openldap-technical April 2008

openldap-technical@openldap.org

56 participants
87 discussions

ldap_simple_bind() can't return immediately?
by lijx 22 Apr '08

22 Apr '08

dear Pierangelo Masarati: thank you for your response. now i have call ldap_simple_bind() function but it will return for a long time(almost 60 seconds, and i am working in linux redhat as 4, openldap2.2), but the man doc says this is a asyschronized function, any option should i set the pLdapConnection ? if ((msgid = ldap_simple_bind(pLdapConnection, pUserDN, pPassword)) == -1) /*ldap_simple_bind() return for 60 seconds if the server wrong or down.*/ ... ... ret = ldap_result(pLdapConnection, msgid, LDAP_MSG_ALL, & tv_select_timeout, &result); cheers, lijx > -----Original Message----- > From: Pierangelo Masarati [mailto:ando@sys-net.it] > Sent: Saturday, April 19, 2008 5:41 AM > To: lijx > Cc: openldap-technical(a)openldap.org > Subject: Re: ldapbind() timeout can't work . > > lijx wrote: > > LDAP APIS confused me, anyone can tell my what's wrong with my code? > > > > > > > > I have call ldap_set_option() and set the LDAP_OPT_NETWORK_TIMEOUT > > or > the > > LDAP_OPT_TIMEOUT opt, > > > > before call the ldap_bind_s() or the non synchronize APIS, but the > > authentication result still return after almost 70 > > > > seconds later, am I miss something (note: my server is windows > > active directory, simple authentication.)? > > LDAP_OPT_NETWORK_TIMEOUT olny acts at the connection level, which > apparently is established successfully. ldap_bind_s(), which BTW is > deprecated in favor of ldap_sasl_bind_s(), does not allow any timeout > while waiting for response. Until OpenLDAP 2.3, the LDAP_OPT_TIMEOUT > was not honored; only calling ldap_result() with an explicit timeout > would allow to time out requests taking too long. The only way to > make use of a timeout was to use the asynchronous API, as done in the > code you submitted when BIND_TIME_CONTROL is defined. Since OpenLDAP > 2.4, LDAP_OPT_TIMEOUT is honored by the library. Unfortunately you > didn't specify what version of the API you're using. > > p. > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > --------------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Email: pierangelo.masarati(a)sys-net.it > ---------------------------------------

1 0

Re: Solairs PAM Password Policy
by Buchan Milne 22 Apr '08

22 Apr '08

On Wednesday 23 April 2008 02:51:22 farhan ahmed wrote: > Hi Buchan, Please stay on-list. > Thanks for reply but I am using OpenLdap server rather than Directory > Server. Any other suggestion ? The point is, that even with Sun's on directory server, the Solaris pam_ldap does not support password policies correctly. As far as I understand, the OpenLDAP ppolicy feature (with a draft standard) is compatible with the relatively undocumented Netscape LDAP server feature. In the forum post I gave, you'll note that HP-UX's pam_ldap supports the password policies correctly ... So, this is a limitation on the Solaris side, there isn't much you can do unless you can run PADLs pam_ldap. Regards, Buchan

1 0

why ldap_simple_bind() can't return immediately?
by lijx 22 Apr '08

22 Apr '08

hii: i have call ldap_simple_bind() function but it will return for a long time(almost 60 seconds, and i am working in linux redhat as 4, openldap2.2), but the man doc says this is a asyschronized function, any option should i set the pLdapConnection? if ((msgid = ldap_simple_bind(pLdapConnection, pUserDN, pPassword)) == -1) /*ldap_simple_bind() return for 60 seconds if the server wrong or down.*/ ... ... ret = ldap_result(pLdapConnection, msgid, LDAP_MSG_ALL, & tv_select_timeout, &result); Cheers, Lijx

1 0

why ldap_simple_bind() can't return immediately?
by lijx 22 Apr '08

22 Apr '08

1 0

Re: AW: Invalid syntax (21)
by Luke Lee 22 Apr '08

22 Apr '08

Hi Claus, Thank you for your valuable opinion. I tried to "fix" the syntax problem by removing the _ from the username. It worked! However, I want to use the _ because this is my company's user naming convention. I have to point out that when I ran the early version of OpenLDAP (version 2.2-13), there were no syntax problems when I used the ldif with the nisNetgroupTriple that was defined. I just did a custom build of OpenLDAP (version 2.3-39). Then, I immediately encountered the invalid syntax problem when I triled to load the same ldif. It won't work if I keep the _ in the username field but don't leave the hostname field blank. Do you have any thought on the wierd problem? Thanks. Luke ----- Original Message ---- From: "Kick, Claus" <claus.kick(a)siemens.com> To: Luke Lee <leeluke77(a)yahoo.com>; Dieter Kluenter <dieter(a)dkluenter.de>; openldap-technical(a)openldap.org Sent: Tuesday, April 22, 2008 3:59:49 AM Subject: AW: Invalid syntax (21) Hello, nisnetgrouptriple = "(" hostname "," username "," domainname ")" You have nisNetgroupTriple: (,luke_l,mydomain.com <http://mydomain.com/ <http://mydomain.com/> > ) which I would translate to: <empty>,username, domainname. Perhaps you just have to add the hostname and not leave it blank? Cheers, Claus ________________________________ Von: openldap-technical-bounces+claus.kick=siemens.com(a)OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Luke Lee Gesendet: Dienstag, 22. April 2008 01:21 An: Dieter Kluenter; openldap-technical(a)openldap.org Betreff: Re: Invalid syntax (21) Hi Dieter, I tried several modifications but still couldn't get it working. Can you or anyone else help please? What's wrong with my syntax? Thanks. Luke ----- Original Message ---- From: Dieter Kluenter <dieter(a)dkluenter.de> To: openldap-technical(a)openldap.org Sent: Saturday, April 19, 2008 4:27:20 AM Subject: Re: Invalid syntax (21) Luke Lee <leeluke77(a)yahoo.com> writes: > Hi, > > I encounter a situation where I couldn't find any syntax errors in my ldif file but failed to use > ldapadd to add entries. I didn't find any trailing spaces at the end of each objectClass. The > following is the error message: > > adding new entry "cn=LocalSales,ou=Netgroup,dc=mydomain,dc=com" > ldapadd: Invalid syntax (21) > additional info: nisNetgroupTriple: value #0 invalid per syntax > > My ldif file is like the following: [...] > dn: cn=LocalSales,ou=Netgroup,dc=mydomain,dc=com > objectClass: nisNetgroup > objectClass: top > cn: LocalSales > nisNetgroupTriple: (,luke_l,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,sam_c,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,amy_s,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,anita_c,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,jim_f,mydomain.com <http://mydomain.com/> ) > description: Local Sales The nisnetgrouptriple syntax is described in RFC-2307 as follows: Values in this syntax are represented by the following: nisnetgrouptriple = "(" hostname "," username "," domainname ")" hostname = "" / "-" / keystring username = "" / "-" / keystring domainname = "" / "-" / keystring See RFC-2307 for examples. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de <http://www.dkluenter.de/> GPG Key ID:8EF7B6C6 ________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. <http://us.rd.yahoo..com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR…> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

1 0

OpenLDAP password change issues...
by Chris Hodson 22 Apr '08

22 Apr '08

I'm dealing with an OpenLDAP server running on Solaris 8. When a user attempts to change their LDAP password from a command line, Linux or Solaris it completes with an all tokens updated. If I try logging in with this new password it does not work. If I try logging in with the previous password it also does not work. If I login to Webmin and manually change the LDAP user's password it will begin working again. I noticed in the password field, after I had attempted changing the password, it had a $1 after the (crypt) line. Before I changed the password the "crypt" line did not contain a $1. It would appear that "passwd" is encrypting the users password differently into LDAP then webmin is. Any help would be much appreciated. Thanks. Chris Hodson Unix Admin Orbital Sciences Corporation (480) 722-3856 Hodson.Chris(a)orbital.com ----------------------------------------- Notice: This e-mail is intended solely for use of the individual or entity to which it is addressed and may contain information that is proprietary, privileged and exempt from disclosure under applicable law. If the reader is not the intended recipient or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. This communication may also contain data subject to U.S. export laws. If so, that data subject to the International Traffic in Arms Regulation cannot be disseminated, distributed or copied to foreign nationals, residing in the U.S. or abroad, absent the express prior approval of the U.S. Department of State. If you have received this communication in error, please notify the sender by reply e-mail and destroy the e-mail message and any physical copies made of the communication. Thank you.

1 0

Re: AW: Invalid syntax (21)
by Luke Lee 22 Apr '08

22 Apr '08

Hi Claus, Thank you for your valuable opinion. I tried to "fix" the syntax problem by removing the _ from the username. It worked! However, I want to use the _ because this is my company's user naming convention. I have to point out that when I ran the early version of OpenLDAP (version 2.2-13), there were no syntax problems when I used the ldif with the nisNetgroupTriple that was defined. I just did a custom build of OpenLDAP (version 2.3-39). Then, I immediately encountered the invalid syntax problem when I triled to load the same ldif. Do you have any thought on the wierd problem? Thanks. Luke ----- Original Message ---- From: "Kick, Claus" <claus.kick(a)siemens.com> To: Luke Lee <leeluke77(a)yahoo.com>; Dieter Kluenter <dieter(a)dkluenter.de>; openldap-technical(a)openldap.org Sent: Tuesday, April 22, 2008 3:59:49 AM Subject: AW: Invalid syntax (21) Hello, nisnetgrouptriple = "(" hostname "," username "," domainname ")" You have nisNetgroupTriple: (,luke_l,mydomain.com <http://mydomain.com/ <http://mydomain.com/> > ) which I would translate to: <empty>,username, domainname. Perhaps you just have to add the hostname and not leave it blank? Cheers, Claus ________________________________ Von: openldap-technical-bounces+claus.kick=siemens.com(a)OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Luke Lee Gesendet: Dienstag, 22. April 2008 01:21 An: Dieter Kluenter; openldap-technical(a)openldap.org Betreff: Re: Invalid syntax (21) Hi Dieter, I tried several modifications but still couldn't get it working. Can you or anyone else help please? What's wrong with my syntax? Thanks. Luke ----- Original Message ---- From: Dieter Kluenter <dieter(a)dkluenter.de> To: openldap-technical(a)openldap.org Sent: Saturday, April 19, 2008 4:27:20 AM Subject: Re: Invalid syntax (21) Luke Lee <leeluke77(a)yahoo.com> writes: > Hi, > > I encounter a situation where I couldn't find any syntax errors in my ldif file but failed to use > ldapadd to add entries. I didn't find any trailing spaces at the end of each objectClass. The > following is the error message: > > adding new entry "cn=LocalSales,ou=Netgroup,dc=mydomain,dc=com" > ldapadd: Invalid syntax (21) > additional info: nisNetgroupTriple: value #0 invalid per syntax > > My ldif file is like the following: [...] > dn: cn=LocalSales,ou=Netgroup,dc=mydomain,dc=com > objectClass: nisNetgroup > objectClass: top > cn: LocalSales > nisNetgroupTriple: (,luke_l,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,sam_c,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,amy_s,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,anita_c,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,jim_f,mydomain.com <http://mydomain.com/> ) > description: Local Sales The nisnetgrouptriple syntax is described in RFC-2307 as follows: Values in this syntax are represented by the following: nisnetgrouptriple = "(" hostname "," username "," domainname ")" hostname = "" / "-" / keystring username = "" / "-" / keystring domainname = "" / "-" / keystring See RFC-2307 for examples. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de <http://www.dkluenter.de/> GPG Key ID:8EF7B6C6 ________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. <http://us.rd.yahoo..com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR…> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

1 0

Re: AW: Invalid syntax (21)
by Luke Lee 22 Apr '08

22 Apr '08

Hi Claus, Thank you for your valuable opinion. I tried to "fix" the syntax problem by removing the _ from the username. It worked! However, I want to use the _ because this is my company's user naming convention. I have to point out that when I ran the early version of OpenLDAP (version 2.2-13), there were no syntax problems when I used the ldif with the nisNetgroupTriple that was defined. I just did a custom build of OpenLDAP (version 2.3-39). Then, I immediately encountered the invalid syntax problem when I triled to load the same ldif. Do you have any thought on the wierd problem? Thanks. Luke ----- Original Message ---- From: "Kick, Claus" <claus.kick(a)siemens.com> To: Luke Lee <leeluke77(a)yahoo.com>; Dieter Kluenter <dieter(a)dkluenter.de>; openldap-technical(a)openldap.org Sent: Tuesday, April 22, 2008 3:59:49 AM Subject: AW: Invalid syntax (21) Hello, nisnetgrouptriple = "(" hostname "," username "," domainname ")" You have nisNetgroupTriple: (,luke_l,mydomain.com <http://mydomain.com/ <http://mydomain.com/> > ) which I would translate to: <empty>,username, domainname. Perhaps you just have to add the hostname and not leave it blank? Cheers, Claus ________________________________ Von: openldap-technical-bounces+claus.kick=siemens.com(a)OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Luke Lee Gesendet: Dienstag, 22. April 2008 01:21 An: Dieter Kluenter; openldap-technical(a)openldap.org Betreff: Re: Invalid syntax (21) Hi Dieter, I tried several modifications but still couldn't get it working. Can you or anyone else help please? What's wrong with my syntax? Thanks. Luke ----- Original Message ---- From: Dieter Kluenter <dieter(a)dkluenter.de> To: openldap-technical(a)openldap.org Sent: Saturday, April 19, 2008 4:27:20 AM Subject: Re: Invalid syntax (21) Luke Lee <leeluke77(a)yahoo.com> writes: > Hi, > > I encounter a situation where I couldn't find any syntax errors in my ldif file but failed to use > ldapadd to add entries. I didn't find any trailing spaces at the end of each objectClass. The > following is the error message: > > adding new entry "cn=LocalSales,ou=Netgroup,dc=mydomain,dc=com" > ldapadd: Invalid syntax (21) > additional info: nisNetgroupTriple: value #0 invalid per syntax > > My ldif file is like the following: [...] > dn: cn=LocalSales,ou=Netgroup,dc=mydomain,dc=com > objectClass: nisNetgroup > objectClass: top > cn: LocalSales > nisNetgroupTriple: (,luke_l,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,sam_c,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,amy_s,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,anita_c,mydomain.com <http://mydomain.com/> ) > nisNetgroupTriple: (,jim_f,mydomain.com <http://mydomain.com/> ) > description: Local Sales The nisnetgrouptriple syntax is described in RFC-2307 as follows: Values in this syntax are represented by the following: nisnetgrouptriple = "(" hostname "," username "," domainname ")" hostname = "" / "-" / keystring username = "" / "-" / keystring domainname = "" / "-" / keystring See RFC-2307 for examples. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de <http://www.dkluenter.de/> GPG Key ID:8EF7B6C6 ________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. <http://us.rd.yahoo..com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR…> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

1 0

configuring ldap client
by Melanie Pfefer 22 Apr '08

22 Apr '08

hi I have a Solaris 10 client that I want to configure ldap instead of dns on it. I am using this: ldapclient init -a profileName=default -a domainName=siroe.com -a proxyDN=cn=proxyagent,ou=profile,dc=siroe,dc=com -a proxyPassword=password ZEUS I am getting this: Failed to find defaultSearchBase for domain siroe.com I also noticed that the nisDomain attribute is missing: ldapsearch -h ZEUS -b "dc=siroe,dc=com" "nisdomain=*" returns nothing. This attribute (nisDomain)is necessary for Solaris clients to find a server for a specific domain. The client searches for an entry on the LDAP server that has the nisDomain matching the desired domain. The DN for the entry found will be used as the BaseDN for the naming information. Any idea please? thanks __________________________________________________________ Sent from Yahoo! Mail. A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

1 0

Solairs PAM Password Policy
by farhan ahmed 22 Apr '08

22 Apr '08

Hi Guys, I have implemented password policy on linux but Solaris clients are not giving any info/error message other than permision denied. For example, I have pwdInHostory 6, if i try to change password on linux and use old password I get straight away error message -bash-3.00$ passwdChanging password for user test.Enter login(LDAP) password: New UNIX password: Retype new UNIX password: LDAP password information update failed: Can't contact LDAP server Password is in history of old passwords But When I do same on Solaris I get following -bash-3.00$ passwd wbarreraEnter existing login password: New Password: Re-enter new Password: Permission denied But on server side debug I can see following send_ldap_result: err=19 matched="" text="Password is in history of old passwords" Why Solaris is not showing "Password is in history of old passwords" to user. Solaris is using its native client to connect openldap over TLS Any help would be appreciatedThanks, -- Regards, Farhan Ahmed Find out: SEEK Salary Centre Are you paid what you're worth? _________________________________________________________________ Are you paid what you're worth? Find out: SEEK Salary Centre http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau%2…

2 1

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical April 2008