[Fwd: Can't compile OpenLDAP with Berkekey DB: File format not recognized]
by Gavin Henry
>> What arch are you on again? Also, try with 2.4.7.
>
> I don't recall ever seeing any post from ben(a)fallinganvils.com. Perhaps
> it were best, were you to quote the whole post from OP for cases where
> we mortals have to await the adjudicator's arise from slumber.
>
> Best,
>
> --Tonni
>
> --
> Tony Earnshaw
> Email: tonni at hetnet dot nl
>
See below. It was actually sent to -bugs, but I brought over to -software
for this e-mail.
Gavin.
---------------------------- Original Message ----------------------------
Subject: Can't compile OpenLDAP with Berkekey DB: File format not recognized
From: ben(a)fallinganvils.com
Date: Wed, November 28, 2007 10:41 pm
To: openldap-bugs(a)openldap.org
--------------------------------------------------------------------------
This is my first openldap install.
I am installing by compiling from source on a debian box logged in as
myself in my home directory. Berkeley DB is not installed systemwide.
LDAP libraries are installed systemwide, but I want to install the whole
openldap tarball in my home directory and use that/run an ldap server etc.
Only libraries are installed systemwide. No ldap server software is
installed systemwide.
I do have root access, but I don't think I should need it.
If I can get it installed under /home/ben, after some experimentation,
I'll install it in /home/openldap after creating an openldap user.
I don't know what the debian system uses the ldap libraries it came with
for, but I should be able to use my own local version without dealing with
that I would think.
This is what I do :
1) Install Berkeley DB 4.6.21 in /home/ben/opt/bdb
$ cd db-4.6.21/build_unix
$ ../dist/configure --prefix=/home/ben/opt/bdb
$ make && make install
$ export LD_RUN_PATH=/home/ben/opt/bdb/lib
$ export CPPFLAGS='-I /home/ben/opt/bdb/include'
$ export LDFLAGS='-L /home/ben/opt/bdb/lib'
$ cd
2) Install OpenLDAP
$ cd openldap-2.4.6
$ ./configure --prefix=/home/ben/opt/openldap
$ make depend
$ make
Making all in /home/ben/src/openldap/openldap-2.4.6
Entering subdirectory include
make[1]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/include'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/include'
Entering subdirectory libraries
make[1]: Entering directory `/home/ben/src/openldap/openldap-2.4.6/libraries'
Making all in /home/ben/src/openldap/openldap-2.4.6/libraries
Entering subdirectory liblutil
make[2]: Entering directory
`/home/ben/src/openldap/openldap-2.4.6/libraries/liblutil'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory
`/home/ben/src/openldap/openldap-2.4.6/libraries/liblutil'
Entering subdirectory liblber
make[2]: Entering directory
`/home/ben/src/openldap/openldap-2.4.6/libraries/liblber'
/bin/sh ../..//libtool --mode=link cc -static -g -O2 -L
/home/ben/opt/bdb/lib -o dtest dtest.o liblber.la
../../libraries/liblutil/liblutil.a -lresolv
cc -g -O2 /home/ben/opt/bdb/lib -o dtest dtest.o
-L/home/ben/src/openldap/openldap-2.4.6/libraries/liblber
./.libs/liblber.a ../../libraries/liblutil/liblutil.a -lresolv
/usr/bin/ld: /home/ben/opt/bdb/lib: No such file: File format not recognized
collect2: ld returned 1 exit status
make[2]: *** [dtest] Error 1
make[2]: Leaving directory
`/home/ben/src/openldap/openldap-2.4.6/libraries/liblber'
make[1]: *** [all-common] Error 1
make[1]: Leaving directory `/home/ben/src/openldap/openldap-2.4.6/libraries'
make: *** [all-common] Error 1
3) Let's investigate:
$ ls /home/ben/opt/bdb
bin docs include lib
$ ls -l /home/ben/opt/bdb/lib
-rw-r--r-- 1 ben ben 1571838 Nov 28 21:44 libdb-4.6.a
-rw-r--r-- 1 ben ben 813 Nov 28 21:44 libdb-4.6.la
-rwxr-xr-x 1 ben ben 1248813 Nov 28 21:44 libdb-4.6.so
lrwxrwxrwx 1 ben ben 12 Nov 28 21:44 libdb-4.so -> libdb-4.6.so
-rw-r--r-- 1 ben ben 1571838 Nov 28 21:44 libdb.a
lrwxrwxrwx 1 ben ben 12 Nov 28 21:44 libdb.so -> libdb-4.6.so
$ vi libdb-4.6.a
The first bit looks like:
!<arch>
/ 1196286289 0 0 0 27970 `
^@^@^E0^@^@m\xea^@^@m\xea^@^@m\xea^@^@m\xea^@^@u"^@^@
Not sure what that means, but someone might...
$ vi libdb-4.so
The first bit looks like:
^?ELF^A^A^A^@^@^@^@^@^@^@^@^@^C^@^C^@^A^@^@^@\xf0i^A^@4^@^@^@x\xde^Q^@^@^@^@^@4^
@ ^@^D^@(^@^_^@^\^@^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@\xe8\x85^Q^@\xe8
Hey! more nonsense, but ELF is familiar and seems like a plausable for a
linux library...
I also get this error with openldap-2.3.39 and db-4.5.20
I could not use openldap-2.3.39 with db-4.6.21 because I get incompatible
version. The configure scripts looks for db versions 4.2 though 4.5 and
spits out that error otherwise.
Anyway, thanks for any help.
13 years, 11 months
ldapsearch in openldap problem
by Jyotishmaan Ray
Plz see below the output of ldapsearch using -x and -D options:-
Please find enclosed the slapd.conf and /etc/ldap.conf files herewith in text format.
Please let me know why i am getting these errors. Had been trying since a few months for successful authentication. studied gssapi,sasl, etc types of authentication mechanisms. It seems no ways other than this list for deep insights into ldapsearch and then sucessful authentication!!
1)
[root@authdns openldap]# ldapsearch -D 'dc=nits,dc=ac,dc=in' '(uid=jmaan*)'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
[root@authdns openldap]#
2) When ldapsearch is used with -x -b the output is shown as below:-
[root@authdns openldap]# ldapsearch -x -b 'dc=nits,dc=ac,dc=in' '(uid=jmaan*)'
# extended LDIF
#
# LDAPv3
# base <dc=nits,dc=ac,dc=in> with scope subtree
# filter: (uid=jmaan*)
# requesting: ALL
#
# jmaan, non-teach, compcen, nits.ac.in
dn:
uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in
uid: jmaan
cn: jmaan
objectClass: account
objectClass: posixAccount
loginShell: /bin/bash
uidNumber: 623
gidNumber: 623
homeDirectory: /home/jmaan
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
In
the below output, i have tried using the "Manager"'s password as well
as "uid"'s password to lon on to the server, but in both the cases, the
authentication could not be successful:-
[root@authdns ~]# ldapsearch -b 'dc=nits,dc=ac,dc=in' '(uid=jmaan*)'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
[root@authdns ~]#
The output of ldapwhoami command is as shown below with -x and -D options:-
[root@authdns
openldap]# ldapwhoami -D "cn=Manager,dc=nits,dc=ac,dc=in " -W
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
[root@authdns openldap]# ldapwhoami -x -D "cn=Manager,dc=nits,dc=ac,dc=in " -W
Enter LDAP Password:
dn:cn=Manager,dc=nits,dc=ac,dc=in
Result: Success (0)
[root@authdns openldap]#
[root@authdns openldap]# ldapwhoami -x "cn=Manager,dc=nits,dc=ac,dc=in "
anonymous
Result: Success (0)
[root@authdns openldap]#
Is it necessary to create a userid and a password in the sasldb using saslpasswd2 :-
Though i created a saslpasswd2 for the user "jmaan" for performing the ldapsearch, without using -x, it is yet not successful.
Please give me hints why it is as such unsuccessful and shown above,
without std output from the console.
One more thind my ldap server is on Linux fedora o.s.
Thanking you in anticipation,
Jyotishmaan
With Thanks and Regards,
Jyotishmaan Ray
Moderator Of Paradise Groups
http://yahoogroups.com/group/Spirituality-Paradise
Are You Spiritually Aware !!! Are You Enjoying Yourself !!! See What All You Had Been Missing !!!!
Please Join Immediately By Sending A Blank Mail @
Spirituality-Paradise-subscribe(a)yahoogroups.com
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
13 years, 11 months
Setting timeouts in OpenLDAP
by Dave Horsfall
2.3.36 on FreeBSD 6.2-STABLE.
We have a need for the client to detect a hung server, so I thought I'd
try something like this, called before each new connection:
struct timeval tv;
tv.tv_sec = 5;
tv.tv_usec = 0;
ldap_set_option(ld, LDAP_OPT_TIMEOUT, &tv);
ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
(In the actual code I do test for errors.)
I then ran "nc -l 389" to simulate a hung server, and issued a search
against it, but it never times out. Attaching to the client with GDB and
getting a back-trace shows this:
(gdb) bt
#0 0x28180873 in poll () from /lib/libc.so.6
#1 0x280dfca9 in ldap_int_select () from /usr/local/lib/libldap-2.3.so.2
#2 0x280d00d0 in ldap_result () from /usr/local/lib/libldap-2.3.so.2
#3 0x280d155b in ldap_search_s () from /usr/local/lib/libldap-2.3.so.2
#4 0x08049d50 in getporthost (app=0xbfbfe944 "fgh", portnum=0xbfbfe7d8,
host=0x804b520 "") at getporthost.c:200
#5 0x08048e8c in main (c=1, v=0xbfbfe840) at main.c:50
Do timeouts actually work? If so, what have I misunderstood?
--
Dave Horsfall DTM VK2KFU Ph: +61 2 9552-5509 (direct) +61 2 9552-5500 (switch)
Corinthian Eng'ng P/L, Ste 54 Jones Bay Whf, 26-32 Pirrama Rd, Pyrmont 2009, AU
13 years, 11 months
authorization problems w/ SSHA and CRYPT-ed paswords
by юрка олейников
i have an openldap 2.2.13 (CentOS).
the LDAP DB contains uses w/ CRYPT and SSHA passwords,
however all users w/ CRYPT-ed passwords cannot bind to OpenLDAP server?
can anyone help me with that?
--
Be Secure, Stay Open - live w/ OpenBSD
13 years, 11 months
Active/Active servers
by Taymour A. El Erian
Hi,
I am not sure if this is the right place to ask this or not. If I
install 2 nodes of OpenLDAP and they both share the same SAN storage, is
it possible that both of them would be working active/active ?, i.e.
behind a load balancer (doing reads and writes).
--
Taymour A El Erian
System Division Manager
RHCE, LPIC, CCNA, MCSE, CNA
TE Data
E-mail: taymour.elerian(a)tedata.net
Web: www.tedata.net
Tel: +(202)-33320700
Fax: +(202)-33320800
Ext: 1101
13 years, 11 months
cn=config and overlay order
by David Hawes
I finally got around to updating some custom overlays to be configurable
with cn=config and noticed that overlays were processed in the reverse
order of what I expected after using slapd.d rather than slapd.conf.
If I have the following in slapd.conf:
...
overlay overlay1
overlay overlay2
overlay overlay3
...
and convert it to slapd.d, I will see the following in cn=config:
...
# {0}overlay3, {1}bdb, config
dn: olcOverlay={0}overlay3,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
olcOverlay: {0}overlay3
# {1}overlay2, {1}bdb, config
dn: olcOverlay={1}overlay2,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
olcOverlay: {1}overlay2
# {2}overlay1, {1}bdb, config
dn: olcOverlay={2}overlay1,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
olcOverlay: {2}overlay1
...
When slapd is started with slapd.conf, the overlay stack is correct
(overlay3 -> overlay2 -> overlay1 for processing order), although
cn=config reports the above. When slapd.d is used, the overlay stack is
the opposite (overlay1 -> overlay2 -> overlay3). This occurs in both
2.3.39 and 2.4.6.
I see this as a problem in situations where order of overlays is
important (syncprov comes to mind).
Is this a known behavior? It's obviously not that difficult to issue an
ldapmodify command to set the proper order, but it was unexpected that I
had to do so.
Thanks,
dave
13 years, 11 months
Start TLS
by Andy
Hello,
I currently have a openldap installed on a debian etch box. I have setup a
CA on the box and created the certificates and have ssl/tsl working. I have
tested that ssl/tsl is working by preforming a search
"# ldapsearch -x -W -D 'cn=admin,dc=test,dc=com' -H \ ldap://test.com -ZZ
'(uid=users.1)'
This search operation returns me with the correct user.
When I try and preform a "startTLS" from another PC I recieve the following
error
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Can anyone help me solve this problem?
--
REGARDS,
Andy Z
13 years, 11 months
Missing attributes
by Michael Magua
Hi list,
I'm in the process of migrating a Red Hat OpenLDAP setup to SLED 10.
I've got most things working however I'm trying to import an ldif
which has a "gecos" and "comment" attribute but when I import the ldif
I get these errors:
--snip---
adding new entry "cn=navsea,ou=addressbook,dc=domain,dc=com"
ldap_add: Undefined attribute type (17)
additional info: comment: attribute type undefined
adding new entry "cn=Lee-ann Williams,ou=addressbook,dc=domain,dc=com"
ldap_add: Object class violation (65)
additional info: attribute 'gecos' not allowed
--snip---
An example of the ldif:
dn: cn=prealertplz,ou=addressbook,dc=domain,dc=com
objectClass: top
objectClass: inetOrgPerson
mail: prealertplz(a)domain.com
cn: prealertplz
sn: prealertplz
uid: prealertplz
gecos: Distribution List
comment: gordon,marianne,rene,charmainef,jeevan,marykev
I'm not sure what I can do to fix this and I'll be honest that
OpenLDAP is something new to me.
Thanks
Michael
13 years, 11 months
