openldap-software

openldap-software@openldap.org

2719 discussions

Group ACLs and indirection
by Simon Wilkinson 10 Apr '08

10 Apr '08

Hi, Just wondering, before I go and delve into the code, whether there was a way of doing group based ACLs in the same way as dnattr allows indirection on the user DN. Essentially, I'd like an object to contain an attribute holding the DN of the group permitted to access that object, and then be able to do access control based on the user being a member of the group pointed to by that DN. I can find an email from Kurt in 1999, suggesting a groupattr directive be implemented, and welcoming contributions. Would a contribution of this still be welcomed 9 years later? Cheers, Simon.

3 2

Problem with back-ldap and slapo-rwn
by Torsten Schlabach (Tascel eG) 10 Apr '08

10 Apr '08

Dear list! We are trying something we thought should be simple: We have got Server A: Holds an LDAP database Server B: Is supposed to act as a proxy to A Both are OpenLDAP, A is 2.2; B is 2.4. What we want to achieve is that server B will just proxy everything from server A except that some attribute names shall be rewritten, i.e. B is queried for a different attribute name as the actual name on A. Here is what we did: database ldap suffix "o=world" uri "ldap://ldap.our.tld/" overlay rwm rwm-map attribute authzTo saslAuthzTo The problem with that setup is that it will crash server B. In some example we found somthing like this: database ldap suffix "o=world" uri "ldap://ldap.our.tld/" overlay rwm rwm-map attribute authzTo saslAuthzTo rwm-map attribute * So as soon as we add that wildcard line, slapd (on server B) will no longer crash, but unfortunately, it is not going to find anything anymore. Could anyone help out with an example? Regards, Torsten

3 9

Master-Master replication mode
by Padmavathi Dt 10 Apr '08

10 Apr '08

Hii List, I have already posted a doubt regarding the posiibility of setting up a Master-Master replication mode setup in openLDAP.(sub:Is Master-Master architecture available in openldap?) Please refer the following link: http://www.openldap.org/lists/openldap-devel/199905/msg00029.html According to the above,there is a possibility of setting up Master-Master(Multi-Master) mode.He has also provided some patch to be applied for slapd. Whether this patch can be applied to any slapd(irrespective of versions?) But I would like to know which versions of slapd can support the Multi-Master mode???? Please clarify these things as soon as possible ................ I am waiting for an answer........ Thanks and Regards, Padma =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

4 5

Issue with building of back-perl
by Arjan Hulshoff 09 Apr '08

09 Apr '08

Hi, I am learning how to install, configure and use openldap. During installing of openldap with back-perl I get the following error: cd back-perl; make -w install make[3]: Entering directory `/root/openldap-2.4.8/servers/slapd/back-perl' /bin/sh ../../..//libtool --tag=disable-static --mode=compile cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -DSLAPD_IMPORT -c init.c cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -DSLAPD_IMPORT -c init.c -fPIC -DPIC -o .libs/init.o In file included from init.c:18: perl_back.h:21:20: error: EXTERN.h: No such file or directory perl_back.h:22:18: error: perl.h: No such file or directory In file included from init.c:18: perl_back.h:62: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token perl_back.h:67: error: expected specifier-qualifier-list before 'SV' init.c:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'void' init.c:24: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token init.c: In function 'perl_back_initialize': init.c:72: error: 'perl_interpreter' undeclared (first use in this function) init.c:72: error: (Each undeclared identifier is reported only once init.c:72: error: for each function it appears in.) init.c: In function 'perl_back_db_init': init.c:96: error: 'PerlBackend' has no member named 'pb_filter_search_results' init.c: In function 'perl_back_db_open': init.c:117: error: 'dSP' undeclared (first use in this function) init.c:117: error: 'ENTER' undeclared (first use in this function) init.c:117: error: 'SAVETMPS' undeclared (first use in this function) init.c:119: error: 'sp' undeclared (first use in this function) init.c:120: error: 'PerlBackend' has no member named 'pb_obj_ref' init.c:122: error: 'PUTBACK' undeclared (first use in this function) init.c:127: error: 'G_SCALAR' undeclared (first use in this function) init.c:130: error: 'SPAGAIN' undeclared (first use in this function) init.c:136: error: 'POPi' undeclared (first use in this function) init.c:138: error: 'FREETMPS' undeclared (first use in this function) init.c:138: error: 'LEAVE' undeclared (first use in this function) init.c: In function 'perl_back_xs_init': init.c:151: error: 'dXSUB_SYS' undeclared (first use in this function) init.c:152: error: 'boot_DynaLoader' undeclared (first use in this function) make[3]: *** [init.lo] Error 1 make[3]: Leaving directory `/root/openldap-2.4.8/servers/slapd/back-perl' make[2]: *** [install-slapd] Error 1 make[2]: Leaving directory `/root/openldap-2.4.8/servers/slapd' make[1]: *** [install-common] Error 1 make[1]: Leaving directory `/root/openldap-2.4.8/servers' make: *** [install-common] Error 1 Am I missing a requirement? Perl and perl-devel are installed. Can anybody help me to solve this issue? TIA, Arjan.

3 3

Is Master-Master architecture available in openldap?
by Padmavathi Dt 09 Apr '08

09 Apr '08

Hii List, We need to set up an environment where we will have two LDAP servers that work in primary-secondary mode ie,.. if primary goes down ,secondary should serve as primary(as it is like a master ie,... it should have all the capabilities as a primary server) Please tell me if this is possible with openLDAP as in master-slave architecture,when master goes down slave can serve in read only mode(as far as my understanding) Also tell me from where i can get some additional info about these topics.... Thanx a lot, Regards,padma =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

3 2

best way to export a whole ldap directory
by Ralf Prengel 08 Apr '08

08 Apr '08

Hallo, first I m a beginner in using ldap. My question: What s the best way to export the whole content of a ldap-directory starting with cn=name;dc=de using only a shell and ldap-commands. Thanks for hints. Prengel Ralf

5 5

Weird SASL thing
by Rick Stevens 07 Apr '08

07 Apr '08

First off, thanks for all the help on the CentOS 5 nsswitch.conf thing I ran into. I meant to reply to the thread, but I unfortunately deleted it from my mail client. It appears that "bind_type soft" did fix it, but I'm not certain (I can't reboot the server again to verify right now). However, I've run into an new weirdie. I've created a fairly simple shell script that creates an appropriate LDIF file to add users to my database. It then calls "ldapadd" to add the user: RES=`ldapadd -U root -w $LDAPPWD -f $OUTFILE` However, when the script runs, the ldapadd is rejected with: ldap_sasl_interactive_bind_s: Invalid credentials (49) The EXACT SAME command (after the variables are expanded) run from the command line works fine. I suspect it's this "ldap_sasl_interactive_bind_s" that's wonky since the command is being launched from inside a shell script and isn't interactive at that point, but is there a way around this? ---------------------------------------------------------------------- - Rick Stevens, Unix Geek rps2(a)socal.rr.com - - - - The gene pool could use a little chlorine. - ----------------------------------------------------------------------

2 5

ldapsearch client timeout feature
by Suhel Momin 07 Apr '08

07 Apr '08

Hi, I have a windows 2k3 machine, where in I have specified few virtual IPs. ldapsearch works fine when the IP's are present in the list. The problem is when the IP is removed from the IP list at the time of ldapsearch printing the output data. I see that ldapsearch hangs. I could find out that ldap_int_select function in ldap_result hangs due to infinite timout in select call. To get away with this, I want to modify ldapsearch to have client timeout feature. Any suggestions regarding how to proceed or pointers to already existing efforts are appreciated. Regards, Suhel

1 0

Re: Embedding Other LDAP Server in OpenLDAP for User Authentification [Virus checked]
by Michael Ströder 07 Apr '08

07 Apr '08

Klaus, please stay on the mailing list (Cc:-ed) with responses so others can answer and learn as well. ems(a)sparkassen-informatik.de wrote: > > thank you for your clues (back-ldap/back-meta). Do you think it works as > well if the embeddet other LDAP-Server ist an Active Diretory ? Yes. You can find a lot of discussions about special configurations for proxying AD with OpenLDAP in the mailing list's archive. You could simply start with it and ask if you have specific issues. Ciao, Michael. -- Michael Ströder E-Mail: michael(a)stroeder.com http://www.stroeder.com

1 0

slapd is not starting after building with SASL support
by Padmavathi Dt 07 Apr '08

07 Apr '08

Hii List, I have openldap-2.4.7 configured with openssl which was working fine till date. Now I have installed Cyrus-SASL-2.2.21 without any problems. I have rebuilt our openldap-2.4.7 as [root@as3 libexec]# env LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.6/lib:/usr/loc al/lib/sasl2:/usr/local/ssl/lib" CPPFLAGS="-I/usr/local/BerkeleyDB.4.6/include -I/usr/local/ssl/include -I/usr/local/include" LDFLAGS="-L/usr/local/ssl/lib -L /usr/local/BerkeleyDB.4.6/lib -L/usr/local/lib/sasl2 -R/usr/local/lib -R/usr/lo cal/lib/sasl2 -R/usr/local/Berkeley.DB.4.6 -R/usr/local/ssl/lib" LIBS=-ldl ./co nfigure --with-tls=openssl --with-cyrus-sasl Every thing went fine. We would like to use SASL/GSSAPI mechanism(we have working kerberos) I have added the following lines to my slapd.conf file: authz-regexp uid=([^,]*),cn=bsnl.com,cn=gssapi,cn=auth uid=$1,ou=people,dc=bsnl,dc=com I have given a space before uid lines... Is it correct? I have written the lines specified in the admin guide for testing.. { Also anyone please tell me from where can I get more info about authz-regexp directive and the values it can take....} Now when i start slapd as: slapd -d127 -h "ldaps:///" ps -ef|grep slapd is showing root 3912 7442 0 18:40 pts/2 00:00:00 slapd -d127 -h ldaps:/// root 3919 3516 0 18:44 pts/4 00:00:00 grep slapd and part of debug info regarding slapd start is: daemon: new connection on 12 daemon: added 12r daemon: activity on: daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 12r daemon: read activity on 12 connection_get(12) connection_get(12): got connid=1 connection_read(12): checking for input on id=1 TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=0 TLS: can't accept. connection_read(12): TLS accept error error=-1 id=1, closing connection_closing: readying conn=1 sd=12 for close connection_close: conn=1 sd=12 daemon: removing 12 daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL Till date there was no problem with SSL-LDAP combination and it started giving trouble after SASL support was added I have created principal for slapd as specified in the guide. Also created one slapd.conf file for use with saslauthd daemon.It has: pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux mech_list: plain login ntlm kerberos5 ~ ~ I dont know where to start for making the entire combination to work.... Please help me to get this sorted ... I shall be gratefule for every response Thanx in advance... Regards, Padma. =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software