June 2007 - openldap-software

by Raphaël 'SurcouF' Bordet

Hi, Can we use ppolicy with another attribut than userPassword, userCertificate by example ? Regards, -- Raphaël 'SurcouF' Bordet

16 years, 6 months

4
3
0 / 0

monitoring openldap

by Scott Feldstein

Hello, I was looking at the docs on http://www.openldap.org/devel/admin/ monitoringslapd.html and section 13.1 (cn=config) has yet to be written. Could anyone give me a brief description what what that is? Also, I am writing a health check for openldap and I am only able to find effective monitoring stats via the cn=Monitor but that is not always configured in every slapd instance. Is there another way of going about this? thanks, Scott

16 years, 6 months

2
1
0 / 0

Re: monitoring openldap

by Scott Feldstein

Hi Buchan, > I assume this section would be on how to configure back-monitor via > back-config, for now, converting your slapd.conf (that you set up for > back-monitor in 13.3) would do what is necessary. If you use a > slapd.conf, > this is irrelevant for you at present. ok, so setting it up in slapd.conf does the same thing. > >> Also, I am writing a health check for openldap > > For what monitoring system ? Hyperic HQ > > Here is the one I use for performance and replication monitoring > with Hobbit > (but I also use it stand-alone). > > http://staff.telkomsa.net/~bgmilne/bb-openldap.pl > thanks, I will definitely check it out. >> and I am only able to >> find effective monitoring stats via the cn=Monitor but that is not >> always configured in every slapd instance. > > The best solution here is to configure it. Yeah, that is unfortunate since not all slapd instances will have this :@( > >> Is there another way of >> going about this? > > AFAIK, no. thanks. Scott > > Regards, > Buchan > > -- > Buchan Milne > ISP Systems Specialist - Monitoring/Authentication Team Leader > B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

16 years, 6 months

1
0
0 / 0

RE: TLS bare minimum

by Quanah Gibson-Mount

--On June 5, 2007 6:28:11 PM -0400 "West, Jon (NIH/NIMH) [C]" <wjon(a)mail.nih.gov> wrote: > > yes, I've actually have it looking at the cert but I still get a > connection error when using TLS I think I understand it > ldap_start_tls: Connect error (-11) > additional info: TLS: hostname does not match CN in peer > certificate I think this means is because I used 'test.com' as the server > name when generating the cert rather then the actual server? test.com is > just the test domain I am using Hi, Please keep replies to the list. This error means that the host name in the certificate does not match the hostname for the server. They must match to establish a TLS connection. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

16 years, 6 months

3
2
0 / 0

translucent overlay and bind

by Raphaël 'SurcouF' Bordet

Hi, Using OpenLDAP 2.3.35, when I've set translucent and rwm overlays to dynamically adds an external attribute (userCertificate) in respond of search request, I can't able anymore to bind. slapd return "Invalid credentials" error messages. If translucent and rwm overlays are commented, bind usage is back. /---( slapd.conf )--- ... overlay translucent uri ldap://A.B.C.D lastmod on overlay rwm rwm-map objectclass * rwm-map attribute * \----8<----8<----8<----8<----8<---- I've also configure a syncrepl replication on this database. Any ideas ? -- Raphaël 'SurcouF' Bordet

16 years, 6 months

1
0
0 / 0

Need to build LDAP on Win64 (IA/EM64T) platform

by Sanghi, Aditya

Hi All, I need to build LDAP for Win64 platforms, for which I need the following 64bit files. oldap_r.lib Are they available on both Itanium /EM64T ( AMD 64 ) platforms and Where can I get them from? Any pointers to this will be greatly appreciated. Thanks and regards, Aditya Sanghi Informatica Business Solutions PVT LTD "The Data Integration Company" (TM) Diamond District, Tower 'B', 3rd Floor #150, Airport Road, Bangalore - 560 008 India. www.informatica.com <http://www.informatica.com/>

16 years, 6 months

2
1
0 / 0

TLS bare minimum

by West, Jon (NIH/NIMH) [C]

I would like to set up TLS on our server. Looking through the Administration guide, I am unsure if I need both server AND client certificates. As I understand it I am supposed to first see if I can use the command line tools to establish the TLS connection then attempt to set up a client. So I have created a server certificate. I would like to do this with a test system. The test server is running 2.0.27-22 and our actual server runs 2.2.13-6.4E.. How can I be sure that I am getting an encrypted connection. I am also unsure of how to use LDAP search since whenever I do use it I get errors but when I verify the contents of our directory with other software I can see the things I'm looking for. Again this is a question about LDAPsearch, not the other software. I have a user called tester in my dc=test,dc=com test server (Is it a problem that I use test.com when the machine is not on that domain?) what would be the command to get the LDAP information about tester? Jon West

16 years, 6 months

3
4
0 / 0

translucent overlay question

by Raphaël 'SurcouF' Bordet

Hi, I've to add some attributes like userCertificate from a PKI LDAP server to my meta-directory, which integrating some others LDAP servers. Some branches are replicated using syncrepl and I don't have rights to modify any entries. I was looked to translucent overlay and added theses following directives to main configuration file of slapd : /---( slapd.conf )--- overlay translucent uri ldap://pkiserver:389/ lastmod on overlay rwm rwm-map attribute userCertificate * \----8<----8<----8<----8<----8<---- First question: I can't bind any more using rootdn of this database when theses directives are activated, why ? Second question: When I'm looking for an entry than have a userCertificate attribute on pkiserver database, I'm getting two responses, why and how can I've only the local entry with remote userCertificate attribute without modify local database ? Best regards, -- Raphaël 'SurcouF' Bordet

16 years, 6 months

1
0
0 / 0

search in ldap access log not fast enough?

by Zhang Weiwu

Dear list For some special reasons search for modification log is a frequent operation here in our environment. Usually searching for modification log takes 30 seconds or longer: $ ldapsearch -x -D cn=admin,cn=accesslog -w -b cn=accesslog reqDN=uid=Schleifring,ou=contacts,ou=china,dc=ahk,dc=de reqSession; Compare to a typical ldap search that search for a contact person or anyone who live in a state which usually return the result in less then 1 seconds. 30 second time is not acceptable consider the frequency such search is being used. I think I have 'optimized' slapd.conf by using these lines: # used for accesslog, realss database bdb # The base of your directory for database #2 suffix "cn=accesslog" rootdn "cn=admin,cn=accesslog" rootpw .... directory "/var/lib/ldap-log" index reqDN,reqType eq And I have also rebuilt index by using $ slapindex -b cn=accesslog Is this 30 second search time normal and how can I improve search speed? Thanks a lot in advance! The total amount of accesslog entry is about 658147 -- Zhang Weiwu Real Softservice http://www.realss.com +86 592 2091112

16 years, 6 months

2
1
0 / 0

how to create db files

by Craig

I am trying to upgrade from 2.2.13 to 2.3.35 in order to (possibly) fix another problem. But, I am having a ton of problems. At this point, I just want to scratch the current DB and start over. However, if I try this, slapd complains about not being able to find the database: Checking configuration files for : bdb_db_open: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2) Which makes sense... so, how do I create an empty one? TIA!

16 years, 6 months

4
10
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software June 2007