result: 32 No such object
by Arjan Hulshoff
Hi all,
I am trying to learn how to use OpenLDAP in combination with Cyrus SASL
and MIT Kerberos 5. While testing I got the following error: result: 32
No such object. Below you can see that the response with simple bind
works flawless, but as soon as I am trying to use SASL and Kerberos I
get the previous mentioned response. Everything I could find on google
didn't help. So I hope someone can point me in the right direction. I am
not sure what extra information you need. I am clueless as you might
have understood.
TIA,
Arjan.
[root@ldapserver ~]# ldapsearch -ZZ -W -D 'cn=Manager,dc=example,dc=com'
-s base -x
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
description: Example.Com, your trusted non-existent corporation.
dc: example
o: Example.Com
objectClass: top
objectClass: dcObject
objectClass: organization
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@ldapserver ~]# ldapsearch -ZZ -W -D 'cn=Manager,dc=example,dc=com'
-s base
Enter LDAP Password:
SASL/GSSAPI authentication started
SASL username: matt(a)EXAMPLE.COM
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 5
result: 32 No such object
# numResponses: 1
12 years, 8 months
Re: Tony Earnshaw, 29/02/40 - 29/04/08]
by Dieter Kluenter
Hello,
the following has been posted on the postfix-users mailinglist.
-Dieter
> From: Ace Suares <ace(a)suares.an>
> Subject: Tony Earnshaw, 29/02/40 - 29/04/08
> To: postfix-users(a)postfix.org
> Date: Sun, 4 May 2008 09:24:59 -0400
> Reply-To: ace(a)suares.an
>
>
>
> Dear List,
>
> Tony Earnshaw, active member of this list, has passed away last Tuesday.
>
> About a month ago he was diagnosed with stage 5 lung cancer and within a
> very short time Tony left us.
>
> Tony's body will be cremated Monday 5th of May in Amsterdam.
>
> For those who want to express their feelings, please visit
>
> http://www.xs4all.nl/~snore/tony
>
> If among you there are people who want to have more information, send me
> an email at ace(a)suares.an and I will forward it to the kind people that
> take care of his affairs.
>
> With Sadness,
>
> Ace Suares
>
>
> ----------
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6
12 years, 8 months
A question about {CLEARTEXT} hash
by Anderson Medeiros Gomes
I am using OpenLDAP 2.4.7 in an Ubuntu 8.04 server.
I have in my tree an user whose "userPassword" attribute is "{CLEARTEXT}testpass".
This command works:
$ ldapwhoami -U testuser -w testpass
SASL/DIGEST-MD5 authentication started
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br
But I don't know why this one doesn't work...
$ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass
ldap_bind: Invalid credentials (49)
The command above works only after removing the "{CLEARTEXT}" string before the real password:
$ ldapmodify -U testuser -w testpass
SASL/DIGEST-MD5 authentication started
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn: uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br
changetype: modify
replace: userPassword
userPassword: testpass
modifying entry "uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br"
$ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass
dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br
-------------------
My doubt is: if an user have his password set to "{CLEARTEXT}<real password>", it should be able to authenticate itself either with simple authentication or with SASL, doesn't it?
--
Anderson Medeiros Gomes
amg1127(a)cefetrs.tche.br
Coordenadoria de Manutenção e Redes
Centro Federal de Educação Tecnológica de Pelotas
http://www.cefetrs.tche.br/
12 years, 8 months
overlay "syncprov" not found
by Jonathan Dobbie
I'm trying to set up syncprov on Ubuntu's 2.4.7, but slaptest returns:
root@higgsboson:~# slaptest
overlay "syncprov" not found
slaptest: bad configuration file!
As far as I can tell, the module is there:
root@higgsboson:~# ls /usr/lib/ldap/syncprov*
/usr/lib/ldap/syncprov-2.4.so.2 /usr/lib/ldap/syncprov-2.4.so.2.0.3 /
usr/lib/ldap/syncprov.la /usr/lib/ldap/syncprov.so
Below is a slightly trimmed version of slapd.conf:
allow bind_v2
readonly off
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /usr/local/etc/ldap/schema/samba.schema
include /usr/local/etc/ldap/schema/apple.schema
include /usr/local/etc/ldap/schema/mcadmail.schema
include /usr/local/etc/ldap/schema/mcad.schema
include /usr/local/etc/ldap/schema/mcad.radmind.schema
TLSCACertificateFile /etc/ldap/ssl/higgsboson.pem
TLSCertificateFile /etc/ldap/ssl/higgsboson.pem
TLSCertificateKeyFile /etc/ldap/ssl/higgsboson.pem
authz-regexp uid=([^,]*),cn=PLAIN,cn=auth uid=
$1,dc=users,dc=accounts,dc=mcad,dc=edu
sasl-secprops none
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 128
threads 10
modulepath /usr/lib/ldap
moduleload back_bdb
defaultsearchbase "dc=accounts,dc=ldap,dc=mcad,dc=edu"
idletimeout 600
password-hash {SSHA}
backend bdb
database bdb
suffix "dc=mcad,dc=edu"
checkpoint 512 30
cachesize 2000
idlcachesize 6000
directory "/var/lib/ldap"
index objectClass eq
index cn,sn,uid pres,eq,approx,sub
index givenName eq,sub
index displayName eq,sub
index mail,mailAlias eq,sub
index activePopImap eq
index activeSmtp eq
index ceridianID eq
index jenzabarID eq
index ou eq
index employeeNumber eq
index employeeType eq
index uidNumber,gidNumber eq
index memberUid eq
index macAddress eq
index apple-generateduid eq
index apple-group-realname eq
index apple-computers eq
index apple-mcxflags sub
index apple-category eq
index apple-networkview eq
index apple-group-memberguid eq
index apple-group-nestedgroup eq
index entryUUID eq
index entryCSN eq
index mailbox eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
lastmod on
And then all of the ACLs
12 years, 8 months
Add attribute with static value to search results
by Andy Cobaugh
Is it possible to somehow add a statically defined attribute to all search
results. For example, if I wanted to add "authAuthority: ;Kerberosv5;;" to
all entries with "(objectClass=posixAccount)". I've looked at slapo-rwm,
and its rwm-map directive, but that only seems to map one attribute to
another. I'm thinking there must be a way to do this, or perhaps it would
be simple enough add this functionality to slapo-rwm.
It seems like this is something that could be fairly useful, so perhaps
this should be considered a feature request.
Note: I don't control the upstream ldap server in my organization (I'm
using a local proxying server with the translucent overlay). I could add
this attribute to every entry in the upstream server, but that's several
tens of thousands of entries that I would need to locally modify.
--
Andy Cobaugh
12 years, 8 months