openldap-software July 2009

openldap-software@openldap.org

49 participants
46 discussions

Re: LDAP add *.ldif errors
by Gavin Henry 09 Jul '09

09 Jul '09

Pastore Annamaria wrote: > Goodmornig, > > > > I load a version 2.4 of LDAP (that support overlay-memberof). > > Ldap it start ok, and the network was ok. > > I start to configure a memberof scenarios and after few errors started. > > For don't touch anymore, I cleanup all /var/lib/ldap...and I try to load > > > A single *.ldif.... > > > > but when I try to load a .ldif (core, cosine..) I have few errors : > > > > 1. With ldap online : > > > > ldapadd -x -D "cn=Manager,dc=pippo,dc=it" -W -f core.ldif > > Enter LDAP Password: > > adding new entry "cn=core,cn=schema,cn=config" > > ldap_add: Insufficient access (50) > > > > In /var/lib/ldap there is a DB_CONFIG (before DB_CONFIG.exemple) and the > owner of directory is ldap, just I read few threads about this sort of > bug. > > The access in slapd.con is : > > > > #access to dn="" by * read > > access to attrs=userPassword > > by anonymous auth > > by self write > > by * auth > > # by * none > > > > access to * > > by self write > > by * read > > # by * none > > > > But anymore I try also whit "by * write" and nothing change. > > Other parameter is : > > > > directory /var/lib/ldap > > > > > > 2. With ldap offline : > > > > [root@itmit2vl5 schema]# slapadd -l core.ldif -f ../slapd.conf > > bdb(dc=telecom,dc=it): Program version 4.4 doesn't match environment > version 4.6 > > bdb_db_open: Database cannot be opened, err -30971. Restore from backup! > > bdb(dc=pippo,dc=it): DB_ENV->lock_id_free interface requires an > environment configured for the locking subsystem > > bdb(dc=pippo,dc=it): txn_checkpoint interface requires an environment > configured for the transaction subsystem > > bdb_db_close: txn_checkpoint failed: Invalid argument (22) > > backend_startup_one: bi_db_open failed! (-30971) > > slap_startup failed > > > > But the bdb version not appears anywhere!!! > > I try also the command "od -j12 -N8 -tx4 log.0000000001" and the result > was 4.6! > > What I must to do, for going on ? > > > > > > Thank you very much at all, and sorry for my newbie expierence..... > I presume you got this resolved yourself? Thanks. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

Benchmarks?
by Gavin Henry 06 Jul '09

06 Jul '09

Hi all, Has anyone managed to do some beefy benchmarks on a recent 2.6 with bdb 4.7 lately? Gavin. -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com

3 2

Remove an objectclasse during syncrepl
by David LEROUX 04 Jul '09

04 Jul '09

Hi all, We have a brand new ldap server that we are going to replicate with an outside replica, for an extranet purpose. During this replication, we would like to remove the "posixaccount" objectclass to only let the "inetorgperson" and "top" ones so we didn't need to put passwords or anything not needed I heard about slapo-rwm, but it seems to be buggy I'm sure that some of you all ready have done that, maybe there is a better way. Any help is welcomed Thank you -- David - elhijo

2 1

ldif.h
by Eric Nichols 02 Jul '09

02 Jul '09

I've spent the past few days rooting around the openldap site. I am developing currently on Debian lenny using the libldap2-dev package. My small goal is to try and write my own rootdse program to better understand the lib. I am stuck on one piece of code. I have no idea where to get an LDIF library to parse/write ldif files. Can anyone point me in the right direction on this? It's been a long time since I was coding in C and it took me a while just to gather that I needed -lldap to make what I have work. I believe this is the only piece I'm missing, the LDAP library calls work flawlessly. I also did learn that many of the depreciated functions are still documented as valid functions (ldap_get_values, ldap_count_values, ldap_value_free). I couldn't find anything that replaced these.. Many thanks Eric

3 3

How do I get libldap to pick up changes in TLS_CACERTDIR?
by Lawrence Chan 01 Jul '09

01 Jul '09

Hi, I'm writing an application that connects to a slapd and the application uses ldap_start_tls_s to secure communication between itself and slapd before doing anything else. The version of openLDAP I'm using is 2.2.29... I know I should get a newer version, but I have no say on this matter, this is the version I have to use. The /etc/openldap/ldap.conf config file contains only one modification: TLS_CACERTDIR /usr/sw/certs I'm not sure how I can get libldap to re-process/re-check the contents of TLS_CACERTDIR without ending the application and restarting it. I initially thought that tearing down the session and re-creating one from scratch would do the trick, but that isn't working. Thanks, Lawrence _________________________________________________________________ We are your photos. Share us now with Windows Live Photos. http://go.microsoft.com/?linkid=9666047

1 0

Delta-Sync w/ TLS troubles
by Peter Clark 01 Jul '09

01 Jul '09

Hello, I have a FreeBSD 7.2 Release box with openldap-2.4.16 installed on it. I have followed the Admin guide to setting up Delta-Sync replication and it works as long as I do not use either the "ldaps" or "starttls=yes" on the slave. ie: syncrepl rid=0 provider=ldap://joe.pdq.edu starttls=yes bindmethod=simple binddn="cn=ldaproot,dc=pdq,dc=edu" credentials="XXXXXXXXX" searchbase="dc=pdq,dc=edu" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog or syncrepl rid=0 provider=ldaps://joe.pdq.edu bindmethod=simple binddn="cn=ldaproot,dc=mtmary,dc=edu" credentials="XXXXXXXX" searchbase="dc=pdq,dc=edu" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog I have set my loglevel to -1 on both boxes and the only thing that shows up in the logs referring to tls is: (Master server) slapd[9572]: conn=1 op=0 EXT oid=1.3.6.1.4.1.1466.20037 slapd[9572]: do_extended: oid=1.3.6.1.4.1.1466.20037 slapd[9572]: conn=1 op=0 STARTTLS slapd[9572]: send_ldap_extended: err=0 oid= len=0 slapd[9572]: send_ldap_response: msgid=1 tag=120 err=0 slapd[9572]: conn=1 op=0 RESULT oid= err=0 text= slapd[9572]: daemon: activity on 1 descriptor slapd[9572]: connection_read(16): checking for input on id=1 slapd[9572]: connection_read(16): TLS accept failure error=-1 id=1, closing slapd[9572]: connection_closing: readying conn=1 sd=16 for close slapd[9572]: connection_close: conn=1 sd=16 slapd[9572]: daemon: removing 16 slapd[9572]: conn=1 fd=16 closed (TLS negotiation failure) (Slave Server) slapd[10846]: =>do_syncrepl rid=000 slapd[10846]: daemon: activity on 1 descriptor slapd[10846]: daemon: waked slapd[10846]: daemon: select: listen=6 active_threads=0 tvp=zero lapd[10846]: daemon: select: listen=7 active_threads=0 tvp=zero slapd[10846]: daemon: select: listen=8 active_threads=0 tvp=zero slapd[10846]: daemon: select: listen=9 active_threads=0 tvp=zero slapd[10846]: slap_client_connect: URI=ldap://joe.pdq.edu Warning, ldap_start_tls failed (-11) slapd[10846]: slap_client_connect: URI=ldap://joe.pdq.edu DN="cn=ldaproot,dc=pdq,dc=edu" ldap_sasl_bind_s failed (-1) Is there some way to see what exactly is failing between the units? I have tried the credentials line with quotes around the password and without. I have made sure the provider= the fqdn of the master. Any help would be appreciated. Peter.

3 3

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software July 2009