extended characterset/binary/base64 support
by Naufal Sheikh
Hello,
I used slapcat command to create an ldiff file. Now ehen I am using slapadd
to import that ldiff file into my new server. it cannot parse entries wchih
have an attribute (clientOrg) value in extended
characterset/base64/binary... I am not sure what it is called. In ldiff file
those attribute and attribute values are seperated by double colons, which I
think is also pointing to the fact that the value is a extended character
set.
The original ldap server is running fine. Do i need to compile my new ldap
server with some additional support module, or is their any option with
slapaddd which I can use to convert the enrties in ldiff or some thing.....
If some can pleae point me to the right direction. I have been reading many
emails and articles, but I am still not sure what to do.
Thanks and Regards
Naufal
15 years, 11 months
syntax
by Richard smith
Many thanks in advance.
ldap_add returned invalid syntax (21)
FAQ lists the following
extraneous white space (especially trailing white space)
improperly encoded characters (LDAPv3 uses UTF-8 encoded Unicode)
empty values (few syntaxes allow empty values)
Not sure how to proceed. Doesn't look like there are any trailing white spaces
or empty values.
Also, if I try to login, it seems to know if the correct password is given but
then just closes the connection. I'm guessing this may be because all of the
ldif file has not been added yet.
slapd.log
date time server slapd[psid]: conn=1 op=14 ADD
dn="cn=config,dc=server,dc=name,dc=example,dc=com"
date time server slapd[psid]: conn=1 op=14 RESULT
tag=105 err=21 text=objectClass: value #0 invalid per syntax
The messages log also included messages as follows:
Invalid legacy unicast query packet.
Recieved repsonse with invalid source port 2734 on interface 'eth0.0'
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
15 years, 11 months
Export/Import LDAP database with passwords
by Gilles Schlienger
Hi,
I would like to export an existing Openldap database on a local new Openldap install?
I exported the data in an LDIF file, but it does not contain the passwords
What are my options ?
1. Can I export data with passwords ?
2. Can I set default passwords to all my person objects with a script ?
3. Other option ?
Thanks a lot in advance !
Regards
Gilles
_____________________________________________________________________________
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail
15 years, 11 months
Re: Problem to replace directory entries with ldapmodify
by matthew sporleder
I've never tried that method of updates, so I really couldn't say. It
almost seems like you should try a full delete and then add. I'm
putting your reply back on the list so someone else can comment.
On 10/18/07, Gessy <gessycaetano(a)gmail.com> wrote:
> Hi Matthew,
>
>
> Reading ldif(5) manual, i saw two LDIF types: Entry Records and Change
> Records.
> LDIF entry records are used to represent directory entries and LDIF change
> records are used to represent directory change requests.
>
> Let me explain with this example:
>
> Suppose i have on my directory a entry like:
>
> uid=test,ou=people,dc=example,dc=com
> objectClass: account
> objectClass: posixAccount
> objectClass: SIPIdentity
> objectClass: top
> uid: test
> loginShell: /bin/bash
> uidNumber: 600
> gidNumber: 100
> homeDirectory: /home/test
> gecos: test
> userPassword: {SSHA}nswXaxRGB3jBPNnpYGzRiQrAt6k5eCyr
> SIPIdentitySIPURI: sip:00011080@voip.example.com
> SIPIdentityServiceLevel: AR
> SIPIdentityUserName: 10811080
> SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f
>
> If i create a LDIF with other password and without SIP attributes like:
>
> uid=test,ou=people,dc=example,dc=com
> objectClass: account
> objectClass: posixAccount
> objectClass: SIPIdentity
> objectClass: top
> uid: test
> loginShell: /bin/bash
> uidNumber: 600
> gidNumber: 100
> homeDirectory: /home/test
> gecos: test
> userPassword: {SSHA}xLkfk/Lt5F5VG872wEqbC0H5+AlP6bIu
>
> And using ldapmodify to update the entry with LDIF above, i expect the all
> entry be replaced by LDIF data. Am i wrong?
>
> if i use a Change record LDIF, it would be:
>
> uid=test,ou=people,dc=example,dc=com
> changetype: modify
> replace: userPassword
> userPassword: {SSHA}xLkfk/Lt5F5VG872wEqbC0H5+AlP6bIu
> -
> delete: SIPIdentitySIPURI SIPIdentityServiceLevel SIPIdentityUserName
> SIPIdentityPassword
> SIPIdentitySIPURI: sip:00011080@voip.example.com
> SIPIdentityServiceLevel: AR
> SIPIdentityUserName: 10811080
> SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f
>
> But i'd really use the entry record LDIF.
>
>
> thanks a lot
> Gessy Jr.
>
>
>
> On 10/17/07, matthew sporleder < msporleder(a)gmail.com> wrote:
> > On 10/17/07, Gessy < gessycaetano(a)gmail.com> wrote:
> > > Hi,
> > >
> > > I have tried replace entries on ldap directory with ldapmodify, my
> server is
> > > a gentoo linux running a OpenLDAP 2.3.35, but i realized a strange
> behavior.
> > >
> > > When I try replace a entry with follow LDIF:
> > >
> > > # Test.ldif - test10
> > > dn: uid=test10,ou=people,dc=ufmg,dc=br
> > > objectClass: top
> > > objectClass: person
> > > objectClass: organizationalPerson
> > > objectClass: inetOrgPerson
> > > objectClass: eduPerson
> > > objectClass: brEduPerson
> > > objectClass: posixAccount
> > > objectClass: shadowAccount
> > > objectClass: ufmgEduPerson
> > > objectClass: SIPIdentity
> > > eduPersonOrgDN: o=UFMG
> > > eduPersonOrgUnitDN: ou=LCC
> > > eduPersonAffiliation: employee
> > > eduPersonPrimaryAffiliation: employee
> > > cn: Test10
> > > givenName: Test
> > > sn: 10
> > > mail: test10(a)ufmg.br
> > > gecos: CN=Test 10
> > > uidNumber: 136617
> > > gidNumber: 100
> > > homeDirectory: /home/ufmg/test10
> > > loginShell: /bin/bash
> > > uid: test10
> > >
> > > ldapmodify -x -D"cn=manager,dc=ufmg,dc=br" -W -f test.ldif
> > >
> > > The LDIF above should replace fully a old entry that contains a SIP
> > > attributes with only attributes shown in test.ldif , but it update the
> entry
> > > and keep the SIP attributes. I don't understant. Can someone help me?
> > >
> > > ldapsearch -x uid=test10 -LLL
> > > dn: uid=test10,ou=people,dc=ufmg,dc=br
> > > SIPIdentitySIPURI: sip:xxxxx@aaa.bbb.br
> > > SIPIdentityServiceLevel: AR
> > > SIPIdentityUserName: 10811080
> > > SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f
> > > objectClass: top
> > > objectClass: person
> > > objectClass: organizationalPerson
> > > objectClass: inetOrgPerson
> > > objectClass: eduPerson
> > > objectClass: brEduPerson
> > > objectClass: posixAccount
> > > objectClass: shadowAccount
> > > objectClass: ufmgEduPerson
> > > objectClass: SIPIdentity
> > > eduPersonOrgDN: o=UFMG
> > > eduPersonOrgUnitDN: ou=LCC
> > > eduPersonAffiliation: employee
> > > eduPersonPrimaryAffiliation: employee
> > > cn: Test10
> > > givenName: Test
> > > sn: 10
> > > mail: test10(a)ufmg.br
> > > gecos: CN=Test 10
> > > uidNumber: 136617
> > > gidNumber: 100
> > > homeDirectory: /home/ufmg/test10
> > > loginShell: /bin/bash
> > > uid: test10
> > >
> >
> > Do you have a changetype defined somewhere that I'm missing? It looks
> > like you want to do a changetype: modify, then add: someattribs, then
> > someattribs: somevalues, repeat.
> >
> > http://tools.ietf.org/html/rfc2849 (see page 10 or so)
> >
15 years, 11 months
Compiling OpenLDAP with static SASL library
by Zohar Lev Shani
Hello list
Has anyone tried compiling OpenLDAP with static SASL library?
If so, what were the necessary changes you did (Makefile.in, configure, ...)?
Thanks in advance
Zohar
15 years, 11 months
Syncrepl - force replication after replica being down
by Luka
Hi,
haven't been able to find any answers regarding this question. If my replica
is shut down and some changes are made to master (inside ou=access,o=example.net,
which is set as a searchbase in syncrepl configuration) replica doesn't notice
them on startup. Besides that replication works as expected.
My syncrepl confifuration:
syncrepl rid=2
provider=ldap://10.10.10.10:389
type=refreshAndPersist
retry="30 3 60 +"
searchbase="ou=access,o=example.net"
filter="(objectClass=*)"
scope=sub
attrs="*,+"
schemachecking=off
bindmethod=simple
binddn="uid=synrep,ou=admin,o=example.net"
credentials=password
updateref ldap://10.10.10.10
Thank you in advance.
Regards, Luka
15 years, 11 months
push-mode syncrepl and structuralObjectClass
by Alex Bramley
Hi,
I'm setting up push-mode replication using syncrepl and back-ldap as per
advice from searching the list archives. The proxy slapd is correctly
binding to the slave slapd, and I can see the replication begin to
occur, but all the ADD operations are failing with the following result:
tag=105 err=19 text=structuralObjectClass: no user modification allowed
I've googled around a bit and searched the mailing list archives, but
i've not found anything more relevant than this post:
http://www.openldap.org/lists/openldap-software/200706/msg00296.html
My current proxy and slave configurations are below.
Any advice on what I'm doing wrongly or what I need to do to avoid this
problem would be greatly appreciated.
Many Thanks,
Alex
========================================================================
proxy:
database ldap
suffix "dc=transitives,dc=com"
rootdn "cn=jabber,dc=transitives,dc=com"
rootpw ""
uri ldap://jabber.transitives.com/
tls start
idle-timeout 600
network-timeout 10
acl-bind bindmethod=simple
binddn="cn=jabber,dc=transitives,dc=com"
credentials=""
syncrepl rid=051
provider=ldap://ldap-master.transitives.com/
type=refreshAndPersist
retry="10 6 60 9 300 +"
searchbase="ou=users,dc=transitives,dc=com"
scope=sub
filter="(objectClass=inetOrgPerson)"
schemachecking=on
bindmethod=simple
binddn="cn=syncjabber,ou=roles,ou=auth,dc=transitives,dc=com"
starttls=critical
credentials=""
========================================================================
slave:
backend bdb
database bdb
suffix "dc=transitives,dc=com"
directory "/var/lib/ldap/db/transitives/"
mode 0600
index objectClass,entryCSN,entryUUID pres,eq
index cn,sn,uid,displayName pres,eq,sub
index givenName,mail pres,eq,sub
index default eq,sub
lastmod on
rootdn "cn=jabber,dc=transitives,dc=com"
rootpw ""
# ACL's;
access to dn.base="" by * read
access to * by * read
15 years, 11 months
Problem to replace directory entries with ldapmodify
by Gessy
Hi,
I have tried replace entries on ldap directory with ldapmodify, my server is
a gentoo linux running a OpenLDAP 2.3.35, but i realized a strange behavior.
When I try replace a entry with follow LDIF:
# Test.ldif - test10
dn: uid=test10,ou=people,dc=ufmg,dc=br
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: eduPerson
objectClass: brEduPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: ufmgEduPerson
objectClass: SIPIdentity
eduPersonOrgDN: o=UFMG
eduPersonOrgUnitDN: ou=LCC
eduPersonAffiliation: employee
eduPersonPrimaryAffiliation: employee
cn: Test10
givenName: Test
sn: 10
mail: test10(a)ufmg.br
gecos: CN=Test 10
uidNumber: 136617
gidNumber: 100
homeDirectory: /home/ufmg/test10
loginShell: /bin/bash
uid: test10
ldapmodify -x -D"cn=manager,dc=ufmg,dc=br" -W -f test.ldif
The LDIF above should replace fully a old entry that contains a SIP
attributes with only attributes shown in test.ldif, but it update the entry
and keep the SIP attributes. I don't understant. Can someone help me?
ldapsearch -x uid=test10 -LLL
dn: uid=test10,ou=people,dc=ufmg,dc=br
SIPIdentitySIPURI: sip:xxxxx@aaa.bbb.br
SIPIdentityServiceLevel: AR
SIPIdentityUserName: 10811080
SIPIdentityPassword: 8997e7a13ff2641ae6142f05b41efd6f
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: eduPerson
objectClass: brEduPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: ufmgEduPerson
objectClass: SIPIdentity
eduPersonOrgDN: o=UFMG
eduPersonOrgUnitDN: ou=LCC
eduPersonAffiliation: employee
eduPersonPrimaryAffiliation: employee
cn: Test10
givenName: Test
sn: 10
mail: test10(a)ufmg.br
gecos: CN=Test 10
uidNumber: 136617
gidNumber: 100
homeDirectory: /home/ufmg/test10
loginShell: /bin/bash
uid: test10
Thanks a lot
Gessy
--
(o< Avoid the Gates of hell!
//\ Use GNU Linux.
V_/_
15 years, 11 months
Problems with initial install of OpenLDAP
by Gar Nelson
I'm working on putting together a new RHEL4 box to serve as our primary
Samba server, and I'd like to have OpenLDAP running on it for the
userbase backend. I've tried this on and off for several years, but
have never been totally successful, and ended up using other options.
This time, I'd really like to get it to work.
I'm using a howto as a guide that was written specifically for RHEL4 and
Samba, http://www.grennan.com/ldap-HOWTO.html (Stalled at step 4.1)
I'm at the point where I'm adding my first record, and with success, I
should just get a prompt back. Unfortunately, I don't just get a prompt
back.
Commandline error message:
[root@ggw-s-bdc openldap]# ldapadd -a -W -x -D
"cn=Manager,dc=ggw,dc=nws,dc=noaa" -f base.ldif
Enter LDAP Password:
adding new entry "dc=nws,dc=noaa"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
Based on this, http://www.openldap.org/faq/data/cache/157.html, I'm
guessing that my problem is that I'm adding ggw.nws.noaa before I added
nws.noaa, but I'm not sure how to correct my ldif file to indicate that.
I used a tool referenced in the howto to automatically generate the
base.ldif. From looking at the file, it appears to me like there is a
nws.noaa before the ggw.nws.noaa.
The reason for me using ggw.nws.noaa is that at some point, we are going
to move to AD, and the 'vision' statement for that move has our office
using that three segment identifier.
I don't know where I'm going wrong here.
Thanks for any pointers,
Gar
Contents of base.ldif:
dn: dc=nws,dc=noaa
dc: nws
objectClass: top
objectClass: domain
dn: dc=ggw,dc=nws,dc=noaa
dc: ggw
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=ggw,dc=nws,dc=noaa
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=ggw,dc=nws,dc=noaa
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=ggw,dc=nws,dc=noaa
ou: Services
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byuser,dc=ggw,dc=nws,dc=noaa
nismapname: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=ggw,dc=nws,dc=noaa
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=ggw,dc=nws,dc=noaa
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=ggw,dc=nws,dc=noaa
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=ggw,dc=nws,dc=noaa
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=ggw,dc=nws,dc=noaa
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=ggw,dc=nws,dc=noaa
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=ggw,dc=nws,dc=noaa
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byhost,dc=ggw,dc=nws,dc=noaa
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap
Content of slapd.conf: (comments removed)
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
loglevel -1
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix "dc=ggw,dc=nws,dc=noaa"
rootdn "cn=Manager,dc=ggw,dc=nws,dc=noaa"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
Installed OpenLDAP rpms:
openldap-devel-2.2.13-7.4E
openldap-2.2.13-7.4E
openldap-clients-2.2.13-7.4E
openldap-servers-2.2.13-7.4E
nss_ldap-226-18
db4-4.2.52-7.1
db4-utils-4.2.52-7.1
db4-devel-4.2.52-7.1
slapd command line:
ldap 7785 1 0 10:59 ? 00:00:00 /usr/sbin/slapd -u ldap
-h ldap:///
15 years, 11 months
TLS and syncrepl
by Chad Griewahn
Is there a way to configure OpenLDAP SLAPD (Linux) syncrepl consumer to always use a TLS based secured connection to it's master provider? The documentation does cover the -Z and-ZZ options as well as the ldap_start_tls_s but I have not been able to make these work from within the SLAPD.conf or LDAP.conf.
15 years, 11 months
