Resolving aliasedobjectname(s)
by Dave Lewney
Faq #1111 states that given ...
dn: uid=alias,ou=People,dc=example,dc=net
objectclass: alias
objectclass: extensibleObject
uid: alias
aliasedobjectname: uid=target,ou=Retired People,dc=example,dc=com
... then
ldapsearch -x -a always -b uid=alias,ou=People,dc=example,dc=net
'objectclass=*'
will return results from the "target" DN.
Should the same results be expected from searching with ...
ldapsearch -x -a always -b ou=People,dc=example,dc=net uid=alias
... assuming uid was indexed for equality.
Dave
---
Dave Lewney
IT Services, University of Sussex, Brighton BN1 9QT
15 years, 1 month
meaning of timeout value in ldap_search_ext
by Kenneth Rogers
Hello,
The man page for ldap_search_ext doesn't specify how the timeout value
is used. There are external sources that say it defines a timeout
both for the client and the server. Is that accurate?
KR
--
""If we knew what we were doing, it wouldn't be called research, would it?"
--Albert Einstein
15 years, 1 month
MirrorMode behind fail over loadbalancer
by Diaa Radwan
We have two openldap 2.4.7 , configured as MirrorMode, We are planning
to add load balancer in front of both servers into the production
environment, We don't want too go through conflicts issues as it was
stated before as messy process.
--------- ---------
. . . .
. Srv1 . . Srv2 .
--------- ---------
\ /
---- ------------
. LoadB .
.-------.
As per my understanding, the load balancer(failover mode) is
redirecting all traffic to the active server(srv1); if the active
server went down the traffic will be redirected to stand-by
server(srv2). When srv1 goes online again the load balancer will
redirect all trafic to srv1, while srv1 is in progress to get synced
with srv2. The load balancer will not consider the sync process; it
will just redirect the traffic.
it was previously stated on the mailing list that there should be one
write at a time. is there any conflict will occur when server getting
bulk syncing and receiving updates(attribute level)/add requests as
well?
What happen if there attribute-level conflict? how to avoid it?
suggestions are highly welcomed.
--
Diaa Radwan
15 years, 1 month
Create NextFreeUnixId.ldif in LDAP
by Rodrigo Tavares
Hello,
When I try to write in LDAP come this error :
weekend:~# ldapadd -x -h ldap -D
"cn=admin,dc=homework" -f NextFreeUnixId.ldif -W
Enter LDAP Password:
adding new entry
"cn=NextFreeUnixId,ou=System,dc=homework"
ldap_add: Internal (implementation specific) error
(80)
additional info: index generation failed
How I can to resolve it ?
Best regards,
Faria
#the file
dn: cn=NextFreeUnixId,ou=System,dc=homework
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
uidNumber: 10000
gidNumber: 10000
cn: NextFreeUnixId
sn: NextFreeUnixId
Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!
http://br.mail.yahoo.com/
15 years, 1 month
multi-valued attribute suddenly become comma-separated
by Alexander Bruckner
Hi,
Installed version:
OpenLDAP: slapd 2.3.30
My problem is that multi-valued attributes become single-valued
attribtues with the values as comma separated list without any
observable reason.
An entry should look like this (as it is entered into the directory):
...
mail: testing1(a)test.com
mail: testing2(a)test.com
After a while the entry suddenly looks like this:
mail: testing1(a)test.com, testing2(a)test.com
Does anybody know, what the reason of this behaviour could be? I cannot
find any cron-jobs modifying the ldap-directory, or any application with
write-permission. The modification seems to happen accidentally.
Thanks in advance,
Alex Bruckner
15 years, 1 month
ldappasswd error
by Adam Williams
Running openldap 2.3.39. When I run ldappasswd, I get the following error:
[root@roark named]# ldappasswd
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information
(Unknown code krb5 195)
but slappasswd is ok:
[root@roark named]# slappasswd
New password:
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
any ideas? Google search didn't really turn up anything.
15 years, 1 month
ldapadd: Invalid syntax (21) additional info: objectclass: value #0 invalid per syntax
by Adam Williams
I'm following the quick start guide. I'm running openldap 2.3.39. I
have my my main.ldif as:
dn: dc=mdah,dc=state,dc=ms,dc=us
objectclass: dcObject
objectclass: organization
o: Mississippi Department of Archives and History
dc: mdah
dn: cn=Manager,dc=mdah,dc=state,dc=ms,dc=us
objectclass: organzationalRole
cn: Manager
but when I load it, I get the error:
ldapadd -x -D "cn=Manager,dc=mdah,dc=state,dc=ms,dc=us" -W -f main.ldif
Enter LDAP Password:
adding new entry "dc=mdah,dc=state,dc=ms,dc=us"
adding new entry "cn=Manager,dc=mdah,dc=state,dc=ms,dc=us"
ldapadd: Invalid syntax (21)
additional info: objectclass: value #0 invalid per syntax
a google search says that is usually because of trailing characters, but
I checked it in vi, and there are no trailing characters. Any
suggestions? my slapd.conf is:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
database bdb
suffix "dc=mdah,dc=state,dc=ms,dc=us"
rootdn "cn=Manager,dc=mdah,dc=state,dc=ms,dc=us"
rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxx
directory /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID sub,eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default pres,eq,sub
access to dn.base=""
by self write
by * auth
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to attrs=shadowLastChange
by self write
by * auth
access to *
by self write
by * read
and my ldap.conf is:
BASE dc=mdah,dc=state,dc=ms,dc=us
TLS_REQCERT allow
URI ldap://roark.mdah.state.ms.us/
TLS_CACERTDIR /etc/openldap/cacerts
and slapd is running:
ps ax|grep slap
13743 ? Ssl 0:00 /usr/sbin/slapd -h ldap:/// -u ldap
15 years, 1 month
Upgrading Blues
by Sn!per
Am currently using openLDAP version 2.3.35 along with Berkeley DB version 4.5.20. I noticed that openLDAP is now currently at 2.3.39 and Berkeley DB at 4.6.21.
I used openLDAP for my qmail-ldap and am wondering if it would be advisable for me to upgrade. If the answer is yes, then which version of Berkeley DB should I use with 2.3.39 as I read somewhere that there are some incompatibiliites issues? Please advise and thank you in advance.
--
roger
---------------------------------------------------
Sign Up for free Email at http://ureg.home.net.my/
---------------------------------------------------
15 years, 1 month
matching one character of a caseIgnoreIA5Match attribute
by Alexander 'Leo' Bergolth
Hi!
I'm trying to filter entries that have the 'D' flag set in the
sambaAcctFlags attribute:
attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
DESC 'Account Flags'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
However, this attribute doesn't have a substring match rule, and normal
substring filters don't seem to work.
I don't know if that's possible on principle, but maybe an extensible
search filter with a special matching rule can be used to accomplish
this task?
I've tried it with "(sambaAcctFlags:caseIgnoreSubstringsMatch:=*D*)" but
substring filters are not allowed in extensible filters.
Any hints?
Thanks in advance,
--leo
--
e-mail ::: Leo.Bergolth (at) wu-wien.ac.at
fax ::: +43-1-31336-906050
location ::: Computer Center | Vienna University of Economics | Austria
15 years, 2 months
2.3.35 -> 2.4.7 replication: null_callback : error code 0x10
by Dave Horsfall
Testing interoperability between 2.3.35 and 2.4.7.
Consumer is 2.4.7, provider is 2.3.35.
I get messages in the 2.4.7 log that look like this:
Jan 15 13:07:47 mippet slapd[13134]: null_callback : error code 0x10
Jan 15 13:07:47 mippet slapd[13134]: syncrepl_updateCookie: rid=002 be_modify failed (16)
Jan 15 13:07:47 mippet slapd[13134]: do_syncrepl: rid=002 retrying (4 retries left)
Jan 15 13:07:52 mippet slapd[13134]: null_callback : error code 0x10
Jan 15 13:07:52 mippet slapd[13134]: syncrepl_updateCookie: rid=002 be_modify failed (16)
Seems to be related to adding/changing/deleting on the provider, although
the changes do propagate. Is this fixed by 2.3.40, or is it a separate
issue in 2.4.7?
--
Dave Horsfall DTM VK2KFU Ph: +61 2 9552-5509 (direct) +61 2 9552-5500 (switch)
Corinthian Eng'ng P/L, Ste 54 Jones Bay Whf, 26-32 Pirrama Rd, Pyrmont 2009, AU
15 years, 2 months