Master-Master replication mode
by Padmavathi Dt
Hii List,
I have already posted a doubt regarding the posiibility of setting up a
Master-Master replication mode setup in openLDAP.(sub:Is Master-Master
architecture available in openldap?)
Please refer the following link:
http://www.openldap.org/lists/openldap-devel/199905/msg00029.html
According to the above,there is a possibility of setting up
Master-Master(Multi-Master) mode.He has also provided some patch to be
applied for slapd.
Whether this patch can be applied to any slapd(irrespective of versions?)
But I would like to know which versions of slapd can support the
Multi-Master mode????
Please clarify these things as soon as possible ................
I am waiting for an answer........
Thanks and Regards,
Padma
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
15 years, 5 months
Issue with building of back-perl
by Arjan Hulshoff
Hi,
I am learning how to install, configure and use openldap. During
installing of openldap with back-perl I get the following error:
cd back-perl; make -w install
make[3]: Entering directory `/root/openldap-2.4.8/servers/slapd/back-perl'
/bin/sh ../../..//libtool --tag=disable-static --mode=compile cc -g -O2
-I../../../include -I../../../include -I.. -I./..
-DSLAPD_IMPORT -c init.c
cc -g -O2 -I../../../include -I../../../include -I.. -I./..
-DSLAPD_IMPORT -c init.c -fPIC -DPIC -o .libs/init.o
In file included from init.c:18:
perl_back.h:21:20: error: EXTERN.h: No such file or directory
perl_back.h:22:18: error: perl.h: No such file or directory
In file included from init.c:18:
perl_back.h:62: error: expected '=', ',', ';', 'asm' or '__attribute__'
before '*' token
perl_back.h:67: error: expected specifier-qualifier-list before 'SV'
init.c:22: error: expected '=', ',', ';', 'asm' or '__attribute__'
before 'void'
init.c:24: error: expected '=', ',', ';', 'asm' or '__attribute__'
before '*' token
init.c: In function 'perl_back_initialize':
init.c:72: error: 'perl_interpreter' undeclared (first use in this function)
init.c:72: error: (Each undeclared identifier is reported only once
init.c:72: error: for each function it appears in.)
init.c: In function 'perl_back_db_init':
init.c:96: error: 'PerlBackend' has no member named
'pb_filter_search_results'
init.c: In function 'perl_back_db_open':
init.c:117: error: 'dSP' undeclared (first use in this function)
init.c:117: error: 'ENTER' undeclared (first use in this function)
init.c:117: error: 'SAVETMPS' undeclared (first use in this function)
init.c:119: error: 'sp' undeclared (first use in this function)
init.c:120: error: 'PerlBackend' has no member named 'pb_obj_ref'
init.c:122: error: 'PUTBACK' undeclared (first use in this function)
init.c:127: error: 'G_SCALAR' undeclared (first use in this function)
init.c:130: error: 'SPAGAIN' undeclared (first use in this function)
init.c:136: error: 'POPi' undeclared (first use in this function)
init.c:138: error: 'FREETMPS' undeclared (first use in this function)
init.c:138: error: 'LEAVE' undeclared (first use in this function)
init.c: In function 'perl_back_xs_init':
init.c:151: error: 'dXSUB_SYS' undeclared (first use in this function)
init.c:152: error: 'boot_DynaLoader' undeclared (first use in this function)
make[3]: *** [init.lo] Error 1
make[3]: Leaving directory `/root/openldap-2.4.8/servers/slapd/back-perl'
make[2]: *** [install-slapd] Error 1
make[2]: Leaving directory `/root/openldap-2.4.8/servers/slapd'
make[1]: *** [install-common] Error 1
make[1]: Leaving directory `/root/openldap-2.4.8/servers'
make: *** [install-common] Error 1
Am I missing a requirement? Perl and perl-devel are installed.
Can anybody help me to solve this issue?
TIA,
Arjan.
15 years, 5 months
Is Master-Master architecture available in openldap?
by Padmavathi Dt
Hii List,
We need to set up an environment where we will have two LDAP servers that
work in primary-secondary mode ie,.. if primary goes down ,secondary
should serve as primary(as it is like a master ie,... it should have all
the capabilities as a primary server)
Please tell me if this is possible with openLDAP as in master-slave
architecture,when master goes down slave can serve in read only mode(as
far as my understanding)
Also tell me from where i can get some additional info about these
topics....
Thanx a lot,
Regards,padma
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
15 years, 5 months
best way to export a whole ldap directory
by Ralf Prengel
Hallo,
first I m a beginner in using ldap.
My question:
What s the best way to export the whole content of a ldap-directory
starting with cn=name;dc=de using only a shell and ldap-commands.
Thanks for hints.
Prengel
Ralf
15 years, 5 months
Weird SASL thing
by Rick Stevens
First off, thanks for all the help on the CentOS 5 nsswitch.conf thing
I ran into. I meant to reply to the thread, but I unfortunately deleted
it from my mail client. It appears that "bind_type soft" did fix it,
but I'm not certain (I can't reboot the server again to verify right
now).
However, I've run into an new weirdie. I've created a fairly simple
shell script that creates an appropriate LDIF file to add users to my
database. It then calls "ldapadd" to add the user:
RES=`ldapadd -U root -w $LDAPPWD -f $OUTFILE`
However, when the script runs, the ldapadd is rejected with:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
The EXACT SAME command (after the variables are expanded) run from the
command line works fine. I suspect it's this
"ldap_sasl_interactive_bind_s" that's wonky since the command is being
launched from inside a shell script and isn't interactive at that
point, but is there a way around this?
----------------------------------------------------------------------
- Rick Stevens, Unix Geek rps2(a)socal.rr.com -
- -
- The gene pool could use a little chlorine. -
----------------------------------------------------------------------
15 years, 5 months
ldapsearch client timeout feature
by Suhel Momin
Hi,
I have a windows 2k3 machine, where in I have specified few virtual IPs.
ldapsearch works fine when the IP's are present in the list.
The problem is when the IP is removed from the IP list at the time of
ldapsearch printing the output data. I see that ldapsearch hangs.
I could find out that ldap_int_select function in ldap_result hangs due to
infinite timout in select call.
To get away with this, I want to modify ldapsearch to have client timeout
feature.
Any suggestions regarding how to proceed or pointers to already existing
efforts are appreciated.
Regards,
Suhel
15 years, 5 months
Re: Embedding Other LDAP Server in OpenLDAP for User Authentification [Virus checked]
by Michael Ströder
Klaus,
please stay on the mailing list (Cc:-ed) with responses so others can
answer and learn as well.
ems(a)sparkassen-informatik.de wrote:
>
> thank you for your clues (back-ldap/back-meta). Do you think it works as
> well if the embeddet other LDAP-Server ist an Active Diretory ?
Yes. You can find a lot of discussions about special configurations for
proxying AD with OpenLDAP in the mailing list's archive. You could
simply start with it and ask if you have specific issues.
Ciao, Michael.
--
Michael Ströder
E-Mail: michael(a)stroeder.com
http://www.stroeder.com
15 years, 5 months
slapd is not starting after building with SASL support
by Padmavathi Dt
Hii List,
I have openldap-2.4.7 configured with openssl which was working fine till
date.
Now I have installed Cyrus-SASL-2.2.21 without any problems.
I have rebuilt our openldap-2.4.7 as
[root@as3 libexec]# env
LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.6/lib:/usr/loc
al/lib/sasl2:/usr/local/ssl/lib"
CPPFLAGS="-I/usr/local/BerkeleyDB.4.6/include
-I/usr/local/ssl/include -I/usr/local/include"
LDFLAGS="-L/usr/local/ssl/lib -L
/usr/local/BerkeleyDB.4.6/lib -L/usr/local/lib/sasl2 -R/usr/local/lib
-R/usr/lo
cal/lib/sasl2 -R/usr/local/Berkeley.DB.4.6 -R/usr/local/ssl/lib" LIBS=-ldl
./co
nfigure --with-tls=openssl --with-cyrus-sasl
Every thing went fine.
We would like to use SASL/GSSAPI mechanism(we have working kerberos)
I have added the following lines to my slapd.conf file:
authz-regexp
uid=([^,]*),cn=bsnl.com,cn=gssapi,cn=auth
uid=$1,ou=people,dc=bsnl,dc=com
I have given a space before uid lines... Is it correct?
I have written the lines specified in the admin guide for testing..
{ Also anyone please tell me from where can I get more info about
authz-regexp directive and the values it can take....}
Now when i start slapd as:
slapd -d127 -h "ldaps:///"
ps -ef|grep slapd is showing
root 3912 7442 0 18:40 pts/2 00:00:00 slapd -d127 -h ldaps:///
root 3919 3516 0 18:44 pts/4 00:00:00 grep slapd
and part of debug info regarding slapd start is:
daemon: new connection on 12
daemon: added 12r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=1
connection_read(12): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0
TLS: can't accept.
connection_read(12): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=12 for close
connection_close: conn=1 sd=12
daemon: removing 12
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
Till date there was no problem with SSL-LDAP combination and it started
giving trouble after SASL support was added
I have created principal for slapd as specified in the guide.
Also created one slapd.conf file for use with saslauthd daemon.It has:
pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: plain login ntlm kerberos5
~
~
I dont know where to start for making the entire combination to work....
Please help me to get this sorted ...
I shall be gratefule for every response
Thanx in advance...
Regards,
Padma.
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
15 years, 5 months
Problems with openLDAP 2.3
by xjol0265
We currently use RedHat Enterprise Server 4 and openLDAP 2.2.13 to
provide a directory service to Mozilla Thunderbird email clients on our
internal network. The information is actually stored in a MySQL Contact
Database, so we use back_sql with the necessary translation databases.
We are upgrading our servers to RedHat 5.1, and in the process trying to
migrate to openLDAP 2.3.27 (the latest version that RH provides). The
application does not work in this release. In fact, if a Thunderbird
user tries to do a directory search as before, openLDAP fails. When it
fails, it does not write anything to the log explaining why.
The databases, ldap.conf, slapd.conf and odbc.ini are identical in both
cases.
I have used an LDAP browser to eliminate some of the variables and do
some simple testing to help isolate the problem. What I have found is:
- One-level searches work in both releases
- Sub-Tree searches work in 2.2.13 and fail in 2.3.27 (causing openLDAP
to terminate)
I am not familiar with the code, so I can't be very helpful there, but I
did notice the following from the logs:
- One-level search: The details of the log entries are somewhat
different for the two releases, but the SELECT DISTINCT statements that
actually pick entries from the DB are the same
- Sub-Tree search: The SELECT DISTINCT statements are NOT the same. In
both cases, testing was done with a base DN like:
ou=Unit2,dc=company,dc=com
Users use a base DN like this to isolate their directory entries to a
particular company Unit.
In 2.2.13, the result is:
Mar 21 17:30:12 apps slapd[11205]: ==>backsql_oc_get_candidates():
oc="organizationalUnit"
Mar 21 17:30:12 apps slapd[11205]: ==>backsql_srch_query()
Mar 21 17:30:12 apps slapd[11205]: ==>backsql_process_filter()
Mar 21 17:30:12 apps slapd[11205]: <==backsql_process_filter() succeeded
Mar 21 17:30:12 apps slapd[11205]: <==backsql_srch_query() returns
SELECT DISTINCT ldap_entries.id,ou.id,'organizationalUnit' AS
objectClass,ldap_entries.dn AS dn FROM ldap_entries,ou WHERE
ou.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND
ldap_entries.dn LIKE ? AND 1=1
Mar 21 17:30:12 apps slapd[11205]: Constructed query: SELECT DISTINCT
ldap_entries.id,ou.id,'organizationalUnit' AS
objectClass,ldap_entries.dn AS dn FROM ldap_entries,ou WHERE
ou.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND
ldap_entries.dn LIKE ? AND 1=1
Mar 21 17:30:12 apps slapd[11205]: id: '2'
Mar 21 17:30:12 apps slapd[11205]: (sub)dn: "%ou=Unit2,dc=company,dc=com"
Mar 21 17:30:12 apps slapd[11205]: backsql_oc_get_candidates(): added
entry id=2, keyval=3 dn="ou=Unit2,dc=company,dc=com"
Mar 21 17:30:12 apps slapd[11205]: <==backsql_oc_get_candidates(): 1
In 2.3.27, the result is:
Mar 21 17:33:38 db slapd[7350]: ==>backsql_oc_get_candidates():
oc="organizationalUnit"
Mar 21 17:33:38 db slapd[7350]: ==>backsql_srch_query()
Mar 21 17:33:38 db slapd[7350]: ==>backsql_process_filter()
Mar 21 17:33:38 db slapd[7350]: <==backsql_process_filter() succeeded
Mar 21 17:33:38 db slapd[7350]: <==backsql_srch_query() returns SELECT
DISTINCT ldap_entries.id,ou.id,'organizationalUnit' AS
objectClass,ldap_entries.dn AS dn FROM ldap_entries,ou WHERE
ou.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND 9=9 AND 3=3
Mar 21 17:33:38 db slapd[7350]: Constructed query: SELECT DISTINCT
ldap_entries.id,ou.id,'organizationalUnit' AS
objectClass,ldap_entries.dn AS dn FROM ldap_entries,ou WHERE
ou.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND 9=9 AND 3=3
Mar 21 17:33:38 db slapd[7350]: id: '2'
Mar 21 17:33:38 db slapd[7350]: >>> dnPrettyNormal:
<ou=Unit1,dc=company,dc=com>
Mar 21 17:33:38 db slapd[7350]: <<< dnPrettyNormal:
<ou=Unit1,dc=company,dc=com>, <ou=unit1,dc=company,dc=com>
Mar 21 17:33:38 db slapd[7350]: backsql_oc_get_candidates(): added entry
id=1, keyval=1 dn="ou=Unit1,dc=company,dc=com"
Mar 21 17:33:38 db slapd[7350]: >>> dnPrettyNormal:
<ou=Unit2,dc=company,dc=com>
Mar 21 17:33:38 db slapd[7350]: <<< dnPrettyNormal:
<ou=Unit2,dc=company,dc=com>, <ou=unit2,dc=company,dc=com>
Mar 21 17:33:38 db slapd[7350]: backsql_oc_get_candidates(): added entry
id=2, keyval=3 dn="ou=Unit2,dc=company,dc=com"
Mar 21 17:33:38 db slapd[7350]: >>> dnPrettyNormal:
<ou=Unit3,dc=company,dc=com>
Mar 21 17:33:38 db slapd[7350]: <<< dnPrettyNormal:
<ou=Unit3,dc=company,dc=com>, <ou=unit3,dc=company,dc=com>
Mar 21 17:33:38 db slapd[7350]: backsql_oc_get_candidates(): added entry
id=3, keyval=4 dn="ou=Unit3,dc=company,dc=com"
Mar 21 17:33:38 db slapd[7350]: <==backsql_oc_get_candidates(): 3
In 2.2.13, openLDAP isolated the ou to the specific one requested, while
in 2.3.27, openLDAP is not testing for a specific ou and instead is
getting all of them.
I would appreciate any help anyone can give to solve this issue. If more
information is needed, please let me know.
15 years, 5 months
