DSMLReader(dsmlFile) gives Invalid beginning tag :attr error
by Hamidreza Hamedtoolloei
Hey guys,
I am using jldap to communicate with ldap, adn I get a exception when I am parsing a dsml file.
In more details, the following line of code
LDAPReader in = new DSMLReader(dsmlFile);
gives the following error
The following error occured handling a DSML file:LDAPLocalException: The following error occured while parsing DSML: org.xml.sax.SAXException: Invalid beginning tag :attr (84) Decoding Error
org.xml.sax.SAXException: Invalid beginning tag :attr
when dsmlFile is
<dsml:directory-entries>
<dsml:entry dn="uid=prabbit,ou=development,o=bowstreet,c=us">
<dsml:objectclass>
<dsml:oc-value>top</dsml:oc-value>
<dsml:oc-value>person</dsml:oc-value>
<dsml:oc-value>organizationalPerson</dsml:oc-value>
<dsml:oc-value>inetOrgPerson</dsml:oc-value>
</dsml:objectclass>
<dsml:attr name="sn"><dsml:value>Rabbit</dsml:value></dsml:attr>
<dsml:attr name="uid"><dsml:value>prabbit</dsml:value></dsml:attr>
<dsml:attr name="mail"><dsml:value>prabbit(a)dsml.org</dsml:value></dsml:attr>
<dsml:attr name="givenname"><dsml:value>Peter</dsml:value></dsml:attr>
<dsml:attr name="cn"><dsml:value>Peter Rabbit</dsml:value></dsml:attr>
</dsml:entry>
</dsml:directory-entries>
Any suggestions??
thanks
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
13 years, 8 months
How to write ldap client using openldap
by Brijesh Shukla
Hi All,
I am new to openldap, I have just installed it on my linux machine (CentOS).
I would like to write an experimental code for ldap client that can
connect with Active directory. ( I know using authconfig on linux I
can do it)
I would like to know, Is one can write his/her own ldap client using
openldap. if yes any sample code or guidelines?
Thanks to read this mail, Looking forward for your reply.
Regards
Brijesh Shukla
13 years, 8 months
RE: Solaris 10 Native LDAP Client TLS
by farhan ahmed
Hi Claus and Roy,
Thanks for the reply.
In fact nothing to do with sendmail, I pasted the wrong lines from /var/adm/messages, sorry for that
LDAP Server: OpenLdap Linux
LDAP Clients: Linux, Solaris 10, Solaris 9 and Solaris 8
Following command works fine for Solaris 10 but it doesn't work for 8 and 9. Please help me I really need to sort out this.
ldapclient -v manual -a defaultServerList=10.10.10.10 -a defaultSearchBase=dc=test,dc=com -a authenticationMethod=tls:simple -a serviceAuthenticationMethod=pam_ldap:tls:simple -a credentialLevel=proxy -a serviceAuthenticationMethod=passwd-cmd:tls:simple -a proxyDN=cn=proxyagent,ou=Profile,dc=test,dc=com -a proxyPassword=test
When I ran ldaplist I get following in /var/adm/messages on Solaris 9
Mar 21 23:35:38 web04 ldaplist[1932]: [ID 293258 user.warning] libsldap: Status: 81 Mesg: openConnection: simple bind failed - Can't contact LDAP serverMar 21 23:35:38 web04 ldaplist[1932]: [ID 292100 user.warning] libsldap: could not remove 203.221.221.83 from servers listMar 21 23:35:38 web04 ldaplist[1932]: [ID 293258 user.warning] libsldap: Status: 7 Mesg: Session error no available conn.
While on server I get following in debugs
Mar 21 23:29:50 rhapp04-t1 slapd[15119]: connection_read(10): checking for input on id=0Mar 21 23:29:50 rhapp04-t1 slapd[15119]: connection_read(10): TLS accept error error=-1 id=0, closingMar 21 23:29:51 rhapp04-t1 slapd[15119]: connection_closing: readying conn=0 sd=10 for close
Really appreciate if someone shows me the right way to solve this issue.
Cheers,
Farhan
--
From: farhhanahmed(a)hotmail.comTo: openldap-technical(a)openldap.orgSubject: RE: Solaris 10 Native LDAP Client TLSDate: Mon, 17 Mar 2008 13:01:56 +0000
Hi Guys, I have done it for Solaris 10 but now I am facing problem in Solaris 9. Please help me Still no luck with LDAP native client on Solaris 9. I am getting following messageMar 16 02:02:59 web04 sendmail[3700]: [ID 293258 mail.warning] libsldap: Status: 81 Mesg: openConnection: simple bind failed - Can't contact LDAP serverBut when I run /usr/lib/ldap/ldap_cachemgr -g, I get following which shows there is no problemcachemgr configuration:server debug level 0server log file "/var/ldap/cachemgr.log"number of calls to ldapcachemgr 19cachemgr cache data statistics:Configuration refresh information: Previous refresh time: 2008/03/17 23:55:23Next refresh time: 2008/03/18 00:55:23Server information: Previous refresh time: 2008/03/17 23:55:23Next refresh time: 2008/03/18 00:05:23server: 203.221.221.83, status: UPCache data information: Maximum cache entries: 256Number of cache entries: 0 ldapclient -vvv manual -a defaultServerList=10.10.10.10 -a defaultSearchBase=dc=test,dc=com -a authenticationMethod=tls:simple -a credentialLevel=proxy -a proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com -a proxyPassword=test Note: Same command works for Solaris 10I really want to use LDAP native client rather than openldap client which is hassle to install gcc padle pam_ldap etc on 50 servers.Please help me guys.Thanks,Farhan
From: farhhanahmed(a)hotmail.comTo: openldap-technical(a)openldap.orgSubject: Solaris 10 Native LDAP Client TLSDate: Fri, 14 Mar 2008 11:55:59 +0000
Hello Guys, I am having some issues to configure LDAP Native client with TLS. Please help me to sort out this issueLDAP Server: Linux (OpenLdap), LDAP Client: Solaris 10 (Native Client)When I run following command to test, it works fine, ldapsearch -v -h test -p 636 -Z -P /var/ldap/cert8.db -b "dc=test,dc=com" -s base "objectclass=*"ldapsearch: started Fri Mar 14 18:11:57 2008ldap_init( test, 636 )filter pattern: objectclass=*returning: ALLfilter is: (objectclass=*)version: 1dn: dc=test,dc=comobjectClass: dcObjectobjectClass: organizationo: test.com web sitedc: test1 matchesBut When I run ldapclient command to initialize ldapclient, it doesn't work, please guide me where I am doing wrongldapclient -v manual -a defaultServerList=10.10.10.10-a defaultSearchBase=dc=test,dc=com -a authenticationMethod=tls:simple -a serviceAuthenticationMethod=pam_ldap:tls:simple -a serviceAuthenticationMethod=keyserv:tls:simple -a serviceAuthenticationMethod=passwd-cmd:tls:simple-a credentialLevel=proxy -a proxyDN=cn=Manager,ou=People,dc=test,dc=com -a proxyPassword=passwdAfter that when I run ldaplist command, I get following in /var/adm/messagesMar 14 18:15:16 subx05-t1 nfs4cbd[1638]: [ID 293258 daemon.warning] libsldap: Status: 91 Mesg: openConnection: failed to initializeTLS security (security library: bad database.)Please help me guys :) I know I am very near to get it workingThanks,Farhan
at CarPoint.com.au It's simple! Sell your car for just $30
at CarPoint.com.au It's simple! Sell your car for just $30
_________________________________________________________________
Fashion, beauty, health, relationship advice and horoscopes.
http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=873&ref...
13 years, 8 months
NIS to ldap layout
by Eric Ritchie
I have 3 NIS domains I wish to convert to ldap. I would like to keep 3
separate areas in ldap since the NIS domains have different accounts. I
created a base dn and loaded data under 3 higher levels, such as base is
dc=xyz,dc=com and dc=a,dc=xyz,dc=com dc=b,dc=xyz,dc=com
dc=c,dc=xyz,dc=com. Then if I want client one to be in domain a, I set
its base to dc=a,dc=xyz,dc=com. This works for host name lookups but
when another host tries to login to the box via telnet or rsh, the login
hangs after the password is entered, ssh works though. If I specify a
binddn on the client with dc=a,dc=xyz,dc=com, I can login via telnet and
rsh but name lookups fail on the host. Any idea what is causing this? Is
this the best way to have separate DBs for clients?
Thanks
--
Eric Ritchie
Interactive Brokers LLC
203-618-5868
13 years, 8 months
Authentication against translucent ldap server
by Javier Barroso
Hi,
I've configured ldap translucent overlay with slapd-ldap as backend. Then I
changed userPassword of a user. When I try to auth to the translucent
server, the new password is not valid, and I have to introduce the password
that be in ldap server which is being proxied.
I would like new password would be the password used for auth.
Do you know how could I configure such approach ?
Thank you in advanced
13 years, 8 months
workin on Openldap-2.4.7
by divya shree
Hii
I am doin a project where in i hav to use Ldap to provide a single login 4 various services used..
I hav successfully installed the openladp-2.4.7 server...by configuring the slapd.conf file...
i wanted more info of LDAP client utilities..n how to query the server...n also wat should b my next step to achieve the objective...
Thanks and Regards
Divya
---------------------------------
Now you can chat without downloading messenger. Click here to know how.
13 years, 8 months
MySQL as MailBox and LDAP for authentication
by koko fofo
Hello every body;
I'm going to install Postfix mail server with MySQL as mailbox container and LDAP for authentication purpose.
I want good documentation to do it.
Thanks
---------------------------------
Never miss a thing. Make Yahoo your homepage.
13 years, 8 months
Having troubles compiling openldap
by chris croswhite
Folks,
There is probably an easy answer to this, however, I am stuck trying to compile openldap:
getpeereid.c: In function 'lutil_getpeereid':
getpeereid.c:64: error: storage size of 'peercred' isn't known
make[2]: *** [getpeereid.o] Error 1
make[2]: Leaving directory `/var/tmp/openldap-2.4.8/libraries/liblutil'
make[1]: *** [all-common] Error 1
make[1]: Leaving directory `/var/tmp/openldap-2.4.8/libraries'
make: *** [all-common] Error 1
The struct type has its prototype in file sys/ucred.h but on linux (or at least all the variants I looked at), this is not a typical system file and google leads me to believe this is a BSD/BSD-variant system header.
I am building with gcc4.3 and a linux w/2.4.25 kernel.
Any clue what I am doing wrong here? Thanks!
13 years, 8 months
Re: Numerical result out of range ... not solvable !
by Tamer Al-Khouli
But the entry exists in the openLDAP database and that's where it
should check for it (since i configured pam to do do that). This is
the whole point i am trying to get from centralized user
authentication after all !! The openLDAP sever should be contacted to
authenticate the users from different clients without the need for
these clients to use their /etc/passwd files !
On Fri, Mar 21, 2008 at 5:25 PM, Matt Parker <parkerman(a)gmail.com> wrote:
> > However, when
> > i use the command su to switch to user1 ( which i commented out from
> > /etc/passwd/) i get a message telling me that the user does not exist.
>
> /etc/passwd is the list of users in a *nix operating system.
> commenting out user1 makes that account no longer exist. you cannot
> 'su' to a user which doesn't exist.
>
13 years, 8 months
Numerical result out of range ... not solvable !
by Tamer Al-Khouli
Hi guys,
I am setting up a centralized authentication server using openLDAP
without TLS/SSL. I added the /etc/passwd and /etc/shadow entries, an
looked them up using:
$ldapsearch -x -D "uid=user1,ou=People,dc=example,dc=com" -w user1
"(objectclass=*)"
where user1 is the password of the user user1, and i got all the
entries. I also configured pam so that it uses pam_ldap. However, when
i use the command su to switch to user1 ( which i commented out from
/etc/passwd/) i get a message telling me that the user does not exist.
Running slapd in the debugging mode i notice an errno=34 "Numerical
result out of range". I googled it and found that this can be solved
by adding the directives sockbuf_max_incoming and
sockbuf_max_incoming_auth. I added the directives and tried with many
values like 1234567, 999999, 9999999 for each of the them, still, i
am getting the same error message. What else can i do to get rid of
this error ?!
13 years, 8 months
