sql to ldap MD5 conversion
by Antoine Jacoutot
Hi.
After several failed attempts, I need some help regarding the following
issue.
I need to import some users from a MySQL database to OpenLDAP.
I cannot find a working way of converting the md5 password stored in the
database (using md5() ) to the {MD5} password format for Ldap.
e.g:
SQL: the md5 value of 'password' is 5f4dcc3b5aa765d61d8327deb882cf99
OpenLDAP: the result of `slappasswd -h {MD5} -s password` is
{MD5}X03MO1qnZdYdgyfeuILPmQ==
So obviously I won't be able to use
{MD5}5f4dcc3b5aa765d61d8327deb882cf99
>From what I could gather it has to do with Base64 encoding but all my
attemps at scripting something failed miserably :(
Any hint would be appreciated.
Thanks!
--
Antoine
15 years
automatic charset conversion?
by Stefan Palme
Hi,
using an OpenLDAP server installation for several things. One thing
is a shared addressbook which is used by different persons with
different client applications. Some of them have a locale of
"de_DE.utf8", some of them work with "de_DE.latin1", some of them
use windows and so have a win-1250-or-whatever encoding.
When creating new addressbook entries these are transfered from
the client to the server in the clients charset encoding. When
clients with other encodings read these entries they seem somehow
broken - of course.
How to solve this problem? When the server known the "client encoding"
the server could automatically convert clients data into e.g. utf8
before storing it. Before sending data back to a client it could
convert all the stored utf8-data into client's encoding.
But I did not found a way to tell the server the client's encoding,
so this seems to be no way. Are there any working solutions for this?
Regards
-stefan-
--
-------------------------------------------------------------------
Dipl. Inf. (FH) Stefan Palme
email: kleiner(a)hora-obscura.de
www: http://hbci4java.kapott.org
http://converter-db.de
icq: 36376278
key fingerprint: 1BA7 D217 36A1 534C A5AD F18A E2D1 488A E904 F9EC
-------------------------------------------------------------------
15 years
Coverity Report for Openldap library
by meow@computer.org
Hi :
Our development project is using Openldap library, currently using
version 2.2.26, planning to migrate to a newer version.
And, recently, I saw in scan.coverity is generating Error report
for Openldap library .
So, I downloaded the latest stable release 2.3.39, check the
CHANGES doc to see if coverity fixes were included; but this doc didn;t
mention anything regarding fixes for Coverity Error .
Just want to know if latest stable release 2.3.39 contain the
fixes to the Error reported in the Coverity ?
And, how can I get access to the Coverity Report for Openldap
library ?
Thanks in advance for your time and information!
Regards,
Yen
15 years
Re: sles 10 synchronize 2 ldapservers
by bakkerru
Hi,
The two directories must contain the same users and groups, and when i add a
user on ldapserver off.company.nl it also has to be automativcally create
the user on the second ldapserver mail.company.nl. i use openldap 2.3.32 on
off.company.nl and 2.2.24 on mail.company.nl
regards
ruurd
-----Oorspronkelijk bericht-----
Van: openldap-technical-bounces+ruurd.bakker=ppc.nl(a)OpenLDAP.org [
<mailto:openldap-technical-bounces+ruurd.bakker=ppc.nl@OpenLDAP.org>
mailto:openldap-technical-bounces+ruurd.bakker=ppc.nl@OpenLDAP.org] Namens
Buchan Milne
Verzonden: woensdag 16 januari 2008 7:48
Aan: openldap-technical(a)openldap.org
CC: bakkerru
Onderwerp: Re: sles 10 synchronize 2 ldapservers
On Tuesday 15 January 2008 17:42:08 bakkerru wrote:
> Question:
>
> How can i sychronize the users and groups of 2 ldap servers. 1 is
> setup as pdc with samba and openldap (SLES10) domain "off.company.nl"
> and the other is our mailserver installed with ldap and openexchange
> (SLES9.3) domain mail.company.nl. how can i sync the users between
> both. The mailserver is in a DMZ.
You seem to have two issues here, and you're not clear which one you are
trying to address.
1)Are you trying to merge the contents of two different directories?
or
2)Are you trying to ensure that the contents of the directory on one server
is available on another server?
or
3)both?
I am not aware of tools to merge the contents of two directories, but you
could either do it manually, or write some scripts (which would depend on
the contents of the directories).
Once you have one directory containing all the information, use the
replication tools which are provided to keep the directory in sync across
your two servers. To be able to recommend which replication tool to use, you
need to supply the versions of OpenLDAP you are using (which may generate a
recommendation to upgrade at least one of them ...).
Regards,
Buchan
15 years
Script to check connections made
by Gustavo Mendes de Carvalho
Hi All,
I would like to know if somebody has some script or knows where I can
find one, that reads ldap.log file and creates a report where it's
possible to check who logged in which machine, and when this
connections was made.
Regards
---
Gustavo
e-mail: gmcarvalho(a)gmail.com
15 years
Expired password notification
by Andris Eiduks
Hi!
We use OpenLDAP for user's authentication.
And now also implemented password policy.
Authentication from Tomcat works without problem but customers find out
about expired passwords only after unsuccessful binding when all limits are
exceeded.
ldapsearch with option "-e ppolicy" shows info about necessary password
change.
Is possible to get the same info by BIND operation performing from other
systems side again OpenLDAP?
Or we must create special functions in application for user attributes
checking (pwdChangedTime, pwdGraceUseTime) and notification generation ?
Thanks in advance,
15 years
how to change attribute display order
by Winanjaya - CBN
Dear All,
How do I change attribute display order? ..(ie. sn, cn to cn, sn) ..
pls advise
thanks & regards
Winanjaya
***********************
Our outgoing mail has been scanned by MSS.
***********-***********
15 years
Subtree renames and memberOf handling
by Andrew Bartlett
I perhaps should have flagged this earlier, but I wanted to actually
have the test to prove it.
It appears that subtree renames and the memberOf plugin are not handled
correctly. That is:
I create
cn=ldaptestuser4,cn=ldaptestcontainer,DC=samba,DC=example,DC=com
I add it to a group:
dn: cn=ldaptestgroup2,cn=users,DC=samba,DC=example,DC=com
changetype: modify
add: member
member:
cn=ldaptestuser4,cn=ldaptestcontainer,DC=samba,DC=example,DC=com
Then I rename the container
CN=ldaptestcontainer,DC=samba,DC=example,DC=com into
CN=ldaptestcontainer2,DC=samba,DC=example,DC=com
However, when I search:
[abartlet@naomi source]$ bin/ldbsearch -H st/dc/private/sam.ldb
"cn=ldaptestgroup2"
# record 1
dn: CN=ldaptestgroup2,CN=Users,DC=samba,DC=example,DC=com
member: cn=ldaptestuser,cn=useRs,dc=samba,dc=example,dc=com
member: cn=ldaptestcomputer,cn=computers,dc=samba,dc=example,dc=com
member: cn=ldaptestuser2,cn=users,dc=samba,dc=example,dc=com
member: cn=ldaptestuser4,cn=ldaptestcontainer,dc=samba,dc=example,dc=com
[abartlet@naomi source]$ bin/ldbsearch -H st/dc/private/sam.ldb
"cn=ldaptestuser4"
# record 1
dn: CN=ldaptestuser4,CN=ldaptestcontainer2,DC=samba,DC=example,DC=com
cn: ldaptestuser4
memberOf: cn=ldaptestgroup2,cn=users,dc=samba,dc=example,dc=com
The 'member' attribute on the group is wrong, most likely because such a
subtree rename would never cause the memberOf module to fire and notice
that this needs updating.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
15 years
memberOf hidden?
by Andrew Bartlett
One of the odd things I've noticed since moving to OpenLDAP managing
memberOf is that memberOf is a hidden attribute by default. Is that
because it is treated as operational (due to being managed by the
module)?
I can un-hide it for Samba (I have code that adds a list of attributes
to any query for *), but I just wanted to check there wasn't a more
elegant way to do it.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
15 years
LDAP and oracle
by florian.engelmann@bt.com
Hi,
We just migrated our unix/linux accounts to LDAP. We decided to migrate
every user account that can login (except root) to LDAP. Now we have
heavy load on our LDAP systems and I think this is because we also
migrated the oracle users that are running our oracle databases. This is
because the oracle admins log on the systems using the user the database
is running with. I do not know that much about oracle but is it
mandatory to administrate an oracle database with the same user? Does it
make sense to migrate systemusers to ldap?
Florian Engelmann
15 years