Berkeley DB version?
by Wes Rogers
I'm still using db-4-4.20 with all the patches for all my 2.3.38
instances. Is there a newer, recommended version by users on this
list?
Thanks,
Wes
14 years, 6 months
Re: extended characterset/binary/base64 support
by Naufal Sheikh
ok, thanks!
On 10/25/07, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
> --On Thursday, October 25, 2007 10:08 AM -0400 Naufal Sheikh
> <naufalzamir(a)gmail.com> wrote:
>
> > ok, so what are my options here. I am very new at ldap, and am doing this
> > migration by installing the software and copying the config files. Is
> > there any module or library which needs to be installed to get this
> > resolved, because this thing is working on the current production system.
> > If you can just point me to the right direction..
>
> You need to fix the data.
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
14 years, 6 months
Paged results and multiple bdb backends.
by Brandon Hume
Okay, I've isolated what appears to be part of the problem, and
something I overlooked in our upgrade from 2.2 to 2.3: We also split the
existing tree into multiple BDB backends. Several isolated branches of
the tree were quite large, and this was an attempt to split the database
in multiple, more-managable chunks. We were also looking at partial
replication of just one portion of the tree.
Now, as I muck about on a test server, I see that if I edit slapd.conf
so that only one backend is enabled, I have functional paged results.
If I enable a subordinate database, paged results fail with the
previously mentioned "old or invalid" error.
So, at least I have a fallback plan to get this working: merge it all
back into the single BDB database. I'd like to avoid that if I can,
though.
Are there tricks to using the paged results control when searching
across multiple backends?
14 years, 6 months
naming attribute 'cn' not present in entry (64)
by Benny Chee
Hi all,
I ve been trying to add an new custom objectclass
(ndsLoginProperties) and i m always getting this error. Anyone can
decipher it?
Oct 24 17:12:31 ldap slapd[79408]: bdb_referrals: op=104
target="cn=NDS,ou=Policies,dc=example,dc=com"
matched="ou=Policies,dc=example,dc=com"
Oct 24 17:12:31 ldap slapd[79408]: ==> bdb_add:
cn=NDS,ou=Policies,dc=example,dc=com
Oct 24 17:12:31 ldap slapd[79408]: daemon: select: listen=6
active_threads=0 tvp=NULL
Oct 24 17:12:31 ldap slapd[79408]: bdb_add: entry failed schema check:
naming attribute 'cn' is not present in entry (64)
Oct 24 17:12:31 ldap slapd[79408]: daemon: select: listen=7
active_threads=0 tvp=NULL
Oct 24 17:12:31 ldap slapd[79408]: send_ldap_result: conn=14 op=1 p=3
Oct 24 17:12:31 ldap slapd[79408]: send_ldap_result: err=64 matched=""
text="naming attribute 'cn' is not present in entry"
Oct 24 17:12:31 ldap slapd[79408]: send_ldap_response: msgid=2 tag=105 err=64
Oct 24 17:12:31 ldap slapd[79408]: conn=14 op=1 RESULT tag=105 err=64
text=naming attribute 'cn' is not present in entry
My schema that i m using is as follows:
attributetype ( 2.16.840.1.113719.1.1.4.1.25
NAME 'groupMembership'
DESC 'groupMembership'
SUP distinguishedName )
attributetype ( 2.16.840.1.113719.1.1.4.1.39
NAME 'loginAllowedTimeMap'
DESC 'loginAllowedTimeMap'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
attributetype ( 2.16.840.1.113719.1.1.4.1.40
NAME 'loginDisabled'
DESC 'loginDisabled'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( 2.16.840.1.113719.1.1.4.1.41
NAME 'loginExpirationTime'
DESC 'loginExpirationTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
attributetype ( 2.16.840.1.113719.1.1.4.1.42
NAME 'loginGraceLimit'
DESC 'loginGraceLimit'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.1.4.1.43
NAME 'loginGraceRemaining'
DESC 'loginGraceRemaining'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.1.4.1.44
NAME 'loginIntruderAddress'
DESC 'loginIntruderAddress'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.45
NAME 'loginIntruderAttempts'
DESC 'loginIntruderAttempts'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.47
NAME 'loginIntruderResetTime'
DESC 'loginIntruderResetTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
attributetype ( 2.16.840.1.113719.1.1.4.1.48
NAME 'loginMaximumSimultaneous'
DESC 'loginMaximumSimultaneous'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.49
NAME 'loginScript'
DESC 'loginScript'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
attributetype ( 2.16.840.1.113719.1.1.4.1.50
NAME 'loginTime'
DESC 'loginTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
attributetype ( 2.16.840.1.113719.1.1.4.1.56
NAME 'networkAddressRestriction'
DESC 'networkAddressRestriction'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.55
NAME 'networkAddress'
DESC 'networkAddress'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.65
NAME 'passwordsUsed'
DESC 'passwordsUsed'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.66
NAME 'passwordAllowChange'
DESC 'passwordAllowChange'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( 2.16.840.1.113719.1.1.4.1.67
NAME 'passwordExpirationInterval'
DESC 'passwordExpirationInterval'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.1.4.1.68
NAME 'passwordExpirationTime'
DESC 'passwordExpirationTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
attributetype ( 2.16.840.1.113719.1.1.4.1.69
NAME 'passwordMinimumLength'
DESC 'passwordMinimumLength'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 2.16.840.1.113719.1.1.4.1.70
NAME 'passwordRequired'
DESC 'passwordRequired'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( 2.16.840.1.113719.1.1.4.1.71
NAME 'passwordUniqueRequired'
DESC 'passwordUniqueRequired'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( 2.16.840.1.113719.1.1.4.1.82
NAME 'privateKey'
DESC 'privateKey'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.83
NAME 'profile'
DESC 'profile'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.84
NAME 'publicKey'
DESC 'publicKey'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.92
NAME 'securityEquals'
DESC 'securityEquals'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.16.840.1.113719.1.1.4.1.1
NAME 'accountBalance'
DESC 'accountBalance'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.4
NAME 'allowUnlimitedCredit'
DESC 'allowUnlimitedCredit'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( 2.16.840.1.113719.1.1.4.1.54
NAME 'minimumAccountBalance'
DESC 'minimumAccountBalance'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.34
NAME 'language'
DESC 'language'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.37
NAME 'lockedByIntruder'
DESC 'lockedByIntruder'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( 2.16.840.1.113719.1.1.4.1.96
NAME 'serverHolds'
DESC 'serverHolds'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.35
NAME 'lastLoginTime'
DESC 'lastLoginTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
attributetype ( 2.16.840.1.113719.1.1.4.1.116
NAME 'higherPrivileges'
DESC 'higherPrivileges'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.165
NAME 'securityFlags'
DESC 'securityFlags'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.171
NAME 'profileMembership'
DESC 'profileMembership'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 2.16.840.1.113719.1.1.4.1.178
NAME 'timezone'
DESC 'timezone'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 2.16.840.1.113719.1.1.6.1.33
NAME 'ndsLoginProperties'
DESC 'ndsLoginProperties'
SUP Top
MAY ( groupMembership $ loginAllowedTimeMap $
loginDisabled $ loginExpirationTime $
loginGraceLimit $ loginGraceRemaining $
loginIntruderAddress $ loginIntruderAttempts $
loginIntruderResetTime $ loginMaximumSimultaneous $
loginScript $ loginTime $ networkAddressRestriction $
networkAddress $ passwordsUsed $ passwordAllowChange $
passwordExpirationInterval $ passwordExpirationTime $
passwordMinimumLength $ passwordRequired $
passwordUniqueRequired $ privateKey $ profile $
publicKey $ securityEquals $ accountBalance $
allowUnlimitedCredit $ minimumAccountBalance $
language $ lockedByIntruder $ serverHolds $
lastLoginTime $ higherPrivileges $ securityFlags $
profileMembership $ timezone ) )
14 years, 6 months
sort without articles?
by Zhang Weiwu
Dear list
Is it possible (or already some openldap extension to) do
sort-without-articles?
Example is: "The Ritz-Carlton" should be listed before "TAVRIDA ELECTRIC
AG" but actually the current sorted search result gives "TAVRIDA
ELECTRIC AG" first. Usually "The" should be removed in ordering.
Had to ask the list, it's difficult to google it because "a" and "the"
are forbidden keywords for google, and "article" is ambiguous which
leads to a lot of "article" that explains search in LDAP.
Best regards!
--
Real Softservice
Huateng Tower, Unit 1788
Jia 302 3rd area of Jinsong, Chao Yang
Tel: +86 (10) 8773 0650 ext 603
Mobile: 135 9950 2413
http://www.realss.com
14 years, 6 months
ACL to bind groups from a IP
by Daniel Pérez del Campo
Hi!
First of all, sorry for my english.
I will try to be clear.
I have a LDAP server running perfectly. I have this in it:
ou=users,dc=tel,dc=uva,dc=es
ou=groups,dc=tel,dc=uva,dc=es
cn=alumnos,ou=groups,dc=tel,dc=uva,dc=es
objectClass: posixGroup
gidnumber: 10
cn=profesores,ou=groups,dc=tel,dc=uva,dc=es
objectClass: posixGroup
gidnumber: 11
Now, I would like to autheticate users who belong to "profesores" , from
IP=111.111.111.111.
On the other hand, I would like to autheticate users who belongs to
"alumnos", from IP=222.222.222.222.
And at last, the same, but with both groups, and from IP=333.333.333.333.
And in all the cases, the autheticated users could change their password.
I have looked the manual, but I only obtain that all the users( o nodoby)
bind from a specific IP, but I don't know with groups of users.
Does anybody can help me??
Thanks you very much!
Daniel Perez
_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/
14 years, 6 months
Using paged results, between 2.2.26 and 2.3.38.
by Brandon Hume
I've got a number of auditing/update/query programs that make use of the
paged results extension for large queries
Since upgrading the server to 2.3.38 from 2.2.26, all these programs
have broken; they can retrieve the first page of results, but any
attempt top fetch the next page results in a "paged results cookie is
invalid or old" error. The client programs and the server platform
(Redhat AS3) are both unaltered between server versions.
I can't find any references to changes with respect to paged results in
CHANGES, except for the deadlock in bdb problem being fixed.
Would anyone be able to provide some advice for debugging this, perhaps
being able to see the cookie being assigned by the server and what the
client is offering back?
14 years, 6 months
ldap_init( ) causing segv violation (malloc failure)
by Santosh Kumar
Hi everyone, require your suggestion , facing segmentation violation issue, when invoked ldap_init()when
tried analysing by gdb of coredump it points for malloc failure in
ldapxx.so libraries, not sure wheather any issues should be considered
for overcoming this, would appreciate your solutions about issue. LDAP *ld_user;/* Code - start*/
ld_user = ldap_init(LDAP_SERVER, LDAP_PORT); //Connect to Local LDAP Server if(ld_user == NULL)
{
fprintf(fpDisplay,\"ERROR : ldap_init: ....Allocated : %p\\n\",ld_user );
exit(1);
}
else
{
fprintf(fpDisplay,\"main: ldap_init: Sucess =.Allocated=%p\\n\", ld_user);
}
fflush(NULL);
rc = ldap_simple_bind_s( ld_user, bind_dn, LDAP_PASSWD);
if ( rc != LDAP_SUCCESS )
{
fprintf( fpDisplay, \"main: ldap_simple_bind_s: ldap_simple_bind_s\\n\" );
return -3;
}
/* Code Ends */Snap shot of GDB of coredump
0x00861d49 in _int_malloc () from /lib/tls/libc.so.6
(gdb) #1 0x00861d49 in _int_malloc () from /lib/tls/libc.so.6
(gdb) #2 0x008610ed in malloc () from /lib/tls/libc.so.6
(gdb) #3 0x00f3b2ef in ber_memalloc () from /usr/lib/liblber.so.2
(gdb) #4 0x00f3b427 in ber_memrealloc () from /usr/lib/liblber.so.2
(gdb) #5 0x00ac5a6b in ?? () from /usr/lib/libldap.so.2
(gdb) #6 0x00000000 in ?? ()
Thanks in advanceRegards,
Santosh Kumar.B
Sr Systems Engineer
NeoAccel India Pvt Ltd
Sector 24, Plot no 6, Turbhe
Navi Mumbai 400705
Mobile:09820939496
Regards,
Santosh Kumar.B
Sr Systems Engineer
NeoAccel India Pvt Ltd
Sector 24, Plot no 6, Turbhe
Navi Mumbai 400705
Mobile:09820939496
14 years, 6 months
SyncREPL generates high traffic to calculate delta
by Bruno Lezoray EMSM
Hi all,
I have the following configuration, in OpenLDAP 2.3.32 (i know i have to
upgrade to 2.3.38):
Master -> Pivot -> Slave on 3 different servers. SyncRepl replicates in
RefreshOnly mode, a sub-tree.
When i dump the TLS traffic during a replication of a add or delete
operation, i have around 6000 TCP packets between Master and Pivot, and
only 40 packets between Pivot and Slave. My sub-tree contains 5500
entries. So, i concluded that Pivot SyncRepl ask the entire sub-tree.
Is it a known problem ? Does it come from the configuration ?
Another topic about syncrepl : When the Pivot is stopped longer than the
interval setting, and restarted, i need to restart the Slave because it
doesn't retry connection on the Pivot ? And also, it doesn't use the
retry setting.
slapd logs the following error:
Oct 16 11:14:26 oldap-sol10 sym[28092]: [ID 187570 local4.debug]
do_syncrep1: rid 002 ldap_sasl_bind_s failed (-1)
Is it a known problem ?
Rgds, Bruno.
14 years, 6 months
