openldap-software August 2007

openldap-software@openldap.org

77 participants
93 discussions

ppolicy: unable to assign default policy to an individual user account
by Scott Phelps 06 Aug '07

06 Aug '07

Environment: =============== * OS: Ubuntu Feisty 7.04 * Slapd Version: slapd 2.3.30 * Apt-Package Compile Options (per launchpadlibrarian.net): --prefix=/usr --libexecdir='${prefix}/lib' --sysconfdir=/etc --localstatedir=/var --mandir='${prefix}/share/man' --enable-debug --enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-local --enable-slapd --enable-aci --enable-cleartext --enable-crypt --enable-spasswd --enable-modules --enable-rewrite --enable-rlookups --enable-slp --enable-wrappers --enable-backends=mod --enable-ldbm=no --enable-overlays=mod --enable-slurpd --with-subdir=ldap --with-cyrus-sasl --with-threads --with-tls * slapd.conf (abbridged) ============= # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/sudo.schema include /etc/ldap/schema/autofs.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/corba.schema include /etc/ldap/schema/authldap.schema include /etc/ldap/schema/solaris.schema include /etc/ldap/schema/solaris-nis.schema include /etc/ldap/schema/solarisdua.schema modulepath /usr/lib/ldap moduleload back_bdb moduleload ppolicy schemacheck on TLSCipherSuite #####SECRET###### TLSCertificateFile #####SECRET###### TLSCertificateKeyFile #####SECRET###### TLSCACertificateFile #####SECRET###### database bdb # Overlay Directives overlay ppolicy ppolicy_default "cn=defaultPolicy,ou=policies,#####SECRET#######" ppolicy_use_lockout directory "/var/lib/ldap" # For the Debian package we use 2MB as default but be sure to update this # value if you have plenty of RAM dbconfig set_cachesize 0 2097152 0 # Sven Hartge reported that he had to set this value incredibly high # to get slapd running at all. See http://bugs.debian.org/303057 # for more information. # Number of objects that can be locked at the same time. dbconfig set_lk_max_objects 1500 # Number of locks (both requested and granted) dbconfig set_lk_max_locks 1500 # Number of lockers dbconfig set_lk_max_lockers 1500 # Indexing options for database #1 index objectClass eq # Save the time that the entry gets modified, for database #1 lastmod on access to dn.children="ou=people,#####SECRET######" attrs=userPassword by group/groupOfNames/member="#####SECRET######" write by self write by * auth * defaultPolicy.ldif ======================== dn: cn=defaultPolicy,ou=policies,#####SECRET###### cn: defaultPolicy objectClass: organizationalRole objectClass: pwdPolicy objectClass: top pwdLockout: TRUE pwdMaxFailure: 3 pwdAttribute: userPassword pwdGraceAuthNLimit: 3 pwdLockoutDuration: 15 pwdAllowUserChange: TRUE * ppolicytest.ldif ========================= dn: uid=ppolicytest,ou=people,#####SECRET###### uid: ppolicytest uidNumber: 1012 gidNumber: 100 homeDirectory: /home/ppolicytest loginShell: /bin/bash objectClass: inetOrgPerson objectClass: posixAccount objectClass: top structuralObjectClass: inetOrgPerson entryUUID: e4c33596-d832-102b-8c70-39998be84848 creatorsName: #####SECRET###### createTimestamp: 20070806063457Z pwdPolicySubentry: cn=defaultPolicy,ou=policies,#####SECRET###### userPassword: {MD5}Gh3JHJBzJcaScd3wyUS8cg== pwdChangedTime: 20070806070643Z cn: ppolicytest entryCSN: 20070806070815Z#000000#00#000000 modifiersName: #####SECRET###### modifyTimestamp: 20070806070815Z entryDN: uid=ppolicytest,ou=people,#####SECRET###### subschemaSubentry: cn=Subschema hasSubordinates: FALSE So with this all in place I get no errors starting slapd (the module gets loaded.) I run the following command 4 times: ldapsearch -P 3 -x -LLL -e ppolicy -D "uid=ppolictest,ou=people,#####SECRET######" -W "(objectclass=*)" Entering an incorrect password each time, however the account never gets locked out and the operational attributes never change. TIA, for any advice!

1 0

libcrypto.a : bad value(while doing make step in openldap)
by sridhar varadarajan 04 Aug '07

04 Aug '07

Hi friends, While installing openldap in Red Hat Linux , I am getting this error in Make step.. can anyone help me in this issue.. /usr/bin/ld: /usr/local/ssl/lib/libssl.a(s3_pkt.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/local/ssl/lib/libssl.a: could not read symbols: Bad value I have configured openssl like this *. ./config -fPIC *.make depend *.make install *.make test thanks in advance. with cheers, sri.

2 1

shell backend and threads
by manu＠netbsd.org 04 Aug '07

04 Aug '07

Hello The man page says shell backed should not be used with slapd built with thread support. What is the problem? Is it just that the backed developper must face horrible race issues, or is there something that will cause slapd to goes wrong? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu(a)netbsd.org

1 0

[Fwd: Re: configure fails on libtool problem v2.3.32]
by Kent Nasveschuk 04 Aug '07

04 Aug '07

Thank you all, that worked. Installing development rpms didn't install libtool-ltdl-devel or libtool-ltdl on rhel5. Searching is over. Kent N

1 0

Replication using syncrepl
by CyberGod 03 Aug '07

03 Aug '07

I am trying to establish replication between two ldap servers. Here's part of slapd.conf file for the subscriber: syncrepl rid=123 provider=ldap://ldap.mydomain.com type=refreshOnly interval=00:00:01:00 searchbase="dc=mydomainr,dc=com" schemachecking=off updatedn="cn=Manager,dc=mydomain,dc=com" bindmethod=simple binddn="cn=Manager,dc=mydomain,dc=com" credentials=secret This is the stanza in slapd.conf for the provider: sessionlog 123 4555 Ldap version on both is 2.3.37 and everything else works fine (centralized login, automount etc.) When I look at the log file for the provider it seems like the subscriber is making queries but no updates are made to the slave. Here's part of the log: => bdb_presence_candidates (objectClass) <= bdb_filter_candidates: id=-1 first=1 last=20 <= bdb_list_candidates: id=-1 first=1 last=20 <= bdb_filter_candidates: id=-1 first=1 last=20 bdb_search_candidates: id=-1 first=1 last=20 => test_filter PRESENT => access_allowed: search access to "dc=mydomain,dc=com" "objectClass" requested <= root access granted <= test_filter 6 => send_search_entry: conn 34 dn="dc=mydomain,dc=com" => access_allowed: read access to "dc=mydomain,dc=com" "entry" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "objectClass" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "o" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "dc" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "structuralObjectClass" requested <= root access granted => access_allowed: read access to "dc=mydomain,dc=com" "entryCSN" requested <= root access granted ... Any advise on what I am missing will be greatly appreciated. I am sure I am missing something important here. Is there something else I need to add to the providers config? Regards.

4 6

configure fails on libtool problem v2.3.32
by Kent Nasveschuk 03 Aug '07

03 Aug '07

Trying to compile version 2.3.32 RedHat 5 Heimdal 1.0 I've already compiled this without module support and I have a working Kerberos/LDAP directory. I want module support so I can use the smbk5pwd overlay. Compile options: export CPPFLAGS="-I/usr/share/libtool/libltdl";./configure --prefix=/opt/openldap --enable-local --with-cyrus-sasl --with-tls --enable-crypt --enable-spasswd --enable-lmpasswd --enable-cleartext --enable-syncprov --disable-ipv6 --enable-lastmod --enable-unique --enable-syslog --enable-rlookups --enable-ppolicy --enable-debug --enable-hdb --enable-dynamic --enable-modules Results: checking for afopen in -ls... no checking ltdl.h usability... yes checking ltdl.h presence... yes checking for ltdl.h... yes checking for lt_dlinit in -lltdl... no configure: error: could not locate libtool -lltdl Any suggestion on how to get around this? Kent N.

4 4

alock package is unstable
by Arunachalam Parthasarathy 02 Aug '07

02 Aug '07

Hello all, My slapd server machine got restarted when adding entries. When I start the machine again, it is saying ,: alock package is unstable bi_db_open failed Please say me what is the problem. Expecting ur replies. Thanks a lot in advance. Regards, Arunachalam. **************************************************************************** **************************** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

2 2

Syncrepl with back-sql provider
by Pavel Zakouril 02 Aug '07

02 Aug '07

Hello all, I would like to replicate content of one OpenLDAP server running over the sql backend to the another one running over the bdb (provider version 2.3.37, consumer 2.3.34). I set up overlay syncprov on the sql based provider and syncrepl directive on the bdb consumer, but replication does not work. On the provider I can see in the log file: Aug 2 14:27:47 ducklet slapd[27789]: Entry dc=mff,dc=cuni,dc=cz CSN 20070802122747Z#000000#00#000000 greater than snapshot 20070802122642Z#000000#00#000000 for all entries, which should be replicated. When I start consumer with -c switch, eg.: slapd -d 16389 -h "ldap:/// ldaps:///" -c 'rid=1,csn=20070731102106Z#000000#00#000000' I get a little bit different message: Aug 2 13:53:56 ducklet slapd[26562]: Entry dc=mff,dc=cuni,dc=cz CSN 20070731102106Z#000000#00#000000 matches ctx 20070731102106Z#000000#00#000000 but replication does not work as well. When I try to use similarly configured provider with bdb backend, then replication works as expected. Is there anybody who can help ? Best regards, Pavel Zakouril

2 1

trigger external program on some change
by Emmanuel Dreyfus 02 Aug '07

02 Aug '07

Hello I'd need to trigger execution of an external shell script when some particular change occur in the tree. Is there a simple way of doing that? Of course, an overlay could do that. I saw no available overlay that would have this capacity out of the box. The only way I see is building a new overlay just for that, or use something such as slapo-auditlog and feed it to an external filter (throug a pipe?). I wonder if there is a simplier mechanism available. -- Emmanuel Dreyfus manu(a)netbsd.org

4 3

OpenLDAP 2.4 (alpha) - multi-master-replication (docs)
by Stefan Jurisch 02 Aug '07

02 Aug '07

Hello, Just round about a few hour ago I wrote an email to Quanah, who gave me the advice to contact the developers' mailinglist, so I did it, but there the moderator told be to better redirect my question into this software-mailinglist... now I do so, and I really hope to be in the correct list now. :-) I just would like to ask one little question: Is there already any documentation on the multi-master-replication feature, which is planned for the upcoming openldap-release 2.4? At work I have to implement a special ldap-solution which should provide this feature beacuse our customer has multiple locations where the 3 big ones should have their own master-directory-server. Even the german Linux Magazine brought an article this month, where the author also writes about this new features in the new 2.4-release. I compiled the openldap-source just last sunday, but I did not find any documentation to activate and use the multi-master-replication. Perhaps you can help me, please? Looking forward to an answer I thank you in advance. Cordially yours Stefan "FastEddy" Jurisch Siegnetz.IT GmbH, Germany

2 1

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software August 2007