How do I add multiple users to a group ldif file ?
by Pooja S
Hi All,
Please help me setting up my groups with multiple group members.
Here is the example of a group "adm" which I want to add as group with group member "root, adm, deamon" whereas root and deamon groups already exist.
Here is the ldif config for adm group:
dn: uid=adm,ou=Groups,dc=abc,dc=xyz
uid: adm
cn: adm
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}*
shadowLastChange: 12864
shadowMax: 99999
shadowWarning: 7
uidNumber: 4
gidNumber: root,adm,daemon
homeDirectory:
When I try to add I get this error .
#ldapadd -x -D 'cn=Manager,dc=abc,dc=xyz' -W -f bin.ldif
Enter LDAP Password:
adding new entry "uid=adm,ou=People,dc=grow"
ldap_add: Invalid syntax
additional info: gidNumber: value #0 invalid per syntax
I have tried various options, such as:
gidNumber: 4, 0, 3
gidNumber: 4
gidNumber: 0
gidNumber: 3
Error : adding new entry "uid=adm,ou=People,dc=grow"
ldap_add: Constraint violation
additional info: gidNumber: multiple values provided
Or tried replacing gidNumber with uidNumber. It still doesnt work.
Any help is highly appreciated.
Thanks,
Pooja
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
12 years, 11 months
Read encrypted userPassword from Mysql
by jbeezer02
I have been struggling with this for days now, trying different setups
to no avail. I have openldap 2.3.40 installed and functioning (at least
enough to read) with a mysql backend that is configured through
unixODBC. I want to map the 'userPassword' attribute to a Mysql view
that will contain the information from our other Mysql databases, such
as username, name_first, password, salt, etc. Now the problem becomes
how to read the encrypted format of our passwords. Our passwords are
stored in Mysql the following way-
/UPDATE user SET salt="'.$salt.'",
password=SHA1(AES_ENCRYPT("'.$string.'","'.$salt.'")) WHERE id='.$this->id
/where salt is generated by-
/$salt = substr(md5(uniqid(rand(), true)), 0, 64);
/Now I know that openldap doesn't support AES_ENCRYPTION, however it
does support SHA. Now, the problem with this setup seems to be that I
can't find a way to un-SHA the passwords, and then have it do an
AES_DECRYPT. So I have been trying to switch the SHA and AES around so
that, when a password is stored it is actually SHA encrypted first, and
then AES_ENCRYPTED over top of that (granted, not quite as secure). I
think that would enable me to use the AES_DECRYPT function in my
'ldap_attr_mappings' table to read the decrypted AES passwords, and then
just check them with SHA. I have been trying to figure out all the
base64 encoding that I have to mess with to read the encrypted formats,
with not much luck. Has anyone done anything similar to this before?
Is there a better way to read our encrypted Mysql passwords? This ldap
is going to be used for VPN authentication, so I'm not concerned with
writing data to it, just need to be able to read a users password. Thanks.
12 years, 11 months
bdb_add: parent does not exist
by Rakesh Yadav
Hi
*/usr/local/libexec/slapd -n super -4 -V -d 1 &
*Output:
[1] 32204
[root@super ~]# @(#) $OpenLDAP: slapd 2.3.39 (May 6 2008 19:56:13) $
root@super:/root/ums/openldap-2.3.39/servers/slapd
@(#) $OpenLDAP: slapd 2.3.39 (May 6 2008 19:56:13) $
root@super:/root/ums/openldap-2.3.39/servers/slapd
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: listener initialized ldap:///
daemon_init: 1 listeners opened
super init: initiated server.
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Sleepycat Software: Berkeley DB 4.3.29: (September 12,
2006)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Sleepycat Software: Berkeley DB 4.3.29: (September 12,
2006)
bdb_db_init: Initializing BDB database
>>> dnPrettyNormal: <dc=my-domain,dc=com>
<<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com>
>>> dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>,
<cn=manager,dc=my-domain,dc=com>
>>> dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $
mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $
nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $
loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber
$ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $
mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $
nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $
loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $ ipNetworkNumber
$ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $
supportedApplicationContext ) )
2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: (
2.5.13.29NAME 'integerFirstComponentMatch' APPLIES (
supportedLDAPVersion $ uidNumber
$ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $
olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $
olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $
olcDbShmKey $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $
shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $
shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $
pager ) )
2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES userPassword )
2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $
olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout
$ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $
olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $
shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $
olcReadOnly $ olcReverseLookup $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex $ olcSpNoPresent $ olcSpReloadHint ) )
2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $
homePostalAddress ) )
2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $
olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $
olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile
$ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE
$ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $
olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $
olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $
olcDbLockDetect $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber
$ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $
postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $
givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $
dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $
userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $
documentLocation $ personalTitle $ co $ uniqueIdentifier $
organizationalStatus $ buildingName $ documentPublisher $ carLicense $
departmentNumber $ displayName $ employeeNumber $ employeeType $
preferredLanguage $ ipServiceProtocol $ nisMapName $ uName $ upwd ) )
2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $
olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $
olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $
olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile
$ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE
$ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $
olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $
olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $
olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $
olcDbLockDetect $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber
$ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $
postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $
givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $
dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $
userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $
documentLocation $ personalTitle $ co $ uniqueIdentifier $
organizationalStatus $ buildingName $ documentPublisher $ carLicense $
departmentNumber $ displayName $ employeeNumber $ employeeType $
preferredLanguage $ ipServiceProtocol $ nisMapName $ uName $ upwd ) )
1.2.36.79672281.1.13.3 (rdnMatch):
2.5.13.1(distinguishedNameMatch): matchingRuleUse: (
2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $
modifiersName $ subschemaSubentry $ namingContexts $ aliasedObjectName $
distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN
$ olcSuffix $ olcUpdateDN $ member $ owner $ roleOccupant $ manager $
documentAuthor $ secretary $ associatedName $ dITRedirect ) )
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
supportedFeatures $ supportedApplicationContext ) )
super startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=include{0}"
config_build_entry: "cn=include{1}"
config_build_entry: "cn=include{2}"
config_build_entry: "cn=include{3}"
config_build_entry: "cn=include{4}"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "cn={1}cosine"
config_build_entry: "cn={2}inetorgperson"
config_build_entry: "cn={3}nis"
config_build_entry: "cn={4}ums"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
backend_startup_one: starting "dc=my-domain,dc=com"
bdb_db_open: dbenv_open(/usr/local/var/openldap-data)
slapd starting
========================================================
*ums.schema :
*attributetype ( 1.3.6.1.4.1.6863.2.3.200 NAME ( 'uName' )
DESC 'group owner id of gfs user'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.6863.2.3.201 NAME ( 'upwd' )
DESC 'group owner id of gfs user'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.6863.2.4.150 Name 'umsUser'
DESC 'gfs group information'
SUP top STRUCTURAL
MUST ( uName $ upwd ) )
*
*================================================*
*slapd.conf :*
*#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/ums.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
================================================================
*ums.ldif :
*dn: uName=rkyadav,dc=my-domain,dc=com
objectClass: top
objectClass: umsUser
uName: rkyadav
upwd: rkyadav123
*
*==============================================================*
*
*ldapadd -x -h "super" -D "cn=Manager,dc=my-domain,dc=com" -w "secret" -f
ums.ldif
*Output :
>>> slap_listener(ldap:///)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 48 contents:
ber_get_next
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>,
<cn=manager,dc=my-domain,dc=com>
do_bind: version=3 dn="cn=Manager,dc=my-domain,dc=com" method=128
do_bind: v3 bind: "cn=Manager,dc=my-domain,dc=com" to
"cn=Manager,dc=my-domain,dc=com"
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 11
adding new entry "cn=Barbara J Jensen,dc=my-domain,dc=com"
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 128 contents:
ber_get_next
do_add
ber_scanf fmt ({m) ber:
>>> dnPrettyNormal: <cn=Barbara J Jensen,dc=my-domain,dc=com>
<<< dnPrettyNormal: <cn=Barbara J Jensen,dc=my-domain,dc=com>, <cn=barbara j
jensen,dc=my-domain,dc=com>
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt (}) ber:
bdb_dn2entry("cn=barbara j jensen,dc=my-domain,dc=com")
=> bdb_dn2id("dc=my-domain,dc=com")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30989)
oc_check_required entry (cn=Barbara J Jensen,dc=my-domain,dc=com),
objectClass "person"
oc_check_allowed type "cn"
oc_check_allowed type "objectClass"
oc_check_allowed type "sn"
oc_check_allowed type "structuralObjectClass"
oc_check_allowed type "entryUUID"
oc_check_allowed type "creatorsName"
oc_check_allowed type "createTimestamp"
oc_check_allowed type "entryCSN"
oc_check_allowed type "modifiersName"
oc_check_allowed type "modifyTimestamp"
bdb_dn2entry("cn=barbara j jensen,dc=my-domain,dc=com")
=> bdb_dn2id("dc=my-domain,dc=com")
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30989)
*is_entry_objectclass("", "2.16.840.1.113730.3.2.6") no objectClass
attribute*
*bdb_add: parent does not exist*
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=105 err=32
ber_flush: 14 bytes to sd 11
*ldapadd: No such object (32)*
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
do_unbind
connection_closing: readying conn=0 sd=11 for close
connection_resched: attempting closing conn=0 sd=11
connection_close: conn=0 sd=11
===============================================================
Please tell me why i m geeting this error? If there is a problem then where
it is ?
Thanks
--
Rakesh Yadav
Pune.
12 years, 11 months
backend shell error
by Chris Henderson
I have compiled OpenLDAP v2.4.8 (./configure --enable-backends=yes
--enable-overlays=yes) and trying to put a shell script on my
slapd.conf to parse LDAP queries. But when I run slaptest I get:
"unknown directive <search> inside backend database definition" error.
Here is my slapd.conf -
include /usr/local/etc/openldap/schema/core.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
Allow bind_v2
access to dn.base=""
by * read
access to *
by * read
backend shell
database ldap
suffix "dc=activedirectory,dc=domain,dc=tld"
uri "ldap://activedirectory.domain.tld"
search shell_script.sh
Any help on this would be much appreciated. Thanks.
12 years, 11 months
back_ldap.la on Fedora
by Chris Henderson
I am running OpenLDAP 2.3.37 on Fedora Linux; I need the "back_ldap.la"
module for a backend shell script but it doesn't come with my version
of OpenLDAP and I am unable
to find this module anywhere else on the Internet.
Would anyone know how I am going to install this module on my computer?
Thanks for any help.
12 years, 11 months
Problem to start openldapldap
by youness hsina
Hi all,
i'm new to LDAP, i'm trying to make an Openldap server in FreeBSD, my
problem is :
i can't get start this server . even the file syslog i can't find it
here is my debug.log file :
*May 2 09:51:30 stavril slapd[967]: @(#) $OpenLDAP: slapd 2.3.41 (Apr 25
2008 14:56:51) $ root(a)stavril.gtr.iut-velizy.uvsq.fr:
/usr/ports/net/openldap23-server/work/openldap-2.3.41/servers/slapd
May 2 09:51:30 stavril slapd[967]: connections_destroy: nothing to destroy.
May 2 09:51:30 stavril slapd[967]: /usr/local/etc/openldap/slapd.conf: line
83: <database> failed init (bdb)!
May 2 09:51:30 stavril slapd[967]: slapd stopped.
May 2 10:04:13 stavril slapd[55570]: connections_destroy: nothing to
destroy.
May 2 11:15:17 stavril slapd[62838]: @(#) $OpenLDAP: slapd 2.3.41 (Apr 25
2008 14:56:51) $ root(a)stavril.gtr.iut-velizy.uvsq.fr:
/usr/ports/net/openldap23-server/work/openldap-2.3.41/servers/slapd
May 2 11:15:17 stavril slapd[62838]: daemon: getaddrinfo() failed: hostname
nor servname provided, or not known
May 2 11:15:17 stavril slapd[62838]: slapd stopped.
May 2 11:15:17 stavril slapd[62838]: connections_destroy: nothing to
destroy.*
is any one have ths same problem, please i need your help
best regards
uness
12 years, 11 months
Disk Quota with LDAP
by Shafiqul Abedin
Hello All:
I am new to this forum. If I am making any mistakes, please let me know.
After searching google a million times, I am
finally asking you guys. How do I set disk quota with LDAP? Is it
possible to do it at all? Any docuentation? Any help? I am new to LDAP.
Please help.
Thanks
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
12 years, 11 months
Tony Earnshaw, 29/02/40 - 29/04/08
by Ace Suares
Dear List,
Tony Earnshaw, active member of this list, has passed away last Tuesday.
About a month ago he was diagnosed with stage 5 lung cancer and within a
very short time Tony left us.
Tony's body will be cremated Monday 5th of May in Amsterdam.
For those who want to express their feelings, please visit
http://www.xs4all.nl/~snore/tony
If among you there are people who want to have more information, send me
an email at ace(a)suares.an and I will forward it to the kind people that
take care of his affairs.
With Sadness,
Ace Suares
12 years, 11 months
query Active Directory
by Chris Henderson
I am querying AD to get the first proxyaddresses:smtp field with only
the username but it is giving me lots of other information that I
don't really need. I was wondering if it is be possible to filter the
query in slapd.conf to give me what I need.
Here's my slapd.conf
Allow bind_v2
access to dn.base=""
by * read
access to *
by * read
database ldap
suffix "dc=ad3,dc=merog,dc=org"
uri "ldap://ad3.merog.org"
query_filter=(PROXYADDRESSES :smtp:%s@*)
cachesize 10000
sizelimit unlimited
I am querying for PROXYADDRESSES which comes like this:
PROXYADDRESSES: smtp:username@merog.org - I only want the "username"
bit.
Here's my query:
ldapsearch -x -h ad3.merog.org -b "dc=ad3,dc=merog,dc=org" cn="user name"
I don't want to use any sed, awk script to achieve the result. Just
would like to use openldap itself if that's at all possible.
Thanks for any help.
12 years, 11 months
Authentication Problem Regarding aliasedObjectName
by Christian Felsing
Hello,
my installation has two OUs, one contains real inetOrgPerson objects,
other one contains aliases to the first OU. First OU contains DNs which
are not acceptable to a specific application (pls. don't ask me why) so
2nd OU was introduced with DNs which are acceptable to that application.
Unfortunally, authentication to an alias seems to be not possible,
because that application is not able to do dereferencing.
OU1:
# 007(a)x86.be, freemail, my.net
dn: uid=007(a)example.com,ou=mail,dc=my,dc=net
objectClass: top
objectClass: inetOrgPerson
uid: 007(a)x86.be
cn: testuser
Application does not like DN "uid=007(a)example.com,ou=mail,dc=my,dc=net"
but other applications depend on it. So following was introduced:
OU2:
# testuser, members, my.net
dn: uid=testuser,ou=members,dc=my,dc=net
objectClass: top
objectClass: alias
objectClass: extensibleObject
uid: testuser
aliasedObjectName: uid=007(a)example.com,ou=mail,dc=my,dc=net
That application would accept DN "uid=testuser,ou=members,dc=my,dc=net",
but is not able to dereference that to
"uid=007(a)example.com,ou=mail,dc=my,dc=net" :-(
Is there a way to let a proxy do dereferencing an aliasedObjectName to
"real" object, so that application may be able to authenticate to that
proxy ?
best regards
Christian
12 years, 11 months