openldap-technical April 2008

openldap-technical@openldap.org

56 participants
87 discussions

slapd is not binding on AIX 5.3
by mohammed hannini 03 Apr '08

03 Apr '08

Hi, I installed openldap 2.3.37 on AIX 5.3. When I start slapd, I get this error: daemon: bind(7) failed errno=67 (Address already in use) slapd starting This is even though there is nothing running on port 389 but the ldap server itself. # netstat -an |grep 389 tcp4 0 0 *.389 *.* LISTEN Any ideas? Thanks ____________________________________________________________________________________ You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost. http://tc.deals.yahoo.com/tc/blockbuster/text5.com

1 0

date/time attributes
by Ildar Mulyukov 03 Apr '08

03 Apr '08

Hello again! Can anyone point me to attributes designating date or/and time? For example, is there a counterpart of VCard BDAY attribute? Thanks! Regards, Ildar -- Ildar Mulyukov, free SW designer/programmer ================================================ email: ildar(a)users.sourceforge.net home: http://tuganger.narod.ru/ ALT Linux Sisyphus ================================================

4 5

Need help to export ldap user home directory "/home/ldapuser" to client LDAP
by ashwani singh 03 Apr '08

03 Apr '08

Hi, I have created LDAP user "ldapuser" and exported its home directory "/home/LDAP/ldapuser" to LDAP client by following steps and its working but when I replace /home/LDAP/ with /home/testdir/ or only /home it is not allowing to modify  database. How can I export the user home directory from same location /home on client with "/home/ldapuser"? Please help me. [root@sc1435-7 home]# ldapmodify -x -D "cn=Manager,dc=ldapserver,dc=com" -W -f /etc/openldap/automount.ldif Enter LDAP Password: modifying entry "ou=auto.master,dc=ldapserver,dc=com" modifying entry "ou=auto.home,dc=ldapserver,dc=com" modifying entry "cn=/home, ou=auto.master,dc=ldapserver,dc=com" modifying entry "cn=testdir,ou=auto.home,dc=ldapserver,dc=com" ldap_modify: No such object (32)         matched DN: ou=auto.home,dc=ldapserver,dc=com Working Steps with "/home/LDAP/" Step 1. #mkdir /home/LDAP cp -dpR  /home/ldapuser /home/LDAP/ Step 2. Modify data base for "ldapuser" home directory :(as bellow) Create ldif file for auto mount of home directory:(as bellow) Step 3. Edit /etc/exports for shard directory [root@sc1435-7 home]# cat /etc/exports /home/LDAP                  *(rw,sync) # /usr/sbin/exportfs -a  Step 4. Add changes in LDAP data base : ldapmodify -x -D "cn=Manager,dc=ldapserver,dc=com" -W -f /etc/openldap/ldapuser.ldif ldapadd -x -D "cn=Manager,dc=ldapserver,dc=com" -W -f /etc/openldap/automount.ldif Modify data base for "ldapuser" home directory : # cat /etc/openldap/ldapuser.ldif dn: uid=ldapuser,ou=People,dc=ldapserver,dc=com uid: ldapuser cn: ldapuser objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}$1$lxxxxxxxxxxxxxxxxxxxxxx. shadowLastChange: 13968 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 500 gidNumber: 100 homeDirectory: /home/test/ldapuser Create ldif file for auto mount of home directory: # cat /etc/openldap/automount.ldif dn: ou=auto.master,dc=ldapserver,dc=com objectClass: top objectClass: automountMap ou: auto.master dn: ou=auto.home,dc=ldapserver,dc=com objectClass: top objectClass: automountMap ou: auto.home dn: cn=/home, ou=auto.master,dc=ldapserver,dc=com objectClass: automount automountInformation: ldap:ou=auto.home,dc=ldapserver,dc=com --timeout 60 cn: /home dn: ou=auto.home,dc=ldapserver,dc=com objectClass: automount automountInformation: -rw,hard,intr sc1435-7:/home Thanks and regards, Ashwani

1 0

Deadlocks when writing in parallell (two processes)
by Stelios Grigoriadis 02 Apr '08

02 Apr '08

We get a lot of DB_LOCK_DEADLOCK when using to programs that for a period of time continuosly writes to OpenLDAP. Version is 2.3.39. The information added is of the form: ebcmdCustomer=0+ebcmdDir=220xx,ou=AuthCodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com where xx varies. Snippet of the output: Mar 27 13:03:21 ldapt1 slapd[7589]: => bdb_dn2id_add: subtree (ebcmdCustomer=0+ebcmdDir=22037,ou=authcodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com) put failed: -30995 Mar 27 13:03:26 ldapt1 slapd[7589]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995) Mar 27 13:03:26 ldapt1 slapd[7589]: => bdb_dn2id_add: parent (ou=authcodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com) insert failed: -30995 Mar 27 13:03:28 ldapt1 slapd[7589]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995) Mar 27 13:03:28 ldapt1 slapd[7589]: => bdb_dn2id_add: parent (ou=authcodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com) insert failed: -30995 Mar 27 13:03:36 ldapt1 slapd[7589]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995) Mar 27 13:03:36 ldapt1 slapd[7589]: => bdb_dn2id_add: parent (ou=authcodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com) insert failed: -30995 Mar 27 13:03:38 ldapt1 slapd[7589]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995) I see in the code that a key (the same it seems to be) is repeatedly written, and a comment is stating that /* Don't worry if it's already there */ (line 862 in servers/slapd/back-bdb/idl.c). Is this to be expected or have we done something wrong? /Stelios Grigoriadis

2 2

Applying ppolicy to a user
by Bryan Payne 02 Apr '08

02 Apr '08

I need to apply an alternate policy to a specific user. I can't for the life of me remember what attribute needs to be set for the user. Any help is appreciated. Thanks.

2 1

Re: OpenLDAP Group ACL
by Pierangelo Masarati 01 Apr '08

01 Apr '08

Please keep replies on the list. Luke Lee wrote: > Sir, > > I have the following in my base ldif: snip > > and I have the following under the group ou: > > dn: cn=pwmanager,ou=Group,dc=mydomain,dc=com > objectClass: groupOfNames > cn: pwmanager > member: cn=l_luke,ou=People,dc=mydomain,dc=com > member: w_smith,ou=People,dc=mydomain,dc=com snip > The access defined in the slapd.conf file: > > access to attrs=userPassword > by self write > by group.exact="cn=pwmanager,ou=Group,dc=mydomain,dc=com" write > by * none > > access to * > by self write > by group.exact="cn=pwmanager,ou=Group,dc=mydomain,dc=com" write > by users read > by * none > > Will I be able to use the following command to change user's password? > > ldappasswd -x -W -D "uid=l_luke,ou=People,dc=mydomain,dc=com" -S > "uid=w_smith,ou=People,dc=mydomain,dc=com" No. > How can I use the Netgroup and netgroup.byhost nisMap to achive the same purpose? Would you please help? Thanks! You can't. You can't use anything but groupOfNames/member for group membership. The only alternative, discussed thousands of times in the archives (the last time three days ago, <http://www.openldap.org/lists/openldap-software/200803/msg00241.html>) consists in using sets, but performance and deadlock issues will probably bite you. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

1 0

Blank Password for a ldap user
by Rocky S 01 Apr '08

01 Apr '08

I am very new ldap programming, so bear with me if my query is naive. I am trying to write a program using the OpenLDAP SDK. The program should take an LDAP servername/port, a CN & a password. The program should then report if the CN/password combination is correct or incorrect. This is how I am trying to do this. [ error checks removed for making it simple] LDAP *pldap; ldap_initialize(&pldap, "ldap://myhost:389) ; int desired_version = LDAP_VERSION3; ldap_set_option(pldap, LDAP_OPT_PROTOCOL_VERSION, &desired_version); int ret = ldap_bind_s(pldap, "uid=Jack,ou=People,dc=vss,dc=veritas,dc=com", "jack123", LDAP_AUTH_SIMPLE); if(ret == LDAP_SUCCESS) puts("VERIFIED"); else puts("FAILURE"); This works fine for for Jack/jack123. I have another user in the directory - John who has a null/empty password I tried both ldap_bind_s(pldap, "uid=John,ou=People,dc=vss,dc=veritas,dc=com", NULL, LDAP_AUTH_SIMPLE); ldap_bind_s(pldap, "uid=John,ou=People,dc=vss,dc=veritas,dc=com", "", LDAP_AUTH_SIMPLE); Both cases ldap_bind_s returns 53 - which I think means LDAP UNWILLING TO PERFORM I know the server allows null passwords.

2 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical April 2008