Recommendation for Web Interface for OpenLDAP
by Wes Modes
Howdy, I'm looking for a web interface for OpenLDAP. I
want something pretty simple since I won't need to
reorganize the entire DIT through the web, only add,
delete, and modify users and groups.
I'm using smbldap-tools which has it's own set of scripts
that I can tap into. I will need to extend the web
interface to modify the samba schema extensions to LDAP or
run the smbldap-scripts.
With that in mind, I am interested in something written in
PHP or Perl that can be easily modified or extended.
I'd love it if you can recommend a simple web interface
for LDAP. If you can recommend something, please tell me
what features appeal to you or work well for you. And how
does it meet my criteria:
* Simple - minimal bells and whistles
* add, delete, and modify users
* add, delete, and modify groups
* secure - using SSL/TLS
* linux and apache friendly
* written in perl, php, or python
Thanks for your help.
15 years, 4 months
Password policy definitions
by Gustavo Mendes de Carvalho
Hi there,
I noted that ppolicy is yet in development and because of that I would like
to check how can I do some password history check. I mean, how can I apply
same password policy defined in /etc/pam.d/system-auth, like history, size,
new chars when changing password, and so on ?
I running OpenLDAP 2.2.13, because is the RHAS4 current version.
Is there any way to force LDAP Seerver to use /etc/pam.d/system-auth
definitions ?
Thanks
---
Gustavo Mendes de Carvalho
email: gmcarvalho(a)gmail.com
15 years, 4 months
php script for LDAP_BIND
by divya shree
hii
we r trying to write a php script to bind to the ldap server..
the php script is
<?php
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection
echo "LDAP query test";
echo "Connecting ...";
$ds=ldap_connect("localhost"); // must be a valid LDAP server!
echo "connect result is " . $ds ;
if ($ds) {
echo "Binding ...";
$r=ldap_bind($ds); // this is an "anonymous" bind, typically
// read-only access
echo "Bind result is " . $r ;
}
?>
we also tried doin
$ldapset=ldap_set_option($ldapconn,LDAP_OPT_PROTOCOL_VERSION,3);
and
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
where Ldaprdn= rootdn in the slapd.conf file and ldappass is the password
we r getting the following error in all the above cases
LDAP query test
Connecting ...
connect result is Resource id #4
Binding ...PHP Warning: ldap_bind(): Unable to bind to server: Protocol error in /var/www/html/forms/ex1.php on line 12
plz help ASAP
Thanks and Regards
Divya
---------------------------------
Unlimited freedom, unlimited storage. Get it now
15 years, 4 months
autofs and ldap
by Luciana Romeiro Rodrigues
Hi!
I run SLES 10.0 with openldap-stable-20071118.
Could anyone offer me some advice, or point me in the right direction?
Thanks,
Luciana
Follows the settings:
1- /etc/nsswitch.conf:
automount: ldap
2- ldif:
dn: ou=automount,dc=cp,dc=br
ou: automount
objectClass: top
objectClass: organizationalUnit
dn: ou=auto.master,ou=automount,dc=cp,dc=br
ou: auto.master
objectClass: top
objectClass: automountMap
dn: cn=/home, ou=auto.master,ou=automount,dc=cp,dc=br
objectClass: top
objectClass: automount
automountInformation: ldap: server-ldap.cp.br:ou=auto.home,ou=automount,dc=
cp,dc=br
cn: /home
dn: ou=auto.home, ou=automount,dc=cp,dc=br
ou: auto.home
objectClass: top
objectClass: automountMap
Users:
dn: uid=lu,ou=auto.home,ou=automount,dc=cp,dc=br
uid: lu
cn: teste
objectClass: automount
automountInformation: -rw,soft,retrans=10,intr
nfsserver.cp.br:/extra/home/lu
3- /etc/ldap.conf
host 127.0.0.1
base dc=cp,dc=br
4-
tembiru:/home # service autofs status
Checking for service autofs: unused
Configured Mount Points:
------------------------
/usr/sbin/automount /home ldap:
"server-ldap.cp.br:ou=auto.home,ou=automount,dc=cp,dc=br"
Active Mount Points:
5- su - lu
warning: cannot change directory to /home/lu: No such file or directory
--
========================================================
Luciana F.Romeiro Rodrigues
Analista de Suporte
Fone: 3186-8513 -
Novo Email: luciana.romeiro(a)cptec.inpe.br
========================================================
15 years, 5 months
Ldap_SASL_Bind (simple): error
by divya shree
Hii
I am uisng Openldap-2.4.7 on fedora core 7...
i hav configured my slapd.conf file n ldap.conf file...
n started the server using the comand
/usr/local/libexec/slapd
n wen i try to perform any client operation for ex...
ldapsearch -x -b ' ' -s base '(objectclass=*)' namingContexts
i get the following error..
Ldap_sasl_bind (simple) :can't connect to the server (-1)...
Plz help ASAP
Thanks and Regards
Divya
---------------------------------
Meet people who discuss and share your passions. Join them now.
15 years, 5 months
Features supported
by Molenda, Mark P
Previous to my last Linux build, I've always built OpenLdap from source.
My latest build has pre-compiled OpenLdap and rather than rebuild
everything, is there a way to easily figure out what options were used
to create this build?
Thank you for your time in looking at this issue.
Mark Molenda
EDS Consulting Services
Integration Soa Services
<http://www.consultingservices.us.eds.com/nlapps/docs/default.asp?fid=41
7>
15 years, 5 months
Delete events not propogating with syncrepl
by Srinidhi Sharma
Hi,
I am using open ldap 2.4.8 with Berkeley DB 4.6.21 ( I haven't applied any
patch to either open ldap or to Berkeley DB).
When I configure a slave process, the addition and modification of users get
propogated from master to slave. But the deletion of users from the master
do not get propogated. the slapd logs in the master show that user is
getting deleted.
I saw a old note "
http://www.openldap.org/lists/openldap-bugs/200409/msg00001.html" which
listed similar issue.
Master slapd.conf details
==================
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory <my_host>/openldap-2.4.8/var/openldap-data
# Indices to maintain
index objectClass eq
index entryCSN eq
index entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
Slave slapd.conf
============
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory <myhost>/openldap-2.4.8/var/openldap-data_repl
# Indices to maintain
index objectClass eq
index entryCSN eq
index entryUUID eq
syncrepl rid=1234
provider=ldap://masterldap.com:9011
type=refreshOnly
interval=00:00:00:15
searchbase="dc=example,dc=com"
filter="(objectClass=*)"
scope=sub
attrs="cn,sn,ou,telephoneNumber,title,l,givenname,mail,entryUUID,entryCSN"
schemachecking=off
bindmethod=simple
binddn="cn=Manager,dc=example,dc=com"
credentials=secret
Is there a issue with my configuration files ? or is this is a known issue
in 2.4.8?
Thanks,
Srinidhi
15 years, 5 months
syncrel seems ignore some of the LDAP update request
by Paul Lee
Dear all,
I have setup 2 LDAP servers, the slapd.conf as show below :
- server 1 (rid = 002)
===============
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# syncrepl directives
syncrepl rid=002
provider=ldap://10.166.23.218:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
interval=00:00:01:00
syncrepl rid=003
provider=ldap://10.0.1.34:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
interval=00:00:01:00
mirrormode on
serverID 002
- server 2 (rid = 003)
===============
syncprov-checkpoint 100 10
syncprov-sessionlog 100
syncrepl rid=002
provider=ldap://10.166.23.218:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
interval=00:00:01:00
syncrepl rid=003
provider=ldap://10.0.1.34:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
interval=00:00:01:00
mirrormode on
serverID 003
Testing procedure
=============
- I have created 1 DN called with dn as
"cn=user3,ou=SCIG,ou=Govt-Dept,o=HKSARG", then, I use a program to
update the attribute(user defined) LastLoginTime in server 1, after
that, I list the content of the content of LastLoginTime in both server
1 and server 2 and find that the content is different. server 1's data
is correct but server 2's data is not correct.
In checking the ldap log in server 2, I find the following : It seems
that the update request is ignored, what's wrong ? I have checked the
time in both server 1 and server 2, they are the same.
syncrepl_entry: rid=002 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY)
syncrepl_entry: rid=002 be_search (0)
syncrepl_entry: rid=002 cn=user3,ou=SCIG,ou=Govt-Dept,o=HKSARG
slap_queue_csn: queing 0x9b869f0 20080429020045.698548Z#000000#002#000000
slap_graduate_commit_csn: removing 0x9b86388
20080429020045.698548Z#000000#002#000000
syncrepl_entry: rid=002 be_modify (0)
slap_queue_csn: queing 0x9b869f0 20080429020045.698548Z#000000#002#000000
null_callback : error code 0x10
slap_graduate_commit_csn: removing 0x9b89218
20080429020045.698548Z#000000#002#000000
syncrepl_updateCookie: rid=002 be_modify failed (16)
do_syncrepl: rid=002 retrying
syncprov_sendresp:
cookie=rid=003,sid=003,csn=20080429020045.698548Z#000000#002#000000
do_syncrep2:
cookie=rid=003,sid=003,csn=20080429020045.499891Z#000000#002#000000
do_syncrep2: rid=003 CSN too old, ignoring
20080429020045.499891Z#000000#002#000000
do_syncrep2: rid=002 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
do_syncrep2:
cookie=rid=003,sid=003,csn=20080429020045.504107Z#000000#002#000000
do_syncrep2: rid=003 CSN too old, ignoring
20080429020045.504107Z#000000#002#000000
do_syncrep2:
cookie=rid=003,sid=003,csn=20080429020045.508906Z#000000#002#000000
do_syncrep2: rid=003 CSN too old, ignoring
20080429020045.508906Z#000000#002#000000
do_syncrep2:
cookie=rid=003,sid=003,csn=20080429020045.521010Z#000000#002#000000
do_syncrep2: rid=003 CSN too old, ignoring
20080429020045.521010Z#000000#002#000000
do_syncrep2:
cookie=rid=003,sid=003,csn=20080429020045.526839Z#000000#002#000000
do_syncrep2: rid=003 CSN too old, ignoring
20080429020045.526839Z#000000#002#000000
do_syncrep2:
cookie=rid=003,sid=003,csn=20080429020045.530847Z#000000#002#000000
Confidential Communication - This e-mail (including any attachments) is confidential and may be
legally privileged. If this e-mail has been sent to you by mistake please inform us by reply
e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the
information in it.
15 years, 5 months
Serious performance problems
by Mikel.Santos@idom.com
Hi guys,
First of all, I would like to thank the community for such a great piece of
software and encourage the developers to keep up the good work.
Until now, the setup of the ldap and the file configuration has been pretty
straightforward. The ldap was performing great with few entries, but things
got worse as the number of entries in the ldap increased.
Currently we are experiencing serious performance problems when the
searches performed exceed certain amount of entries. The "ldap_search"
calls usually return after a few seconds but as the number of results
matching the filter entered increases, the waiting time varies from one
minute to many minutes.
The scenario is the following:
* We are accessing openldap via PHP function calls
* The number of entries in the ldap is close to 100.000
* The hardware is the following: Intel(R) Xeon(TM) CPU 3.33GHz 1Gb RAM
* The slapd.conf file is the following:
/************************************************************************************************************/
modulepath /usr/lib/ldap
moduleload back_bdb
sizelimit -1
tool-threads 1
backend bdb
checkpoint 512 30
database bdb
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
cachesize 100000
/************************************************************************************************************/
We have tried to increase both set_cachesize and cachesize (multiplying
both by 100) and have not noticed a performance increase.
I hope any of you can point us in the right direction since we are
beginning to get desperated...
Thanks in advance,
Mikel
15 years, 5 months
ldap_sasl_interactive_bind_s: Local error (-2)
by Rodrigo Castro
Hi, can anyone help me find what's causing this error?
ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information (Unknown
code krb5 7)
--
__________________________________
Rodrigo de Castro Cosme
Ciência da Computação - Universidade Federal do Espírito Santo
Suporte mailing list - suporte(a)inf.ufes.br
MSN - rdccosmo(a)gmail.com
15 years, 5 months
