openldap-software July 2007

openldap-software@openldap.org

108 participants
124 discussions

RE: How do I tell ldapsearch to authenticate to the referred to LDAP server when chasing a referral?
by Gavin Henry 17 Jul '07

17 Jul '07

<quote who="Comisario, Alejandro"> > Gavin. > Thanks for the answer, the thing is, and i could't say it befote, on the > other side of the openLDAP is an Active Directory, when i try what you > say, > it gave me. > > doldap@root # ldapsearch -b "ou=prueba,dc=adsc,dc=com" \ > -H ldap://doldap.sc.com -D "cn=admin,cn=users,dc=adsc,dc=com" -W -x > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > > Any Ideas? Is cn=admin,cn=users,dc=adsc,dc=com in AD? Gavin. > > > -----Mensaje original----- > De: Gavin Henry [mailto:ghenry@suretecsystems.com] > Enviado el: martes, 17 de julio de 2007 13:59 > Para: Comisario, Alejandro > CC: openldap-software(a)openldap.org > Asunto: Re: How do I tell ldapsearch to authenticate to the referred to > LDAP > server when chasing a referral? > > <quote who="Comisario, Alejandro"> >> Hello everyone. >> >> I have an OpenLDAP 2.3.30 running on Debian Etch Stable in a DMZ, >> managing >> external users for an application. >> But at the same time i want this openLDAP to comunicate when given for a >> specific DN with another directory service on my internal network. >> The connection between the two machines passing thru the firewall is >> correct. >> >> The reference are: >> openLDAP machine : doldap.sc.com with domain dc=si,dc=com >> the other directory : adldap.adsc.com with domain dc=adsc,dc=com >> >> I defined the referral like this: >> dn: ou=test,dc=adsc,dc=com >> objectClass: referral >> objectClass: extensibleObject >> dc: prueba >> ref: ldap://adldap.adsc.com/ou=test,dc=adsc,dc=com >> >> So, when i query something like this (anonymous): >> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x >> >> I get this response: >> # extended LDIF >> # >> # LDAPv3 >> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: >> (objectclass=*) # requesting: ALL # >> >> # search result >> search: 2 >> result: 10 Referral >> ref: ldap://adldap.adsc.com/ou=prueba,dc=adsc,dc=com??sub >> >> # numResponses: 1 >> >> So, apparently the referral for that query is found, next i tell >> ldapsearch >> to follow it: >> ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C >> >> The openLDAP try to follow the referral and get this response from the >> other >> service: >> # extended LDIF >> # >> # LDAPv3 >> # base <ou=prueba,dc=adsc,dc=com> with scope subtree # filter: >> (objectclass=*) # requesting: ALL # >> >> # search result >> search: 2 >> result: 1 Operations error >> text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform >> this >> operation a successful bind must be completed on the connection., data >> 0, >> vece >> >> # numResponses: 1 >> >> So, How do I tell ldapsearch to authenticate to the referred to LDAP >> server >> when chasing a referral? >> Hope someone can helpme. > > You need to actually bind as a user, e.g.: > > ldapsearch -b "ou=test,dc=adsc,dc=com" -H ldap://doldap.sc.com -x -C -D > "uid=blah,dc=adsc,dc=com" -W > > Gavin. > >> >> Regards. >> >> .A l e j a n d r o. >> >> >> >> >

1 0

Recommended back-end
by Daniel Corbe 17 Jul '07

17 Jul '07

I was wondering what the viability of switching to a MySQL-based back-end would be and how much slower it is compared to the default gdbm back-end. -Daniel

4 5

Authentication per service
by Linux Corporativo 17 Jul '07

17 Jul '07

Hi guys, I'm new at this list and with OpenLDAP. I intend to set up an OpenLDAP server. I know I can register my users and they respective passwords. Well, one thing is authentication, permission another. Suppose I have users A, B, C and D, and services MAIL and PROXY. My question is: How to give permission to A user to MAIL only, B user to MAIL and PROXY and D user to PROXY only, since my users/password base is unique ? Thanks to all..

2 1

Reg : patch download for SUN studio 11 c,cpp (native compiler)
by sridhar varadarajan 17 Jul '07

17 Jul '07

Hi friends, I am facing a problem in solaris 9 which has build with native compiler (SUN studio 11 c,cpp) . i am in need of latest patch source for this compiler. can anyone find me to get the URL for downloading this patch . thanks in advance with regards, sri.

2 1

regarding hdb
by Arunachalam Parthasarathy 17 Jul '07

17 Jul '07

Hello, If i use database as hdb , did it use Sleepycat Berkeley DB package to store data? When we specify database dierective as hdb, so I need to take any special considerations as i came across the following the openldap FAQ -> "back-hdb tends to require larger caches than back-bdb" ? Thanks in advance, Arunachalm. **************************************************************************** **************************** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

3 2

Reg:ldapsearch not running on port 636
by sridhar varadarajan 17 Jul '07

17 Jul '07

Hello freinds, This is Sri.i have a encountered a problem while tring to work with ldapsearch on port 636 .. though slapd in my server system is listening to both 636 & 389 ports. my server is configured in LINUX machine while my client is SOLARIS machine. i have added these lines to slapd.conf :(path of my server and client certificates) and ldap.conf with( HOST rsasol1 ,PORT 636). (FYI::but ldapsearch is working fine with 389 port.) rsasol1 is hostname of my machine. it throws an error: *can`t contact ldapserver(-1)* * addiditional info:error:140943FC:SSL routines:SSL#_READ_BYTES:sslv3 laert bad record mac* can any one of us help me in this issue. thanks in advance with regards, sri.

3 2

ssl handshake failure
by kxiluri＠email.arizona.edu 17 Jul '07

17 Jul '07

Dear all, i have been experimenting with Ldap for 2 months now. I had a test RedHat V4 linux workstation 32-bit where i downloaded the most recent Red Hat rpms and installed openldap and made it work with SSL. The clients are 7 iMACs running OSX 10.4. The recommended tests went fine for the most part (expect i cant change user passwds). But i had some very happy users, being able to make the best of both worlds. Then i decided to install LDAP with the same procedure on the production server, again RH V4, Enterprise 64-bit. While i could get it to work with out SSL, i am having hard time enabling SSL. On the linux ldap server when i do: openssl s_client -connect localhost:636 -showcerts -state -CAfile /usr/share/ssl/certs/slapd.pem i get CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A 18203:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: i get the same result with the ldap service stopped on started. I have used the same slapd.conf file in both cases. THe rpms are the same, the ssl rpms are the same from what i can tell the cyrus-sasl is the same. Could anyone shed some light here? That would be mostly appreciated. Many thanks kiriaki

2 1

syncrepl work fine, but no entry not visible
by stephane.purnelle＠corman.be 17 Jul '07

17 Jul '07

Hi, Openldap 2.3.24 on consummer and 2.3.20 (not sure) on producer. The syncrepl seems to work fine but if I try to see reccord with ldapbrowser or jexplorer or a simple ldapserach, I don't find all entry. And if I try to add with a ldif import, ldap see that the netry already exist ? what happening. My consummer ldap server will be using as a BDC (samba) server. thanks Stéphane ----------------------------------- Stéphane PURNELLE stephane.purnelle(a)corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467

2 1

asking for new feature extending LDAP: return entriest that only matches in default language
by Zhang Weiwu 17 Jul '07

17 Jul '07

Dear list I am not sure if this is the right place to ask for this, but can someone help me by writing me a patch to openldap that allow me to do search and only getting entries that mathches in default language (but not in other language versions)? How much do I need to pay for such a patch? e.g. there are 2 entries: First Entry is: o: Company A Second Entry is: o: Company B o;lang-de: Aaaa Then the patch I need would allow me to do a search for o with "*A" that only return me the first entry but do not return the second entry. I suspect maybe the patch would accept a special search filter format: search for o=*A -> return both entry, this is like traditional search for o;lang-=*A -> return only first entry, this is using the "special search filter format" The later search filter is only my imagination, I mean ";lang-" is telling server only look for the default language version. There can be better ways to invent search filter format for my purpose without breaking other standards too much. Thank you very much and best regards Zhang Weiwu

4 5

cn=config: allow more users to access
by José Marco 16 Jul '07

16 Jul '07

Hi everydoby, I'm juggling with permissions and slapd.d configuration and I am having problems to allow access to the cn=config backend... How can I allow access to users different to the backend's rootdn? I tried inserting lines in file "olcDatabase={0}config.ldif" like: olcAccess: to * by dn="uid=my_user, dc=my_domain, dc=com" read or even olcAccess: to * by * read With no success... After that I thought of creating a branch under the cn=config with users (something like "ou=people, cn=config") in order to allow access for them, but I get constraint problems... Any suggestions?

2 2

← Newer
1
2
3
4
5
6
7
8
9
...
13
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software July 2007