openldap-software May 2007

openldap-software@openldap.org

85 participants
123 discussions

how to create db files
by Craig 03 Jun '07

03 Jun '07

I am trying to upgrade from 2.2.13 to 2.3.35 in order to (possibly) fix another problem. But, I am having a ton of problems. At this point, I just want to scratch the current DB and start over. However, if I try this, slapd complains about not being able to find the database: Checking configuration files for : bdb_db_open: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2) Which makes sense... so, how do I create an empty one? TIA!

4 10

Compiling for the Win32 platform?
by Joe Flowers 01 Jun '07

01 Jun '07

Does anyone have at least an outline of what it takes to successfully compile OpenLDAP for the Win32 platform? Thanks! Joe

4 9

ldapmodify(1) + postread
by Andreas Hasenack 31 May '07

31 May '07

openldap 2.3.35 (server and client) I'm trying to use the postread control together with the modify+increment extension. mod+inc works, but I get nothing back with the ldapmodify(1) command. Network sniffing shows that the server is indeed returning the new value: seems just that ldapmodify(1) is not displaying it. $ ldapmodify -x -D cn=admin,dc=example,dc=com -w pass -e postread=uidNumber << EOF dn: cn=unixidpool,dc=example,dc=com changetype: modify increment: uidNumber uidNumber: 1 EOF modifying entry "cn=unixidpool,dc=example,dc=com" uidNumber was incremented, so that part worked. Am I not using ldapmodify(1) correctly or is this a missing feature in that command?

1 0

Replication with slurpd and ssl Tunnel
by Christian Hohmann 31 May '07

31 May '07

Hi List, I set up my openldap Directory on SUSE 10. I have an LDAP Master and an LDAP Slave synchronizing with slurpd. Replication is fine, but I want to add ssl Tunneling by using ldaps:// For this I created the certification authority and the certificates. I configured the slapd.conf and the ldap.conf on server and client. Now my Problem: The slurpd is sending the Change to the ldap Slave. The slave gets the update and write it to the directory (i have proved with slapcat) Then the ldap-service on the Slave is hanging up itself. The process is still there (ps -A) but there is no further activity and the service is not reachable by ldapsearch. This occures everytime at the same place: After the bdb_add during sending the confirmation to the slurpd. The Log of the slurpd on ldap-Master says: request done: ld 0x.... Could somebody give me a hint? Regards - Christian _______________________________________________________________ SMS schreiben mit WEB.DE FreeMail - einfach, schnell und kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192

1 0

Help needed with replication and ldapadd on version 2.2
by Jonathan Halevy 31 May '07

31 May '07

Hello, I have a slave server that I try to run ldapadd from remote and it fails. I get the following error: ldap_add: Internal (implementation specific) error (80) additional info: no structuralObjectClass operational attribute If I remove the updatedn line from slapd.coinf / restart the ldap, the command works. Yet, now* replication does not.* Please tell me what am I doing wrong. Is it related the the schema? Is it related to access control? Any help will be appreciated. Jonathan

2 3

Re: ldap_sasl_interactive_bind_s
by Howard Chu 30 May '07

30 May '07

This doesn't belong on the -devel list. Quanah Gibson-Mount wrote: > I'm working on a patch to add LDAP SASL support to Postfix 2.4 (I made one > for 2.2/2.3 a long time ago), and this time I want it to be accepted > upstream, so I'm working on what they feel the issues are. > > Right now, they > > (a) always want LDAP_SASL_QUIET enabled (makes perfect sense to me) > and > (b) want the SASL mechanism to be a list of mechanisms the client supports, > that should be tried when connecting to the server. > > I think (b) is rather non-sensical, given the configurations are rather > different between things like DIGEST-MD5, EXTERNAL, and GSSAPI just to > start, but... > > I assume to support this I should use the ldap_sasl_interactive_bind_s > function, which takes as a parameter a list of mechanisms, if I'm reading > it right. The question to me comes up with mixing LDAP_SASL_QUIET in, > because part of the routine involved with multiple mechansisms seems to > want interaction with the client. > > My assumption is that if I use ldap_sasl_interactive_bind_s, with > LDAP_SASL_QUIET, and pass in a list of mechanisms, the client will just use > the first mechanism in its list. Is that correct? No. The list of mechanisms is passed directly to the SASL library. The SASL library will choose a mechanism from that list based on the security properties that were set. And obviously, since it is a separate library that has no knowledge of the LDAP_SASL_ flags, LDAP_SASL_QUIET doesn't affect it at all. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

3 2

TLS/SSL problems
by Craig 30 May '07

30 May '07

I am running openldap 2.2.13. I am having a problem getting TLS to work. I have done numerous searches, but most web pages seem to deal with LDAP/kerberos issues. We do not run kerberos. I am only trying to prevent passwords from being sent in the clear. I have followed the instructions on this page: http://www.ibm.com/developerworks/linux/library/l-openldap/ I am able to run ldapsearch with simple auth: > ldapsearch -x but, am not able to do any of the following: > ldapsearch > ldapsearch -X u:myuid > ldapsearch -X dn:uid=myuid,ou=People,dc=example,dc=com The error is (with "-d 255"): ... SASL/GSSAPI authentication started ldap_perror ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found) It looks like the server is running fine. But, the logs don't really indicate what the problem is. (It seems to be more of a client issue, but still the server should give some hint in the logs.) If you need more debugging info, just let me know. Any help would be greatly appreciated. TIA Craig

7 9

DB_KEYEXIST: Key/data pair already exists (-30996)
by JOYDEEP 30 May '07

30 May '07

Dear list, after modifying the ldif file ; If I try to use slapadd commend it gives errors like --------------------- DB_KEYEXIST: Key/data pair already exists (-30996) --------------------------------------- how can I delete the DB key ? thanks

2 1

2.3 slapd_db_recover
by Craig 30 May '07

30 May '07

I had been using openldap 2.2.13 installed via yum. I installed 2.3.35 via src. But, I don't see slapd_db_recover (or any of the related apps; slapd_db_checkpoint, slapd_db_dump, etc.) I also did a search thru the 2.3.35 src files and I don't see any special configure/make flags that builds them. Am I missing something? Is there is "tools" package I need to install? TIA!

3 4

Mapping multiple object classes to one SQL table
by Néstor Boscán 29 May '07

29 May '07

Hi I'm trying to create a SQL data and metadata that manages employees that have inetOrgPerson, shadowAccount, posixAccount and sambaSamAccount. I have an LDAP_PERSON table with the columns for the attributes on those object classes. How do I populate the ldap_oc_mapping table? Regards, Néstor Boscán

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software May 2007