Re: Unexpected Attribute Behavior
by Gavin Henry
<quote who="Kevin Burnett">
> Gavin,
Hi,
Best keep replies on list for others to benefit.
> Sorry for the delay. I have tried the stable version 2.3.38 along with
> 2.3.39 and 2.4.6. All of these versions exhibit the same behavior of
> the malformed SQL statement. All of the errors only occur with the
> three attributes I previously mentioned.
OK.
>
> I also replied to Buchan, letting him know that I had tested on these
> versions. What would you suggest I do to further debug the problem?
Try setting up a normal 2.3.39 with bdb backend, populate and then test. I
have a feeling maybe something is wrong with your schema. Also run
slaptest.
>
> OpenLDAP is a great product and I would use no other.
;-)
>
> Regards,
>
> Kevin
>
> On Nov 12, 2007 12:58 AM, Gavin Henry <ghenry(a)openldap.org> wrote:
>> <quote who="Kevin Burnett">
>> > Sorry...
>> >
>> > slapd version: 2.3.32
>> > on RHEL4 i386
>>
>> The usual story applies here, please try with our latest version and get
>> back to us.
>>
>> Gavin.
>>
>>
>> >
>> > Thanks,
>> >
>> > Kevin
>> >
>> > On Nov 11, 2007 1:17 PM, Gavin Henry <ghenry(a)openldap.org> wrote:
>> >>
>> >> Kevin Burnett wrote:
>> >> > I am implementing an OpenLDAP installation that utilizes
>> inetOrgPerson
>> >> > as the main user structure with roughly forty attributes that may
>> be
>> >> > used with each user. Of the forty attributes, I have added a custom
>> >> > schema which includes 15 custom attributes. I am using MySQL 5 as
>> the
>> >> > backend via backsql.
>> >> >
>> >> > The problem I am seeing is that for a given user, if I write values
>> to
>> >> > all 40 attributes and then read them back using an LDAP browser,
>> three
>> >> > of the attributes do not return their values. The three attributes
>> >> > are: cn, userPassword, and employeeType.
>> >> >
>> >> > I have run slapd with the debug level of -1 (all) to capture a
>> trace
>> >> > of what happens when I read an attribute that correctly returns its
>> >> > value and also a trace of reading an attribute that does not return
>> >> > its value (cn, userPassword, or employeeType). Comparing the two
>> >> > traces, the only appreciable difference between the two is as
>> follows,
>> >> > which is in the failing trace:
>> >> >
>> >> > ==>backsql_id2entry()
>> >> > backsql_id2entry(): custom attribute list
>> >> > ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="employeeType"
>> >> keyval=8
>> >> > backsql_get_attr_vals(): error executing attribute count query
>> 'SELECT
>> >> > COUNT(*) FROM users WHERE users.id=? AND '
>> >> > Return code: -1
>> >> > nativeErrCode=1064 SQLengineState=37000 msg="[MySQL][ODBC 3.51
>> >> > Driver][mysqld-5.0.45-community-log]You have an error in your SQL
>> >> > syntax; check the manual that corresponds to your MySQL server
>> version
>> >> > for the right syntax to use near '' at line 1"
>> >> > ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="objectClass"
>> >> keyval=8
>> >> >
>> >> > I also set up a MySQL error trace and ran the two attribute reads
>> and
>> >> > came up with the only appreciable difference being the SQL
>> statement,
>> >> > as above:
>> >> >
>> >> > 43 Query SELECT COUNT(*) FROM users WHERE users.id=8 AND
>> >> >
>> >> > It appears to me that the SQL statement is not being completed for
>> >> > some reason, since in the slapd trace where the attribute read is
>> >> > successful, the backsql_get_attr_vals(); just prints out, number of
>> >> > values in query: 1, followed by, number of values in query: 0,
>> >> > followed by the actual data packets containing the value of the
>> >> > attribute.
>> >> >
>> >> > I can provide additional information if needed. I was unable to
>> find
>> >> > information about this problem on the OpenLDAP site.
>> >> >
>> >> > Kevin Burnett
>> >>
>> >> You don't say what slapd version you are using. Please provide the
>> >> basics.
>> >>
>> >> --
>> >> Kind Regards,
>> >>
>> >> Gavin Henry.
>> >> OpenLDAP Engineering Team.
>> >>
>> >> E ghenry(a)OpenLDAP.org
>> >>
>> >> Community developed LDAP software.
>> >>
>> >> http://www.openldap.org/project/
>> >>
>> >
>>
>>
>
14 years
pwdCheckQuality and password hashing
by sudhakar
I'm using pwdCheckQuality to enforce password quality restrictions for
the userPassword attribute. In order for this to work the password has
to be received on the server end in plain text. Which is fine. But when
OpenLDAP stores the password it stores it in plain text (base64 encoded).
Is there some overlay that will encrypt the userPassword before storing it?
Thanks
-sud
14 years
openldap 2.4.6 - cn=config tree
by Jürgen Magin
Hello list
I got openldap 2.4.6 and play around with it.
Well i took an old slapd.conf and converted it to an slapd.d directory.
So far so good, but when i start ldap server (it works without error
message)
i can't find the "cn=config" tree in the directory.
Do i anything wrong? Did i misunderstand something?
Any help will be appreciate.
--
Mit freundlichen Grüßen
Jürgen Magin
**************************************************************
# #
# OCTOGON Software Development GmbH #
# HRB: 6 2065 Amtsgericht Lampertheim #
# http://www.octo-soft.de #
# #
# Jürgen Magin, Einsteinstr. 11, D 68519 Viernheim #
# #
# Tel : +49 6204/738353 #
# Fax : +49 6204/914875 #
# EMail : gaston(a)octo-soft.de #
# #
**************************************************************
14 years
[back-sql] possible?
by Patai Sangbutsarakum
Dear Openldaper,
I've been trying to develop a tool to automate the migration process
from ldap data in flat-file(bdb, gdbm) to back-sql (mysql).
I could successfully do it if those data is text/string, but
come to the binary; I'm kind of stuck for a while.
Is that really possible to store the jpeg/certificate data in mysql
tables, and let
the openldap retrieve those jpeg/certificate data from mysql correctly?
What did I tried?
I have the right set of tables because all those text data can be
retrieved correctly by slapd.
Then, I start using jpegPhoto as the first binary data type.
The column for jpegPhoto is defined as LONGBLOB datatype.
I tried to inject the tiny jpeg picture directly to that column by php,
and pull it back from the table. It works well picture can display.
But, with the ldapbrowser (from apache project). I can't retrieve the
data back through the ldap way (it said "invalid image").
I try to dump the data to ldif. The ldif totally different from base64
version of that picture file.
I'm so desperated right now.
Hope this make sense
Please Please suggest
Patrick
14 years
Root Passwd and Credentials
by Peter Clark
Hello,
I have used slappasswd -s to create an encrypted rootpw, ie.
rootpw {SSHA}Rwilfur49jrtPsw7dJJPp5RBoX2f+gHV
Can I use this same entry ({SSHA}Rwilfur49jrtPsw7dJJPp5RBoX2f+gHV) in
the replication credentials or do I need to put the unencrypted password
instead. ie:
replica credentials="6202f430d9c9a97da8d041946847643f"
or
replica credentials="{SSHA}Rwilfur49jrtPsw7dJJPp5RBoX2f+gHV"
Thank you for your time.
Peter Clark
14 years
Detecting changes in the directory
by Naufal Sheikh
Hello everyone,
Is there anyway to detetct the modifications made and/or
addition,subtraction made to directory for a certain period of time
without using replication? I will be running openldap on my backup
machine for two hours and I am not sure how I can see if there were
any changes made during those two hours, so that I can do the same on
my production.
Regards
Naufal
14 years
Re: Detecting changes in the directory
by Naufal Sheikh
Yep I was thinking the same thing, but I was wondering if there was
any other way!
On Nov 13, 2007 2:45 PM, Chuck <chuck.carson(a)gmail.com> wrote:
> Im not sure if there is an LDAP specific method but dumping the
> directory to a text file before and after, then use diff to compare.
> (or use md5 on the ldap database itself)
>
> -Chuck
>
>
>
> On Nov 13, 2007 11:38 AM, Naufal Sheikh <naufalzamir(a)gmail.com> wrote:
> > Hello everyone,
> >
> > Is there anyway to detetct the modifications made and/or
> > addition,subtraction made to directory for a certain period of time
> > without using replication? I will be running openldap on my backup
> > machine for two hours and I am not sure how I can see if there were
> > any changes made during those two hours, so that I can do the same on
> > my production.
> >
> > Regards
> > Naufal
> >
>
14 years
Re: Detecting changes in the directory
by Naufal Sheikh
Well perhaps when we migrate whole infrastrucutre. btw, by just adding
the replog fiel directive to slapd.conf, will it lof the changes
without it being actually configured for master salve conf. If that is
truue, then perhaps I only need to add the directive and then apply
that file to my production/ ?
On Nov 13, 2007 3:06 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
> --On Tuesday, November 13, 2007 3:02 PM -0500 Naufal Sheikh
> <naufalzamir(a)gmail.com> wrote:
>
> > Yep I am prepared for that in worst case scenario! Btw I was reading
> > about replication using slurpd, which keeps the record of the changes
> > in ldif format. I was wondering if I can do something like that and
> > then use the ldif which is produced and apply it to production?
>
> Yeah, you could do that too.
>
> You need to upgrade at some point.
>
>
> --Quanah
>
>
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
14 years
Re: Detecting changes in the directory
by Naufal Sheikh
Yep I am prepared for that in worst case scenario! Btw I was reading
about replication using slurpd, which keeps the record of the changes
in ldif format. I was wondering if I can do something like that and
then use the ldif which is produced and apply it to production?
Regards
On Nov 13, 2007 2:57 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
> --On Tuesday, November 13, 2007 2:53 PM -0500 Naufal Sheikh
> <naufalzamir(a)gmail.com> wrote:
>
> > its 2.2.20 :(
>
> Set your backup machine to be read only. ;)
>
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
14 years
