different shells on different hosts?
by Joy Khoriaty
Hi!
I'd like my LDAP users to have different shells on 2 different client
machines. Is that possible? how can I set it up?
e.g, on host1, user1 has for shell /bin/bash, on host2, user1 has for
shell /bin/rsh
Someone suggested having the defined shell for the user in their LDAP
entry be called e.g. /bin/ldap_shell, and symbolic linking accordingly on
each machine, but it doesn't give me the granularity I want on a per user
basis
Any suggestions, pointers, ideas are more than welcomed!
Thanks!
--
Joy Khoriaty
elventails(a)elventails.com
http://elventails.com
14 years, 11 months
How does Openldap work with Cyrus SASL and MIT Kerberos V
by Le Trung Kien
Hi everyone,
I have built up one server with Openldap, Cyrus SASL, MIT Kerberos V.
Now, my server can authenticate users.
In "Authentication Configuration", I set option information for LDAP server
and Kerberos server. And I could login with accounts (Kerberos principals)
which are created through Kerberos. And user information can be obtained
from LDAP server.
But it's seem to be only Openldap and Kerberos work with together.
I can't figure out what the SASL role is in this strategy. And how it
effects
on my system.
When I attempt setup phpldapadmin, I must configure SASL option, but I
don't know how SASL works with LDAP in this strategy ?
--
Le Trung Kien.
14 years, 11 months
ldap_bind: Invalid credentials (49)
by Wael Mashal
I install the openldap on windows I add the .ldif file on ldap put the
problem appear when I use
c:\OpenLDAP>ldapwhoami -x -D "cn=admin,o=world" -W
Enter LDAP Password: ldap_bind: Invalid credentials (49)
Please help
Wael Mashal
Java Team Leader
ASAL Technologies
Ramallah, Palestine
Tel: +970-2-2409 101
Fax: +970-2-2409 103
Mob: +970-52-487-11-70
Web: http://www.asaltech.com
14 years, 11 months
Comments requested on some support for LDAP I received from Konica Minolta.
by Neil Marjoram
I would really like to here the groups comments on this email I received
from KonicaMinolta, it refers to the Bizhub C451 printer, but I
suspect it applies to the whole range. On purchase of the printer I was
told it supports LDAP, and as you may expect this response somewhat
annoys me!
quote "Thank you for your observations,
We have now received a reply from our colleagues in Germany and they
have confirmed the following concerning LDAP compatibility on
KonicaMinolta machines:
"In a Windows environment, it will work fine, but as soon as Open Source
is used, it may fail.
The current limitation for LDAP is -->
LDAP user authentication "user name field" --> 64 char
LDAP address search "user name field" --> 254 char
All Windows based LDAP V3 compatible Servers are supported.
A problem may occur if within the reply string from the Server special
Characters which are not corresponding to RFC 3986 are used.
E.g. "^" sign within the names."
Support for Open Source is something they are looking into but for now
there is no due date.
With regard to your question on "Referral Setting"
"Referral Settings"
Means to have an object stored in a local tree which is defined with
certain (local&specific) attributes and with a referral to another
object in a central tree which contains the (global) attributes (e.g
name, email,..)
Unfortunately Hotline are unable to offer any further assistance
concerning this matter as we are only familiar with Windows based LDAP
connections from our range of Machines and suggest you refer back to the
open source community."
Thanks for your comments on this,
Neil
--
Neil Marjoram
Systems Manager
Adastral Park Campus
University College London
Ross Building
Adastral Park
Martlesham Heath
Ipswich - Suffolk
IP5 3RE
Tel: 01473 663711
Fax: 01473 635199
Reclaim Your Inbox!
http://www.mozilla.org/products/thunderbird
14 years, 11 months
OpenLDAP+Samba server to authenticate windows machines
by Gustavo Mendes de Carvalho
Hi Everyone ,
I'm planning to mount an OpenLDAP+Samba server to authenticate windows
machines, but I have a not so common situation. I have windows machines that
does not belong either to some windows domain or workgroup, machines that
belongs to some workgroup and meny machines that belongs to some specific
and different domains, whitout trusted relantionship among them, including
some windows cluster machines.
Is there any way to include all of them to authenticate in a single
LDAP+Samba server ? I mean, to use samba without PDC or BDC or even some DC
configured in Samba server...
I know that this question should be posted in Samba maillist, and I already
did it, but does anybody here know something about this ?
Thanks in advance
---
Gustavo Mendes de Carvalho
email: gmcarvalho(a)gmail.com
14 years, 11 months
Problem while inserting binary data....
by ashish mahamuni
I've define my own schema(couple of classes and attributes)....
it looks like below...
---------------------------------------------------------------
attributetype ( 2.5.4.73
NAME 'epType'
SUP name )
attributetype ( 2.5.4.74
NAME 'agencyIcon'
SUP jpegPhoto )
objectClass ( 2.5.6.24
NAME 'mlnkEp'
DESC 'Object for end point'
STRUCTURAL
MUST ( epType )
objectClass ( 2.5.6.25
NAME 'agencyObject'
DESC 'Object that extends organizationalUnit'
SUP organizationalUnit
STRUCTURAL
MAY (agencyIcon)
)
------------------------------------------------------------
I want to store icon file in agencyIcon attribute...
So I added below line for agencyIcon in ldif file .........
agencyIcon;binary: < file:///root/jbuilder.ico
When I execute command:
slapadd -l init.ldif
I get error as.....
<= str2entry: str2ad(version): attribute type undefined
slapadd: could not parse entry (line=8)
When I use ldapadd/ldapmodify I get following error
ldap_add: Undefined attribute type (17)
additional info: agencyIcon;binary: option "binary" not supported with type
I also tried adding below line at the top of ldif file
I also tried changing version number as 1,2,3
version: 1
I searched on google but found nothing...
I am working on Cent-OS.
And openldap version is 2.3.27
Help me
Regards
Ashish
Best Jokes, Best Friends, Best Food and more. Go to http://in.promos.yahoo.com/groups/bestofyahoo/
14 years, 11 months
Migration from Sun Directory Server to OpenLDAP.
by Jayesh Kamdar
Hi,
I am kind of newbie to LDAP. I do have little experience with Sun LDAP but not an expert. Now, I am being asked to move over Sun ldap servers to OpenLDAP.
I am looking for any pointers, document or if any one has personal experience on how easy/tough it is to do this migration from SunLDAP to OpenLDAP.
Thanks for your help.
Jayesh Kamdar
jkamdar(a)yahoo.com
14 years, 11 months
ldap error
by Aravind Arjunan
hi,
I had integrated ldap with postfix in rhel 5 operating system.
But when i try to send mail to user which i mentioned in ldap database.
i got the below error.
Jun 27 00:02:42 master postfix/pickup[3753]: C4FC51FB85: uid=0 from=<root>
Jun 27 00:02:42 master postfix/cleanup[3831]: C4FC51FB85: message-id=<
20080626183242.C4FC51FB85(a)master.panafnet.com>
Jun 27 00:02:42 master postfix/qmgr[3754]: C4FC51FB85: from=<
root(a)panafnet.com>, size=326, nrcpt=1 (queue active)
Jun 27 00:02:42 master postfix/local[3760]: warning: dict_ldap_lookup:
ldapaliases: Search base '' not found: 32: No such object
Jun 27 00:02:42 master postfix/local[3760]: C4FC51FB85: to=<
rambo(a)panafnet.com>, orig_to=<rambo>, relay=local, delay=0.22,
delays=0.19/0/0/0.03, dsn=4.3.0, status=deferred (alias database
unavailable)
14 years, 11 months
ldap error
by Aravind Arjunan
hi,
I had configured openldap as master/slave in one of the customer site.
But still the slave server was not ready in customer site, i had configured
the master server part alone.
After finishing the configuration part of master server i had restarted the
ldap service.
am getting the warning message as
warning:line 58: no by claust(s) specify in access line (ignored)
warning:line 64: no by claust(s) specify in access line (ignored)
the below are the line 58 and 64
access to attrs=userPassword
by self write
by dn="cn=syncuser,dc=example,dc=com" read
by * auth
access to *
by dn="cn=syncuser,dc=example,dc=com" read
by * read
14 years, 11 months
Problem with Chaining
by RamakrishnaDeepak Battu
Hi all,
I'm a newbie. I recently installed openldap2.4.10 on 2 of my systems.My
requirement is to chain the master database on to the slave database..I
followed the manual and tried the folowing .The Master and Slave
slapd.conf's are as follows:
*The Master config file is as follows:
*#include statments
.........
.........
access to *
by dn.base="cn=root,ou=Users,dc=example,dc=com" read
by * break
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=example,dc=com"
rootdn "cn=root,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
overlay syncprov
# contextCSN saved to database every 100 updates or ten minutes
syncprov-checkpoint 100 10
*The Slave config file as folows:
*#include statments
.........
.........
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=example,dc=com"
rootdn "cn=root,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
syncrepl rid=100
provider=ldap://Master
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=example,dc=com"
attrs=*
bindmethod=simple
binddn="cn=root,ou=Users,dc=example,dc=com"
credentials="<secret>"
updateref "ldap://Master"
-----------------------------------------------------------------------------------
After this i started the Master server and slave Server with -d 256 option
to see like this:
*master log:*
ber_get_next on fd 12 failed errno=0 (Success)
connection_read(12): input error=-2 id=5, closing.
connection_closing: readying conn=5 sd=12 for close
connection_close: deferring conn=5 sd=12
daemon: activity on 1 descriptor
conn=5 op=1 do_unbind
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_resched: attempting closing conn=5 sd=12
connection_close: conn=5 sd=12
daemon: removing 12
*slave log:*
slapd starting
request done: ld 0x8238850 msgid 1
do_syncrep1: rid 100 ldap_sasl_bind_s failed (49)
do_syncrepl: rid 100 retrying (4 retries left)
request done: ld 0x8238850 msgid 1
do_syncrep1: rid 100 ldap_sasl_bind_s failed (49)
do_syncrepl: rid 100 retrying (3 retries left)
request done: ld 0x8238850 msgid 1
do_syncrep1: rid 100 ldap_sasl_bind_s failed (49)
do_syncrepl: rid 100 retrying (2 retries left)
request done: ld 0x8238850 msgid 1
do_syncrep1: rid 100 ldap_sasl_bind_s failed (49)
do_syncrepl: rid 100 retrying (1 retries left)
request done: ld 0x8238850 msgid 1
do_syncrep1: rid 100 ldap_sasl_bind_s failed (49)
do_syncrepl: rid 100 retrying
-------------------------------------------------------------------------------
It means that the slave is not being replicated .. can any one please tell
me why this ldap_sasl_bind_s failed (49) is coming..
thanks in advance.
14 years, 11 months