openldap-software July 2007

openldap-software@openldap.org

108 participants
124 discussions

pwdCheckQuality
by Andy Loughran 13 Jul '07

13 Jul '07

Hi, I'm trying to setup pwdCheckQuality in ppolicy and have noticed that it needs an extra script to run. The only quality check I want to happen is that it checks that the password is alphanumeric. Does anyone have an example tip on where to put the module script and possibly even an example of their pwdCheckQuality script if they use one? Regards, -------- Andy Loughran www.zrmt.com m: 07921076319

1 0

Net-LDAPapi 3.0.0 released
by Quanah Gibson-Mount 13 Jul '07

13 Jul '07

Net-LDAPapi 3.0.0 has been released, and is available from CPAN at <http://search.cpan.org/~mishikal/Net-LDAPapi-3.0.0/> or from SourceForge at <http://sourceforge.net/projects/net-ldapapi>. Future releases will be announced on the net-ldapapi-announce list hosted by sourceforge, so please subscribe to that if this perl module interests you. In addition, there is now a developers list and a general software list hosted at sourceforge. Subscribe if interested. ;) Changes for Net-LDAPapi 3.0.0: This release now supports the LDAP v3 API as found in OpenLDAP. It has been geared towards continuing to support the Mozilla SDK, but no major testing of this support has occurred. Feel free to provide feedback and/or contribute as desired. LDAP v3 support means that Net-LDAPapi now supports the use of controls, startTLS, etc. In addition, Net-LDAPapi has support for being and OpenLDAP delta-syncrepl client, which then allows one to write programs that can act on changes that occur on the master. Many, many thanks to Dmitri Priimak at Stanford University for his hard work in updating Net-LDAPapi to use the LDAP v3 API, as I was rather busy integrating into my new job. ;) Regards, Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

using openldap as a translation layer.
by S James S Stapleton 12 Jul '07

12 Jul '07

Can I use open-ldap as a translation layer for queries with a ldap client with minimal configuration potential? Right now the client (which cannot be trivially modified), can use LDAP authentication, sort-of. What it does, is it takes your user name, and assignes it to the 'uid' attribute, and then tacks on whatever string is in the config to form a distinguished name. For example, if I used 'stapleton' as my username and the config had 'ou=People,dc=domain,dc=tld', it would query for 'uid=stapleton,ou=People,dc=dmain,dc=tld'. Unfortunately, people usernames are everything before the '@' sign in their email, and this is not their uid. The uid is a number, that is used nowhere else. The standard process that we use is to take their user name and perform an ldap query to get the uid from the email, and then use the uid to verify if the user is correct. Example: ldap://server:389/uid=441068,ou=People,dc=mydomain,dc=tld pulls up my information Now, if I want to get my uid, I'd do this: ldap://server:389/ou=People,dc=mydomain,dc=tld?uid?sub?(mail=stapleton@mydomain.tld) The client, as described cannot do that, if a user attempts to use what they expect their user name to be, it will send: uid=stapleton,ou=People,dc=mydomain,dc=tld or uid=stapleton(a)mydomain.tld,ou=People,dc=mydomain,dc=tld Neither of which will authenticate. Is there a way to make OpenLDAP provide a middle layer to handle this? Thank you, -Jim Stapleton

6 23

OpenLDAP Client testing - reg.
by Aviator LDap 12 Jul '07

12 Jul '07

Hi Friends, I was going through the test scripts available in the scripts directory and found that most of the scripts are relevant with testing the OpenLDAP server. I would like to test the OpenLDAP clients such as libldap and liblber as i have rewritten some modules in that. Could anybody suggest me how to proceed with my requirement. regards, dinesh V

1 0

ldapadd.c - reg.
by Aviator LDap 12 Jul '07

12 Jul '07

Hi Friends, The client/tools of OpenLDAP 2.3.33 contains tools for ldapsearch, modify, delete, etc., I need the same kind of tool for ldapadd. Do i need to write the code from the scratch? or is it available as any framework? Thanks in advance, regards, dinesh V

2 1

Can only ldapsearch localhost but NOT the actual server name
by Kelly Choo 12 Jul '07

12 Jul '07

Hi I'm running openldap-2.3.35 on HPUX 11.11 and I can ldapsearch localhost ldapsearch -H ldap://localhost/ -b dc=math,dc=uvic,dc=ca -x # extended LDIF # # LDAPv3 # base <dc=math,dc=uvic,dc=ca> with scope subtree # filter: (objectclass=*) # requesting: ALL # # math.uvic.ca dn: dc=math,dc=uvic,dc=ca dc: math objectClass: dcObject objectClass: organizationalUnit ou: Mathematics and Statistics but not when I use the actual server name chief.math.uvic.ca ldapsearch -H ldap://chief.math.uvic.ca/ -b dc=math,dc=uvic,dc=ca -x I get ldap_result: Can't contact LDAP server (-1) The same happens if I use the IP address instead of chief.math.uvic.ca Here is the debug output: ldapsearch -H ldap://chief.math.uvic.ca/ -b dc=math,dc=uvic,dc=ca -x -d -1 ldap_create ldap_url_parse_ext(ldap://chief.math.uvic.ca/) ldap_bind ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP chief.math.uvic.ca:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 142.104.7.18:389 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x40022460 ptr=0x40022460 end=0x4002246e len=14 0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........ ber_scanf fmt ({i) ber: ber_dump: buf=0x40022460 ptr=0x40022465 end=0x4002246e len=9 0000: 60 07 02 01 03 04 00 80 00 `........ ber_flush: 14 bytes to sd 3 0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........ ldap_result ld 40022270 msgid 1 ldap_chkResponseList ld 40022270 msgid 1 all 1 ldap_chkResponseList returns ld 40022270 NULL wait4msg ld 40022270 msgid 1 (infinite timeout) wait4msg continue ld 40022270 msgid 1 all 1 ** ld 40022270 Connections: * host: chief.math.uvic.ca port: 389 (default) refcnt: 2 status: Connected last used: Wed Jul 11 15:35:19 2007 ** ld 40022270 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 40022270 Response Queue: Empty ldap_chkResponseList ld 40022270 msgid 1 all 1 ldap_chkResponseList returns ld 40022270 NULL ldap_int_select read1msg: ld 40022270 msgid 1 all 1 ber_get_next ldap_read: want=8 error=Connection reset by peer ber_get_next failed. ldap_perror ldap_result: Can't contact LDAP server (-1) I'm not sure what it means and I tried this with the firewall disabled as well. Any help would be much appreciated. Thanks in advance Mr. Kelly Choo, System Administrator - Department of Mathematics and Statistics University of Victoria PO Box 3045 STN CSC PHONE: (250) 472-4927 Victoria BC V8W 3P4 FAX: (250) 721-8962 http://www.math.uvic.ca

2 1

ldap_result takes time to indicate that there are no more result.
by Dmitri Priimak 12 Jul '07

12 Jul '07

Hi All. I have a question about ldap_result. I use openldap-2.3.32. It is my understanding that this function (ldap_result) is used in a loop until no more results are coming from the servers. Am I right about it? The problem I have is that the last time it is calle it hangs there for a while and finally returns null LDAPMessage and -1 return value. I am talking here about 10-15 seconds. Is it normal that it takes that long? I would expect it to be pretty much instantaneous. -- Dmitri Priimak

4 7

multiple password policies
by Dieter Kluenter 11 Jul '07

11 Jul '07

Hi, I am using ppolicy overlay control password policy. Now I would like to define 3 different policies as policyDN. In slapd.conf one can only define a defaultDN, how can a policyDN declared in an entry? Or is editing the operational attribute pwdPolicySubentray with relax control the only way? -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6

3 3

ldap_simple_bind_s error codes
by Anoob Backer 11 Jul '07

11 Jul '07

Hi All, Is there any way to find out the exact error message in case of bind failure using any of the OpenLDAP calls? What i would like achieve by this is to know exactly why the bind failed? either due to password expire or account locked or account disabled or user not found etc. After googling a bit i found a sol 1. http://forum.java.sun.com/thread.jspa?messageID=4227692 ==> says to use ldap_get_option() to get the error string and then parse and extract the error codes. To my understanding this is an extended error message Is it reliable to depend on the error messages? Thanks in advance becks

2 1

ACL I just don't get it...
by Christoph Lipp 10 Jul '07

10 Jul '07

Hi all, I've got the following problem: We've defined a location objectClass with a multi-value attribute "itAdmin". Underneath the locations we have all our users. On the user object we have an attribute called "distinctMail". Now all itAdmins, defined on the location above the user, should have write access to this user attribute. But I don't know how to set the correct acl settings in slapd.conf... any hints? I'm using openLDAP 2.2.6 on a SuSE 9.1 box. Thanks in advance! Christoph

1 0

← Newer
1
...
5
6
7
8
9
10
11
12
13
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software July 2007