openldap-software November 2007

openldap-software@openldap.org

73 participants
92 discussions

Re: Unexpected Attribute Behavior
by Gavin Henry 15 Nov '07

15 Nov '07

<quote who="Kevin Burnett"> > Gavin, Hi, Best keep replies on list for others to benefit. > Sorry for the delay. I have tried the stable version 2.3.38 along with > 2.3.39 and 2.4.6. All of these versions exhibit the same behavior of > the malformed SQL statement. All of the errors only occur with the > three attributes I previously mentioned. OK. > > I also replied to Buchan, letting him know that I had tested on these > versions. What would you suggest I do to further debug the problem? Try setting up a normal 2.3.39 with bdb backend, populate and then test. I have a feeling maybe something is wrong with your schema. Also run slaptest. > > OpenLDAP is a great product and I would use no other. ;-) > > Regards, > > Kevin > > On Nov 12, 2007 12:58 AM, Gavin Henry <ghenry(a)openldap.org> wrote: >> <quote who="Kevin Burnett"> >> > Sorry... >> > >> > slapd version: 2.3.32 >> > on RHEL4 i386 >> >> The usual story applies here, please try with our latest version and get >> back to us. >> >> Gavin. >> >> >> > >> > Thanks, >> > >> > Kevin >> > >> > On Nov 11, 2007 1:17 PM, Gavin Henry <ghenry(a)openldap.org> wrote: >> >> >> >> Kevin Burnett wrote: >> >> > I am implementing an OpenLDAP installation that utilizes >> inetOrgPerson >> >> > as the main user structure with roughly forty attributes that may >> be >> >> > used with each user. Of the forty attributes, I have added a custom >> >> > schema which includes 15 custom attributes. I am using MySQL 5 as >> the >> >> > backend via backsql. >> >> > >> >> > The problem I am seeing is that for a given user, if I write values >> to >> >> > all 40 attributes and then read them back using an LDAP browser, >> three >> >> > of the attributes do not return their values. The three attributes >> >> > are: cn, userPassword, and employeeType. >> >> > >> >> > I have run slapd with the debug level of -1 (all) to capture a >> trace >> >> > of what happens when I read an attribute that correctly returns its >> >> > value and also a trace of reading an attribute that does not return >> >> > its value (cn, userPassword, or employeeType). Comparing the two >> >> > traces, the only appreciable difference between the two is as >> follows, >> >> > which is in the failing trace: >> >> > >> >> > ==>backsql_id2entry() >> >> > backsql_id2entry(): custom attribute list >> >> > ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="employeeType" >> >> keyval=8 >> >> > backsql_get_attr_vals(): error executing attribute count query >> 'SELECT >> >> > COUNT(*) FROM users WHERE users.id=? AND ' >> >> > Return code: -1 >> >> > nativeErrCode=1064 SQLengineState=37000 msg="[MySQL][ODBC 3.51 >> >> > Driver][mysqld-5.0.45-community-log]You have an error in your SQL >> >> > syntax; check the manual that corresponds to your MySQL server >> version >> >> > for the right syntax to use near '' at line 1" >> >> > ==>backsql_get_attr_vals(): oc="inetOrgPerson" attr="objectClass" >> >> keyval=8 >> >> > >> >> > I also set up a MySQL error trace and ran the two attribute reads >> and >> >> > came up with the only appreciable difference being the SQL >> statement, >> >> > as above: >> >> > >> >> > 43 Query SELECT COUNT(*) FROM users WHERE users.id=8 AND >> >> > >> >> > It appears to me that the SQL statement is not being completed for >> >> > some reason, since in the slapd trace where the attribute read is >> >> > successful, the backsql_get_attr_vals(); just prints out, number of >> >> > values in query: 1, followed by, number of values in query: 0, >> >> > followed by the actual data packets containing the value of the >> >> > attribute. >> >> > >> >> > I can provide additional information if needed. I was unable to >> find >> >> > information about this problem on the OpenLDAP site. >> >> > >> >> > Kevin Burnett >> >> >> >> You don't say what slapd version you are using. Please provide the >> >> basics. >> >> >> >> -- >> >> Kind Regards, >> >> >> >> Gavin Henry. >> >> OpenLDAP Engineering Team. >> >> >> >> E ghenry(a)OpenLDAP.org >> >> >> >> Community developed LDAP software. >> >> >> >> http://www.openldap.org/project/ >> >> >> > >> >> >

1 0

pwdCheckQuality and password hashing
by sudhakar 14 Nov '07

14 Nov '07

I'm using pwdCheckQuality to enforce password quality restrictions for the userPassword attribute. In order for this to work the password has to be received on the server end in plain text. Which is fine. But when OpenLDAP stores the password it stores it in plain text (base64 encoded). Is there some overlay that will encrypt the userPassword before storing it? Thanks -sud

3 2

openldap 2.4.6 - cn=config tree
by Jürgen Magin 14 Nov '07

14 Nov '07

Hello list I got openldap 2.4.6 and play around with it. Well i took an old slapd.conf and converted it to an slapd.d directory. So far so good, but when i start ldap server (it works without error message) i can't find the "cn=config" tree in the directory. Do i anything wrong? Did i misunderstand something? Any help will be appreciate. -- Mit freundlichen Grüßen Jürgen Magin ************************************************************** # # # OCTOGON Software Development GmbH # # HRB: 6 2065 Amtsgericht Lampertheim # # http://www.octo-soft.de # # # # Jürgen Magin, Einsteinstr. 11, D 68519 Viernheim # # # # Tel : +49 6204/738353 # # Fax : +49 6204/914875 # # EMail : gaston(a)octo-soft.de # # # **************************************************************

4 7

[back-sql] possible?
by Patai Sangbutsarakum 14 Nov '07

14 Nov '07

Dear Openldaper, I've been trying to develop a tool to automate the migration process from ldap data in flat-file(bdb, gdbm) to back-sql (mysql). I could successfully do it if those data is text/string, but come to the binary; I'm kind of stuck for a while. Is that really possible to store the jpeg/certificate data in mysql tables, and let the openldap retrieve those jpeg/certificate data from mysql correctly? What did I tried? I have the right set of tables because all those text data can be retrieved correctly by slapd. Then, I start using jpegPhoto as the first binary data type. The column for jpegPhoto is defined as LONGBLOB datatype. I tried to inject the tiny jpeg picture directly to that column by php, and pull it back from the table. It works well picture can display. But, with the ldapbrowser (from apache project). I can't retrieve the data back through the ldap way (it said "invalid image"). I try to dump the data to ldif. The ldif totally different from base64 version of that picture file. I'm so desperated right now. Hope this make sense Please Please suggest Patrick

1 0

Root Passwd and Credentials
by Peter Clark 13 Nov '07

13 Nov '07

Hello, I have used slappasswd -s to create an encrypted rootpw, ie. rootpw {SSHA}Rwilfur49jrtPsw7dJJPp5RBoX2f+gHV Can I use this same entry ({SSHA}Rwilfur49jrtPsw7dJJPp5RBoX2f+gHV) in the replication credentials or do I need to put the unencrypted password instead. ie: replica credentials="6202f430d9c9a97da8d041946847643f" or replica credentials="{SSHA}Rwilfur49jrtPsw7dJJPp5RBoX2f+gHV" Thank you for your time. Peter Clark

3 4

Detecting changes in the directory
by Naufal Sheikh 13 Nov '07

13 Nov '07

Hello everyone, Is there anyway to detetct the modifications made and/or addition,subtraction made to directory for a certain period of time without using replication? I will be running openldap on my backup machine for two hours and I am not sure how I can see if there were any changes made during those two hours, so that I can do the same on my production. Regards Naufal

4 3

[Unofficial] OpenLDAP Weekly News Issue 3
by Gavin Henry 13 Nov '07

13 Nov '07

Dear All, The third issue is out: http://blog.suretecsystems.com Summary: - OpenLDAP 2.4.6 community feedback - OpenLDAP 2.4 Admin Guide a success - Update on Google funding progress - Community contribution to OpenLDAP - Selected user issues and solutions discussed Thanks, Gavin. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

Re: Detecting changes in the directory
by Naufal Sheikh 13 Nov '07

13 Nov '07

Yep I was thinking the same thing, but I was wondering if there was any other way! On Nov 13, 2007 2:45 PM, Chuck <chuck.carson(a)gmail.com> wrote: > Im not sure if there is an LDAP specific method but dumping the > directory to a text file before and after, then use diff to compare. > (or use md5 on the ldap database itself) > > -Chuck > > > > On Nov 13, 2007 11:38 AM, Naufal Sheikh <naufalzamir(a)gmail.com> wrote: > > Hello everyone, > > > > Is there anyway to detetct the modifications made and/or > > addition,subtraction made to directory for a certain period of time > > without using replication? I will be running openldap on my backup > > machine for two hours and I am not sure how I can see if there were > > any changes made during those two hours, so that I can do the same on > > my production. > > > > Regards > > Naufal > > >

2 1

Re: Detecting changes in the directory
by Naufal Sheikh 13 Nov '07

13 Nov '07

Well perhaps when we migrate whole infrastrucutre. btw, by just adding the replog fiel directive to slapd.conf, will it lof the changes without it being actually configured for master salve conf. If that is truue, then perhaps I only need to add the directive and then apply that file to my production/ ? On Nov 13, 2007 3:06 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > --On Tuesday, November 13, 2007 3:02 PM -0500 Naufal Sheikh > <naufalzamir(a)gmail.com> wrote: > > > Yep I am prepared for that in worst case scenario! Btw I was reading > > about replication using slurpd, which keeps the record of the changes > > in ldif format. I was wondering if I can do something like that and > > then use the ldif which is produced and apply it to production? > > Yeah, you could do that too. > > You need to upgrade at some point. > > > --Quanah > > > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

1 0

Re: Detecting changes in the directory
by Naufal Sheikh 13 Nov '07

13 Nov '07

Yep I am prepared for that in worst case scenario! Btw I was reading about replication using slurpd, which keeps the record of the changes in ldif format. I was wondering if I can do something like that and then use the ldif which is produced and apply it to production? Regards On Nov 13, 2007 2:57 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > --On Tuesday, November 13, 2007 2:53 PM -0500 Naufal Sheikh > <naufalzamir(a)gmail.com> wrote: > > > its 2.2.20 :( > > Set your backup machine to be read only. ;) > > > --Quanah > > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

2 1

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software November 2007