openldap-software October 2007

openldap-software@openldap.org

84 participants
107 discussions

extended characterset/binary/base64 support
by Naufal Sheikh 19 Oct '07

19 Oct '07

Hello, I used slapcat command to create an ldiff file. Now ehen I am using slapadd to import that ldiff file into my new server. it cannot parse entries wchih have an attribute (clientOrg) value in extended characterset/base64/binary... I am not sure what it is called. In ldiff file those attribute and attribute values are seperated by double colons, which I think is also pointing to the fact that the value is a extended character set. The original ldap server is running fine. Do i need to compile my new ldap server with some additional support module, or is their any option with slapaddd which I can use to convert the enrties in ldiff or some thing..... If some can pleae point me to the right direction. I have been reading many emails and articles, but I am still not sure what to do. Thanks and Regards Naufal

2 1

syntax
by Richard smith 19 Oct '07

19 Oct '07

Many thanks in advance. ldap_add returned invalid syntax (21) FAQ lists the following extraneous white space (especially trailing white space) improperly encoded characters (LDAPv3 uses UTF-8 encoded Unicode) empty values (few syntaxes allow empty values) Not sure how to proceed. Doesn't look like there are any trailing white spaces or empty values. Also, if I try to login, it seems to know if the correct password is given but then just closes the connection. I'm guessing this may be because all of the ldif file has not been added yet. slapd.log date time server slapd[psid]: conn=1 op=14 ADD dn="cn=config,dc=server,dc=name,dc=example,dc=com" date time server slapd[psid]: conn=1 op=14 RESULT tag=105 err=21 text=objectClass: value #0 invalid per syntax The messages log also included messages as follows: Invalid legacy unicast query packet. Recieved repsonse with invalid source port 2734 on interface 'eth0.0' __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

2 1

Export/Import LDAP database with passwords
by Gilles Schlienger 19 Oct '07

19 Oct '07

Hi, I would like to export an existing Openldap database on a local new Openldap install? I exported the data in an LDIF file, but it does not contain the passwords What are my options ? 1. Can I export data with passwords ? 2. Can I set default passwords to all my person objects with a script ? 3. Other option ? Thanks a lot in advance ! Regards Gilles _____________________________________________________________________________ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail

4 3

Re: Problem to replace directory entries with ldapmodify
by matthew sporleder 18 Oct '07

18 Oct '07

I've never tried that method of updates, so I really couldn't say. It almost seems like you should try a full delete and then add. I'm putting your reply back on the list so someone else can comment. On 10/18/07, Gessy <gessycaetano(a)gmail.com> wrote: > Hi Matthew, > > > Reading ldif(5) manual, i saw two LDIF types: Entry Records and Change > Records. > LDIF entry records are used to represent directory entries and LDIF change > records are used to represent directory change requests. > > Let me explain with this example: > > Suppose i have on my directory a entry like: > > uid=test,ou=people,dc=example,dc=com > objectClass: account > objectClass: posixAccount > objectClass: SIPIdentity > objectClass: top > uid: test > loginShell: /bin/bash > uidNumber: 600 > gidNumber: 100 > homeDirectory: /home/test > gecos: test > userPassword: {SSHA}nswXaxRGB3jBPNnpYGzRiQrAt6k5eCyr > SIPIdentitySIPURI: sip:00011080@voip.example.com > SIPIdentityServiceLevel: AR > SIPIdentityUserName: 10811080 > SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f > > If i create a LDIF with other password and without SIP attributes like: > > uid=test,ou=people,dc=example,dc=com > objectClass: account > objectClass: posixAccount > objectClass: SIPIdentity > objectClass: top > uid: test > loginShell: /bin/bash > uidNumber: 600 > gidNumber: 100 > homeDirectory: /home/test > gecos: test > userPassword: {SSHA}xLkfk/Lt5F5VG872wEqbC0H5+AlP6bIu > > And using ldapmodify to update the entry with LDIF above, i expect the all > entry be replaced by LDIF data. Am i wrong? > > if i use a Change record LDIF, it would be: > > uid=test,ou=people,dc=example,dc=com > changetype: modify > replace: userPassword > userPassword: {SSHA}xLkfk/Lt5F5VG872wEqbC0H5+AlP6bIu > - > delete: SIPIdentitySIPURI SIPIdentityServiceLevel SIPIdentityUserName > SIPIdentityPassword > SIPIdentitySIPURI: sip:00011080@voip.example.com > SIPIdentityServiceLevel: AR > SIPIdentityUserName: 10811080 > SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f > > But i'd really use the entry record LDIF. > > > thanks a lot > Gessy Jr. > > > > On 10/17/07, matthew sporleder < msporleder(a)gmail.com> wrote: > > On 10/17/07, Gessy < gessycaetano(a)gmail.com> wrote: > > > Hi, > > > > > > I have tried replace entries on ldap directory with ldapmodify, my > server is > > > a gentoo linux running a OpenLDAP 2.3.35, but i realized a strange > behavior. > > > > > > When I try replace a entry with follow LDIF: > > > > > > # Test.ldif - test10 > > > dn: uid=test10,ou=people,dc=ufmg,dc=br > > > objectClass: top > > > objectClass: person > > > objectClass: organizationalPerson > > > objectClass: inetOrgPerson > > > objectClass: eduPerson > > > objectClass: brEduPerson > > > objectClass: posixAccount > > > objectClass: shadowAccount > > > objectClass: ufmgEduPerson > > > objectClass: SIPIdentity > > > eduPersonOrgDN: o=UFMG > > > eduPersonOrgUnitDN: ou=LCC > > > eduPersonAffiliation: employee > > > eduPersonPrimaryAffiliation: employee > > > cn: Test10 > > > givenName: Test > > > sn: 10 > > > mail: test10(a)ufmg.br > > > gecos: CN=Test 10 > > > uidNumber: 136617 > > > gidNumber: 100 > > > homeDirectory: /home/ufmg/test10 > > > loginShell: /bin/bash > > > uid: test10 > > > > > > ldapmodify -x -D"cn=manager,dc=ufmg,dc=br" -W -f test.ldif > > > > > > The LDIF above should replace fully a old entry that contains a SIP > > > attributes with only attributes shown in test.ldif , but it update the > entry > > > and keep the SIP attributes. I don't understant. Can someone help me? > > > > > > ldapsearch -x uid=test10 -LLL > > > dn: uid=test10,ou=people,dc=ufmg,dc=br > > > SIPIdentitySIPURI: sip:xxxxx@aaa.bbb.br > > > SIPIdentityServiceLevel: AR > > > SIPIdentityUserName: 10811080 > > > SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f > > > objectClass: top > > > objectClass: person > > > objectClass: organizationalPerson > > > objectClass: inetOrgPerson > > > objectClass: eduPerson > > > objectClass: brEduPerson > > > objectClass: posixAccount > > > objectClass: shadowAccount > > > objectClass: ufmgEduPerson > > > objectClass: SIPIdentity > > > eduPersonOrgDN: o=UFMG > > > eduPersonOrgUnitDN: ou=LCC > > > eduPersonAffiliation: employee > > > eduPersonPrimaryAffiliation: employee > > > cn: Test10 > > > givenName: Test > > > sn: 10 > > > mail: test10(a)ufmg.br > > > gecos: CN=Test 10 > > > uidNumber: 136617 > > > gidNumber: 100 > > > homeDirectory: /home/ufmg/test10 > > > loginShell: /bin/bash > > > uid: test10 > > > > > > > Do you have a changetype defined somewhere that I'm missing? It looks > > like you want to do a changetype: modify, then add: someattribs, then > > someattribs: somevalues, repeat. > > > > http://tools.ietf.org/html/rfc2849 (see page 10 or so) > >

2 1

Compiling OpenLDAP with static SASL library
by Zohar Lev Shani 18 Oct '07

18 Oct '07

Hello list Has anyone tried compiling OpenLDAP with static SASL library? If so, what were the necessary changes you did (Makefile.in, configure, ...)? Thanks in advance Zohar

2 3

Syncrepl - force replication after replica being down
by Luka 18 Oct '07

18 Oct '07

Hi, haven't been able to find any answers regarding this question. If my replica is shut down and some changes are made to master (inside ou=access,o=example.net, which is set as a searchbase in syncrepl configuration) replica doesn't notice them on startup. Besides that replication works as expected. My syncrepl confifuration: syncrepl rid=2 provider=ldap://10.10.10.10:389 type=refreshAndPersist retry="30 3 60 +" searchbase="ou=access,o=example.net" filter="(objectClass=*)" scope=sub attrs="*,+" schemachecking=off bindmethod=simple binddn="uid=synrep,ou=admin,o=example.net" credentials=password updateref ldap://10.10.10.10 Thank you in advance. Regards, Luka

3 3

push-mode syncrepl and structuralObjectClass
by Alex Bramley 18 Oct '07

18 Oct '07

Hi, I'm setting up push-mode replication using syncrepl and back-ldap as per advice from searching the list archives. The proxy slapd is correctly binding to the slave slapd, and I can see the replication begin to occur, but all the ADD operations are failing with the following result: tag=105 err=19 text=structuralObjectClass: no user modification allowed I've googled around a bit and searched the mailing list archives, but i've not found anything more relevant than this post: http://www.openldap.org/lists/openldap-software/200706/msg00296.html My current proxy and slave configurations are below. Any advice on what I'm doing wrongly or what I need to do to avoid this problem would be greatly appreciated. Many Thanks, Alex ======================================================================== proxy: database ldap suffix "dc=transitives,dc=com" rootdn "cn=jabber,dc=transitives,dc=com" rootpw "" uri ldap://jabber.transitives.com/ tls start idle-timeout 600 network-timeout 10 acl-bind bindmethod=simple binddn="cn=jabber,dc=transitives,dc=com" credentials="" syncrepl rid=051 provider=ldap://ldap-master.transitives.com/ type=refreshAndPersist retry="10 6 60 9 300 +" searchbase="ou=users,dc=transitives,dc=com" scope=sub filter="(objectClass=inetOrgPerson)" schemachecking=on bindmethod=simple binddn="cn=syncjabber,ou=roles,ou=auth,dc=transitives,dc=com" starttls=critical credentials="" ======================================================================== slave: backend bdb database bdb suffix "dc=transitives,dc=com" directory "/var/lib/ldap/db/transitives/" mode 0600 index objectClass,entryCSN,entryUUID pres,eq index cn,sn,uid,displayName pres,eq,sub index givenName,mail pres,eq,sub index default eq,sub lastmod on rootdn "cn=jabber,dc=transitives,dc=com" rootpw "" # ACL's; access to dn.base="" by * read access to * by * read

5 9

Problem to replace directory entries with ldapmodify
by Gessy 17 Oct '07

17 Oct '07

Hi, I have tried replace entries on ldap directory with ldapmodify, my server is a gentoo linux running a OpenLDAP 2.3.35, but i realized a strange behavior. When I try replace a entry with follow LDIF: # Test.ldif - test10 dn: uid=test10,ou=people,dc=ufmg,dc=br objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: eduPerson objectClass: brEduPerson objectClass: posixAccount objectClass: shadowAccount objectClass: ufmgEduPerson objectClass: SIPIdentity eduPersonOrgDN: o=UFMG eduPersonOrgUnitDN: ou=LCC eduPersonAffiliation: employee eduPersonPrimaryAffiliation: employee cn: Test10 givenName: Test sn: 10 mail: test10(a)ufmg.br gecos: CN=Test 10 uidNumber: 136617 gidNumber: 100 homeDirectory: /home/ufmg/test10 loginShell: /bin/bash uid: test10 ldapmodify -x -D"cn=manager,dc=ufmg,dc=br" -W -f test.ldif The LDIF above should replace fully a old entry that contains a SIP attributes with only attributes shown in test.ldif, but it update the entry and keep the SIP attributes. I don't understant. Can someone help me? ldapsearch -x uid=test10 -LLL dn: uid=test10,ou=people,dc=ufmg,dc=br SIPIdentitySIPURI: sip:xxxxx@aaa.bbb.br SIPIdentityServiceLevel: AR SIPIdentityUserName: 10811080 SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: eduPerson objectClass: brEduPerson objectClass: posixAccount objectClass: shadowAccount objectClass: ufmgEduPerson objectClass: SIPIdentity eduPersonOrgDN: o=UFMG eduPersonOrgUnitDN: ou=LCC eduPersonAffiliation: employee eduPersonPrimaryAffiliation: employee cn: Test10 givenName: Test sn: 10 mail: test10(a)ufmg.br gecos: CN=Test 10 uidNumber: 136617 gidNumber: 100 homeDirectory: /home/ufmg/test10 loginShell: /bin/bash uid: test10 Thanks a lot Gessy -- (o< Avoid the Gates of hell! //\ Use GNU Linux. V_/_

3 2

Problems with initial install of OpenLDAP
by Gar Nelson 17 Oct '07

17 Oct '07

I'm working on putting together a new RHEL4 box to serve as our primary Samba server, and I'd like to have OpenLDAP running on it for the userbase backend. I've tried this on and off for several years, but have never been totally successful, and ended up using other options. This time, I'd really like to get it to work. I'm using a howto as a guide that was written specifically for RHEL4 and Samba, http://www.grennan.com/ldap-HOWTO.html (Stalled at step 4.1) I'm at the point where I'm adding my first record, and with success, I should just get a prompt back. Unfortunately, I don't just get a prompt back. Commandline error message: [root@ggw-s-bdc openldap]# ldapadd -a -W -x -D "cn=Manager,dc=ggw,dc=nws,dc=noaa" -f base.ldif Enter LDAP Password: adding new entry "dc=nws,dc=noaa" ldap_add: Server is unwilling to perform (53) additional info: no global superior knowledge Based on this, http://www.openldap.org/faq/data/cache/157.html, I'm guessing that my problem is that I'm adding ggw.nws.noaa before I added nws.noaa, but I'm not sure how to correct my ldif file to indicate that. I used a tool referenced in the howto to automatically generate the base.ldif. From looking at the file, it appears to me like there is a nws.noaa before the ggw.nws.noaa. The reason for me using ggw.nws.noaa is that at some point, we are going to move to AD, and the 'vision' statement for that move has our office using that three segment identifier. I don't know where I'm going wrong here. Thanks for any pointers, Gar Contents of base.ldif: dn: dc=nws,dc=noaa dc: nws objectClass: top objectClass: domain dn: dc=ggw,dc=nws,dc=noaa dc: ggw objectClass: top objectClass: domain dn: ou=Hosts,dc=ggw,dc=nws,dc=noaa ou: Hosts objectClass: top objectClass: organizationalUnit dn: ou=Rpc,dc=ggw,dc=nws,dc=noaa ou: Rpc objectClass: top objectClass: organizationalUnit dn: ou=Services,dc=ggw,dc=nws,dc=noaa ou: Services objectClass: top objectClass: organizationalUnit dn: nisMapName=netgroup.byuser,dc=ggw,dc=nws,dc=noaa nismapname: netgroup.byuser objectClass: top objectClass: nisMap dn: ou=Mounts,dc=ggw,dc=nws,dc=noaa ou: Mounts objectClass: top objectClass: organizationalUnit dn: ou=Networks,dc=ggw,dc=nws,dc=noaa ou: Networks objectClass: top objectClass: organizationalUnit dn: ou=People,dc=ggw,dc=nws,dc=noaa ou: People objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=ggw,dc=nws,dc=noaa ou: Group objectClass: top objectClass: organizationalUnit dn: ou=Netgroup,dc=ggw,dc=nws,dc=noaa ou: Netgroup objectClass: top objectClass: organizationalUnit dn: ou=Protocols,dc=ggw,dc=nws,dc=noaa ou: Protocols objectClass: top objectClass: organizationalUnit dn: ou=Aliases,dc=ggw,dc=nws,dc=noaa ou: Aliases objectClass: top objectClass: organizationalUnit dn: nisMapName=netgroup.byhost,dc=ggw,dc=nws,dc=noaa nismapname: netgroup.byhost objectClass: top objectClass: nisMap Content of slapd.conf: (comments removed) include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema loglevel -1 allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix "dc=ggw,dc=nws,dc=noaa" rootdn "cn=Manager,dc=ggw,dc=nws,dc=noaa" rootpw secret directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq Installed OpenLDAP rpms: openldap-devel-2.2.13-7.4E openldap-2.2.13-7.4E openldap-clients-2.2.13-7.4E openldap-servers-2.2.13-7.4E nss_ldap-226-18 db4-4.2.52-7.1 db4-utils-4.2.52-7.1 db4-devel-4.2.52-7.1 slapd command line: ldap 7785 1 0 10:59 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldap:///

3 3

TLS and syncrepl
by Chad Griewahn 17 Oct '07

17 Oct '07

Is there a way to configure OpenLDAP SLAPD (Linux) syncrepl consumer to always use a TLS based secured connection to it's master provider? The documentation does cover the -Z and-ZZ options as well as the ldap_start_tls_s but I have not been able to make these work from within the SLAPD.conf or LDAP.conf.

2 1

← Newer
1
...
4
5
6
7
8
9
10
11
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software October 2007