 Naufal Sheikh > <naufalzamir(a)gmail.com> wrote: > > > ok, so what are my options here. I am very new at ldap, and am doing this > > migration by installing the software and copying the config files. Is > > there any module or library which needs to be installed to get this > > resolved, because this thing is working on the current production system. > > If you can just point me to the right direction.. > > You need to fix the data. > > --Quanah > > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

1 0

Paged results and multiple bdb backends.
by Brandon Hume 25 Oct '07

25 Oct '07

Okay, I've isolated what appears to be part of the problem, and something I overlooked in our upgrade from 2.2 to 2.3: We also split the existing tree into multiple BDB backends. Several isolated branches of the tree were quite large, and this was an attempt to split the database in multiple, more-managable chunks. We were also looking at partial replication of just one portion of the tree. Now, as I muck about on a test server, I see that if I edit slapd.conf so that only one backend is enabled, I have functional paged results. If I enable a subordinate database, paged results fail with the previously mentioned "old or invalid" error. So, at least I have a fallback plan to get this working: merge it all back into the single BDB database. I'd like to avoid that if I can, though. Are there tricks to using the paged results control when searching across multiple backends?

2 1

Usenix LISA conference
by Howard Chu 25 Oct '07

25 Oct '07

Just a brief note, I'll be running another LDAP Guru session at this year's LISA conference in Dallas. Drop in and bring your questions with you... http://www.usenix.org/events/lisa07/tech/ -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

naming attribute 'cn' not present in entry (64)
by Benny Chee 24 Oct '07

24 Oct '07

Hi all, I ve been trying to add an new custom objectclass (ndsLoginProperties) and i m always getting this error. Anyone can decipher it? Oct 24 17:12:31 ldap slapd[79408]: bdb_referrals: op=104 target="cn=NDS,ou=Policies,dc=example,dc=com" matched="ou=Policies,dc=example,dc=com" Oct 24 17:12:31 ldap slapd[79408]: ==> bdb_add: cn=NDS,ou=Policies,dc=example,dc=com Oct 24 17:12:31 ldap slapd[79408]: daemon: select: listen=6 active_threads=0 tvp=NULL Oct 24 17:12:31 ldap slapd[79408]: bdb_add: entry failed schema check: naming attribute 'cn' is not present in entry (64) Oct 24 17:12:31 ldap slapd[79408]: daemon: select: listen=7 active_threads=0 tvp=NULL Oct 24 17:12:31 ldap slapd[79408]: send_ldap_result: conn=14 op=1 p=3 Oct 24 17:12:31 ldap slapd[79408]: send_ldap_result: err=64 matched="" text="naming attribute 'cn' is not present in entry" Oct 24 17:12:31 ldap slapd[79408]: send_ldap_response: msgid=2 tag=105 err=64 Oct 24 17:12:31 ldap slapd[79408]: conn=14 op=1 RESULT tag=105 err=64 text=naming attribute 'cn' is not present in entry My schema that i m using is as follows: attributetype ( 2.16.840.1.113719.1.1.4.1.25 NAME 'groupMembership' DESC 'groupMembership' SUP distinguishedName ) attributetype ( 2.16.840.1.113719.1.1.4.1.39 NAME 'loginAllowedTimeMap' DESC 'loginAllowedTimeMap' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributetype ( 2.16.840.1.113719.1.1.4.1.40 NAME 'loginDisabled' DESC 'loginDisabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113719.1.1.4.1.41 NAME 'loginExpirationTime' DESC 'loginExpirationTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 2.16.840.1.113719.1.1.4.1.42 NAME 'loginGraceLimit' DESC 'loginGraceLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113719.1.1.4.1.43 NAME 'loginGraceRemaining' DESC 'loginGraceRemaining' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113719.1.1.4.1.44 NAME 'loginIntruderAddress' DESC 'loginIntruderAddress' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.45 NAME 'loginIntruderAttempts' DESC 'loginIntruderAttempts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.47 NAME 'loginIntruderResetTime' DESC 'loginIntruderResetTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 2.16.840.1.113719.1.1.4.1.48 NAME 'loginMaximumSimultaneous' DESC 'loginMaximumSimultaneous' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.49 NAME 'loginScript' DESC 'loginScript' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) attributetype ( 2.16.840.1.113719.1.1.4.1.50 NAME 'loginTime' DESC 'loginTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 2.16.840.1.113719.1.1.4.1.56 NAME 'networkAddressRestriction' DESC 'networkAddressRestriction' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.55 NAME 'networkAddress' DESC 'networkAddress' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.65 NAME 'passwordsUsed' DESC 'passwordsUsed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.66 NAME 'passwordAllowChange' DESC 'passwordAllowChange' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113719.1.1.4.1.67 NAME 'passwordExpirationInterval' DESC 'passwordExpirationInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113719.1.1.4.1.68 NAME 'passwordExpirationTime' DESC 'passwordExpirationTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 2.16.840.1.113719.1.1.4.1.69 NAME 'passwordMinimumLength' DESC 'passwordMinimumLength' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113719.1.1.4.1.70 NAME 'passwordRequired' DESC 'passwordRequired' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113719.1.1.4.1.71 NAME 'passwordUniqueRequired' DESC 'passwordUniqueRequired' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113719.1.1.4.1.82 NAME 'privateKey' DESC 'privateKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.83 NAME 'profile' DESC 'profile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.84 NAME 'publicKey' DESC 'publicKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.92 NAME 'securityEquals' DESC 'securityEquals' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributetype ( 2.16.840.1.113719.1.1.4.1.1 NAME 'accountBalance' DESC 'accountBalance' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.4 NAME 'allowUnlimitedCredit' DESC 'allowUnlimitedCredit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113719.1.1.4.1.54 NAME 'minimumAccountBalance' DESC 'minimumAccountBalance' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.34 NAME 'language' DESC 'language' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.37 NAME 'lockedByIntruder' DESC 'lockedByIntruder' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113719.1.1.4.1.96 NAME 'serverHolds' DESC 'serverHolds' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' DESC 'lastLoginTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 2.16.840.1.113719.1.1.4.1.116 NAME 'higherPrivileges' DESC 'higherPrivileges' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.165 NAME 'securityFlags' DESC 'securityFlags' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.171 NAME 'profileMembership' DESC 'profileMembership' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113719.1.1.4.1.178 NAME 'timezone' DESC 'timezone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 2.16.840.1.113719.1.1.6.1.33 NAME 'ndsLoginProperties' DESC 'ndsLoginProperties' SUP Top MAY ( groupMembership $ loginAllowedTimeMap $ loginDisabled $ loginExpirationTime $ loginGraceLimit $ loginGraceRemaining $ loginIntruderAddress $ loginIntruderAttempts $ loginIntruderResetTime $ loginMaximumSimultaneous $ loginScript $ loginTime $ networkAddressRestriction $ networkAddress $ passwordsUsed $ passwordAllowChange $ passwordExpirationInterval $ passwordExpirationTime $ passwordMinimumLength $ passwordRequired $ passwordUniqueRequired $ privateKey $ profile $ publicKey $ securityEquals $ accountBalance $ allowUnlimitedCredit $ minimumAccountBalance $ language $ lockedByIntruder $ serverHolds $ lastLoginTime $ higherPrivileges $ securityFlags $ profileMembership $ timezone ) )

4 3

sort without articles?
by Zhang Weiwu 24 Oct '07

24 Oct '07

Dear list Is it possible (or already some openldap extension to) do sort-without-articles? Example is: "The Ritz-Carlton" should be listed before "TAVRIDA ELECTRIC AG" but actually the current sorted search result gives "TAVRIDA ELECTRIC AG" first. Usually "The" should be removed in ordering. Had to ask the list, it's difficult to google it because "a" and "the" are forbidden keywords for google, and "article" is ambiguous which leads to a lot of "article" that explains search in LDAP. Best regards! -- Real Softservice Huateng Tower, Unit 1788 Jia 302 3rd area of Jinsong, Chao Yang Tel: +86 (10) 8773 0650 ext 603 Mobile: 135 9950 2413 http://www.realss.com

2 1

ACL to bind groups from a IP
by Daniel Pérez del Campo 24 Oct '07

24 Oct '07

Hi! First of all, sorry for my english. I will try to be clear. I have a LDAP server running perfectly. I have this in it: ou=users,dc=tel,dc=uva,dc=es ou=groups,dc=tel,dc=uva,dc=es cn=alumnos,ou=groups,dc=tel,dc=uva,dc=es objectClass: posixGroup gidnumber: 10 cn=profesores,ou=groups,dc=tel,dc=uva,dc=es objectClass: posixGroup gidnumber: 11 Now, I would like to autheticate users who belong to "profesores" , from IP=111.111.111.111. On the other hand, I would like to autheticate users who belongs to "alumnos", from IP=222.222.222.222. And at last, the same, but with both groups, and from IP=333.333.333.333. And in all the cases, the autheticated users could change their password. I have looked the manual, but I only obtain that all the users( o nodoby) bind from a specific IP, but I don't know with groups of users. Does anybody can help me?? Thanks you very much! Daniel Perez _________________________________________________________________ MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/

3 4

Using paged results, between 2.2.26 and 2.3.38.
by Brandon Hume 23 Oct '07

23 Oct '07

I've got a number of auditing/update/query programs that make use of the paged results extension for large queries Since upgrading the server to 2.3.38 from 2.2.26, all these programs have broken; they can retrieve the first page of results, but any attempt top fetch the next page results in a "paged results cookie is invalid or old" error. The client programs and the server platform (Redhat AS3) are both unaltered between server versions. I can't find any references to changes with respect to paged results in CHANGES, except for the deadlock in bdb problem being fixed. Would anyone be able to provide some advice for debugging this, perhaps being able to see the cookie being assigned by the server and what the client is offering back?

2 1

ldap_init( ) causing segv violation (malloc failure)
by Santosh Kumar 23 Oct '07

23 Oct '07

Hi  everyone,  require your suggestion ,  facing segmentation violation issue, when invoked ldap_init()when tried analysing by gdb of coredump it points for malloc failure in ldapxx.so libraries, not sure wheather any issues should be considered for overcoming this,  would appreciate your solutions about issue. LDAP      *ld_user;/* Code - start*/                ld_user = ldap_init(LDAP_SERVER, LDAP_PORT);  //Connect to Local LDAP Server       if(ld_user == NULL)                       {                             fprintf(fpDisplay,\"ERROR : ldap_init: ....Allocated : %p\\n\",ld_user );                             exit(1);                       }                       else                       {                           fprintf(fpDisplay,\"main: ldap_init: Sucess =.Allocated=%p\\n\", ld_user);                       }                       fflush(NULL);                       rc = ldap_simple_bind_s( ld_user, bind_dn, LDAP_PASSWD);                       if ( rc != LDAP_SUCCESS )                         {                           fprintf( fpDisplay, \"main: ldap_simple_bind_s: ldap_simple_bind_s\\n\" );                           return -3;                         } /* Code Ends */Snap shot of GDB of coredump 0x00861d49 in _int_malloc () from /lib/tls/libc.so.6 (gdb) #1  0x00861d49 in _int_malloc () from /lib/tls/libc.so.6 (gdb) #2  0x008610ed in malloc () from /lib/tls/libc.so.6 (gdb) #3  0x00f3b2ef in ber_memalloc () from /usr/lib/liblber.so.2 (gdb) #4  0x00f3b427 in ber_memrealloc () from /usr/lib/liblber.so.2 (gdb) #5  0x00ac5a6b in ?? () from /usr/lib/libldap.so.2 (gdb) #6  0x00000000 in ?? () Thanks in advanceRegards, Santosh Kumar.B Sr Systems Engineer NeoAccel India Pvt Ltd Sector 24, Plot no 6, Turbhe Navi Mumbai 400705 Mobile:09820939496 Regards, Santosh Kumar.B Sr Systems Engineer NeoAccel India Pvt Ltd Sector 24, Plot no 6, Turbhe Navi Mumbai 400705 Mobile:09820939496

2 1

SyncREPL generates high traffic to calculate delta
by Bruno Lezoray EMSM 23 Oct '07

23 Oct '07

Hi all, I have the following configuration, in OpenLDAP 2.3.32 (i know i have to upgrade to 2.3.38): Master -> Pivot -> Slave on 3 different servers. SyncRepl replicates in RefreshOnly mode, a sub-tree. When i dump the TLS traffic during a replication of a add or delete operation, i have around 6000 TCP packets between Master and Pivot, and only 40 packets between Pivot and Slave. My sub-tree contains 5500 entries. So, i concluded that Pivot SyncRepl ask the entire sub-tree. Is it a known problem ? Does it come from the configuration ? Another topic about syncrepl : When the Pivot is stopped longer than the interval setting, and restarted, i need to restart the Slave because it doesn't retry connection on the Pivot ? And also, it doesn't use the retry setting. slapd logs the following error: Oct 16 11:14:26 oldap-sol10 sym[28092]: [ID 187570 local4.debug] do_syncrep1: rid 002 ldap_sasl_bind_s failed (-1) Is it a known problem ? Rgds, Bruno.

4 8

← Newer
1
2
3
4
5
6
7
...
11
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software October 2007