Re: LDAP add *.ldif errors
by Gavin Henry
Pastore Annamaria wrote:
> Goodmornig,
>
>
>
> I load a version 2.4 of LDAP (that support overlay-memberof).
>
> Ldap it start ok, and the network was ok.
>
> I start to configure a memberof scenarios and after few errors started.
>
> For don't touch anymore, I cleanup all /var/lib/ldap...and I try to load
>
>
> A single *.ldif....
>
>
>
> but when I try to load a .ldif (core, cosine..) I have few errors :
>
>
>
> 1. With ldap online :
>
>
>
> ldapadd -x -D "cn=Manager,dc=pippo,dc=it" -W -f core.ldif
>
> Enter LDAP Password:
>
> adding new entry "cn=core,cn=schema,cn=config"
>
> ldap_add: Insufficient access (50)
>
>
>
> In /var/lib/ldap there is a DB_CONFIG (before DB_CONFIG.exemple) and the
> owner of directory is ldap, just I read few threads about this sort of
> bug.
>
> The access in slapd.con is :
>
>
>
> #access to dn="" by * read
>
> access to attrs=userPassword
>
> by anonymous auth
>
> by self write
>
> by * auth
>
> # by * none
>
>
>
> access to *
>
> by self write
>
> by * read
>
> # by * none
>
>
>
> But anymore I try also whit "by * write" and nothing change.
>
> Other parameter is :
>
>
>
> directory /var/lib/ldap
>
>
>
>
>
> 2. With ldap offline :
>
>
>
> [root@itmit2vl5 schema]# slapadd -l core.ldif -f ../slapd.conf
>
> bdb(dc=telecom,dc=it): Program version 4.4 doesn't match environment
> version 4.6
>
> bdb_db_open: Database cannot be opened, err -30971. Restore from backup!
>
> bdb(dc=pippo,dc=it): DB_ENV->lock_id_free interface requires an
> environment configured for the locking subsystem
>
> bdb(dc=pippo,dc=it): txn_checkpoint interface requires an environment
> configured for the transaction subsystem
>
> bdb_db_close: txn_checkpoint failed: Invalid argument (22)
>
> backend_startup_one: bi_db_open failed! (-30971)
>
> slap_startup failed
>
>
>
> But the bdb version not appears anywhere!!!
>
> I try also the command "od -j12 -N8 -tx4 log.0000000001" and the result
> was 4.6!
>
> What I must to do, for going on ?
>
>
>
>
>
> Thank you very much at all, and sorry for my newbie expierence.....
>
I presume you got this resolved yourself?
Thanks.
--
Kind Regards,
Gavin Henry.
OpenLDAP Engineering Team.
E ghenry(a)OpenLDAP.org
Community developed LDAP software.
http://www.openldap.org/project/
13 years, 11 months
Remove an objectclasse during syncrepl
by David LEROUX
Hi all,
We have a brand new ldap server that we are going to replicate with an
outside replica, for an extranet purpose.
During this replication, we would like to remove the "posixaccount"
objectclass to only let the "inetorgperson" and "top" ones so we didn't
need to put passwords or anything not needed
I heard about slapo-rwm, but it seems to be buggy
I'm sure that some of you all ready have done that, maybe there is a
better way.
Any help is welcomed
Thank you
--
David - elhijo
13 years, 11 months
ldif.h
by Eric Nichols
I've spent the past few days rooting around the openldap site. I am
developing currently on Debian lenny using the libldap2-dev package. My
small goal is to try and write my own rootdse program to better
understand the lib. I am stuck on one piece of code. I have no idea
where to get an LDIF library to parse/write ldif files.
Can anyone point me in the right direction on this? It's been a long
time since I was coding in C and it took me a while just to gather that
I needed -lldap to make what I have work.
I believe this is the only piece I'm missing, the LDAP library calls
work flawlessly. I also did learn that many of the depreciated
functions are still documented as valid functions (ldap_get_values,
ldap_count_values, ldap_value_free). I couldn't find anything that
replaced these..
Many thanks
Eric
13 years, 11 months
How do I get libldap to pick up changes in TLS_CACERTDIR?
by Lawrence Chan
Hi,
I'm writing an application that connects to a slapd and the application uses ldap_start_tls_s to secure communication between itself and slapd before doing anything else. The version of openLDAP I'm using is 2.2.29... I know I should get a newer version, but I have no say on this matter, this is the version I have to use. The /etc/openldap/ldap.conf config file contains only one modification:
TLS_CACERTDIR /usr/sw/certs
I'm not sure how I can get libldap to re-process/re-check the contents of TLS_CACERTDIR without ending the application and restarting it. I initially thought that tearing down the session and re-creating one from scratch would do the trick, but that isn't working.
Thanks,
Lawrence
_________________________________________________________________
We are your photos. Share us now with Windows Live Photos.
http://go.microsoft.com/?linkid=9666047
13 years, 11 months
Delta-Sync w/ TLS troubles
by Peter Clark
Hello,
I have a FreeBSD 7.2 Release box with openldap-2.4.16 installed on it. I
have followed the Admin guide to setting up Delta-Sync replication and
it works as long as I do not use either the "ldaps" or "starttls=yes" on
the slave. ie:
syncrepl rid=0
provider=ldap://joe.pdq.edu
starttls=yes
bindmethod=simple
binddn="cn=ldaproot,dc=pdq,dc=edu"
credentials="XXXXXXXXX"
searchbase="dc=pdq,dc=edu"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
schemachecking=on
type=refreshAndPersist
retry="60 +"
syncdata=accesslog
or
syncrepl rid=0
provider=ldaps://joe.pdq.edu
bindmethod=simple
binddn="cn=ldaproot,dc=mtmary,dc=edu"
credentials="XXXXXXXX"
searchbase="dc=pdq,dc=edu"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
schemachecking=on
type=refreshAndPersist
retry="60 +"
syncdata=accesslog
I have set my loglevel to -1 on both boxes and the only thing that shows
up in the logs referring to tls is:
(Master server)
slapd[9572]: conn=1 op=0 EXT oid=1.3.6.1.4.1.1466.20037
slapd[9572]: do_extended: oid=1.3.6.1.4.1.1466.20037
slapd[9572]: conn=1 op=0 STARTTLS
slapd[9572]: send_ldap_extended: err=0 oid= len=0
slapd[9572]: send_ldap_response: msgid=1 tag=120 err=0
slapd[9572]: conn=1 op=0 RESULT oid= err=0 text=
slapd[9572]: daemon: activity on 1 descriptor
slapd[9572]: connection_read(16): checking for input on id=1
slapd[9572]: connection_read(16): TLS accept failure error=-1 id=1, closing
slapd[9572]: connection_closing: readying conn=1 sd=16 for close
slapd[9572]: connection_close: conn=1 sd=16
slapd[9572]: daemon: removing 16
slapd[9572]: conn=1 fd=16 closed (TLS negotiation failure)
(Slave Server)
slapd[10846]: =>do_syncrepl rid=000
slapd[10846]: daemon: activity on 1 descriptor
slapd[10846]: daemon: waked
slapd[10846]: daemon: select: listen=6 active_threads=0 tvp=zero
lapd[10846]: daemon: select: listen=7 active_threads=0 tvp=zero
slapd[10846]: daemon: select: listen=8 active_threads=0 tvp=zero
slapd[10846]: daemon: select: listen=9 active_threads=0 tvp=zero
slapd[10846]: slap_client_connect: URI=ldap://joe.pdq.edu Warning,
ldap_start_tls failed (-11)
slapd[10846]: slap_client_connect: URI=ldap://joe.pdq.edu
DN="cn=ldaproot,dc=pdq,dc=edu" ldap_sasl_bind_s failed (-1)
Is there some way to see what exactly is failing between the units? I
have tried the credentials line with quotes around the password and
without. I have made sure the provider= the fqdn of the master. Any help
would be appreciated.
Peter.
13 years, 11 months
