I'm trying to setup pwdCheckQuality in ppolicy and have noticed that it needs an extra script to run. The only quality check I want to happen is that it checks that the password is alphanumeric. Does anyone have an example tip on where to put the module script and possibly even an example of their pwdCheckQuality script if they use one?
Net-LDAPapi 3.0.0 has been released, and is available from CPAN at
<http://search.cpan.org/~mishikal/Net-LDAPapi-3.0.0/> or from SourceForge
Future releases will be announced on the net-ldapapi-announce list hosted
by sourceforge, so please subscribe to that if this perl module interests
you. In addition, there is now a developers list and a general software
list hosted at sourceforge. Subscribe if interested. ;)
Changes for Net-LDAPapi 3.0.0:
This release now supports the LDAP v3 API as found in OpenLDAP. It has
been geared towards continuing to support the Mozilla SDK, but no major
testing of this support has occurred. Feel free to provide feedback and/or
contribute as desired.
LDAP v3 support means that Net-LDAPapi now supports the use of controls,
In addition, Net-LDAPapi has support for being and OpenLDAP delta-syncrepl
client, which then allows one to write programs that can act on changes
that occur on the master.
Many, many thanks to Dmitri Priimak at Stanford University for his hard
work in updating Net-LDAPapi to use the LDAP v3 API, as I was rather busy
integrating into my new job. ;)
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration
Can I use open-ldap as a translation layer for queries with a ldap client
with minimal configuration potential?
Right now the client (which cannot be trivially modified), can use LDAP
authentication, sort-of. What it does, is it takes your user name, and
assignes it to the 'uid' attribute, and then tacks on whatever string is in
the config to form a distinguished name. For example, if I used 'stapleton'
as my username and the config had 'ou=People,dc=domain,dc=tld', it would
query for 'uid=stapleton,ou=People,dc=dmain,dc=tld'. Unfortunately, people
usernames are everything before the '@' sign in their email, and this is not
their uid. The uid is a number, that is used nowhere else. The standard
process that we use is to take their user name and perform an ldap query to
get the uid from the email, and then use the uid to verify if the user is
pulls up my information
Now, if I want to get my uid, I'd do this:
The client, as described cannot do that, if a user attempts to use what they
expect their user name to be, it will send:
Neither of which will authenticate. Is there a way to make OpenLDAP provide
a middle layer to handle this?
I was going through the test scripts available in the scripts directory and
found that most of the scripts are relevant with testing the OpenLDAP
server. I would like to test the OpenLDAP clients such as libldap and
liblber as i have rewritten some modules in that. Could anybody suggest me
how to proceed with my requirement.
The client/tools of OpenLDAP 2.3.33 contains tools for ldapsearch, modify,
delete, etc., I need the same kind of tool for ldapadd. Do i need to write
the code from the scratch? or is it available as any framework?
Thanks in advance,
I have a question about ldap_result. I use openldap-2.3.32. It is my
understanding that this function (ldap_result) is
used in a loop until no more results are coming from the servers. Am I
right about it? The problem I have is that the
last time it is calle it hangs there for a while and finally returns
null LDAPMessage and -1 return value. I am talking
here about 10-15 seconds. Is it normal that it takes that long? I would
expect it to be pretty much instantaneous.
I am using ppolicy overlay control password policy. Now I would like
to define 3 different policies as policyDN.
In slapd.conf one can only define a defaultDN, how can a policyDN
declared in an entry? Or is editing the operational attribute
pwdPolicySubentray with relax control the only way?
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6
Is there any way to find out the exact error message in case of bind failure
using any of the OpenLDAP calls?
What i would like achieve by this is to know exactly why the bind failed?
either due to password expire or account locked or account disabled or user
not found etc.
After googling a bit i found a sol
1. http://forum.java.sun.com/thread.jspa?messageID=4227692 ==> says to use
ldap_get_option() to get the error string and then parse and extract the
error codes. To my understanding this is an extended error message
Is it reliable to depend on the error messages?
Thanks in advance
I've got the following problem:
We've defined a location objectClass with a multi-value attribute
"itAdmin". Underneath the locations we have all our users. On the user
object we have an attribute called "distinctMail". Now all itAdmins, defined
on the location above the user, should have write access to this user
attribute. But I don't know how to set the correct acl settings in
slapd.conf... any hints?
I'm using openLDAP 2.2.6 on a SuSE 9.1 box.
Thanks in advance!