Re: err=52
by jerrrry@voila.fr
my issue is that i have to use the RedHat ES 4 Openldap package.
I have the same openldap on to servers. one is working properly. the other have this err=52 error after an undefined time !!!!
i realy don't understand why openldap "is shutting down".
Thnaks for your help
Thomas
> Message du 30/03/07 à 16h19
> De : "Aaron Richton"
> A : "jerrrry(a)voila.fr"
> Copie à : openldap-software(a)openldap.org
> Objet : Re: err=52
>
> back-ldap has had an unbelievable amount of work done to it since 2.2.13.
> Case on point, I started using it seriously around 2.3.19, and there's
> been a lot of work done since then. Upgrade to 2.3.34 and try again. See
> http://www.openldap.org/software/release/changes.html for details.
>
> On Fri, 30 Mar 2007, jerrrry(a)voila.fr wrote:
>
> >
> > Hi all,
> > i'm using openldap 2.2.13 as a proxy to an other ldap server. it works and after few days, authentications doesn't work any more. and i have an error 52 in my ldap log:
> > ar 29 17:51:13 guardsdef1 slapd[23444]: conn=4 op=5 SRCH base="ou=personnes,o=st" scope=2 deref=3 filter="(&(objectClass=*)(uid=n588t67))"
> > Mar 29 17:51:13 guardsdef1 slapd[23444]: conn=4 op=5 SRCH attr=uid
> > Mar 29 17:51:13 guardsdef1 slapd[23444]: conn=4 op=5 SEARCH RESULT tag=101 err=52 nentries=0 text=
> > Mar 29 17:51:13 guardsdef1 slapd[23444]: conn=4 op=5 SEARCH RESULT tag=101 err=52 nentries=0 text=
> >
> > this error means:
> > LDAP_UNAVAILABLE: Indicates that the LDAP server cannot process the client's bind request, usually because it is shutting down.
> >
> > my slapd conf:
> > database ldap
> > suffix o=sg
> > uri ldaps://ldap.s45ame.iioup.soen
> >
> > Do you have any idea why open ldap "is shutting down" ?
> >
> > thank you for your help
> >
> > Thomas
>
>
mys issue
16 years, 1 month
openldap with TLS giving error
by Deependra Shekhawat
Hello,
I am trying to configure a openldap server with TLS/SSL. I installed and configured openldap initially without TLS/SSL and it worked perfect. Then I followed this link http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Ce... to get TLS/SSL with openldap. I did all that was mentioned in that link but when I tried ldapsearch on the client machine it says:
[root@xen1 cacerts]# ldapsearch -d 10
0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms
ldap_write: want=64, written=64
0000: 30 3e 02 01 01 63 39 04 00 0a 01 00 0a 01 00 02 0>...c9.........
0010: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object
0020: 63 6c 61 73 73 30 19 04 17 73 75 70 70 6f 72 74 class0...support
0030: 65 64 53 41 53 4c 4d 65 63 68 61 6e 69 73 6d 73 edSASLMechanisms
ldap_read: want=8, got=8
0000: 30 09 02 01 01 64 04 04 0....d..
ldap_read: want=3, got=3
0000: 00 30 00 .0.
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 65 07 0a 0....e..
ldap_read: want=6, got=6
0000: 01 00 04 00 04 00 ......
request done: ld 0x9b702a0 msgid 1
ldap_sasl_interactive_bind_s: No such attribute (16)
I don't know where is the problem. Why is it looking for SASL when I want only TLS/SSL no SASL (kerberos thing).
Please help.
Thanks in advance.
Regards
Deependral
____________________________________________________________________________________
Expecting? Get great news right away with email Auto-Check.
Try the Yahoo! Mail Beta.
http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html
16 years, 1 month
OpenLDAP SPEC File
by Josh Miller
Anybody have a good recent SPEC file for OpenLDAP on RHEL4 that you
wouldn't mind posting?
(This is for building RPMs for anybody who doesn't recognize a SPEC file.)
Thanks,
--
Joshua M. Miller - RHCE,VCP
16 years, 1 month
test for connection timeout?
by Brandon McCombs
Hello,
Can anyone tell me whether OpenLDAP has provisions for a client to
determine whether a connection has timed out proactively instead of
alerting a user that the connection has been closed due to timeout only
after they attempt an operation? If not then I'll know I will have to
roll my own method of keeping the connection alive through a periodic
query of some sort.
thanks
16 years, 1 month
Paged results and Solaris
by Aaron Richton
Some users of Solaris may use LDAP clients based on the library
/usr/lib/libsldap.so.1. One such example is the Sun-provided
/usr/lib/nss_ldap.so.1. These clients have historically been at best
partially compatible with OpenLDAP, for various reasons. While there has
been a lot of good progress towards standards compliance (or at least
standards accommodation), paged results have had a long-standing bug. The
results cookie was improperly handed by libsldap, causing any results in
excess of the page size (1,000 in the case of libsladp) to be lost.
Rutgers has significantly more than 1,000 entries, and brought this
through Sun support channels. Patches were released for Solaris 9 last
week, which fix this issue
6278068 native ldap client: simple page mode broken in S9 and S10
I note this to openldap-software for users considering migration to
OpenLDAP slapd(8) who may have experienced this behavior and falsely
attributed it to OpenLDAP software. When properly patched, I can attest
that Solaris nss and OpenLDAP work "out of the box" together.
16 years, 1 month
authzTo for user not copied by syncrepl - problem
by tomasz
hi,
my problem about it is
slave server is not copied attr authzTo from master server
my slapd.conf include:
access to attrs=userPassword,authzTo,entry,children
by dn.exact="cn=replicant,ou=people,dc=the,dc=net" write
by self read
by group.base="cn=ldapadmin,ou=people,dc=thebunker,dc=net" read
by anonymous auth
by *
and
syncrepl rid=1
provider=ldap://test.the.net:389/
type=refreshAndPersist
interval=00:00:01:00
searchbase="dc=the,dc=net"
filter="(objectClass=*)"
scope=sub
attrs="*"
schemachecking=off
updatedn="cn=replicant,ou=people,dc=the,dc=net"
bindmethod=sasl
saslmech=digest-md5
realm=the.net
retry=1,5,30,+
credentials=xxxx
authcid="replicant"
but it is not doing copy of attr: authzTo from master server
master server slapd.conf include
access to attrs=userPassword,authzTo,entry,children
by self write
by group.exact="cn=ldapadmin,ou=people,dc=the,dc=net" write
by dn.exact="cn=replicant,ou=people,dc=the,dc=net" read
by anonymous auth
by *
and idea how to sort it?
cheers
--
bEsT rEgArDs | "Confidence is what you have before you
tomasz dereszynski | understand the problem." -- Woody Allen
TD840-RIPE |
16 years, 1 month
