Why invalid credentials
by Keryx Info
Hi all!
An LDAP newbie posting for the first time.
I can't see why I get error 49 (bad credentials) trying to run ldapadd.
My guess is it's a "sasl" thingie....
I was following the tutorial at
http://www.howtoforge.com/openldap_fedora7 but got nowhere.
The goal is to set up ldap-authentication on a net of FC 7 clients and
an FC 7 server.
Config files:
/etc/ldap.conf:
HOST lb.labbnet.ne.keryx.se
BASE dc=lb,dc=labbnet,dc=ne,dc=keryx.se
----------
/etc/slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
# Only three lines changed by me
suffix "dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se"
rootdn "uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx,dc=se"
rootpw {CRYPT}tecdIjhx8TVq.
# Temporary password - I will change it later!
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
-------------
Output of "/usr/bin/ldapadd -x -D
'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se' -W -f /root/ibunk.ldif -d 1":
ldap_initialize( <DEFAULT> )
filter: (objectclass=*)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
-------------
Output of /usr/bin/ldapadd -x -D
'uid=root,dc=lb,dc=labbnet,dc=ne,dc=keryx.se' -W -f /root/ibunk.ldif -d 1
ldap_create
Enter LDAP Password: <entered correctly>
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP lb.labbnet.ne.keryx.se:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 4 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush: 62 bytes to sd 4
ldap_result ld 0x9631270 msgid 1
ldap_chkResponseList ld 0x9631270 msgid 1 all 1
ldap_chkResponseList returns ld 0x9631270 NULL
wait4msg ld 0x9631270 msgid 1 (infinite timeout)
wait4msg continue ld 0x9631270 msgid 1 all 1
** ld 0x9631270 Connections:
* host: lb.labbnet.ne.keryx.se port: 389 (default)
refcnt: 2 status: Connected
last used: Thu Sep 13 17:11:22 2007
** ld 0x9631270 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x9631270 Response Queue:
Empty
ldap_chkResponseList ld 0x9631270 msgid 1 all 1
ldap_chkResponseList returns ld 0x9631270 NULL
ldap_int_select
read1msg: ld 0x9631270 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x9631270 msgid 1 message type bind
ber_scanf fmt ({eaa) ber:
read1msg: ld 0x9631270 0 new referrals
read1msg: mark request completed, ld 0x9631270 msgid 1
request done: ld 0x9631270 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_err2string
ldap_bind: Invalid credentials (49)
16 years
Recover db failed
by Sergio Belkin
I have a problem trying to recover ldap database, error are as follow:
slapd_db_recover -h /var/lib/ldap/ -c -v
Finding last valid log LSN: file: 1 offset 729642
Recovery starting from [1][28]
db_recover: Improper file close at 1/623901
db_recover: Recovery function for LSN 1 623901 failed on forward pass
db_recover: PANIC: Invalid argument
db_recover: PANIC: fatal region error detected; run recovery
db_recover: DB_ENV->open: DB_RUNRECOVERY: Fatal error, run database recovery
How can I recover it?
Thanks in advance!
--
--
Sergio Belkin -
16 years
strcast_func with MySQL
by Kevin Burnett
When I add the strcast_func "text" to my slapd.conf file, running slapd -d1 gives me an error when the SELECT DISTINCT sql statement is executed. Do I need to have a strcast_func for MySQL backend? If so, what function should I use instead of "text" ?
Thanks,
Kevin
16 years
Can I remove an existing index?
by Ole Nomann Thomsen
Hi list. I have a question about an ldap-base that I maintain
The base contains about 500,000 records with attribute uid (single value
and unique) and code(multi value; typically between 10 and 200 values,
5-50 bytes or more each, not unique). The code attribute is indexed on
eq and sub for historical reasons, but the index is no longer needed (if
it ever was). The uid attribute is, and will stay, indexed on eq.
Tests reveal that updating records can be time consuming when they
contain a large number of long codes, sometimes about 1.25 seconds pr.
record(!). In contrast to this, when I update without the index, I get
around 75 recs/second. Searching is still fast, as I never search for
code without uid.
So I'm going to drop that index, no doubt about it. The reliable method
would be to slapcat-reconfigure-slapadd of course, but that will cost
lots of planning and timing (the base is replicated on 3 servers, and is
constantly updated, 2 servers must be available at all the time). It is
feasible, but it *will* be a pain.
So: Can't i simply drop the index from the config file, restart, and
thats it? That is, remove the line:
index code eq,sub
And perhaps the code.dbb file from the database directory? Perhaps
slapindex too?
Further tests indicate that it works, lookups, updates and everything
seem OK. But there is a worrying warning in the logfile:
2007-09-11 12:09:53.742266500 <= bdb_equality_candidates: (code)
index_param failed (18)
The warning persists after slapindex, but is not there when I search for
attributes that was "born" without an index.
So will it break eventually? Or do I need to tell the backend something?
Background (as much as I can dig up, perhaps too much):
OpenLDAP: slapd 2.3.25
Backend: back_bdb, vers 4.2 (Berkeley DB, Btree, version 9)
Linux: Debian 2.6.18
Sears filter (always): "(&(uid=...)(code=...))" (experimentally shown to
work fine without index on "code")
And the same question for:
OpenLDAP: slapd 2.2.26
Backend: ldbm (Berkeley DB, Btree, version 8)
Linux: Mandrake Linux 9.0 3.2-1mdk
Sears filter (always): "(&(uid=...)(code=...))"
Thanks for reading this far :-) and for any answers.
- Ole Thomsen
16 years
viewing entries using slapcat
by Neo -
Hi all, I use a ldapbrowser (its open source java ldapbrowser) to view all my openldap entries.
Im able to read all the attribute values when i view through the ldapbrowser.
But when i do slapcat and generate a ldif file i see some attribute like this
mail:: IGF2ZXJ5cG9obG1hbjM3QHdlYnN0ZXIuZWR1
but when i view the same entry in ldapbrowser its fine.
Any one know why entry looks encrypted using slapcat.
Thanks,
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/
16 years
dn aliases?
by Ron Parker
Is there a way to create aliases for dn's?
For example, right now I point my client to:
rootdn: dc=my,dc=example,dc=com
user: cn=Manager,dc=my,dc=example,dc=com
org: ou=org,dc=my,dc=example,dc=com
Now, I want to create an alias so that the examples below point to those
above:
rootdn: dc=my,dc=alias,dc=com
user: cn=Manager,dc=my,dc=alias,dc=com
org: ou=org,dc=my,dc=alias,dc=com
In other words, any reference in my client to: dc=my,dc=alias,dc=com
would resolve in the ldap database to: dc=my,dc=example,dc=com
Is there a way to do this? If so, where can I locate these instructions?
Thanks!
-ron
--
Ron Parker
Software Creations http://www.scbbs.com
Self-Administration Web Site http://saw.scbbs.com
SDSS Subscription Mgmt Service http://sdss.scbbs.com
Central Ave Dance Ensemble http://www.centralavedance.com
R & B Salsa http://www.randbsalsa.com
16 years
alock package is unstable
by Dieter Kluenter
Hi,
OpenLDAP-2.4.5beta
SuSE-10.2
db-4.4.20
glibc-2.5.25
trying to run slapd an error occurs
backend_startup_one: starting "o=avci,c=de"
bdb_db_open: o=avci,c=de
bdb_db_open: alock package is unstable
backend_startup_one: bi_db_open failed!(-1)
slapd shutdown: initiated
Now, what would be a stable alock package?
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6
16 years
syncrepl sizelimit exeeded
by Dieter Kluenter
Hi,
I am testing 2.4.5beta syncrepl on 2 identical SuSE-10.2 vmware
slices. On both engines sizelimit is set to unlimited.
While on the provider side no sizelimit restrictions are announced,
that is, all entries above "cn=test0394,ou=benchmark,o=avci,c=de" are
allowed to read, on the consumer side I get a Size limit
exceeded after cn=test0394,ou=benchmark,o=avci,c=de, but further
search requests of the consumer are performed.
Are there any syncrepl consumer size limits, which I am not aware of?
,----[ sync provider log ]
| magenta slapd[7228]: => acl_mask: access to entry "cn=test0395,ou=benchmark,o=avci,c=de", attr "objectClass" requested
| magenta slapd[7228]: => acl_mask: to all values by "cn=replicator,o=avci,c=de", (=0)
| magenta slapd[7228]: <= check a_dn_pat: cn=benchmark,o=avci,c=de
| magenta slapd[7228]: <= check a_dn_pat: users
| magenta slapd[7228]: <= acl_mask: [2] applying read(=rscxd) (stop)
| magenta slapd[7228]: <= acl_mask: [2] mask: read(=rscxd)
| magenta slapd[7228]: => slap_access_allowed: search access granted by read(=rscxd)
| magenta slapd[7228]: => access_allowed: search access granted by read(=rscxd)
`----
,----[ sync consumer log ]
| vmware slapd[31608]: syncrepl_entry: rid=2 cn=test0394,ou=benchmark,o=avci,c=de
| vmware slapd[31608]: syncrepl_entry: rid=2 entry unchanged, ignored (cn=test0394,ou=benchmark,o=avci,c=de)
| vmware slapd[31608]: do_syncrep2: rid=2 LDAP_RES_SEARCH_RESULT
| vmware slapd[31608]: do_syncrep2: rid=2 (4) Size limit exceeded
| vmware slapd[31608]: do_syncrepl: rid 002 retrying (4 retries left)
`----
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6
16 years
Startup time
by Sumith Narayanan
Hello,
We have a openldap 2.3.27 database with 42 GB of total data size . The
server is running with 32 bit processor and it crashes once in 2-3
days.. As a work around for now , we are restarting the slapd process
using cron job. But the restart takes 45 min to 1 hour time and
sometimes more than that. Is there any way to bring up the server fast
? It is taking time to cache data before it start ?
Thanks, Sumith.
16 years
RES: RES: ldapsearch and accented names
by Luis Fernando C. Talora
I see, now...
Thanks a lot!
Best regards,
Luís Talora
-----Mensagem original-----
De: Pierangelo Masarati [mailto:ando@sys-net.it]
Enviada em: segunda-feira, 10 de setembro de 2007 17:48
Para: Luís Fernando C. Talora
Cc: OpenLDAP Software List
Assunto: Re: RES: ldapsearch and accented names
Please reply on the list
Luis Fernando C. Talora wrote:
> Thank you, Mr. Pierangelo! I new that it would be a way to make that "readble", but I had no idea how to do it.
>
> I´m using it on a script. Do you know a way to find out when the string returned is encoded in base64 or not?
When the attribute is base64 encoded, the value is separated from the name by "::", as clearly indicated in RFC 2849.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
--
Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo.
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
16 years