openldap-software December 2007

openldap-software@openldap.org

75 participants
90 discussions

[Fwd: Can't compile OpenLDAP with Berkekey DB: File format not recognized]
by Gavin Henry 19 Dec '07

19 Dec '07

>> What arch are you on again? Also, try with 2.4.7. > > I don't recall ever seeing any post from ben(a)fallinganvils.com. Perhaps > it were best, were you to quote the whole post from OP for cases where > we mortals have to await the adjudicator's arise from slumber. > > Best, > > --Tonni > > -- > Tony Earnshaw > Email: tonni at hetnet dot nl > See below. It was actually sent to -bugs, but I brought over to -software for this e-mail. Gavin. ---------------------------- Original Message ---------------------------- Subject: Can't compile OpenLDAP with Berkekey DB: File format not recognized From: ben(a)fallinganvils.com Date: Wed, November 28, 2007 10:41 pm To: openldap-bugs(a)openldap.org -------------------------------------------------------------------------- This is my first openldap install. I am installing by compiling from source on a debian box logged in as myself in my home directory. Berkeley DB is not installed systemwide. LDAP libraries are installed systemwide, but I want to install the whole openldap tarball in my home directory and use that/run an ldap server etc. Only libraries are installed systemwide. No ldap server software is installed systemwide. I do have root access, but I don't think I should need it. If I can get it installed under /home/ben, after some experimentation, I'll install it in /home/openldap after creating an openldap user. I don't know what the debian system uses the ldap libraries it came with for, but I should be able to use my own local version without dealing with that I would think. This is what I do : 1) Install Berkeley DB 4.6.21 in /home/ben/opt/bdb $ cd db-4.6.21/build_unix $ ../dist/configure --prefix=/home/ben/opt/bdb $ make && make install $ export LD_RUN_PATH=/home/ben/opt/bdb/lib $ export CPPFLAGS='-I /home/ben/opt/bdb/include' $ export LDFLAGS='-L /home/ben/opt/bdb/lib' $ cd 2) Install OpenLDAP $ cd openldap-2.4.6 $ ./configure --prefix=/home/ben/opt/openldap $ make depend $ make Making all in /home/ben/src/openldap/openldap-2.4.6 Entering subdirectory include make[1]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/include' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/include' Entering subdirectory libraries make[1]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/libraries' Making all in /home/ben/src/openldap/openldap-2.4.6/libraries Entering subdirectory liblutil make[2]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/libraries/liblutil' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/libraries/liblutil' Entering subdirectory liblber make[2]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/libraries/liblber' /bin/sh ../..//libtool --mode=link cc -static -g -O2 -L /home/ben/opt/bdb/lib -o dtest dtest.o liblber.la ../../libraries/liblutil/liblutil.a -lresolv cc -g -O2 /home/ben/opt/bdb/lib -o dtest dtest.o -L/home/ben/src/openldap/openldap-2.4.6/libraries/liblber ./.libs/liblber.a ../../libraries/liblutil/liblutil.a -lresolv /usr/bin/ld: /home/ben/opt/bdb/lib: No such file: File format not recognized collect2: ld returned 1 exit status make[2]: *** [dtest] Error 1 make[2]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/libraries/liblber' make[1]: *** [all-common] Error 1 make[1]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/libraries' make: *** [all-common] Error 1 3) Let's investigate: $ ls /home/ben/opt/bdb bin docs include lib $ ls -l /home/ben/opt/bdb/lib -rw-r--r-- 1 ben ben 1571838 Nov 28 21:44 libdb-4.6.a -rw-r--r-- 1 ben ben 813 Nov 28 21:44 libdb-4.6.la -rwxr-xr-x 1 ben ben 1248813 Nov 28 21:44 libdb-4.6.so lrwxrwxrwx 1 ben ben 12 Nov 28 21:44 libdb-4.so -> libdb-4.6.so -rw-r--r-- 1 ben ben 1571838 Nov 28 21:44 libdb.a lrwxrwxrwx 1 ben ben 12 Nov 28 21:44 libdb.so -> libdb-4.6.so $ vi libdb-4.6.a The first bit looks like: !<arch> / 1196286289 0 0 0 27970 ` ^@^@^E0^@^@m\xea^@^@m\xea^@^@m\xea^@^@m\xea^@^@u"^@^@ Not sure what that means, but someone might... $ vi libdb-4.so The first bit looks like: ^?ELF^A^A^A^@^@^@^@^@^@^@^@^@^C^@^C^@^A^@^@^@\xf0i^A^@4^@^@^@x\xde^Q^@^@^@^@^@4^ @ ^@^D^@(^@^_^@^\^@^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@\xe8\x85^Q^@\xe8 Hey! more nonsense, but ELF is familiar and seems like a plausable for a linux library... I also get this error with openldap-2.3.39 and db-4.5.20 I could not use openldap-2.3.39 with db-4.6.21 because I get incompatible version. The configure scripts looks for db versions 4.2 though 4.5 and spits out that error otherwise. Anyway, thanks for any help.

4 3

Re: Can't compile OpenLDAP with Berkekey DB: File format not recognized
by Gavin Henry 19 Dec '07

19 Dec '07

<quote who="ben(a)fallinganvils.com"> > On Thu, Dec 06, 2007 at 10:21:50PM +0000, Gavin Henry wrote: >> >> Any luck? >> > > Nope. Sorry. > What arch are you on again? Also, try with 2.4.7.

2 1

ldapsearch in openldap problem
by Jyotishmaan Ray 19 Dec '07

19 Dec '07

Plz see below the output of ldapsearch using -x and -D options:- Please find enclosed the slapd.conf and /etc/ldap.conf files herewith in text format. Please let me know why i am getting these errors. Had been trying since a few months for successful authentication. studied gssapi,sasl, etc types of authentication mechanisms. It seems no ways other than this list for deep insights into ldapsearch and then sucessful authentication!! 1) [root@authdns openldap]# ldapsearch -D 'dc=nits,dc=ac,dc=in' '(uid=jmaan*)' SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database [root@authdns openldap]# 2) When ldapsearch is used with -x -b the output is shown as below:- [root@authdns openldap]# ldapsearch -x -b 'dc=nits,dc=ac,dc=in' '(uid=jmaan*)' # extended LDIF # # LDAPv3 # base <dc=nits,dc=ac,dc=in> with scope subtree # filter: (uid=jmaan*) # requesting: ALL # # jmaan, non-teach, compcen, nits.ac.in dn: uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in uid: jmaan cn: jmaan objectClass: account objectClass: posixAccount loginShell: /bin/bash uidNumber: 623 gidNumber: 623 homeDirectory: /home/jmaan # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 In the below output, i have tried using the "Manager"'s password as well as "uid"'s password to lon on to the server, but in both the cases, the authentication could not be successful:- [root@authdns ~]# ldapsearch -b 'dc=nits,dc=ac,dc=in' '(uid=jmaan*)' SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database [root@authdns ~]# The output of ldapwhoami command is as shown below with -x and -D options:- [root@authdns openldap]# ldapwhoami -D "cn=Manager,dc=nits,dc=ac,dc=in " -W Enter LDAP Password: SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database [root@authdns openldap]# ldapwhoami -x -D "cn=Manager,dc=nits,dc=ac,dc=in " -W Enter LDAP Password: dn:cn=Manager,dc=nits,dc=ac,dc=in Result: Success (0) [root@authdns openldap]# [root@authdns openldap]# ldapwhoami -x "cn=Manager,dc=nits,dc=ac,dc=in " anonymous Result: Success (0) [root@authdns openldap]# Is it necessary to create a userid and a password in the sasldb using saslpasswd2 :- Though i created a saslpasswd2 for the user "jmaan" for performing the ldapsearch, without using -x, it is yet not successful. Please give me hints why it is as such unsuccessful and shown above, without std output from the console. One more thind my ldap server is on Linux fedora o.s. Thanking you in anticipation, Jyotishmaan With Thanks and Regards, Jyotishmaan Ray Moderator Of Paradise Groups http://yahoogroups.com/group/Spirituality-Paradise Are You Spiritually Aware !!! Are You Enjoying Yourself !!! See What All You Had Been Missing !!!! Please Join Immediately By Sending A Blank Mail @ Spirituality-Paradise-subscribe(a)yahoogroups.com ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

1 0

Setting timeouts in OpenLDAP
by Dave Horsfall 18 Dec '07

18 Dec '07

2.3.36 on FreeBSD 6.2-STABLE. We have a need for the client to detect a hung server, so I thought I'd try something like this, called before each new connection: struct timeval tv; tv.tv_sec = 5; tv.tv_usec = 0; ldap_set_option(ld, LDAP_OPT_TIMEOUT, &tv); ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv); (In the actual code I do test for errors.) I then ran "nc -l 389" to simulate a hung server, and issued a search against it, but it never times out. Attaching to the client with GDB and getting a back-trace shows this: (gdb) bt #0 0x28180873 in poll () from /lib/libc.so.6 #1 0x280dfca9 in ldap_int_select () from /usr/local/lib/libldap-2.3.so.2 #2 0x280d00d0 in ldap_result () from /usr/local/lib/libldap-2.3.so.2 #3 0x280d155b in ldap_search_s () from /usr/local/lib/libldap-2.3.so.2 #4 0x08049d50 in getporthost (app=0xbfbfe944 "fgh", portnum=0xbfbfe7d8, host=0x804b520 "") at getporthost.c:200 #5 0x08048e8c in main (c=1, v=0xbfbfe840) at main.c:50 Do timeouts actually work? If so, what have I misunderstood? -- Dave Horsfall DTM VK2KFU Ph: +61 2 9552-5509 (direct) +61 2 9552-5500 (switch) Corinthian Eng'ng P/L, Ste 54 Jones Bay Whf, 26-32 Pirrama Rd, Pyrmont 2009, AU

4 4

authorization problems w/ SSHA and CRYPT-ed paswords
by юрка олейников 18 Dec '07

18 Dec '07

i have an openldap 2.2.13 (CentOS). the LDAP DB contains uses w/ CRYPT and SSHA passwords, however all users w/ CRYPT-ed passwords cannot bind to OpenLDAP server? can anyone help me with that? -- Be Secure, Stay Open - live w/ OpenBSD

2 1

Active/Active servers
by Taymour A. El Erian 17 Dec '07

17 Dec '07

Hi, I am not sure if this is the right place to ask this or not. If I install 2 nodes of OpenLDAP and they both share the same SAN storage, is it possible that both of them would be working active/active ?, i.e. behind a load balancer (doing reads and writes). -- Taymour A El Erian System Division Manager RHCE, LPIC, CCNA, MCSE, CNA TE Data E-mail: taymour.elerian(a)tedata.net Web: www.tedata.net Tel: +(202)-33320700 Fax: +(202)-33320800 Ext: 1101

9 14

cn=config and overlay order
by David Hawes 14 Dec '07

14 Dec '07

I finally got around to updating some custom overlays to be configurable with cn=config and noticed that overlays were processed in the reverse order of what I expected after using slapd.d rather than slapd.conf. If I have the following in slapd.conf: ... overlay overlay1 overlay overlay2 overlay overlay3 ... and convert it to slapd.d, I will see the following in cn=config: ... # {0}overlay3, {1}bdb, config dn: olcOverlay={0}overlay3,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig olcOverlay: {0}overlay3 # {1}overlay2, {1}bdb, config dn: olcOverlay={1}overlay2,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig olcOverlay: {1}overlay2 # {2}overlay1, {1}bdb, config dn: olcOverlay={2}overlay1,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig olcOverlay: {2}overlay1 ... When slapd is started with slapd.conf, the overlay stack is correct (overlay3 -> overlay2 -> overlay1 for processing order), although cn=config reports the above. When slapd.d is used, the overlay stack is the opposite (overlay1 -> overlay2 -> overlay3). This occurs in both 2.3.39 and 2.4.6. I see this as a problem in situations where order of overlays is important (syncprov comes to mind). Is this a known behavior? It's obviously not that difficult to issue an ldapmodify command to set the proper order, but it was unexpected that I had to do so. Thanks, dave

2 1

Start TLS
by Andy 14 Dec '07

14 Dec '07

Hello, I currently have a openldap installed on a debian etch box. I have setup a CA on the box and created the certificates and have ssl/tsl working. I have tested that ssl/tsl is working by preforming a search "# ldapsearch -x -W -D 'cn=admin,dc=test,dc=com' -H \ ldap://test.com -ZZ '(uid=users.1)' This search operation returns me with the correct user. When I try and preform a "startTLS" from another PC I recieve the following error ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Can anyone help me solve this problem? -- REGARDS, Andy Z

2 1

Missing attributes
by Michael Magua 14 Dec '07

14 Dec '07

Hi list, I'm in the process of migrating a Red Hat OpenLDAP setup to SLED 10. I've got most things working however I'm trying to import an ldif which has a "gecos" and "comment" attribute but when I import the ldif I get these errors: --snip--- adding new entry "cn=navsea,ou=addressbook,dc=domain,dc=com" ldap_add: Undefined attribute type (17) additional info: comment: attribute type undefined adding new entry "cn=Lee-ann Williams,ou=addressbook,dc=domain,dc=com" ldap_add: Object class violation (65) additional info: attribute 'gecos' not allowed --snip--- An example of the ldif: dn: cn=prealertplz,ou=addressbook,dc=domain,dc=com objectClass: top objectClass: inetOrgPerson mail: prealertplz(a)domain.com cn: prealertplz sn: prealertplz uid: prealertplz gecos: Distribution List comment: gordon,marianne,rene,charmainef,jeevan,marykev I'm not sure what I can do to fix this and I'll be honest that OpenLDAP is something new to me. Thanks Michael

3 3

Current preferred way to contribute new OpenLDAP schemas?
by Kari Mattsson 13 Dec '07

13 Dec '07

Hi list! What is the preferred way to contribute new OpenLDAP schema (attributes/object classes) with public OIDs, of course, to the community? I did not find appropriate FAQ entry on this. -Kari

2 2

← Newer
1
2
3
4
5
6
7
8
9
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software December 2007