openldap-software August 2008

openldap-software@openldap.org

70 participants
81 discussions

effective rights, was: Determine current access level
by Simon Victor 05 Aug '08

05 Aug '08

Hi, > What about trying to modify/delete it with the noop control? that is a good tip, thank you at all. i will try to implement this, but i think this is some kind of "hack" anyway. additionally i will check if a solution with the aci's is also possible. googling around i've found a control named "effective rights": https://opends.dev.java.net/public/standards/draft-ietf-ldapext-acl-model.t… is this supported by openldap? many thanks for your suggestion regards, s.

3 5

Re: OpenLDAP questions
by Michael Ströder 04 Aug '08

04 Aug '08

Kristen Walker wrote: > Another possibility would be to sync the LDAP server with our Mysql > database, that way we could keep adding users as we do now and sync > them nightly with the LDAP server. Would be a better approach than messing around with CSV files. > Does anyone do this? Very simple example script for such a sync implemented in Python: http://www.stroeder.com/pylib/egadr2ldap.py Your mileage may vary. Ciao, Michael.

1 0

Proxy Auth Question
by Yeargan Yancey 04 Aug '08

04 Aug '08

My goal is to configure OpenLDAP as a proxy to provide e-mail addresses to the public (via anonymous simple binds) using an LDAP back-end which requires authenticated simple binds. Public ccess to this server will be anonymous only and read-only. All non-anonymous bind attempts are transformed to anonymous using authz- regexp ".+" "dn:". However, I need all binds to the back-end LDAP service to use a specific account. I've looked at the docs and the list archives for information related to "idassert-bind" but I'm not understanding it well enough. I tried this ... idassert-authzFrom "dn:*" idassert-bind bindmethod="simple" binddn="cn=info,o=org" credentials="password" but that does not seem to be working for me. I'm getting anonymous binds on the back-end. Is it possible to do what I'm asking? If so, what am I doing wrong? Thanks, Yancey

2 1

restoring an accesslog database
by Emmanuel Dreyfus 04 Aug '08

04 Aug '08

Hello I'm trying to restore an accesslog database, and it badly breaks: slapadd -b cn=accesslog -f /etc/openldap/slapd.conf -l accesslog.ldif (...) str2entry: invalid value for attributeType reqControls #0 (syntax 1.3.6.1.4.1.4203.666.11.5.3.1) Any hint? -- Emmanuel Dreyfus manu(a)netbsd.org

2 1

slapo-chain and propagation delay
by manu＠netbsd.org 04 Aug '08

04 Aug '08

Hello I have a minor problem with slapo-chain: when a user makes a modification on a replica, the modification is sent to the master, and then pulled from the master through syncrepl. It takes a short time to syncrepl for pulling the updated data from the master, but that time is long enough for a web form to reload the previous data, therefore giving the feeling that the modification has been ignored. Is ther any solution for that problem? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu(a)netbsd.org

3 2

PGP Keys
by Jorge Medina 03 Aug '08

03 Aug '08

Do anybody knows where I could get the PGP keys to verify the integrity of the source code I downloaded from a mirror? Thanks -Jorge

4 3

Re: Reset LDAP Password for root
by Michael Ströder 03 Aug '08

03 Aug '08

Uli Kleemann wrote: > > Installing openldap I made the mistake to follow an old HOWTO and put > the root passwort in slapd.conf encrypted as recommend in that HOWTO. > So far so good. According to murphyś law I didn`t note the plain > password so that I know have to reset it. As I couldn`t find a > usefull description to do that yet, I would like to ask you for help. Put the output of slappasswd after directive 'rootdn' and restart the server. Ciao, Michael.

1 1

back-sql using varchar keyvals and ids
by Potkanski, Jason 01 Aug '08

01 Aug '08

I have an interest in using openldap as an external authenticator for our membership to connect to external services. Our main table has a primary key of a varchar (10) and nothing unique in the table that is an int. I would love to replace ldap_entries with a view, however, returning the entries failed when I attempted it. I did a bit of experimentation with the dc=example,dc=com on a search: ldapsearch -x -b dc=example,dc=com sn=Puzdoy The ldap_entries keyval was changed from int to varchar 10 and persons table id was changed to varchar 10. Below is a table on some experiments ldap_entries.keyval and persons.id MySQL SQL SERVER 2000 2 Ok Ok 02 Ok Fail ABC Fail Fail abc Fail Fail Log: Jul 31 10:15:41 jpotkanski-lx slapd[30011]: Constructed query: SELECT DISTINCT ldap_entries.id,persons.id,'inetOrgPerson' AS objectClass... Jul 31 10:15:41 jpotkanski-lx slapd[30011]: id: '1' Jul 31 10:15:41 jpotkanski-lx slapd[30011]: >>> dnPrettyNormal: <cn=Torvlobnor Puzdoy,dc=example,dc=com> Jul 31 10:15:41 jpotkanski-lx slapd[30011]: <<< dnPrettyNormal: <cn=Torvlobnor Puzdoy,dc=example,dc=com>, <cn=torvlobnor puzdoy,dc=examp ... Jul 31 10:15:41 jpotkanski-lx slapd[30011]: backsql_oc_get_candidates(): added entry id=3, keyval=2 dn="cn=Torvlobnor Puzdoy,dc=example, ... Jul 31 10:15:41 jpotkanski-lx slapd[30011]: <==backsql_oc_get_candidates(): 1 Jul 31 10:15:41 jpotkanski-lx slapd[30011]: backsql_search(): loading data for entry id=0, oc_id=0, keyval=0 Jul 31 10:15:41 jpotkanski-lx slapd[30011]: backsql_search(): loading data for entry id=5, oc_id=2, keyval=1 On a failed one, backsql_oc_get_candidates(): 0 openldap 2.3.39, 4.fc8 , unixodbc 2.2.12, freetds .84, mysql-odbc latest. Before opening anything in ITS, I wondered if this is a bug, feature request or maybe solved in 2.4? Jason Potkanski Information Technology Developer CCIM Institute 430 N. Michigan Ave, Suite 800 Chicago, IL 60611-4092 jpotkanski(a)ccim.com www.ccim.com tel: 312.321.8559

3 5

slapd does not start, where do I find the error?
by Jorge Medina 01 Aug '08

01 Aug '08

I got the sources (2.2.8), compiled and installed OpenLDAP in RedHat Enterprise Linux 5 ( 64-bit.) (I also got the sources and compiled BerkeleyDB 4.6) Now, I am trying to start the server. I don't get any error message in the console. In Ubuntu, the errors would show up in /var/log/syslog Where could I find what is wrong when I invoke slapd? Where do the errors get logged ?

4 5

Determine current access level
by Simon Victor 01 Aug '08

01 Aug '08

Hi all, I'm stuck on a specific issue with acls: I wan't to get the "current access level" for an entry (not at attribute level). My problem is, that i want to check if the acls allows me to delete or modify an entry before i really do it. Is there a way go read out the acls? Is this possible with aci's? The inheritance of aci could be tricky... Best regards, Simon

2 1

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software August 2008