openldap-technical December 2008

openldap-technical@openldap.org

58 participants
71 discussions

Unable to login as local user when LDAP master has problem
by sparklings 09 Dec '08

09 Dec '08

Hi, I'm having about 30 Linux Servers in which I have one LDAP master server and remaining all of them are ldap clients.All the users who login to Linux servers are LDAP users. Whenever there is a problem with the LDAP service in Master, I have the following issues. 1.ldap user anyway cannot login to any of the server but even as root or local user,we are unable to login to any of the client/master server. 2.If I'm already logged in any of the client server and when there is a problem with the LDAP master service, the server becomes extremely unstable/slow and cannot execute any command and everything hangs. Could you suggest if I'm missing any setting in LDAP master or slave?as I should not have problem in login to the servers as a local/root user even when LDAP master is down Thanks in Advance, Rahul

2 1

Cannot start kerberos signing/sealing when using TLS/SSL
by Jeremiah Martell 08 Dec '08

08 Dec '08

I'm using openldap, cyrus-sasl, heimdal, and openssl. I use the standard kerberos "kinit" tool to get my TGT, this is successful. I use the standard openldap "ldapsearch" tool to attempt to do a LDAP+GSSAPI over TLS (cert level "demand") search, and I get two errors. The first error is an "inappropriate auth", which seems to come from openldap. The second error is "Cannot start kerberos signing/sealing when using TLS/SSL", which seems to come from GSSAPI-land. Interesting facts: - This fails against Windows 2003 AD. - But succeeds against a BSD box running an openldap server. - The following all had the cert level set to "demand"... - - LDAP works with the Win2003 AD. - - LDAP+SSL works with the Win2003 AD. - - LDAP+TLS works with the Win2003 AD. - - LDAP+GSSAPI works with the Win2003 AD. - - LDAP+GSSAPI+SSL works with the Win2003 AD. - - But LDAP+GSSAPI+TLS does NOT work with the Win2003 AD. - If I switch the cert level to "allow", then LDAP+GSSAPI+TLS works with Win2003 AD. It seems everything is ok with my kerberos setup, since LDAP+GSSAPI works. It seems everything is ok with my certs, since LDAP+SSL and LDAP+TLS and LDAP+GSSAPI+SSL works. I'm at a loss as to why this particular case: LDAP+GSSAPI+TLS (cert level "demand") against Windows 2003 AD doesn't work. I tried looking through the openldap, cyrus-sasl, heimdal, and openssl code for "Cannot start kerberos signing/sealing when using TLS/SSL" but I didn't find anything. My guess is that this comes from the server. The only thing I could find googling was from here: http://en.gentoo-wiki.com/wiki/Active_Directory_Authentication_using_LDAP that says: "GSSAPI Error: Cannot start kerberos signing/sealing when using TLS/SSL SASL/GSSAPI already encrypts the LDAP traffic, this error is trying to say TLS/SSL is redundant." My questions: (1) Is this simply the fact that Windows 2003 AD doesn't support LDAP+GSSAPI+TLS (with cert level set to "demand")? (2) Why would the Win2003 AD server behave properly with SSL but not TLS? (3) Why does the openldap server work fine, but not the Windows 2003 AD server? (3) Has this been addressed in some newer release of openldap/cyrus-sasl/heimdal/openssl code? (4) Is there anything I could have done wrong in my Win2003 AD setup? (5) Any other general suggestions/ideas to help? Thanks, -- - Jeremiah Martell http://inlovewithGod.com

2 1

bdb encryption
by ghenry＠OpenLDAP.org 08 Dec '08

08 Dec '08

Hi All, I'm just testing bdb encryption and it works as expected out of the box. But I'm trying to decrypt it using the bdb tools: [ghenry@suretec openldap-data]$ /usr/local/BerkeleyDB.4.7/bin/db_verify objectClass.bdb db_verify: Encrypted environment: no encryption key supplied Segmentation fault So it segfaults, but it's the same with the key: [ghenry@suretec openldap-data]$ /usr/local/BerkeleyDB.4.7/bin/db_verify -P "testing" objectClass.bdb db_verify: Invalid password Segmentation fault testing is set in slapd.conf via "cryptfile" and has the word "testing" in it: (gdb) run -P testing objectClass.bdb Starting program: /usr/local/BerkeleyDB.4.7/bin/db_verify -P testing objectClass.bdb db_verify: Invalid password [New Thread 0xb7fd86c0 (LWP 17626)] Program received signal SIGSEGV, Segmentation fault. 0x0021f82d in __memp_resize () from /usr/local/BerkeleyDB.4.7/lib/libdb-4.7.so Missing separate debuginfos, use: debuginfo-install glibc-2.9-2.i686 (gdb) bt #0 0x0021f82d in __memp_resize () from /usr/local/BerkeleyDB.4.7/lib/libdb-4.7.so #1 0x0021bac9 in __memp_set_cachesize () from /usr/local/BerkeleyDB.4.7/lib/libdb-4.7.so #2 0x08048cfd in __db_rpath () #3 0x0804b018 in ?? () #4 0x00000000 in ?? () (gdb) q Any ideas? Thanks. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

2 1

why does ldapsearch just hang with SASL/EXTERNAL authentication started?
by borderline_ocd-er 08 Dec '08

08 Dec '08

hello list, :¬O H-E-E-E-E-E-L-L-L-L-P-P-P!!!! for the past week and a half, i've been trying to get an openldap client on a mac os x 10.4.11 (OpenLDAP 2.2) to talk to an ldap directory server (sun iPlanet directory server 5.1) on a solaris 9 sparc box; using client authentication with x509 certificates for both the server and the client. i have successfully configured client authn between the directory server (ds) on the solaris box and a precompiled ldapsearch binary client (also running on that same solaris box). the ldapsearch binary is part of the netscape security services (nss) ldap c sdk 6.0.x that came bundled with - what sun calls it's - "ds resource kit 5.2 (dsrk)". since client authn works successfully between those 2 components running local to each other, i figured a remote client authn setup shouldn't be much of a stretch (if the openldap.org docs are to be believed). BOY! was i wrong! after copying to my mac os x box, the same ca cert and client cert (in .pem format) that worked successfully on the solaris box, i configured ldap.conf and .ldaprc to point to the certs and keys (see below). when i run an openldap ldapsearch on the mac, the tls handshake appears to succeed (see below); then the sasl/external client authn appears to kick off; then it just hangs! the last thing that's output to the shell is "SASL/EXTERNAL authentication started". but the shell cursor just hangs there; flashing away - doing nothing! the solaris ds access logs seem to report that a bind took place as a result of the mac openldap ldapsearch attempt: "...conn=45 SSL client bound as cn=bilbo,ou=development,o=helpme.com" please, will you help me to get my mac openldap ldapsearch client to authenticate to my solaris ds using a client cert? i've read and reread the openldap.org tls docs (http://www.openldap.org/doc/admin24/tls.html); i've read and reread the openldap.org sasl docs (http://www.openldap.org/doc/admin24/sasl.html); i've scoured this list; i've scoured the cyrus sasl list (http://asg.andrew.cmu.edu/archive/index.php?mailbox=archive.cyrus-sasl); i've tried adding the "-I" switch to the ldapsearch command, but that results in an endless loop of being prompted over and over to enter an authorization id. i've tried editing /etc/syslog.conf with the following: "local4.* /var/log/openldap.log" but nothing ever gets logged to that file! i've spent so much time trying to solve this problem on my own, that my wife has threatened to leave me for my best friend if i don't stop spending so much time on this! my dog snarled at me and bit my behind today because he doesn't recognize me anymore! my daughter is talking about becoming an "exotic dancer" because i don't pay her enough attention from working on this! my failure to accomplish such a seemingly simple task has made me consider taking my own life! seriously though: I NEED YOUR HELP! thanks in advance for your help. ========================================================== ds access logs after successful ldapsearch on solaris box: ========================================================== ... [07/Dec/2008:04:29:38 +0000] conn=0 fd=49 slot=49 SSL connection from 127.0.0.1 to 127.0.0.1 [07/Dec/2008:04:29:38 +0000] conn=0 SSL 128-bit RC4; client O=helpme.com, OU=Development, CN=bilbo; issuer E=ldapca(a)helpme.com, CN=ldapca, OU=development, O=helpme.com, L=Chicago, ST=IL, C=US [07/Dec/2008:04:29:38 +0000] conn=0 SSL client bound as cn=bilbo,ou=development,o=helpme.com [07/Dec/2008:04:29:38 +0000] conn=0 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL [07/Dec/2008:04:29:38 +0000] conn=0 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=bilbo,ou=development,o=helpme.com" [07/Dec/2008:04:29:38 +0000] conn=0 op=1 SRCH base="ou=development,o=helpme.com" scope=2 filter="(cn=bilbo)" attrs=ALL [07/Dec/2008:04:29:38 +0000] conn=0 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [07/Dec/2008:04:29:38 +0000] conn=0 op=2 UNBIND [07/Dec/2008:04:29:38 +0000] conn=0 op=2 fd=49 closed - U1 ... ========================================================== hanging mac osx openldap ldapsearch command results: ========================================================== bilbo$ ldapsearch -v -H ldap://bebop -s sub -b "" -LLL -d -7 -ZZ ldap_initialize( ldap://bebop ) ldap_create ldap_url_parse_ext(ldap://bebop) ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: TCP bebop:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.0.0.8:389 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_ndelay_on: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_open_defconn: successful ldap_send_server_request ber_flush: 31 bytes to sd 3 ldap_result msgid 1 ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL wait4msg (infinite timeout), msgid 1 wait4msg continue, msgid 1, all 1 ** Connections: * host: bebop port: 389 (default) refcnt: 2 status: Connected last used: Sun Dec 7 16:04:48 2008 ** Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL ldap_int_select read1msg: msgid 1, all 1 ber_get_next ber_get_next: tag 0x30 len 95 contents: ber_dump: buf=0x004044b0 ptr=0x004044b0 end=0x0040450f len=95 0000: 02 01 01 78 5a 0a 01 00 04 00 04 3b 53 74 61 72 ...xZ......;Star 0010: 74 20 54 4c 53 20 72 65 71 75 65 73 74 20 61 63 t TLS request ac 0020: 63 65 70 74 65 64 2e 53 65 72 76 65 72 20 77 69 cepted.Server wi 0030: 6c 6c 69 6e 67 20 74 6f 20 6e 65 67 6f 74 69 61 lling to negotia 0040: 74 65 20 53 53 4c 2e 8a 16 31 2e 33 2e 36 2e 31 te SSL...1.3.6.1 0050: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_read: message type extended-result msgid 1, original id 1 ber_scanf fmt ({iaa) ber: ber_dump: buf=0x004044b0 ptr=0x004044b3 end=0x0040450f len=92 0000: 78 5a 0a 01 00 04 00 04 3b 53 74 61 72 74 20 54 xZ......;Start T 0010: 4c 53 20 72 65 71 75 65 73 74 20 61 63 63 65 70 LS request accep 0020: 74 65 64 2e 53 65 72 76 65 72 20 77 69 6c 6c 69 ted.Server willi 0030: 6e 67 20 74 6f 20 6e 65 67 6f 74 69 61 74 65 20 ng to negotiate 0040: 53 53 4c 2e 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e SSL...1.3.6.1.4. 0050: 31 2e 31 34 36 36 2e 32 30 30 33 37 1.1466.20037 read1msg: 0 new referrals read1msg: mark request completed, id = 1 request 1 done res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection ldap_free_connection: refcnt 1 ldap_parse_extended_result ber_scanf fmt ({iaa) ber: ber_dump: buf=0x004044b0 ptr=0x004044b3 end=0x0040450f len=92 0000: 78 5a 0a 01 00 04 00 04 3b 53 74 61 72 74 20 54 xZ......;Start T 0010: 4c 53 20 72 65 71 75 65 73 74 20 61 63 63 65 70 LS request accep 0020: 74 65 64 2e 53 65 72 76 65 72 20 77 69 6c 6c 69 ted.Server willi 0030: 6e 67 20 74 6f 20 6e 65 67 6f 74 69 61 74 65 20 ng to negotiate 0040: 53 53 4c 2e 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e SSL...1.3.6.1.4. 0050: 31 2e 31 34 36 36 2e 32 30 30 33 37 1.1466.20037 ber_scanf fmt (a) ber: ber_dump: buf=0x004044b0 ptr=0x004044f7 end=0x0040450f len=24 0000: 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 ..1.3.6.1.4.1.14 0010: 36 36 2e 32 30 30 33 37 66.20037 ldap_parse_result ber_scanf fmt ({iaa) ber: ber_dump: buf=0x004044b0 ptr=0x004044b3 end=0x0040450f len=92 0000: 78 5a 0a 01 00 04 00 04 3b 53 74 61 72 74 20 54 xZ......;Start T 0010: 4c 53 20 72 65 71 75 65 73 74 20 61 63 63 65 70 LS request accep 0020: 74 65 64 2e 53 65 72 76 65 72 20 77 69 6c 6c 69 ted.Server willi 0030: 6e 67 20 74 6f 20 6e 65 67 6f 74 69 61 74 65 20 ng to negotiate 0040: 53 53 4c 2e 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e SSL...1.3.6.1.4. 0050: 31 2e 31 34 36 36 2e 32 30 30 33 37 1.1466.20037 ber_scanf fmt (x) ber: ber_dump: buf=0x004044b0 ptr=0x004044f7 end=0x0040450f len=24 0000: 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 ..1.3.6.1.4.1.14 0010: 36 36 2e 32 30 30 33 37 66.20037 ber_scanf fmt (}) ber: ber_dump: buf=0x004044b0 ptr=0x0040450f end=0x0040450f len=0 ldap_msgfree TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /C=US/ST=IL/L=Chicago/O=helpme.com/OU=development/CN=ldapca/emailAddress=ldapca(a)helpme.com, issuer: /C=US/ST=IL/L=Chicago/O=helpme.com/OU=development/CN=ldapca/emailAddress=ldapca(a)helpme.com TLS certificate verification: depth: 0, err: 0, subject: /C=US/ST=IL/L=Chicago/O=helpme.com/OU=development/CN=bebop, issuer: /C=US/ST=IL/L=Chicago/O=helpme.com/OU=development/CN=ldapca/emailAddress=ldapca(a)helpme.com TLS trace: SSL_connect:SSLv3 read server certificate A TLS trace: SSL_connect:SSLv3 read server certificate request A TLS trace: SSL_connect:SSLv3 read server done A TLS trace: SSL_connect:SSLv3 write client certificate A TLS trace: SSL_connect:SSLv3 write client key exchange A TLS trace: SSL_connect:SSLv3 write certificate verify A TLS trace: SSL_connect:SSLv3 write change cipher spec A TLS trace: SSL_connect:SSLv3 write finished A TLS trace: SSL_connect:SSLv3 flush data TLS trace: SSL_connect:SSLv3 read finished A ldap_sasl_interactive_bind_s: user selected: EXTERNAL ldap_int_sasl_bind: EXTERNAL ldap_int_sasl_open: host=bebop => ldap_dn2bv(16) ldap_err2string <= ldap_dn2bv(O=helpme.com,OU=Development,CN=bilbo)=0 Success SASL/EXTERNAL authentication started [shell just hangs here] ========================================================== ========================================================== ds access logs after hanging ldapsearch from mac os x: ========================================================== ... [07/Dec/2008:16:04:48 +0000] conn=45 fd=49 slot=49 connection from 10.0.0.9 to 10.0.0.8 [07/Dec/2008:16:04:48 +0000] conn=45 op=0 EXT oid="1.3.6.1.4.1.1466.20037" [07/Dec/2008:16:04:48 +0000] conn=45 op=0 RESULT err=0 tag=120 nentries=0 etime=0 [07/Dec/2008:16:04:49 +0000] conn=45 SSL 128-bit RC4; client O=helpme.com, OU=Development, CN=bilbo; issuer E=ldapca(a)helpme.com, CN=ldapca, OU=development, O=helpme.com, L=Chicago, ST=IL, C=US [07/Dec/2008:16:04:49 +0000] conn=45 SSL client bound as cn=bilbo,ou=development,o=helpme.com [end of file] ========================================================== ldap.conf file: ========================================================== HOST bebop BASE dc=bebop,dc=helpme,dc=net TLS_REQCERT demand TLS_CACERT /Users/bilbo/development/projects/tutorials/ldap/conf/.security/take5/bebopCACert.pem ========================================================== .ldaprc file: ========================================================== URI ldaps://bebop:636 HOST bebop BASE "" TLS_REQCERT demand TLS_CACERT /Users/bilbo/development/projects/tutorials/ldap/conf/.security/take5/bebopCACert.pem TLS_CERT /Users/bilbo/development/projects/tutorials/ldap/conf/.security/take5/bilboClientCert.pem TLS_KEY /Users/bilbo/development/projects/tutorials/ldap/conf/.security/take5/bilboClientKey.pem SASL_MECH EXTERNAL ==========================================================

1 0

Using AD authentication with an external LDAP for authorization
by Stefan Stefansson 08 Dec '08

08 Dec '08

Hi. I'm new to the world of LDAP and directory servers and trying to figure out the best solution to my problem. This isn't exactly OpenLDAP specific, I still haven't figured out whether OpenLDAP is the right thing to use or whether there is any good solution to my situation. So I hope you forgive me for asking this here but I'm hoping to tap into the collective knowledge of this list for ideas. My situation is that I have taken over the systems administration of a group of Linux servers for the Computer Science department at my school. The school has an IT department but we would like to be independent of them, both to relieve them of as much as possible of our demands (which can be quite demanding and unorhadox) as well as having a more agile environment here (again touching on the fact that they are overloaded). The IT department mostly runs Microsoft solutions and the whole domain is controlled by Active Directory. I'm not familiar with AD myself so I don't know whether it's a particularly "good setup" or not but I have no reason to believe otherwise. So, what I want to do is set up our own directory server but of course I would like to use some open source solutions... or at the very least, something that runs on Linux. There I would like to control authorization for different users to different servers, clusters, web systems (such as wiki webs, Subversion, bug tracking software etc). On the other hand, I would prefer that authentication be somehow delegated to the AD server for any user who is on the domain to avoid duplicating data. However, I still would like to be able to define additional users in my LDAP directory server that are not necessarily on the domain. So my setup would have to be able to distinguish whether authentication should be handled by my LDAP server or the AD server. I would think this could happen in two ways: 1) user credentials are replicated over to the LDAP server from AD which means that LDAP would handle all authentication or 2) LDAP server would delegate authentication for users it cannot authenticate to the AD server but otherwise it would handle the users it knows. I assume 1 is difficult to do as sending the user credentials out from AD is probably considered bad practice (if it is at all possible that is). The backup plan would be for me to get administrative rights to some part of the AD server and then we'd use only that server for all authentication and authorization requirements but as I said, we would like to be as independent from their services as possible in addition to not being particularly fond of having to use AD (is there any sort of a usable web access to that? would this mean I would have to have a Windows box set up to perform any administrative tasks?). This is my situation. Sorry for the log winded explanation. Does anybody have an idea of how to accomplish something like this? I'd be happy to hear about any case studies or white papers on similar subjects (I can't believe I'm the first one to want to do this). I'm also open for suggestions on what tools to use. Open source is not a requirement (but preferred). Best regards, Stefan Freyr.

4 3

OpenLDAP + Active Directory User and Password Sync
by Animesh Bansriyar 07 Dec '08

07 Dec '08

Hi All, I have been working on getting Active Directory User Information (username/password) to sync with OpenLDAP. I have been working on different theories to get them to sync when I chanced upon acctsync. Acctsync (http://acctsync.sourceforge.net/) seems to do the work but looks like there has been no work on it since 2005. I am looking forward to revive the project and want to contribute as well on it. If there is something similar can somebody please point me out to it. This is what I am looking for: 1. Any User Added to Active Directory shall be added to OpenLDAP as well and any password modified from Active Directory should be modified in OpenLDAP as well - where OpenLDAP would be used for System Auth in a Linux environment. 2. Any User Added to OpenLDAP should be added to Active Directory along with the same credentials and any password modified in OpenLDAP should be modified in Active Directory as well. I have somewhat been able to take care of the second requirement but the first seems to be the more difficult one in a Windows 2008 Environment - The appoach I have taken is to have a daemon running which polls the OpenLDAP Server with clear-text passwords every few minutes and adds/modifes accounts in the AD Server accordingly - I know this is the least elegant way to do it but as of now it works for me. Can somebody suggest ways to do the above or maybe share experiences on the same. Thanks, Animesh

1 0

Re: Syncrepl question
by Quanah Gibson-Mount 05 Dec '08

05 Dec '08

--On Friday, December 05, 2008 1:18 PM -0800 Ivan Ordonez <iordonez(a)nature.berkeley.edu> wrote: > Hi Quanah, > > I was able to get it to work earlier when I add the startls=critical > line. It work when I did it on the slave1, at the time, I made the > slave1 as the master. Thanks so much for that. Now moving on the the > real master, things did not go well. Now the issue is that, any changes > I make on the master, doesn't go to the slaves. I have two slaves and I > want those two to get the changes. > > example: > > Master > | > _ _ _ _ _| |_ _ _ _ _ > | | > | | > | | > Slave1 Slave2 > > Now, when I make any change on the master, the changes will take effect > only on master and not on the slaves. I will get this error on both > slaves. > Is this because of the acl.bdc.readonly.conf line I have on both slave's > slapd.conf file? pdbedit -Lv username still work only on account were no > changes are made. Do you see any errors on the master from the slaves binding? Are you sure they have the right permissions to the master? Did you look at what sync logging shows? What is the contextCSN on your master versus your slaves? At this point, I suggest we take this discussion back to the list, since we got back your earlier config issue (starttls not being set in the syncrepl config). --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

2 3

Syncrepl question
by Ivan Ordonez 04 Dec '08

04 Dec '08

Hi all, We have a small size domain with about 500 users and computers. We are using Samba with Openldap integration to authenticate user login and file sharing. Our setup is consist of 3 servers running Gentoo Linux - 1PDC and 2BDCs. As for replication, we are still using "slurpd". Any changes or modification is done through the PDC which replicates the changes to BDC1, then from BDC1, it then goes down to BDC2 - it's like a chain. We want to start using "syncrepl" soon as a way to replicate our database but I'm not sure were to start. We want to setup all of our machine to sync with each other everyday, and not worry which machine is use to make changes, modification, etc.... I'm not sure which syncrepl function to use to achieve what we want to do. Is "N-Way Multi Master replication" the correct choice to do this? We are using "BDB" database on each servers, and would like to achieve this with minimal downtime if possible. What is the best way to do this? Please advise. Any help is greatly appreciated. -Ivan

3 12

How to take backup of the openldap users data from the command prompt in LINUX Fedora
by Jyotishmaan Ray 04 Dec '08

04 Dec '08

My problem. I had been using the phpldapadmin browser 1.0.1 to access the openldap database. Recently when I observed that when I logged onto the phpldapadmin browser, the features of the browser didnt show up as usually it appears. So that was my problem as such now I am not able to use the GUI of the browser to do importing of the ldif files for adding new users to my database. Now that the situation is urgent, I need to take a back up of my openldap database for the users data. Please give me the full comand details, so that I can take a back up of my database safely before exploring the problem of phpldapadmin browser. Thanks, in advance, jmaan Thanks, Jyotishmaan Ray Moderator Of Paradise Groups http://yahoogroups.com/group/Spirituality-Paradise Are You Spiritually Aware !!! Are You Enjoying Yourself !!! See What All You Had Been Missing !!!! Please Join Immediately By Sending A Blank Mail @ Spirituality-Paradise-subscribe(a)yahoogroups.com

3 3

OpenLDAP 2.4.10 Logging
by Lydon, Mark 03 Dec '08

03 Dec '08

I am running OpenLDAP 2.4.10 in a Solaris 10 local zone. All working fine, except that I want to log to a specific file using this command line; nohup /usr/local/libexec/slapd -d 64 -d 256 2> /tmp/slapd.log & This run ok in background, but when I exit my shell the job ends. I've often used nohup like this to start jobs and disassociate them from the users login shell, why doesn't it work here? Regards Mark Lydon AT&T

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2008