openldap-software September 2007

openldap-software@openldap.org

74 participants
88 discussions

uid not case-sensitiv / How can i modify to octetstring / in core.schema not included / Version 2.3.80 [Virus checked]
by ems＠Sparkassen-Informatik.de 20 Sep '07

20 Sep '07

Hello, i'am new on this List. We upgraded from openldap 2.2.30 to 2.3.80. (Solaris 10) Is it right, that in core.schema the entry for uid (and others) is now removed (commented) ? How can i now found this entry ? Is it hardcoded in Source ? The Reason/Problem is, that we have modified the core.schema (in Version 2.2.30) for entry uid, while uid is not case-sensitiv (it allows, that uid=a4711 is the same as uid=A4711). We need strict lowercase. So we change some times ago: attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC1274: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) To new attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC1274: user identifier' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) OK, it was not good, to modify the core.schema. So i have now an new local.schema. But when i copy this section to local.schema i got an error about "duplicate entry". (so i remove it, an local.schema is empty and LDAP works but with case-insensitiv for uid). The reason was, that the uid is NOT CaseSensitiv. So with octetStringMatch the uid was case-sensitiv. And it works fine with Apache and cgi-scripts. But now, when i upgrade to 2.3.80, first i got an Error, while we use the "old" core.schema. Then i correct this with the original core.schema and it will now work. But i can not found any place, how uid is defined in Version 2.3.80. in slapd.conf we include include /soft/openldap/etc/openldap/schema/core.schema include /soft/openldap/etc/openldap/schema/cosine.schema include /soft/openldap/etc/openldap/schema/nis.schema include /soft/openldap/etc/openldap/schema/local.schema How can i change uid ? Or how can i overwrite it ? Many thanks MFG K.H.O.

2 1

Can't see DIT
by Daniel Guerrero 20 Sep '07

20 Sep '07

Hi all, I'm trying to see my DIT with ldapsearch, but I can't see anything... the answer is the following: prompt> ldapsearch -x -b "dc=example,dc=com" # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object I added two identities, one organisational unit and an object included in this ou, without errors. I think is not rellevant, but i could authenticate remotely with the rootdn user and password. Is there any other way to check the database to see if there has been any error adding the ou and the object? I attach my slapd.conf file, but i can bring more information, only if needed. Thank you very much.

2 1

Advice on restoring database and keeping kerberos mappings to users in the database
by Ezra Taylor 20 Sep '07

20 Sep '07

Hello all: I'm running Openldap version 2.2.13-7.4E and kerberos on Redhat 4 u4. I know we are in desperate need of an upgrade. I noticed that the database is corrupted and would like to know if I do a restore with slapadd if the Kerberos passwords continue to map with the users in ldap database? If not, what tasks do I have to execute to map the kerberos passwords with the users in the ldap database? Thanks for all your help. -- Ezra Taylor

2 2

Re: optimal index for ldap
by Ace 20 Sep '07

20 Sep '07

> The problem here is when I have index on cn, it didn't finds what I search > for. Here is search query - > ldapsearch -x -b "dc=zlemail,dc=com" "(cn=rr1)" >Did you consult the documentation? For instance, please see the section on the >index directive in the man page for slapd-bdb. It says: > >"Note: changing index settings in > slapd.conf(5) requires rebuilding indices, see >slapindex(8);" Thanks Buchan! I did slapdindex and its working fine now.....Thanks once again for your help! > Now if I remove index on cn, it does finds record but complains about index > failed on cn. Also it takes considerable amount of time for search > operation to complete. Do I need to revisit my ldap database structuring? -- I may be miles away... but I am just a mail away.... so keep mailing...!!! Cheers, Rajan

1 0

Re: optimal index for ldap
by Ace 20 Sep '07

20 Sep '07

On Wednesday 19 September 2007 15:52:02 Ace wrote: >> Hi Masters, >> >> We have around 100000 entries of the form - >> >> dn: cn=rr1,ou=addressbook,dc=zlemail,dc=com >> objectClass: top >> objectClass: inetOrgPerson >> mail: rr1(a)oo.com >> userPassword: a@123 >> cn: rr1 >> sn: rr1 >> >> What should be the index for fast search? >As Quanah and Aaron replied, the search filters you use will determine the >indexes you need. >However, most mail clients will search on the cn, sn, and maybe the mail >attribute, so you probable need equality and substring indexes on those 3 >attributes, plus the standard equality index on objectclass. It is unlikely >that you will need to index userPassword. Ok. I tried having indexes on cn, sn and mail as - index default eq index cn eq,pres index sn eq, pres index mail eq,pres index objectClass eq The problem here is when I have index on cn, it didn't finds what I search for. Here is search query - ldapsearch -x -b "dc=zlemail,dc=com" "(cn=rr1)" Now if I remove index on cn, it does finds record but complains about index failed on cn. Also it takes considerable amount of time for search operation to complete. Do I need to revisit my ldap database structuring? >However, I note that with a relatively large database, your entry cache and >backend database cache tuning is also critical to performance. Yes. I am using cachesize = 1000000 and DB_CONFIG file same as DB_CONFIG.example (no changes made) >If you are seeing high CPU utilisation, check the logs for errors relating to >indexes, and add the indexes slapd is complaining are missing. If you have >high load average but low CPU utilisation (thus high load due to IO wait), >you need to look at your cache tuning. Its a high CPU utilization. Refer above reply for index problem. >For anyone to provide more assistance, you need to provide more details on >your configuration (OpenLDAP version, backend you are using, any tuning you >have done, possibly the sizes of the files in your database directory). My LDAP version is 2.3.32, bdb backend. >Regards, >Buchan -- I may be miles away... but I am just a mail away.... so keep mailing...!!! Cheers, Rajan

2 1

optimal index for ldap
by Ace 20 Sep '07

20 Sep '07

Hi Masters, We have around 100000 entries of the form - dn: cn=rr1,ou=addressbook,dc=zlemail,dc=com objectClass: top objectClass: inetOrgPerson mail: rr1(a)oo.com userPassword: a@123 cn: rr1 sn: rr1 What should be the index for fast search? -- I may be miles away... but I am just a mail away.... so keep mailing...!!! Cheers, Rajan

4 3

Can I delete the database to start over
by Keryx Info 18 Sep '07

18 Sep '07

Hi again Having experimented with my first installation of OpenLDAP I've come to the conclusion that I had better start all over. Is the following procedure safe (using Fedora 7)? 1. service ldap stop 2. delete slapd.conf and ldap.conf 3. delete all contents in /var/lib/ldap 4. Create a new slapd.conf and ldap.conf 5. Service ldap start + Anything else I should do? Lars Gunther

2 1

TLS handshake failure
by Esther Puente 18 Sep '07

18 Sep '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I follow the instructions in http://www.openldap.org/faq/data/cache/185.html and in other tutorials from the Web for activate TLS and use a CA and I can't get it works right. The error I obtained is a "Handshake failure". Somebody can help me? I paste you my slapd.conf and my ldap.conf: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb suffix "dc=abc,dc=es" checkpoint 32 30 # <kbyte> <min> rootdn "cn=Manager,dc=abc,dc=es" rootpw asdhjka # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/openldap-data # Indices to maintain index objectClass eq TLSCACertificateFile /etc/openldap/ssl/cacert.pem TLSCertificateFile /etc/openldap/ssl/certs/servidorcert.pem TLSCertificateKeyFile /etc/openldap/ssl/private/servidorkey.pem TLSVerifyClient demand # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=abc,dc=es URI ldap://localhost ldaps://localhost PORT 636 TLS_CACERT /etc/openldap/ssl/cacert.pem TLS_CERT /etc/openldap/ssl/clientecert.pem TLS_KEY /etc/openldap/ssl/clientekey.pem TLS_REQCERT demand - -- AVISO: Las opiniones expresadas en este mensaje son estrictamente personales y no es una posición oficial de la Universidade da Coruña. AVISO LEGAL: Este mensaje y sus ficheros adjuntos tienen carácter privado y confidencial y van dirigidos exclusivamente a sus destinatarios. Si ha recibido este mensaje por error, no debe revelarlo, copiarlo o distribuirlo en ningún sentido sin previo consentimiento por escrito del destinatario. Rogamos lo comunique al remitente y elimine dicho mensaje y cualquier documento adjunto que pudiera contener. De no hacerlo así puede vulnerar la legislación vigente. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7-ecc0.1.6 (GNU/Linux) iD8DBQFG77c4M/ZbFVfHDjwRArWtAJ0fcj68YMSLOK4yIF+Yts1QFb9arACdHnKw YADPlfMT51Iny0NhupLqgFY= =hVor -----END PGP SIGNATURE-----

3 2

What is this? It doesn't work...
by Hex Star 18 Sep '07

18 Sep '07

I don't understand how complicated software like this gets widely deployed and accepted when documentation on it is so limited and unclear... It is quite difficult to get ldap to function properly and am left with the question of how the hell anyone can figure out how to get this piece of software to do anything! If there was some form of acceptable documentation....

6 5

cn=config crashes on modification
by Dieter Kluenter 18 Sep '07

18 Sep '07

Hi, I am experiencing weird errors with 2.4.5beta, i.e. modifying config backand for example I get => access_allowed: read access to "olcDatabase={1}hdb,cn=config" "olcDbDNcacheSize" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) <= acl_access_allowed: granted to database root filter_free: unknown filter type=1168 *** glibc detected *** double free or corruption (out): 0x085c46c0 *** Abgebrochen Is this a bug. a corrupted cn=config database or is glibc-2.3.4-23.4 the reason? -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6

3 2

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software September 2007