openldap-software April 2008

openldap-software@openldap.org

77 participants
72 discussions

Master-Master replication mode
by Padmavathi Dt 10 Apr '08

10 Apr '08

Hii List, I have already posted a doubt regarding the posiibility of setting up a Master-Master replication mode setup in openLDAP.(sub:Is Master-Master architecture available in openldap?) Please refer the following link: http://www.openldap.org/lists/openldap-devel/199905/msg00029.html According to the above,there is a possibility of setting up Master-Master(Multi-Master) mode.He has also provided some patch to be applied for slapd. Whether this patch can be applied to any slapd(irrespective of versions?) But I would like to know which versions of slapd can support the Multi-Master mode???? Please clarify these things as soon as possible ................ I am waiting for an answer........ Thanks and Regards, Padma =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

4 5

Issue with building of back-perl
by Arjan Hulshoff 09 Apr '08

09 Apr '08

Hi, I am learning how to install, configure and use openldap. During installing of openldap with back-perl I get the following error: cd back-perl; make -w install make[3]: Entering directory `/root/openldap-2.4.8/servers/slapd/back-perl' /bin/sh ../../..//libtool --tag=disable-static --mode=compile cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -DSLAPD_IMPORT -c init.c cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -DSLAPD_IMPORT -c init.c -fPIC -DPIC -o .libs/init.o In file included from init.c:18: perl_back.h:21:20: error: EXTERN.h: No such file or directory perl_back.h:22:18: error: perl.h: No such file or directory In file included from init.c:18: perl_back.h:62: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token perl_back.h:67: error: expected specifier-qualifier-list before 'SV' init.c:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'void' init.c:24: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token init.c: In function 'perl_back_initialize': init.c:72: error: 'perl_interpreter' undeclared (first use in this function) init.c:72: error: (Each undeclared identifier is reported only once init.c:72: error: for each function it appears in.) init.c: In function 'perl_back_db_init': init.c:96: error: 'PerlBackend' has no member named 'pb_filter_search_results' init.c: In function 'perl_back_db_open': init.c:117: error: 'dSP' undeclared (first use in this function) init.c:117: error: 'ENTER' undeclared (first use in this function) init.c:117: error: 'SAVETMPS' undeclared (first use in this function) init.c:119: error: 'sp' undeclared (first use in this function) init.c:120: error: 'PerlBackend' has no member named 'pb_obj_ref' init.c:122: error: 'PUTBACK' undeclared (first use in this function) init.c:127: error: 'G_SCALAR' undeclared (first use in this function) init.c:130: error: 'SPAGAIN' undeclared (first use in this function) init.c:136: error: 'POPi' undeclared (first use in this function) init.c:138: error: 'FREETMPS' undeclared (first use in this function) init.c:138: error: 'LEAVE' undeclared (first use in this function) init.c: In function 'perl_back_xs_init': init.c:151: error: 'dXSUB_SYS' undeclared (first use in this function) init.c:152: error: 'boot_DynaLoader' undeclared (first use in this function) make[3]: *** [init.lo] Error 1 make[3]: Leaving directory `/root/openldap-2.4.8/servers/slapd/back-perl' make[2]: *** [install-slapd] Error 1 make[2]: Leaving directory `/root/openldap-2.4.8/servers/slapd' make[1]: *** [install-common] Error 1 make[1]: Leaving directory `/root/openldap-2.4.8/servers' make: *** [install-common] Error 1 Am I missing a requirement? Perl and perl-devel are installed. Can anybody help me to solve this issue? TIA, Arjan.

3 3

Is Master-Master architecture available in openldap?
by Padmavathi Dt 08 Apr '08

08 Apr '08

Hii List, We need to set up an environment where we will have two LDAP servers that work in primary-secondary mode ie,.. if primary goes down ,secondary should serve as primary(as it is like a master ie,... it should have all the capabilities as a primary server) Please tell me if this is possible with openLDAP as in master-slave architecture,when master goes down slave can serve in read only mode(as far as my understanding) Also tell me from where i can get some additional info about these topics.... Thanx a lot, Regards,padma =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

3 2

best way to export a whole ldap directory
by Ralf Prengel 08 Apr '08

08 Apr '08

Hallo, first I m a beginner in using ldap. My question: What s the best way to export the whole content of a ldap-directory starting with cn=name;dc=de using only a shell and ldap-commands. Thanks for hints. Prengel Ralf

5 5

Weird SASL thing
by Rick Stevens 07 Apr '08

07 Apr '08

First off, thanks for all the help on the CentOS 5 nsswitch.conf thing I ran into. I meant to reply to the thread, but I unfortunately deleted it from my mail client. It appears that "bind_type soft" did fix it, but I'm not certain (I can't reboot the server again to verify right now). However, I've run into an new weirdie. I've created a fairly simple shell script that creates an appropriate LDIF file to add users to my database. It then calls "ldapadd" to add the user: RES=`ldapadd -U root -w $LDAPPWD -f $OUTFILE` However, when the script runs, the ldapadd is rejected with: ldap_sasl_interactive_bind_s: Invalid credentials (49) The EXACT SAME command (after the variables are expanded) run from the command line works fine. I suspect it's this "ldap_sasl_interactive_bind_s" that's wonky since the command is being launched from inside a shell script and isn't interactive at that point, but is there a way around this? ---------------------------------------------------------------------- - Rick Stevens, Unix Geek rps2(a)socal.rr.com - - - - The gene pool could use a little chlorine. - ----------------------------------------------------------------------

2 5

ldapsearch client timeout feature
by Suhel Momin 07 Apr '08

07 Apr '08

Hi, I have a windows 2k3 machine, where in I have specified few virtual IPs. ldapsearch works fine when the IP's are present in the list. The problem is when the IP is removed from the IP list at the time of ldapsearch printing the output data. I see that ldapsearch hangs. I could find out that ldap_int_select function in ldap_result hangs due to infinite timout in select call. To get away with this, I want to modify ldapsearch to have client timeout feature. Any suggestions regarding how to proceed or pointers to already existing efforts are appreciated. Regards, Suhel

1 0

Re: Embedding Other LDAP Server in OpenLDAP for User Authentification [Virus checked]
by Michael Ströder 07 Apr '08

07 Apr '08

Klaus, please stay on the mailing list (Cc:-ed) with responses so others can answer and learn as well. ems(a)sparkassen-informatik.de wrote: > > thank you for your clues (back-ldap/back-meta). Do you think it works as > well if the embeddet other LDAP-Server ist an Active Diretory ? Yes. You can find a lot of discussions about special configurations for proxying AD with OpenLDAP in the mailing list's archive. You could simply start with it and ask if you have specific issues. Ciao, Michael. -- Michael Ströder E-Mail: michael(a)stroeder.com http://www.stroeder.com

1 0

slapd is not starting after building with SASL support
by Padmavathi Dt 07 Apr '08

07 Apr '08

Hii List, I have openldap-2.4.7 configured with openssl which was working fine till date. Now I have installed Cyrus-SASL-2.2.21 without any problems. I have rebuilt our openldap-2.4.7 as [root@as3 libexec]# env LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.6/lib:/usr/loc al/lib/sasl2:/usr/local/ssl/lib" CPPFLAGS="-I/usr/local/BerkeleyDB.4.6/include -I/usr/local/ssl/include -I/usr/local/include" LDFLAGS="-L/usr/local/ssl/lib -L /usr/local/BerkeleyDB.4.6/lib -L/usr/local/lib/sasl2 -R/usr/local/lib -R/usr/lo cal/lib/sasl2 -R/usr/local/Berkeley.DB.4.6 -R/usr/local/ssl/lib" LIBS=-ldl ./co nfigure --with-tls=openssl --with-cyrus-sasl Every thing went fine. We would like to use SASL/GSSAPI mechanism(we have working kerberos) I have added the following lines to my slapd.conf file: authz-regexp uid=([^,]*),cn=bsnl.com,cn=gssapi,cn=auth uid=$1,ou=people,dc=bsnl,dc=com I have given a space before uid lines... Is it correct? I have written the lines specified in the admin guide for testing.. { Also anyone please tell me from where can I get more info about authz-regexp directive and the values it can take....} Now when i start slapd as: slapd -d127 -h "ldaps:///" ps -ef|grep slapd is showing root 3912 7442 0 18:40 pts/2 00:00:00 slapd -d127 -h ldaps:/// root 3919 3516 0 18:44 pts/4 00:00:00 grep slapd and part of debug info regarding slapd start is: daemon: new connection on 12 daemon: added 12r daemon: activity on: daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 12r daemon: read activity on 12 connection_get(12) connection_get(12): got connid=1 connection_read(12): checking for input on id=1 TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=0 TLS: can't accept. connection_read(12): TLS accept error error=-1 id=1, closing connection_closing: readying conn=1 sd=12 for close connection_close: conn=1 sd=12 daemon: removing 12 daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL Till date there was no problem with SSL-LDAP combination and it started giving trouble after SASL support was added I have created principal for slapd as specified in the guide. Also created one slapd.conf file for use with saslauthd daemon.It has: pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux mech_list: plain login ntlm kerberos5 ~ ~ I dont know where to start for making the entire combination to work.... Please help me to get this sorted ... I shall be gratefule for every response Thanx in advance... Regards, Padma. =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

1 0

Problems with openLDAP 2.3
by xjol0265 07 Apr '08

07 Apr '08

We currently use RedHat Enterprise Server 4 and openLDAP 2.2.13 to provide a directory service to Mozilla Thunderbird email clients on our internal network. The information is actually stored in a MySQL Contact Database, so we use back_sql with the necessary translation databases. We are upgrading our servers to RedHat 5.1, and in the process trying to migrate to openLDAP 2.3.27 (the latest version that RH provides). The application does not work in this release. In fact, if a Thunderbird user tries to do a directory search as before, openLDAP fails. When it fails, it does not write anything to the log explaining why. The databases, ldap.conf, slapd.conf and odbc.ini are identical in both cases. I have used an LDAP browser to eliminate some of the variables and do some simple testing to help isolate the problem. What I have found is: - One-level searches work in both releases - Sub-Tree searches work in 2.2.13 and fail in 2.3.27 (causing openLDAP to terminate) I am not familiar with the code, so I can't be very helpful there, but I did notice the following from the logs: - One-level search: The details of the log entries are somewhat different for the two releases, but the SELECT DISTINCT statements that actually pick entries from the DB are the same - Sub-Tree search: The SELECT DISTINCT statements are NOT the same. In both cases, testing was done with a base DN like: ou=Unit2,dc=company,dc=com Users use a base DN like this to isolate their directory entries to a particular company Unit. In 2.2.13, the result is: Mar 21 17:30:12 apps slapd[11205]: ==>backsql_oc_get_candidates(): oc="organizationalUnit" Mar 21 17:30:12 apps slapd[11205]: ==>backsql_srch_query() Mar 21 17:30:12 apps slapd[11205]: ==>backsql_process_filter() Mar 21 17:30:12 apps slapd[11205]: <==backsql_process_filter() succeeded Mar 21 17:30:12 apps slapd[11205]: <==backsql_srch_query() returns SELECT DISTINCT ldap_entries.id,ou.id,'organizationalUnit' AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,ou WHERE ou.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND ldap_entries.dn LIKE ? AND 1=1 Mar 21 17:30:12 apps slapd[11205]: Constructed query: SELECT DISTINCT ldap_entries.id,ou.id,'organizationalUnit' AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,ou WHERE ou.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND ldap_entries.dn LIKE ? AND 1=1 Mar 21 17:30:12 apps slapd[11205]: id: '2' Mar 21 17:30:12 apps slapd[11205]: (sub)dn: "%ou=Unit2,dc=company,dc=com" Mar 21 17:30:12 apps slapd[11205]: backsql_oc_get_candidates(): added entry id=2, keyval=3 dn="ou=Unit2,dc=company,dc=com" Mar 21 17:30:12 apps slapd[11205]: <==backsql_oc_get_candidates(): 1 In 2.3.27, the result is: Mar 21 17:33:38 db slapd[7350]: ==>backsql_oc_get_candidates(): oc="organizationalUnit" Mar 21 17:33:38 db slapd[7350]: ==>backsql_srch_query() Mar 21 17:33:38 db slapd[7350]: ==>backsql_process_filter() Mar 21 17:33:38 db slapd[7350]: <==backsql_process_filter() succeeded Mar 21 17:33:38 db slapd[7350]: <==backsql_srch_query() returns SELECT DISTINCT ldap_entries.id,ou.id,'organizationalUnit' AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,ou WHERE ou.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND 9=9 AND 3=3 Mar 21 17:33:38 db slapd[7350]: Constructed query: SELECT DISTINCT ldap_entries.id,ou.id,'organizationalUnit' AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,ou WHERE ou.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND 9=9 AND 3=3 Mar 21 17:33:38 db slapd[7350]: id: '2' Mar 21 17:33:38 db slapd[7350]: >>> dnPrettyNormal: <ou=Unit1,dc=company,dc=com> Mar 21 17:33:38 db slapd[7350]: <<< dnPrettyNormal: <ou=Unit1,dc=company,dc=com>, <ou=unit1,dc=company,dc=com> Mar 21 17:33:38 db slapd[7350]: backsql_oc_get_candidates(): added entry id=1, keyval=1 dn="ou=Unit1,dc=company,dc=com" Mar 21 17:33:38 db slapd[7350]: >>> dnPrettyNormal: <ou=Unit2,dc=company,dc=com> Mar 21 17:33:38 db slapd[7350]: <<< dnPrettyNormal: <ou=Unit2,dc=company,dc=com>, <ou=unit2,dc=company,dc=com> Mar 21 17:33:38 db slapd[7350]: backsql_oc_get_candidates(): added entry id=2, keyval=3 dn="ou=Unit2,dc=company,dc=com" Mar 21 17:33:38 db slapd[7350]: >>> dnPrettyNormal: <ou=Unit3,dc=company,dc=com> Mar 21 17:33:38 db slapd[7350]: <<< dnPrettyNormal: <ou=Unit3,dc=company,dc=com>, <ou=unit3,dc=company,dc=com> Mar 21 17:33:38 db slapd[7350]: backsql_oc_get_candidates(): added entry id=3, keyval=4 dn="ou=Unit3,dc=company,dc=com" Mar 21 17:33:38 db slapd[7350]: <==backsql_oc_get_candidates(): 3 In 2.2.13, openLDAP isolated the ou to the specific one requested, while in 2.3.27, openLDAP is not testing for a specific ou and instead is getting all of them. I would appreciate any help anyone can give to solve this issue. If more information is needed, please let me know.

5 8

Non-Ascii characters in certificateExactMatch
by networm＠mail15.com 05 Apr '08

05 Apr '08

Is it possible?

2 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software April 2008