Unable to login as local user when LDAP master has problem
by sparklings
Hi,
I'm having about 30 Linux Servers in which I have one LDAP master server and remaining all of them are ldap clients.All the users who login to Linux servers are LDAP users.
Whenever there is a problem with the LDAP service in Master, I have the following issues.
1.ldap user anyway cannot login to any of the server but even as root or local user,we are unable to login to any of the client/master server.
2.If I'm already logged in any of the client server and when there is a problem with the LDAP master service, the server becomes extremely unstable/slow and cannot execute any command and everything hangs.
Could you suggest if I'm missing any setting in LDAP master or slave?as I should not have problem in login to the servers as a local/root user even when LDAP master is down
Thanks in Advance,
Rahul
14 years, 9 months
Cannot start kerberos signing/sealing when using TLS/SSL
by Jeremiah Martell
I'm using openldap, cyrus-sasl, heimdal, and openssl.
I use the standard kerberos "kinit" tool to get my TGT, this is successful.
I use the standard openldap "ldapsearch" tool to attempt to do a
LDAP+GSSAPI over TLS (cert level "demand") search, and I get two
errors.
The first error is an "inappropriate auth", which seems to come from openldap.
The second error is "Cannot start kerberos signing/sealing when using
TLS/SSL", which seems to come from GSSAPI-land.
Interesting facts:
- This fails against Windows 2003 AD.
- But succeeds against a BSD box running an openldap server.
- The following all had the cert level set to "demand"...
- - LDAP works with the Win2003 AD.
- - LDAP+SSL works with the Win2003 AD.
- - LDAP+TLS works with the Win2003 AD.
- - LDAP+GSSAPI works with the Win2003 AD.
- - LDAP+GSSAPI+SSL works with the Win2003 AD.
- - But LDAP+GSSAPI+TLS does NOT work with the Win2003 AD.
- If I switch the cert level to "allow", then LDAP+GSSAPI+TLS works
with Win2003 AD.
It seems everything is ok with my kerberos setup, since LDAP+GSSAPI works.
It seems everything is ok with my certs, since LDAP+SSL and LDAP+TLS
and LDAP+GSSAPI+SSL works.
I'm at a loss as to why this particular case:
LDAP+GSSAPI+TLS (cert level "demand") against Windows 2003 AD
doesn't work.
I tried looking through the openldap, cyrus-sasl, heimdal, and openssl
code for "Cannot start kerberos signing/sealing when using TLS/SSL"
but
I didn't find anything. My guess is that this comes from the server.
The only thing I could find googling was from here:
http://en.gentoo-wiki.com/wiki/Active_Directory_Authentication_using_LDAP
that says:
"GSSAPI Error: Cannot start kerberos signing/sealing when using TLS/SSL
SASL/GSSAPI already encrypts the LDAP traffic, this error is trying to
say TLS/SSL is redundant."
My questions:
(1) Is this simply the fact that Windows 2003 AD doesn't support
LDAP+GSSAPI+TLS (with cert level set to "demand")?
(2) Why would the Win2003 AD server behave properly with SSL but not TLS?
(3) Why does the openldap server work fine, but not the Windows 2003 AD server?
(3) Has this been addressed in some newer release of
openldap/cyrus-sasl/heimdal/openssl code?
(4) Is there anything I could have done wrong in my Win2003 AD setup?
(5) Any other general suggestions/ideas to help?
Thanks,
--
- Jeremiah Martell
http://inlovewithGod.com
14 years, 9 months
bdb encryption
by ghenry@OpenLDAP.org
Hi All,
I'm just testing bdb encryption and it works as expected out of the box.
But I'm trying to decrypt it using the bdb tools:
[ghenry@suretec openldap-data]$ /usr/local/BerkeleyDB.4.7/bin/db_verify objectClass.bdb
db_verify: Encrypted environment: no encryption key supplied
Segmentation fault
So it segfaults, but it's the same with the key:
[ghenry@suretec openldap-data]$ /usr/local/BerkeleyDB.4.7/bin/db_verify -P "testing" objectClass.bdb
db_verify: Invalid password
Segmentation fault
testing is set in slapd.conf via "cryptfile" and has the word "testing" in it:
(gdb) run -P testing objectClass.bdb
Starting program: /usr/local/BerkeleyDB.4.7/bin/db_verify -P testing objectClass.bdb
db_verify: Invalid password
[New Thread 0xb7fd86c0 (LWP 17626)]
Program received signal SIGSEGV, Segmentation fault.
0x0021f82d in __memp_resize () from /usr/local/BerkeleyDB.4.7/lib/libdb-4.7.so
Missing separate debuginfos, use: debuginfo-install glibc-2.9-2.i686
(gdb) bt
#0 0x0021f82d in __memp_resize () from /usr/local/BerkeleyDB.4.7/lib/libdb-4.7.so
#1 0x0021bac9 in __memp_set_cachesize () from /usr/local/BerkeleyDB.4.7/lib/libdb-4.7.so
#2 0x08048cfd in __db_rpath ()
#3 0x0804b018 in ?? ()
#4 0x00000000 in ?? ()
(gdb) q
Any ideas?
Thanks.
--
Kind Regards,
Gavin Henry.
OpenLDAP Engineering Team.
E ghenry(a)OpenLDAP.org
Community developed LDAP software.
http://www.openldap.org/project/
14 years, 9 months
why does ldapsearch just hang with SASL/EXTERNAL authentication started?
by borderline_ocd-er
hello list,
:¬O H-E-E-E-E-E-L-L-L-L-P-P-P!!!!
for the past week and a half, i've been trying to get an openldap
client on a mac os x 10.4.11 (OpenLDAP 2.2) to talk to an ldap
directory server (sun iPlanet directory server 5.1) on a solaris 9
sparc box; using client authentication with x509 certificates for both
the server and the client.
i have successfully configured client authn between the directory
server (ds) on the solaris box and a precompiled ldapsearch binary
client (also running on that same solaris box). the ldapsearch binary
is part of the netscape security services (nss) ldap c sdk 6.0.x that
came bundled with - what sun calls it's - "ds resource kit 5.2
(dsrk)".
since client authn works successfully between those 2 components
running local to each other, i figured a remote client authn setup
shouldn't be much of a stretch (if the openldap.org docs are to be
believed). BOY! was i wrong!
after copying to my mac os x box, the same ca cert and client cert (in
.pem format) that worked successfully on the solaris box, i configured
ldap.conf and .ldaprc to point to the certs and keys (see below).
when i run an openldap ldapsearch on the mac, the tls handshake
appears to succeed (see below); then the sasl/external client authn
appears to kick off; then it just hangs! the last thing that's output
to the shell is "SASL/EXTERNAL authentication started". but the shell
cursor just hangs there; flashing away - doing nothing!
the solaris ds access logs seem to report that a bind took place as a
result of the mac openldap ldapsearch attempt:
"...conn=45 SSL client bound as cn=bilbo,ou=development,o=helpme.com"
please, will you help me to get my mac openldap ldapsearch client to
authenticate to my solaris ds using a client cert?
i've read and reread the openldap.org tls docs
(http://www.openldap.org/doc/admin24/tls.html); i've read and reread
the openldap.org sasl docs
(http://www.openldap.org/doc/admin24/sasl.html); i've scoured this
list; i've scoured the cyrus sasl list
(http://asg.andrew.cmu.edu/archive/index.php?mailbox=archive.cyrus-sasl);
i've tried adding the "-I" switch to the ldapsearch command, but that
results in an endless loop of being prompted over and over to enter an
authorization id.
i've tried editing /etc/syslog.conf with the following:
"local4.* /var/log/openldap.log"
but nothing ever gets logged to that file!
i've spent so much time trying to solve this problem on my own, that
my wife has threatened to leave me for my best friend if i don't stop
spending so much time on this! my dog snarled at me and bit my behind
today because he doesn't recognize me anymore! my daughter is talking
about becoming an "exotic dancer" because i don't pay her enough
attention from working on this! my failure to accomplish such a
seemingly simple task has made me consider taking my own life!
seriously though: I NEED YOUR HELP!
thanks in advance for your help.
==========================================================
ds access logs after successful ldapsearch on solaris box:
==========================================================
...
[07/Dec/2008:04:29:38 +0000] conn=0 fd=49 slot=49 SSL connection from
127.0.0.1 to 127.0.0.1
[07/Dec/2008:04:29:38 +0000] conn=0 SSL 128-bit RC4; client
O=helpme.com, OU=Development, CN=bilbo; issuer E=ldapca(a)helpme.com,
CN=ldapca, OU=development, O=helpme.com, L=Chicago, ST=IL, C=US
[07/Dec/2008:04:29:38 +0000] conn=0 SSL client bound as
cn=bilbo,ou=development,o=helpme.com
[07/Dec/2008:04:29:38 +0000] conn=0 op=0 BIND dn="" method=sasl
version=3 mech=EXTERNAL
[07/Dec/2008:04:29:38 +0000] conn=0 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="cn=bilbo,ou=development,o=helpme.com"
[07/Dec/2008:04:29:38 +0000] conn=0 op=1 SRCH
base="ou=development,o=helpme.com" scope=2 filter="(cn=bilbo)"
attrs=ALL
[07/Dec/2008:04:29:38 +0000] conn=0 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[07/Dec/2008:04:29:38 +0000] conn=0 op=2 UNBIND
[07/Dec/2008:04:29:38 +0000] conn=0 op=2 fd=49 closed - U1
...
==========================================================
hanging mac osx openldap ldapsearch command results:
==========================================================
bilbo$ ldapsearch -v -H ldap://bebop -s sub -b "" -LLL -d -7 -ZZ
ldap_initialize( ldap://bebop )
ldap_create
ldap_url_parse_ext(ldap://bebop)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP bebop:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.0.0.8:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 31 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: bebop port: 389 (default)
refcnt: 2 status: Connected
last used: Sun Dec 7 16:04:48 2008
** Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 95 contents:
ber_dump: buf=0x004044b0 ptr=0x004044b0 end=0x0040450f len=95
0000: 02 01 01 78 5a 0a 01 00 04 00 04 3b 53 74 61 72 ...xZ......;Star
0010: 74 20 54 4c 53 20 72 65 71 75 65 73 74 20 61 63 t TLS request ac
0020: 63 65 70 74 65 64 2e 53 65 72 76 65 72 20 77 69 cepted.Server wi
0030: 6c 6c 69 6e 67 20 74 6f 20 6e 65 67 6f 74 69 61 lling to negotia
0040: 74 65 20 53 53 4c 2e 8a 16 31 2e 33 2e 36 2e 31 te SSL...1.3.6.1
0050: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_read: message type extended-result msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x004044b0 ptr=0x004044b3 end=0x0040450f len=92
0000: 78 5a 0a 01 00 04 00 04 3b 53 74 61 72 74 20 54 xZ......;Start T
0010: 4c 53 20 72 65 71 75 65 73 74 20 61 63 63 65 70 LS request accep
0020: 74 65 64 2e 53 65 72 76 65 72 20 77 69 6c 6c 69 ted.Server willi
0030: 6e 67 20 74 6f 20 6e 65 67 6f 74 69 61 74 65 20 ng to negotiate
0040: 53 53 4c 2e 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e SSL...1.3.6.1.4.
0050: 31 2e 31 34 36 36 2e 32 30 30 33 37 1.1466.20037
read1msg: 0 new referrals
read1msg: mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_extended_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x004044b0 ptr=0x004044b3 end=0x0040450f len=92
0000: 78 5a 0a 01 00 04 00 04 3b 53 74 61 72 74 20 54 xZ......;Start T
0010: 4c 53 20 72 65 71 75 65 73 74 20 61 63 63 65 70 LS request accep
0020: 74 65 64 2e 53 65 72 76 65 72 20 77 69 6c 6c 69 ted.Server willi
0030: 6e 67 20 74 6f 20 6e 65 67 6f 74 69 61 74 65 20 ng to negotiate
0040: 53 53 4c 2e 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e SSL...1.3.6.1.4.
0050: 31 2e 31 34 36 36 2e 32 30 30 33 37 1.1466.20037
ber_scanf fmt (a) ber:
ber_dump: buf=0x004044b0 ptr=0x004044f7 end=0x0040450f len=24
0000: 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 ..1.3.6.1.4.1.14
0010: 36 36 2e 32 30 30 33 37 66.20037
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x004044b0 ptr=0x004044b3 end=0x0040450f len=92
0000: 78 5a 0a 01 00 04 00 04 3b 53 74 61 72 74 20 54 xZ......;Start T
0010: 4c 53 20 72 65 71 75 65 73 74 20 61 63 63 65 70 LS request accep
0020: 74 65 64 2e 53 65 72 76 65 72 20 77 69 6c 6c 69 ted.Server willi
0030: 6e 67 20 74 6f 20 6e 65 67 6f 74 69 61 74 65 20 ng to negotiate
0040: 53 53 4c 2e 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e SSL...1.3.6.1.4.
0050: 31 2e 31 34 36 36 2e 32 30 30 33 37 1.1466.20037
ber_scanf fmt (x) ber:
ber_dump: buf=0x004044b0 ptr=0x004044f7 end=0x0040450f len=24
0000: 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 ..1.3.6.1.4.1.14
0010: 36 36 2e 32 30 30 33 37 66.20037
ber_scanf fmt (}) ber:
ber_dump: buf=0x004044b0 ptr=0x0040450f end=0x0040450f len=0
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0, subject:
/C=US/ST=IL/L=Chicago/O=helpme.com/OU=development/CN=ldapca/emailAddress=ldapca(a)helpme.com,
issuer: /C=US/ST=IL/L=Chicago/O=helpme.com/OU=development/CN=ldapca/emailAddress=ldapca(a)helpme.com
TLS certificate verification: depth: 0, err: 0, subject:
/C=US/ST=IL/L=Chicago/O=helpme.com/OU=development/CN=bebop, issuer:
/C=US/ST=IL/L=Chicago/O=helpme.com/OU=development/CN=ldapca/emailAddress=ldapca(a)helpme.com
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write certificate verify A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_sasl_interactive_bind_s: user selected: EXTERNAL
ldap_int_sasl_bind: EXTERNAL
ldap_int_sasl_open: host=bebop
=> ldap_dn2bv(16)
ldap_err2string
<= ldap_dn2bv(O=helpme.com,OU=Development,CN=bilbo)=0 Success
SASL/EXTERNAL authentication started
[shell just hangs here]
==========================================================
==========================================================
ds access logs after hanging ldapsearch from mac os x:
==========================================================
...
[07/Dec/2008:16:04:48 +0000] conn=45 fd=49 slot=49 connection from
10.0.0.9 to 10.0.0.8
[07/Dec/2008:16:04:48 +0000] conn=45 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
[07/Dec/2008:16:04:48 +0000] conn=45 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[07/Dec/2008:16:04:49 +0000] conn=45 SSL 128-bit RC4; client
O=helpme.com, OU=Development, CN=bilbo; issuer E=ldapca(a)helpme.com,
CN=ldapca, OU=development, O=helpme.com, L=Chicago, ST=IL, C=US
[07/Dec/2008:16:04:49 +0000] conn=45 SSL client bound as
cn=bilbo,ou=development,o=helpme.com
[end of file]
==========================================================
ldap.conf file:
==========================================================
HOST bebop
BASE dc=bebop,dc=helpme,dc=net
TLS_REQCERT demand
TLS_CACERT
/Users/bilbo/development/projects/tutorials/ldap/conf/.security/take5/bebopCACert.pem
==========================================================
.ldaprc file:
==========================================================
URI ldaps://bebop:636
HOST bebop
BASE ""
TLS_REQCERT demand
TLS_CACERT
/Users/bilbo/development/projects/tutorials/ldap/conf/.security/take5/bebopCACert.pem
TLS_CERT /Users/bilbo/development/projects/tutorials/ldap/conf/.security/take5/bilboClientCert.pem
TLS_KEY
/Users/bilbo/development/projects/tutorials/ldap/conf/.security/take5/bilboClientKey.pem
SASL_MECH EXTERNAL
==========================================================
14 years, 9 months
Using AD authentication with an external LDAP for authorization
by Stefan Stefansson
Hi.
I'm new to the world of LDAP and directory servers and trying to
figure out the best solution to my problem.
This isn't exactly OpenLDAP specific, I still haven't figured out
whether OpenLDAP is the right thing to use or whether there is any
good solution to my situation.
So I hope you forgive me for asking this here but I'm hoping to tap
into the collective knowledge of this list for ideas.
My situation is that I have taken over the systems administration of a
group of Linux servers for the Computer Science department at my
school. The school has an IT department but we would like to be
independent of them, both to relieve them of as much as possible of
our demands (which can be quite demanding and unorhadox) as well as
having a more agile environment here (again touching on the fact that
they are overloaded).
The IT department mostly runs Microsoft solutions and the whole domain
is controlled by Active Directory. I'm not familiar with AD myself so
I don't know whether it's a particularly "good setup" or not but I
have no reason to believe otherwise.
So, what I want to do is set up our own directory server but of course
I would like to use some open source solutions... or at the very
least, something that runs on Linux. There I would like to control
authorization for different users to different servers, clusters, web
systems (such as wiki webs, Subversion, bug tracking software etc). On
the other hand, I would prefer that authentication be somehow
delegated to the AD server for any user who is on the domain to avoid
duplicating data. However, I still would like to be able to define
additional users in my LDAP directory server that are not necessarily
on the domain. So my setup would have to be able to distinguish
whether authentication should be handled by my LDAP server or the AD
server. I would think this could happen in two ways: 1) user
credentials are replicated over to the LDAP server from AD which means
that LDAP would handle all authentication or 2) LDAP server would
delegate authentication for users it cannot authenticate to the AD
server but otherwise it would handle the users it knows. I assume 1 is
difficult to do as sending the user credentials out from AD is
probably considered bad practice (if it is at all possible that is).
The backup plan would be for me to get administrative rights to some
part of the AD server and then we'd use only that server for all
authentication and authorization requirements but as I said, we would
like to be as independent from their services as possible in addition
to not being particularly fond of having to use AD (is there any sort
of a usable web access to that? would this mean I would have to have a
Windows box set up to perform any administrative tasks?).
This is my situation. Sorry for the log winded explanation. Does
anybody have an idea of how to accomplish something like this? I'd be
happy to hear about any case studies or white papers on similar
subjects (I can't believe I'm the first one to want to do this). I'm
also open for suggestions on what tools to use. Open source is not a
requirement (but preferred).
Best regards, Stefan Freyr.
14 years, 9 months
OpenLDAP + Active Directory User and Password Sync
by Animesh Bansriyar
Hi All,
I have been working on getting Active Directory User Information
(username/password) to sync with OpenLDAP. I have been working on
different theories to get them to sync when I chanced upon acctsync.
Acctsync (http://acctsync.sourceforge.net/) seems to do the work but
looks like there has been no work on it since 2005. I am looking
forward to revive the project and want to contribute as well on it. If
there is something similar can somebody please point me out to it.
This is what I am looking for:
1. Any User Added to Active Directory shall be added to OpenLDAP as
well and any password modified from Active Directory should be
modified in OpenLDAP as well - where OpenLDAP would be used for System
Auth in a Linux environment.
2. Any User Added to OpenLDAP should be added to Active Directory
along with the same credentials and any password modified in OpenLDAP
should be modified in Active Directory as well.
I have somewhat been able to take care of the second requirement but
the first seems to be the more difficult one in a Windows 2008
Environment - The appoach I have taken is to have a daemon running
which polls the OpenLDAP Server with clear-text passwords every few
minutes and adds/modifes accounts in the AD Server accordingly - I
know this is the least elegant way to do it but as of now it works for
me.
Can somebody suggest ways to do the above or maybe share experiences
on the same.
Thanks,
Animesh
14 years, 9 months
Re: Syncrepl question
by Quanah Gibson-Mount
--On Friday, December 05, 2008 1:18 PM -0800 Ivan Ordonez
<iordonez(a)nature.berkeley.edu> wrote:
> Hi Quanah,
>
> I was able to get it to work earlier when I add the startls=critical
> line. It work when I did it on the slave1, at the time, I made the
> slave1 as the master. Thanks so much for that. Now moving on the the
> real master, things did not go well. Now the issue is that, any changes
> I make on the master, doesn't go to the slaves. I have two slaves and I
> want those two to get the changes.
>
> example:
>
> Master
> |
> _ _ _ _ _| |_ _ _ _ _
> | |
> | |
> | |
> Slave1 Slave2
>
> Now, when I make any change on the master, the changes will take effect
> only on master and not on the slaves. I will get this error on both
> slaves.
> Is this because of the acl.bdc.readonly.conf line I have on both slave's
> slapd.conf file? pdbedit -Lv username still work only on account were no
> changes are made.
Do you see any errors on the master from the slaves binding? Are you sure
they have the right permissions to the master? Did you look at what sync
logging shows? What is the contextCSN on your master versus your slaves?
At this point, I suggest we take this discussion back to the list, since we
got back your earlier config issue (starttls not being set in the syncrepl
config).
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
14 years, 9 months
Syncrepl question
by Ivan Ordonez
Hi all,
We have a small size domain with about 500 users and computers. We are
using Samba with Openldap integration to authenticate user login and
file sharing. Our setup is consist of 3 servers running Gentoo Linux -
1PDC and 2BDCs. As for replication, we are still using "slurpd". Any
changes or modification is done through the PDC which replicates the
changes to BDC1, then from BDC1, it then goes down to BDC2 - it's like a
chain.
We want to start using "syncrepl" soon as a way to replicate our
database but I'm not sure were to start. We want to setup all of our
machine to sync with each other everyday, and not worry which machine is
use to make changes, modification, etc.... I'm not sure which syncrepl
function to use to achieve what we want to do. Is "N-Way Multi Master
replication" the correct choice to do this? We are using "BDB" database
on each servers, and would like to achieve this with minimal downtime if
possible. What is the best way to do this? Please advise.
Any help is greatly appreciated.
-Ivan
14 years, 9 months
How to take backup of the openldap users data from the command prompt in LINUX Fedora
by Jyotishmaan Ray
My problem.
I
had been using the phpldapadmin browser 1.0.1 to access the openldap
database. Recently when I observed that when I logged onto the
phpldapadmin browser, the features of the browser didnt show up as
usually it appears.
So that was my problem as such now I
am not able to use the GUI of the browser to do importing of the ldif
files for adding new users to my database.
Now that the situation is urgent, I need to take a back up of my openldap database for the users data.
Please
give me the full comand details, so that I can take a back up of my
database safely before exploring the problem of phpldapadmin browser.
Thanks, in advance,
jmaan
Thanks,
Jyotishmaan Ray Moderator Of Paradise Groups http://yahoogroups.com/group/Spirituality-Paradise Are You Spiritually Aware !!! Are You Enjoying Yourself !!! See What All You Had Been Missing !!!!
Please Join Immediately By Sending A Blank Mail @
Spirituality-Paradise-subscribe(a)yahoogroups.com
14 years, 9 months
OpenLDAP 2.4.10 Logging
by Lydon, Mark
I am running OpenLDAP 2.4.10 in a Solaris 10 local zone.
All working fine, except that I want to log to a specific file using this command line;
nohup /usr/local/libexec/slapd -d 64 -d 256 2> /tmp/slapd.log &
This run ok in background, but when I exit my shell the job ends. I've often used nohup like this to start jobs and disassociate them from the users login shell, why doesn't it work here?
Regards
Mark Lydon
AT&T
14 years, 9 months