openldap-technical June 2008

openldap-technical@openldap.org

73 participants
83 discussions

different shells on different hosts?
by Joy Khoriaty 02 Jul '08

02 Jul '08

Hi! I'd like my LDAP users to have different shells on 2 different client machines. Is that possible? how can I set it up? e.g, on host1, user1 has for shell /bin/bash, on host2, user1 has for shell /bin/rsh Someone suggested having the defined shell for the user in their LDAP entry be called e.g. /bin/ldap_shell, and symbolic linking accordingly on each machine, but it doesn't give me the granularity I want on a per user basis Any suggestions, pointers, ideas are more than welcomed! Thanks! -- Joy Khoriaty elventails(a)elventails.com http://elventails.com

2 2

How does Openldap work with Cyrus SASL and MIT Kerberos V
by Le Trung Kien 02 Jul '08

02 Jul '08

Hi everyone, I have built up one server with Openldap, Cyrus SASL, MIT Kerberos V. Now, my server can authenticate users. In "Authentication Configuration", I set option information for LDAP server and Kerberos server. And I could login with accounts (Kerberos principals) which are created through Kerberos. And user information can be obtained from LDAP server. But it's seem to be only Openldap and Kerberos work with together. I can't figure out what the SASL role is in this strategy. And how it effects on my system. When I attempt setup phpldapadmin, I must configure SASL option, but I don't know how SASL works with LDAP in this strategy ? -- Le Trung Kien.

5 8

ldap_bind: Invalid credentials (49)
by Wael Mashal 02 Jul '08

02 Jul '08

I install the openldap on windows I add the .ldif file on ldap put the problem appear when I use c:\OpenLDAP>ldapwhoami -x -D "cn=admin,o=world" -W Enter LDAP Password: ldap_bind: Invalid credentials (49) Please help Wael Mashal Java Team Leader ASAL Technologies Ramallah, Palestine Tel: +970-2-2409 101 Fax: +970-2-2409 103 Mob: +970-52-487-11-70 Web: http://www.asaltech.com

2 1

Comments requested on some support for LDAP I received from Konica Minolta.
by Neil Marjoram 30 Jun '08

30 Jun '08

I would really like to here the groups comments on this email I received from KonicaMinolta, it refers to the Bizhub C451 printer, but I suspect it applies to the whole range. On purchase of the printer I was told it supports LDAP, and as you may expect this response somewhat annoys me! quote "Thank you for your observations, We have now received a reply from our colleagues in Germany and they have confirmed the following concerning LDAP compatibility on KonicaMinolta machines: "In a Windows environment, it will work fine, but as soon as Open Source is used, it may fail. The current limitation for LDAP is --> LDAP user authentication "user name field" --> 64 char LDAP address search "user name field" --> 254 char All Windows based LDAP V3 compatible Servers are supported. A problem may occur if within the reply string from the Server special Characters which are not corresponding to RFC 3986 are used. E.g. "^" sign within the names." Support for Open Source is something they are looking into but for now there is no due date. With regard to your question on "Referral Setting" "Referral Settings" Means to have an object stored in a local tree which is defined with certain (local&specific) attributes and with a referral to another object in a central tree which contains the (global) attributes (e.g name, email,..) Unfortunately Hotline are unable to offer any further assistance concerning this matter as we are only familiar with Windows based LDAP connections from our range of Machines and suggest you refer back to the open source community." Thanks for your comments on this, Neil -- Neil Marjoram Systems Manager Adastral Park Campus University College London Ross Building Adastral Park Martlesham Heath Ipswich - Suffolk IP5 3RE Tel: 01473 663711 Fax: 01473 635199 Reclaim Your Inbox! http://www.mozilla.org/products/thunderbird

4 5

OpenLDAP+Samba server to authenticate windows machines
by Gustavo Mendes de Carvalho 29 Jun '08

29 Jun '08

Hi Everyone , I'm planning to mount an OpenLDAP+Samba server to authenticate windows machines, but I have a not so common situation. I have windows machines that does not belong either to some windows domain or workgroup, machines that belongs to some workgroup and meny machines that belongs to some specific and different domains, whitout trusted relantionship among them, including some windows cluster machines. Is there any way to include all of them to authenticate in a single LDAP+Samba server ? I mean, to use samba without PDC or BDC or even some DC configured in Samba server... I know that this question should be posted in Samba maillist, and I already did it, but does anybody here know something about this ? Thanks in advance --- Gustavo Mendes de Carvalho email: gmcarvalho(a)gmail.com

2 1

Problem while inserting binary data....
by ashish mahamuni 29 Jun '08

29 Jun '08

I've define my own schema(couple of classes and attributes).... it looks like below... --------------------------------------------------------------- attributetype ( 2.5.4.73 NAME 'epType' SUP name ) attributetype ( 2.5.4.74 NAME 'agencyIcon' SUP jpegPhoto ) objectClass ( 2.5.6.24 NAME 'mlnkEp' DESC 'Object for end point' STRUCTURAL MUST ( epType ) objectClass ( 2.5.6.25 NAME 'agencyObject' DESC 'Object that extends organizationalUnit' SUP organizationalUnit STRUCTURAL MAY (agencyIcon) ) ------------------------------------------------------------ I want to store icon file in agencyIcon attribute... So I added below line for agencyIcon in ldif file ......... agencyIcon;binary: < file:///root/jbuilder.ico When I execute command: slapadd -l init.ldif I get error as..... <= str2entry: str2ad(version): attribute type undefined slapadd: could not parse entry (line=8) When I use ldapadd/ldapmodify I get following error ldap_add: Undefined attribute type (17) additional info: agencyIcon;binary: option "binary" not supported with type I also tried adding below line at the top of ldif file I also tried changing version number as 1,2,3 version: 1 I searched on google but found nothing... I am working on Cent-OS. And openldap version is 2.3.27 Help me Regards Ashish Best Jokes, Best Friends, Best Food and more. Go to http://in.promos.yahoo.com/groups/bestofyahoo/

3 5

Migration from Sun Directory Server to OpenLDAP.
by Jayesh Kamdar 27 Jun '08

27 Jun '08

Hi, I am kind of newbie to LDAP. I do have little experience with Sun LDAP but not an expert. Now, I am being asked to move over Sun ldap servers to OpenLDAP. I am looking for any pointers, document or if any one has personal experience on how easy/tough it is to do this migration from SunLDAP to OpenLDAP. Thanks for your help. Jayesh Kamdar jkamdar(a)yahoo.com

2 1

ldap error
by Aravind Arjunan 27 Jun '08

27 Jun '08

hi, I had integrated ldap with postfix in rhel 5 operating system. But when i try to send mail to user which i mentioned in ldap database. i got the below error. Jun 27 00:02:42 master postfix/pickup[3753]: C4FC51FB85: uid=0 from=<root> Jun 27 00:02:42 master postfix/cleanup[3831]: C4FC51FB85: message-id=< 20080626183242.C4FC51FB85(a)master.panafnet.com> Jun 27 00:02:42 master postfix/qmgr[3754]: C4FC51FB85: from=< root(a)panafnet.com>, size=326, nrcpt=1 (queue active) Jun 27 00:02:42 master postfix/local[3760]: warning: dict_ldap_lookup: ldapaliases: Search base '' not found: 32: No such object Jun 27 00:02:42 master postfix/local[3760]: C4FC51FB85: to=< rambo(a)panafnet.com>, orig_to=<rambo>, relay=local, delay=0.22, delays=0.19/0/0/0.03, dsn=4.3.0, status=deferred (alias database unavailable)

2 1

ldap error
by Aravind Arjunan 27 Jun '08

27 Jun '08

hi, I had configured openldap as master/slave in one of the customer site. But still the slave server was not ready in customer site, i had configured the master server part alone. After finishing the configuration part of master server i had restarted the ldap service. am getting the warning message as warning:line 58: no by claust(s) specify in access line (ignored) warning:line 64: no by claust(s) specify in access line (ignored) the below are the line 58 and 64 access to attrs=userPassword by self write by dn="cn=syncuser,dc=example,dc=com" read by * auth access to * by dn="cn=syncuser,dc=example,dc=com" read by * read

1 0

Problem with Chaining
by RamakrishnaDeepak Battu 27 Jun '08

27 Jun '08

Hi all, I'm a newbie. I recently installed openldap2.4.10 on 2 of my systems.My requirement is to chain the master database on to the slave database..I followed the manual and tried the folowing .The Master and Slave slapd.conf's are as follows: *The Master config file is as follows: *#include statments ......... ......... access to * by dn.base="cn=root,ou=Users,dc=example,dc=com" read by * break ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=example,dc=com" rootdn "cn=root,dc=example,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq overlay syncprov # contextCSN saved to database every 100 updates or ten minutes syncprov-checkpoint 100 10 *The Slave config file as folows: *#include statments ......... ......... ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=example,dc=com" rootdn "cn=root,dc=example,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq syncrepl rid=100 provider=ldap://Master type=refreshAndPersist retry="5 5 300 +" searchbase="dc=example,dc=com" attrs=* bindmethod=simple binddn="cn=root,ou=Users,dc=example,dc=com" credentials="<secret>" updateref "ldap://Master" ----------------------------------------------------------------------------------- After this i started the Master server and slave Server with -d 256 option to see like this: *master log:* ber_get_next on fd 12 failed errno=0 (Success) connection_read(12): input error=-2 id=5, closing. connection_closing: readying conn=5 sd=12 for close connection_close: deferring conn=5 sd=12 daemon: activity on 1 descriptor conn=5 op=1 do_unbind daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL connection_resched: attempting closing conn=5 sd=12 connection_close: conn=5 sd=12 daemon: removing 12 *slave log:* slapd starting request done: ld 0x8238850 msgid 1 do_syncrep1: rid 100 ldap_sasl_bind_s failed (49) do_syncrepl: rid 100 retrying (4 retries left) request done: ld 0x8238850 msgid 1 do_syncrep1: rid 100 ldap_sasl_bind_s failed (49) do_syncrepl: rid 100 retrying (3 retries left) request done: ld 0x8238850 msgid 1 do_syncrep1: rid 100 ldap_sasl_bind_s failed (49) do_syncrepl: rid 100 retrying (2 retries left) request done: ld 0x8238850 msgid 1 do_syncrep1: rid 100 ldap_sasl_bind_s failed (49) do_syncrepl: rid 100 retrying (1 retries left) request done: ld 0x8238850 msgid 1 do_syncrep1: rid 100 ldap_sasl_bind_s failed (49) do_syncrepl: rid 100 retrying ------------------------------------------------------------------------------- It means that the slave is not being replicated .. can any one please tell me why this ldap_sasl_bind_s failed (49) is coming.. thanks in advance.

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical June 2008