slapd is not binding on AIX 5.3
by mohammed hannini
Hi,
I installed openldap 2.3.37 on AIX 5.3. When I start slapd, I get this error:
daemon: bind(7) failed errno=67 (Address already in use)
slapd starting
This is even though there is nothing running on port 389 but the ldap server itself.
# netstat -an |grep 389
tcp4 0 0 *.389 *.* LISTEN
Any ideas?
Thanks
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
13 years, 7 months
date/time attributes
by Ildar Mulyukov
Hello again!
Can anyone point me to attributes designating date or/and time?
For example, is there a counterpart of VCard BDAY attribute?
Thanks! Regards, Ildar
--
Ildar Mulyukov, free SW designer/programmer
================================================
email: ildar(a)users.sourceforge.net
home: http://tuganger.narod.ru/
ALT Linux Sisyphus
================================================
13 years, 7 months
Need help to export ldap user home directory "/home/ldapuser" to client LDAP
by ashwani singh
Hi,
I have created LDAP user "ldapuser" and exported its home directory
"/home/LDAP/ldapuser" to LDAP client by following steps and its working
but when I replace /home/LDAP/ with /home/testdir/ or only /home it is
not allowing to modify database.
How can I export the user home directory from same location /home on client with "/home/ldapuser"?
Please help me.
[root@sc1435-7 home]# ldapmodify -x -D "cn=Manager,dc=ldapserver,dc=com" -W -f /etc/openldap/automount.ldif
Enter LDAP Password:
modifying entry "ou=auto.master,dc=ldapserver,dc=com"
modifying entry "ou=auto.home,dc=ldapserver,dc=com"
modifying entry "cn=/home, ou=auto.master,dc=ldapserver,dc=com"
modifying entry "cn=testdir,ou=auto.home,dc=ldapserver,dc=com"
ldap_modify: No such object (32)
matched DN: ou=auto.home,dc=ldapserver,dc=com
Working Steps with "/home/LDAP/"
Step 1.
#mkdir /home/LDAP
cp -dpR /home/ldapuser /home/LDAP/
Step 2.
Modify data base for "ldapuser" home directory :(as bellow)
Create ldif file for auto mount of home directory:(as bellow)
Step 3.
Edit /etc/exports for shard directory
[root@sc1435-7 home]# cat /etc/exports
/home/LDAP *(rw,sync)
# /usr/sbin/exportfs -a
Step 4.
Add changes in LDAP data base :
ldapmodify -x -D "cn=Manager,dc=ldapserver,dc=com" -W -f /etc/openldap/ldapuser.ldif
ldapadd -x -D "cn=Manager,dc=ldapserver,dc=com" -W -f /etc/openldap/automount.ldif
Modify data base for "ldapuser" home directory :
# cat /etc/openldap/ldapuser.ldif
dn: uid=ldapuser,ou=People,dc=ldapserver,dc=com
uid: ldapuser
cn: ldapuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$lxxxxxxxxxxxxxxxxxxxxxx.
shadowLastChange: 13968
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 100
homeDirectory: /home/test/ldapuser
Create ldif file for auto mount of home directory:
# cat /etc/openldap/automount.ldif
dn: ou=auto.master,dc=ldapserver,dc=com
objectClass: top
objectClass: automountMap
ou: auto.master
dn: ou=auto.home,dc=ldapserver,dc=com
objectClass: top
objectClass: automountMap
ou: auto.home
dn: cn=/home, ou=auto.master,dc=ldapserver,dc=com
objectClass: automount
automountInformation: ldap:ou=auto.home,dc=ldapserver,dc=com --timeout 60
cn: /home
dn: ou=auto.home,dc=ldapserver,dc=com
objectClass: automount
automountInformation: -rw,hard,intr sc1435-7:/home
Thanks and regards,
Ashwani
13 years, 7 months
Deadlocks when writing in parallell (two processes)
by Stelios Grigoriadis
We get a lot of DB_LOCK_DEADLOCK when using to programs that for a
period of time continuosly writes to OpenLDAP.
Version is 2.3.39.
The information added is of the form:
ebcmdCustomer=0+ebcmdDir=220xx,ou=AuthCodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com
where xx varies.
Snippet of the output:
Mar 27 13:03:21 ldapt1 slapd[7589]: => bdb_dn2id_add: subtree
(ebcmdCustomer=0+ebcmdDir=22037,ou=authcodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com)
put failed: -30995
Mar 27 13:03:26 ldapt1 slapd[7589]: => bdb_idl_insert_key: c_put id
failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995)
Mar 27 13:03:26 ldapt1 slapd[7589]: => bdb_dn2id_add: parent
(ou=authcodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com)
insert failed: -30995
Mar 27 13:03:28 ldapt1 slapd[7589]: => bdb_idl_insert_key: c_put id
failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995)
Mar 27 13:03:28 ldapt1 slapd[7589]: => bdb_dn2id_add: parent
(ou=authcodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com)
insert failed: -30995
Mar 27 13:03:36 ldapt1 slapd[7589]: => bdb_idl_insert_key: c_put id
failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995)
Mar 27 13:03:36 ldapt1 slapd[7589]: => bdb_dn2id_add: parent
(ou=authcodes,ebcmdVersion=0,ebcmdProduct=ebcmd,dc=example,dc=com)
insert failed: -30995
Mar 27 13:03:38 ldapt1 slapd[7589]: => bdb_idl_insert_key: c_put id
failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30995)
I see in the code that a key (the same it seems to be) is repeatedly
written, and a comment is stating that
/* Don't worry if it's already there */ (line 862 in
servers/slapd/back-bdb/idl.c).
Is this to be expected or have we done something wrong?
/Stelios Grigoriadis
13 years, 8 months
Applying ppolicy to a user
by Bryan Payne
I need to apply an alternate policy to a specific user. I can't for the life
of me remember what attribute needs to be set for the user. Any help is
appreciated. Thanks.
13 years, 8 months
Re: OpenLDAP Group ACL
by Pierangelo Masarati
Please keep replies on the list.
Luke Lee wrote:
> Sir,
>
> I have the following in my base ldif:
snip
>
> and I have the following under the group ou:
>
> dn: cn=pwmanager,ou=Group,dc=mydomain,dc=com
> objectClass: groupOfNames
> cn: pwmanager
> member: cn=l_luke,ou=People,dc=mydomain,dc=com
> member: w_smith,ou=People,dc=mydomain,dc=com
snip
> The access defined in the slapd.conf file:
>
> access to attrs=userPassword
> by self write
> by group.exact="cn=pwmanager,ou=Group,dc=mydomain,dc=com" write
> by * none
>
> access to *
> by self write
> by group.exact="cn=pwmanager,ou=Group,dc=mydomain,dc=com" write
> by users read
> by * none
>
> Will I be able to use the following command to change user's password?
>
> ldappasswd -x -W -D "uid=l_luke,ou=People,dc=mydomain,dc=com" -S
> "uid=w_smith,ou=People,dc=mydomain,dc=com"
No.
> How can I use the Netgroup and netgroup.byhost nisMap to achive the same purpose? Would you please help? Thanks!
You can't. You can't use anything but groupOfNames/member for group
membership. The only alternative, discussed thousands of times in the
archives (the last time three days ago,
<http://www.openldap.org/lists/openldap-software/200803/msg00241.html>)
consists in using sets, but performance and deadlock issues will
probably bite you.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati(a)sys-net.it
---------------------------------------
13 years, 8 months
Blank Password for a ldap user
by Rocky S
I am very new ldap programming, so bear with me if my query is naive.
I am trying to write a program using the OpenLDAP SDK.
The program should take an LDAP servername/port, a CN & a password.
The program should then report if the CN/password combination is correct
or incorrect.
This is how I am trying to do this.
[ error checks removed for making it simple]
LDAP *pldap;
ldap_initialize(&pldap, "ldap://myhost:389) ;
int desired_version = LDAP_VERSION3;
ldap_set_option(pldap, LDAP_OPT_PROTOCOL_VERSION, &desired_version);
int ret = ldap_bind_s(pldap,
"uid=Jack,ou=People,dc=vss,dc=veritas,dc=com", "jack123",
LDAP_AUTH_SIMPLE);
if(ret == LDAP_SUCCESS)
puts("VERIFIED");
else
puts("FAILURE");
This works fine for for Jack/jack123.
I have another user in the directory - John who has a null/empty password
I tried both
ldap_bind_s(pldap, "uid=John,ou=People,dc=vss,dc=veritas,dc=com",
NULL, LDAP_AUTH_SIMPLE);
ldap_bind_s(pldap, "uid=John,ou=People,dc=vss,dc=veritas,dc=com", "",
LDAP_AUTH_SIMPLE);
Both cases ldap_bind_s returns 53 - which I think means LDAP UNWILLING
TO PERFORM
I know the server allows null passwords.
13 years, 8 months
