how to create db files
by Craig
I am trying to upgrade from 2.2.13 to 2.3.35 in order to (possibly) fix
another problem.
But, I am having a ton of problems. At this point, I just want to
scratch the current DB and start over. However, if I try this, slapd
complains about not being able to find the database:
Checking configuration files for : bdb_db_open:
db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2)
Which makes sense... so, how do I create an empty one?
TIA!
16 years, 6 months
Compiling for the Win32 platform?
by Joe Flowers
Does anyone have at least an outline of what it takes to successfully
compile OpenLDAP for the Win32 platform?
Thanks!
Joe
16 years, 6 months
ldapmodify(1) + postread
by Andreas Hasenack
openldap 2.3.35 (server and client)
I'm trying to use the postread control together with the
modify+increment extension. mod+inc works, but I get nothing back with
the ldapmodify(1) command.
Network sniffing shows that the server is indeed returning the new
value: seems just that ldapmodify(1) is not displaying it.
$ ldapmodify -x -D cn=admin,dc=example,dc=com -w pass -e postread=uidNumber << EOF
dn: cn=unixidpool,dc=example,dc=com
changetype: modify
increment: uidNumber
uidNumber: 1
EOF
modifying entry "cn=unixidpool,dc=example,dc=com"
uidNumber was incremented, so that part worked.
Am I not using ldapmodify(1) correctly or is this a missing feature in that
command?
16 years, 6 months
Replication with slurpd and ssl Tunnel
by Christian Hohmann
Hi List,
I set up my openldap Directory on SUSE 10. I have an LDAP Master and an LDAP Slave synchronizing with slurpd. Replication is fine, but I want to add ssl Tunneling by using ldaps:// For this I created the certification authority and the certificates. I configured the slapd.conf and the ldap.conf on server and client.
Now my Problem: The slurpd is sending the Change to the ldap Slave. The slave gets the update and write it to the directory (i have proved with slapcat) Then the ldap-service on the Slave is hanging up itself. The process is still there (ps -A) but there is no further activity and the service is not reachable by ldapsearch. This occures everytime at the same place: After the bdb_add during sending the confirmation to the slurpd. The Log of the slurpd on ldap-Master says: request done: ld 0x....
Could somebody give me a hint?
Regards - Christian
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
16 years, 6 months
Help needed with replication and ldapadd on version 2.2
by Jonathan Halevy
Hello,
I have a slave server that I try to run ldapadd from remote and it fails.
I get the following error:
ldap_add: Internal (implementation specific) error (80)
additional info: no structuralObjectClass operational attribute
If I remove the updatedn line from slapd.coinf / restart the ldap, the
command works. Yet, now* replication does not.*
Please tell me what am I doing wrong.
Is it related the the schema?
Is it related to access control?
Any help will be appreciated.
Jonathan
16 years, 6 months
Re: ldap_sasl_interactive_bind_s
by Howard Chu
This doesn't belong on the -devel list.
Quanah Gibson-Mount wrote:
> I'm working on a patch to add LDAP SASL support to Postfix 2.4 (I made one
> for 2.2/2.3 a long time ago), and this time I want it to be accepted
> upstream, so I'm working on what they feel the issues are.
>
> Right now, they
>
> (a) always want LDAP_SASL_QUIET enabled (makes perfect sense to me)
> and
> (b) want the SASL mechanism to be a list of mechanisms the client supports,
> that should be tried when connecting to the server.
>
> I think (b) is rather non-sensical, given the configurations are rather
> different between things like DIGEST-MD5, EXTERNAL, and GSSAPI just to
> start, but...
>
> I assume to support this I should use the ldap_sasl_interactive_bind_s
> function, which takes as a parameter a list of mechanisms, if I'm reading
> it right. The question to me comes up with mixing LDAP_SASL_QUIET in,
> because part of the routine involved with multiple mechansisms seems to
> want interaction with the client.
>
> My assumption is that if I use ldap_sasl_interactive_bind_s, with
> LDAP_SASL_QUIET, and pass in a list of mechanisms, the client will just use
> the first mechanism in its list. Is that correct?
No. The list of mechanisms is passed directly to the SASL library. The
SASL library will choose a mechanism from that list based on the
security properties that were set. And obviously, since it is a separate
library that has no knowledge of the LDAP_SASL_ flags, LDAP_SASL_QUIET
doesn't affect it at all.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
16 years, 6 months
TLS/SSL problems
by Craig
I am running openldap 2.2.13. I am having a problem getting TLS to work.
I have done numerous searches, but most web pages seem to deal with
LDAP/kerberos issues. We do not run kerberos. I am only trying to
prevent passwords from being sent in the clear.
I have followed the instructions on this page:
http://www.ibm.com/developerworks/linux/library/l-openldap/
I am able to run ldapsearch with simple auth:
> ldapsearch -x
but, am not able to do any of the following:
> ldapsearch
> ldapsearch -X u:myuid
> ldapsearch -X dn:uid=myuid,ou=People,dc=example,dc=com
The error is (with "-d 255"):
...
SASL/GSSAPI authentication started
ldap_perror
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (No credentials cache found)
It looks like the server is running fine. But, the logs don't really
indicate what the problem is. (It seems to be more of a client issue,
but still the server should give some hint in the logs.)
If you need more debugging info, just let me know.
Any help would be greatly appreciated.
TIA
Craig
16 years, 6 months
DB_KEYEXIST: Key/data pair already exists (-30996)
by JOYDEEP
Dear list,
after modifying the ldif file ; If I try to use slapadd commend it gives
errors like
---------------------
DB_KEYEXIST: Key/data pair already exists (-30996)
---------------------------------------
how can I delete the DB key ?
thanks
16 years, 6 months
2.3 slapd_db_recover
by Craig
I had been using openldap 2.2.13 installed via yum.
I installed 2.3.35 via src. But, I don't see slapd_db_recover (or any of
the related apps; slapd_db_checkpoint, slapd_db_dump, etc.)
I also did a search thru the 2.3.35 src files and I don't see any
special configure/make flags that builds them.
Am I missing something? Is there is "tools" package I need to install?
TIA!
16 years, 6 months
Mapping multiple object classes to one SQL table
by Néstor Boscán
Hi
I'm trying to create a SQL data and metadata that manages employees that
have inetOrgPerson, shadowAccount, posixAccount and sambaSamAccount. I have
an LDAP_PERSON table with the columns for the attributes on those object
classes. How do I populate the ldap_oc_mapping table?
Regards,
Néstor Boscán
16 years, 6 months