openldap-software April 2007

openldap-software@openldap.org

90 participants
96 discussions

Re: err=52
by jerrrry＠voila.fr 02 Apr '07

02 Apr '07

my issue is that i have to use the RedHat ES 4 Openldap package. I have the same openldap on to servers. one is working properly. the other have this err=52 error after an undefined time !!!! i realy don't understand why openldap "is shutting down". Thnaks for your help Thomas > Message du 30/03/07 à 16h19 > De : "Aaron Richton" > A : "jerrrry(a)voila.fr" > Copie à : openldap-software(a)openldap.org > Objet : Re: err=52 > > back-ldap has had an unbelievable amount of work done to it since 2.2.13. > Case on point, I started using it seriously around 2.3.19, and there's > been a lot of work done since then. Upgrade to 2.3.34 and try again. See > http://www.openldap.org/software/release/changes.html for details. > > On Fri, 30 Mar 2007, jerrrry(a)voila.fr wrote: > > > > > Hi all, > > i'm using openldap 2.2.13 as a proxy to an other ldap server. it works and after few days, authentications doesn't work any more. and i have an error 52 in my ldap log: > > ar 29 17:51:13 guardsdef1 slapd[23444]: conn=4 op=5 SRCH base="ou=personnes,o=st" scope=2 deref=3 filter="(&(objectClass=*)(uid=n588t67))" > > Mar 29 17:51:13 guardsdef1 slapd[23444]: conn=4 op=5 SRCH attr=uid > > Mar 29 17:51:13 guardsdef1 slapd[23444]: conn=4 op=5 SEARCH RESULT tag=101 err=52 nentries=0 text= > > Mar 29 17:51:13 guardsdef1 slapd[23444]: conn=4 op=5 SEARCH RESULT tag=101 err=52 nentries=0 text= > > > > this error means: > > LDAP_UNAVAILABLE: Indicates that the LDAP server cannot process the client's bind request, usually because it is shutting down. > > > > my slapd conf: > > database ldap > > suffix o=sg > > uri ldaps://ldap.s45ame.iioup.soen > > > > Do you have any idea why open ldap "is shutting down" ? > > > > thank you for your help > > > > Thomas > > mys issue

2 1

openldap with TLS giving error
by Deependra Shekhawat 02 Apr '07

02 Apr '07

Hello, I am trying to configure a openldap server with TLS/SSL. I installed and configured openldap initially without TLS/SSL and it worked perfect. Then I followed this link http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Cent… to get TLS/SSL with openldap. I did all that was mentioned in that link but when I tried ldapsearch on the client machine it says: [root@xen1 cacerts]# ldapsearch -d 10 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9......... 0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms ldap_write: want=64, written=64 0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9......... 0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support 0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms ldap_read: want=8, got=8 0000: 30 09 02 01 01 64 04 04 0....d.. ldap_read: want=3, got=3 0000: 00 30 00 .0. ldap_read: want=8, got=8 0000: 30 0c 02 01 01 65 07 0a 0....e.. ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ...... request done: ld 0x9b702a0 msgid 1 ldap_sasl_interactive_bind_s: No such attribute (16) I don't know where is the problem. Why is it looking for SASL when I want only TLS/SSL no SASL (kerberos thing). Please help. Thanks in advance. Regards Deependral ____________________________________________________________________________________ Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html

1 0

OpenLDAP SPEC File
by Josh Miller 02 Apr '07

02 Apr '07

Anybody have a good recent SPEC file for OpenLDAP on RHEL4 that you wouldn't mind posting? (This is for building RPMs for anybody who doesn't recognize a SPEC file.) Thanks, -- Joshua M. Miller - RHCE,VCP

5 8

test for connection timeout?
by Brandon McCombs 02 Apr '07

02 Apr '07

Hello, Can anyone tell me whether OpenLDAP has provisions for a client to determine whether a connection has timed out proactively instead of alerting a user that the connection has been closed due to timeout only after they attempt an operation? If not then I'll know I will have to roll my own method of keeping the connection alive through a periodic query of some sort. thanks

2 2

Paged results and Solaris
by Aaron Richton 02 Apr '07

02 Apr '07

Some users of Solaris may use LDAP clients based on the library /usr/lib/libsldap.so.1. One such example is the Sun-provided /usr/lib/nss_ldap.so.1. These clients have historically been at best partially compatible with OpenLDAP, for various reasons. While there has been a lot of good progress towards standards compliance (or at least standards accommodation), paged results have had a long-standing bug. The results cookie was improperly handed by libsldap, causing any results in excess of the page size (1,000 in the case of libsladp) to be lost. Rutgers has significantly more than 1,000 entries, and brought this through Sun support channels. Patches were released for Solaris 9 last week, which fix this issue 6278068 native ldap client: simple page mode broken in S9 and S10 I note this to openldap-software for users considering migration to OpenLDAP slapd(8) who may have experienced this behavior and falsely attributed it to OpenLDAP software. When properly patched, I can attest that Solaris nss and OpenLDAP work "out of the box" together.

6 7

authzTo for user not copied by syncrepl - problem
by tomasz 02 Apr '07

02 Apr '07

hi, my problem about it is slave server is not copied attr authzTo from master server my slapd.conf include: access to attrs=userPassword,authzTo,entry,children by dn.exact="cn=replicant,ou=people,dc=the,dc=net" write by self read by group.base="cn=ldapadmin,ou=people,dc=thebunker,dc=net" read by anonymous auth by * and syncrepl rid=1 provider=ldap://test.the.net:389/ type=refreshAndPersist interval=00:00:01:00 searchbase="dc=the,dc=net" filter="(objectClass=*)" scope=sub attrs="*" schemachecking=off updatedn="cn=replicant,ou=people,dc=the,dc=net" bindmethod=sasl saslmech=digest-md5 realm=the.net retry=1,5,30,+ credentials=xxxx authcid="replicant" but it is not doing copy of attr: authzTo from master server master server slapd.conf include access to attrs=userPassword,authzTo,entry,children by self write by group.exact="cn=ldapadmin,ou=people,dc=the,dc=net" write by dn.exact="cn=replicant,ou=people,dc=the,dc=net" read by anonymous auth by * and idea how to sort it? cheers -- bEsT rEgArDs | "Confidence is what you have before you tomasz dereszynski | understand the problem." -- Woody Allen TD840-RIPE |

3 6

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software April 2007