openldap-technical August 2008

openldap-technical@openldap.org

63 participants
81 discussions

Basic Master/Slave replication, take slave down, slave hangs
by Brad T Waldorf 07 Aug '08

07 Aug '08

This may be problem that's been fixed from 2.4.6 to 2.4.11. I'm hoping someone recognizes it and can confirm it's been fixed. (We committed to 2.4.6 for the short term future.) We've got basic refreshAndPersist replication working fine. Replication declarations from the master slapd.conf... overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 Replication declarations from the slave slapd.conf.... syncrepl rid=123 provider=ldap://<masterIP>:389 type=refreshAndPersist retry="120 +" searchbase="o=replDB" bindmethod=simple binddn="cn=replman,o=replDB" credentials=password When we shut down the slave, the slave hangs. Here's the debug log... daemon: closing 12582954+ slapd shutdown: waiting for 1 threads to terminate+ =.do_syncrepl rid=123+ connection_get(12582955)+ connection_get(12582955): got connid=0+ daemon: removing 12582955r+ ldap_free_request (origid 2, msgid 2)+ ldap_free_connection 1 1+ ldap_send_unbind+ ber_flush2: 7 bytes to sd 12582955+ 0000: 30 05 02 01 03 42 00 0....B. + ldap_write: want=7, written=7+ 0000: 30 05 02 01 03 42 00 0....B. + ldap_free_connection: actually freed+ We think the problem is with the following code in tpool.c. Specifically, ltp_open_count has a value of 1, so we're stuck in a loop. If we set ltp_open_count to 0, the server comes down properly. At that point we can restart it again. while (pool->ltp_open_count) { if (!pool->ltp_pause) ldap_pvt_thread_cond_broadcast(&pool->ltp_cond); ldap_pvt_thread_cond_wait(&pool->ltp_cond, &pool-> ltp_mutex); } Does this problem look familiar to anyone? Once again, we apologize for being on a backlevel release... but we committed to 2.4.6 for the first release, which is coming up shortly. We'll be upgrading for future releases... and we're hoping this problem (if it is a real problem) has been fixed. Thanks in advance...

2 1

RE : [BSD7.0] Openldap Server - Client 2.3.41 / Unknow user UID
by karim.bourenane＠orange-ftgroup.com 07 Aug '08

07 Aug '08

Hi All I found my error about this problem. I correct the right of certificate ssl files. Regards for all Karim Bourenane 112 Av. Charles de Gaules 92520 Neuilly S/Seine Phone: +33156 76 35 52 Fax: +33156 76 35 04 http://www.equant.com <http://www.equant.com/> ********************************* This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ********************************

1 0

mail Routing thorugh openldap attribute
by Aravind Arjunan 07 Aug '08

07 Aug '08

hi, I had configured mailserver in postfix and integrated openldap with postfix. All my users information is in openldap. Now i need to route my mail for particular user to his respective mail box. eg: user1(a)afnet.com to machine1 user2(a)afnet.com to machine2 So in openldap i had added attribute like for user1 mail: user1(a)afnet.com mailHost: machine1(IP) or Hostname mailRoutingAddress: user1(a)afnet.com for user2 mail: user2(a)afnet.com mailHost: machine2(IP) or Hostname mailRoutingAddress: user2(a)afnet.com In /etc/postfix/main.cf queryfilter = (mail=%s) resultattribute = mailRoutingAddress So when i send mail to user1 , it will first check the mail address is correct or not from ldap entries and check mailHost for the particular user and must go the particular SMTP server where i had mentioned in mailHost attribute in ldap. But for me it is checking the mailHost attribute and i had mentioned the IP of the SMTP server in my LDAP for mailHost attribute.So for me it checks the mailHost attribute and delivering the mail in the same SMTP server by creating the IP as the username and droping the mail Any body plz guide me home to route the mail to the particular user .

2 1

VMware and mirror/multimaster
by Dave Horsfall 05 Aug '08

05 Aug '08

Has anyone tried mirroring or multimaster under VMware i.e. are the virtual clocks stable enough? We're starting to use VMware to cut down on the number of physical hosts, but I'd like to use the latest 2.4 features as well. -- Dave Horsfall DTM VK2KFU Ph: +61 2 9552-5509 (direct) +61 2 9552-5500 (switch) Corinthian Eng'ng P/L, Ste 54 Jones Bay Whf, 26-32 Pirrama Rd, Pyrmont 2009, AU

5 11

TLS Configuration - "unable to get TLS client DN, error=49"
by Brad T Waldorf 05 Aug '08

05 Aug '08

Hi. We're trying to configure a basic SSL (TLS) connection through OpenLDAP version 2.4.6. We're using Linux, Debian Version 4.0 ('etch') INTEL. The pertinent info... slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args loglevel -1 logfile /usr/local/var/openldap-data/logb TLSCACertificateFile /home/bwaldorf/certs/1024pcert.pem TLSCertificateFile /home/bwaldorf/certs/1024pcert.pem TLSCertificateKeyFile /home/bwaldorf/certs/1024pkey.pem TLSCipherSuite DES-CBC-SHA TLSVerifyClient never #TLSRandFile #TLSEphemeralDHParamFile ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "o=replDB" rootdn "cn=replman,o=replDB" rootpw password timelimit 1 idletimeout 4 access to attrs=userPassword by self write by anonymous auth by * none access to * by self write by * read directory /usr/local/var/openldap-data index sn,mail,uid,title eq ldap.conf TLS_CACERT /home/bwaldorf/certs/1024pcert.pem TLS_CERT /home/bwaldorf/certs/1024pcert.pem TLS_KEY /home/bwaldorf/certs/1024pkey.pem So we try the following search (-ZZ to force the command to be successful)... ldapsearch -x -D "cn=replman,o=replDB" -w password -b "o=replDB1" -ZZ And we get the following output (below) with -d -1... (sorry for the excessive messages). Looks like the problem is... "connection_read(13): unable to get TLS client DN, error=49 id=5" I did some googling for this error, but never found a thread with a cause/solution. Thanks in advance for your time and help! daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(8): daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 busy >>> slap_listener(ldap:///) daemon: activity on 1 descriptor daemon: listen=8, new connection on 13 daemon: activity on:daemon: added 13r (active) listener=(nil) conn=5 fd=13 ACCEPT from IP=127.0.0.1:32933 (IP=0.0.0.0:389)) daemon: epoll: listen=7 active_threads=1 tvp=zero. daemon: epoll: listen=8 active_threads=1 tvp=zero. daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read active on 13 daemon: epoll: listen=7 active_threads=1 tvp=zero. connection_get(13) daemon: epoll: listen=8 active_threads=1 tvp=zero. connection_get(13): got connid=5 connection_read(13): checking for input on id=5 ber_get_next ldap_read: want=8, got=8 0000: 30 1d 02 01 01 77 18 80 0....w.. ldap_read: want=23, got=23 0000: 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 31 34 36 .1.3.6.1.4.1.146 0010: 36 2e 32 30 30 33 37 6.20037 ber_get_next: tag 0x30 len 29 contents: ber_dump: buf=0xa0c11fc8 ptr=0xa0c11fc8 end=0xa0c11fe5 len=29. 0000: 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 ...w...1.3.6.1.4 0010: 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .1.1466.20037 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=5 op=0 do_extended ber_scanf fmt ({m) ber: ber_dump: buf=0xa0c11fc8 ptr=0xa0c11fcb end=0xa0c11fe5 len=26 0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1. 0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037 conn=5 op=0 EXT oid=1.3.6.1.4.1.1466.20037 do_extended: oid=1.3.6.1.4.1.1466.20037 daemon: activity on 1 descriptor conn=5 op=0 STARTTLS daemon: activity on:send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 daemon: epoll: listen=7 active_threads=1 tvp=zero ber_flush2: 14 bytes to sd 13 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 0....x........ conn=5 op=0 RESULT oid= err=0 text= daemon: epoll: listen=8 active_threads=1 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read active on 13 daemon: epoll: listen=7 active_threads=1 tvp=zero connection_get(13) daemon: epoll: listen=8 active_threads=1 tvp=zero connection_get(13): got connid=5 connection_read(13): checking for input on id=5 TLS trace: SSL_accept:before/accept initialization tls_read: want=11, got=11 0000: 80 74 01 03 01 00 4b 00 00 00 20 .t....K....... tls_read: want=107, got=107 0000: 00 00 39 00 00 38 00 00 35 00 00 16 00 00 13 00 ..9..8..5....... 0010: 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f 03 00 .......3..2../.. 0020: 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 ................ 0030: 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 .....@.......... 0040: 00 06 04 00 80 00 00 03 02 00 80 15 2d dd 5d 9a ............-.]. 0050: f5 29 55 3b 15 f2 e5 47 18 9c 22 f2 7d 07 51 72 .)U;...G..".}.Qr 0060: 60 1f 38 61 8d 9a e7 67 2a 5e 9e `.8a...g*^..}. TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A tls_write: want=985, written=985 0000: 16 03 01 00 4a 02 00 00 46 03 01 48 92 1d e7 69 ....J...F..H...i 0010: f3 a0 ea 95 0f 3b 21 71 a5 b0 11 34 27 91 b8 0b .....;!q...4'... 0020: d1 25 4f ca d5 56 fd 55 d2 0f 33 20 a7 fe 44 07 .%O..V.U..3 ..D. 0030: 8a 33 a1 ec 46 61 01 94 2a 05 9a 59 9e 95 02 ec .3..Fa..*..Y.... 0040: 99 82 42 77 1d f6 bf 6e b4 0f 05 23 00 09 00 16 ..Bw...n...#.... 0050: 03 01 03 7c 0b 00 03 78 00 03 75 00 03 72 30 82 ...|...x..u..r0. 0060: 03 6e 30 82 02 d7 a0 03 02 01 02 02 01 00 30 0d .n0...........0. 0070: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81 87 ..*.H........0.. 0080: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11 30 1.0...U....US1.0 0090: 0f 06 03 55 04 08 13 08 4e 65 77 20 59 6f 72 6b ...U....New York 00a0: 31 15 30 13 06 03 55 04 07 13 0c 50 6f 75 67 68 1.0...U....Pough 00b0: 6b 65 65 70 73 69 65 31 0c 30 0a 06 03 55 04 0a keepsie1.0...U.. 00c0: 13 03 49 42 4d 31 0c 30 0a 06 03 55 04 0b 13 03 ..IBM1.0...U.... 00d0: 54 50 46 31 0e 30 0c 06 03 55 04 03 13 05 44 61 TPF1.0...U....Da 00e0: 76 69 64 31 22 30 20 06 09 2a 86 48 86 f7 0d 01 vid1"0 ..*.H.... 00f0: 09 01 16 13 6d 6f 7a 65 73 68 74 61 40 75 73 2e ....mozeshta@us. 0100: 69 62 6d 2e 63 6f 6d 30 1e 17 0d 30 38 30 33 31 ibm.com0...08031 0110: 31 30 31 31 36 31 31 5a 17 0d 31 30 31 32 30 37 1011611Z..101207 0120: 30 31 31 36 31 31 5a 30 81 87 31 0b 30 09 06 03 011611Z0..1.0... 0130: 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 08 U....US1.0...U.. 0140: 13 08 4e 65 77 20 59 6f 72 6b 31 15 30 13 06 03 ..New York1.0... 0150: 55 04 07 13 0c 50 6f 75 67 68 6b 65 65 70 73 69 U....Poughkeepsi 0160: 65 31 0c 30 0a 06 03 55 04 0a 13 03 49 42 4d 31 e1.0...U....IBM1 0170: 0c 30 0a 06 03 55 04 0b 13 03 54 50 46 31 0e 30 .0...U....TPF1.0 0180: 0c 06 03 55 04 03 13 05 44 61 76 69 64 31 22 30 ...U....David1"0 0190: 20 06 09 2a 86 48 86 f7 0d 01 09 01 16 13 6d 6f ..*.H........mo 01a0: 7a 65 73 68 74 61 40 75 73 2e 69 62 6d 2e 63 6f zeshta(a)us.ibm.co 01b0: 6d 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 m0..0...*.H..... 01c0: 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 ac ee .......0........ 01d0: f9 a7 40 cc 73 af 67 a0 ea 46 08 45 a5 fd 44 71 ..@.s.g..F.E..Dq 01e0: a4 04 3e 51 f7 39 51 82 3d 7e 9b 99 ae 1d c1 22 ..>Q.9Q.=~....." 01f0: 67 10 e7 15 d1 a9 65 75 e9 3e 0f 77 64 d1 14 4d g.....eu.>.wd..M 0200: 28 f0 8c ba d3 ed 87 e9 b1 5b 11 c1 3f 11 ed 1a (........[..?... 0210: 96 9a 3f b3 4b f3 db bd 84 41 11 aa ea 37 6d ab ..?.K....A...7m. 0220: c5 fb a9 bb ab 9d 87 66 b2 31 7a c8 35 06 06 ec .......f.1z.5... 0230: fb 07 f1 29 f5 f3 fd 29 f4 df 33 bf 40 de 84 6f ...)...)..3.@..o 0240: 9d 66 ea 57 42 ab 0f 13 a0 07 71 d5 e0 6d 02 03 .f.WB.....q..m.. 0250: 01 00 01 a3 81 e7 30 81 e4 30 1d 06 03 55 1d 0e ......0..0...U.. 0260: 04 16 04 14 11 76 af b1 5a bd 99 53 a5 de 02 35 .....v..Z..S...5 0270: 06 51 c4 01 74 71 2c c6 30 81 b4 06 03 55 1d 23 .Q..tq,.0....U.# 0280: 04 81 ac 30 81 a9 80 14 11 76 af b1 5a bd 99 53 ...0.....v..Z..S 0290: a5 de 02 35 06 51 c4 01 74 71 2c c6 a1 81 8d a4 ...5.Q..tq,..... 02a0: 81 8a 30 81 87 31 0b 30 09 06 03 55 04 06 13 02 ..0..1.0...U.... 02b0: 55 53 31 11 30 0f 06 03 55 04 08 13 08 4e 65 77 US1.0...U....New 02c0: 20 59 6f 72 6b 31 15 30 13 06 03 55 04 07 13 0c York1.0...U.... 02d0: 50 6f 75 67 68 6b 65 65 70 73 69 65 31 0c 30 0a Poughkeepsie1.0. 02e0: 06 03 55 04 0a 13 03 49 42 4d 31 0c 30 0a 06 03 ..U....IBM1.0... 02f0: 55 04 0b 13 03 54 50 46 31 0e 30 0c 06 03 55 04 U....TPF1.0...U. 0300: 03 13 05 44 61 76 69 64 31 22 30 20 06 09 2a 86 ...David1"0 ..*. 0310: 48 86 f7 0d 01 09 01 16 13 6d 6f 7a 65 73 68 74 H........mozesht 0320: 61 40 75 73 2e 69 62 6d 2e 63 6f 6d 82 01 00 30 a@us.ibm.com...0 0330: 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 ...U....0....0.. 0340: 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 .*.H............ 0350: a8 39 22 f9 88 b2 c1 e6 95 5e af 4d ae f6 89 e5 .9"......^.M.... 0360: 64 82 37 42 f6 5b 00 56 22 d0 c6 b9 5f 70 36 2f d.7B.[.V"..._p6/ 0370: 8f 10 bb 5a d1 18 33 2a 37 8a a0 f2 c3 53 21 12 ...Z..3*7....S!. 0380: 2c 28 8a 62 a9 e0 b5 5a 70 4c 77 f1 5c 33 d2 a3 ,(.b...ZpLw.\3.. 0390: 6d 77 e8 6e e8 7e 5b 74 d9 3a 70 24 38 89 ce 11 mw.n.~[t.:p $8... 03a0: 4c ec 64 51 f2 be 61 4c 18 09 25 13 48 e2 5b 13 L.dQ..aL..%.H.[. 03b0: d9 fa 8c 0c b7 a2 dd 09 dd e8 da 01 c7 29 2b 9a .............)+. 03c0: 22 51 6f 19 54 e7 02 90 75 0e a9 3a 4b e0 d1 a4 "Qo.T...u..:K... 03d0: 16 03 01 00 04 0e 00 00 00 ...........: TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_accept:error in SSLv3 read client certificate A.........: TLS trace: SSL_accept:error in SSLv3 read client certificate A.........: daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=1 tvp=zero daemon: epoll: listen=8 active_threads=1 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read active on 13 daemon: epoll: listen=7 active_threads=1 tvp=zero connection_get(13) daemon: epoll: listen=8 active_threads=1 tvp=zero connection_get(13): got connid=5 connection_read(13): checking for input on id=5 tls_read: want=5, got=5 0000: 16 03 01 00 86 ...........: tls_read: want=134, got=134 0000: 10 00 00 82 00 80 91 6b 72 70 d5 4e 89 66 4e 5f .......krp.N.fN_ 0010: f2 d6 d6 41 e7 3a 85 1e 8e ce 85 4d 90 ac 4a ec ...A.:.....M..J. 0020: 81 f6 4d 2c 1d 94 85 e8 78 cf c9 68 11 77 b3 4e ..M,....x..h.w.N 0030: 13 97 62 43 e2 e8 12 44 42 46 c6 bc c3 74 c7 ad ..bC...DBF...t.. 0040: f7 46 22 2b ac 8c 8e 59 5d de f4 fd f9 73 3f 76 .F"+...Y]....s?v 0050: 1b 58 1f da 5c 95 49 a6 73 ec 75 37 fc 38 fa 53 .X..\.I.s.u7.8.S 0060: 6d 3c a9 fd 2a 7d c3 f7 b9 79 e7 3f 8f da df 04 m<..*}...y.?.... 0070: cb 06 e2 67 75 3c 57 cf 8e 60 6e e4 27 fa 23 a3 ...gu<W..`n.'.#. 0080: b8 fb c6 5b 14 7e ...[.~ TLS trace: SSL_accept:SSLv3 read client key exchange A tls_read: want=5, got=5 0000: 14 03 01 00 01 ..... tls_read: want=1, got=1 0000: 01 ..... tls_read: want=5, got=5 0000: 16 03 01 00 28 ....( tls_read: want=40, got=40 0000: 77 34 09 6c 45 e9 f1 f0 a2 e6 cb 2d e4 49 27 42 w4.lE......-.I'B 0010: 45 a5 84 74 bb bd 0f 6e 24 70 e1 b0 0f 19 83 4a E..t...n $p.....J 0020: 7a 41 c3 b3 ca fe 80 68 zA.....h TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A tls_write: want=51, written=51 0000: 14 03 01 00 01 01 16 03 01 00 28 97 a6 bb b1 8c ..........(..... 0010: 50 d4 6f 60 2c fb c7 d1 10 a6 a6 37 ff ea 0b e8 P.o`,......7.... 0020: 60 d0 f1 6b 34 d7 26 7b a9 c8 c0 45 72 33 7c 67 `..k4.&{...Er3| g 0030: b4 07 93 ... TLS trace: SSL_accept:SSLv3 flush data connection_read(13): unable to get TLS client DN, error=49 id=5 conn=5 fd=13 TLS established tls_ssf=56 ssf=56 daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=1 tvp=zero daemon: epoll: listen=8 active_threads=1 tvp=zero daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read active on 13 daemon: epoll: listen=7 active_threads=1 tvp=zero connection_get(13) daemon: epoll: listen=8 active_threads=1 tvp=zero connection_get(13): got connid=5 connection_read(13): checking for input on id=5 ber_get_next tls_read: want=5, got=0 ldap_read: want=8, got=0 ber_get_next on fd 13 failed errno=0 (Success) connection_read(13): input error=-2 id=5, closing. connection_closing: readying conn=5 sd=13 for close connection_close: conn=5 sd=13 daemon: removing 13 daemon: activity on 1 descriptor tls_write: want=29, written=29 0000: 15 03 01 00 18 73 41 45 4f f9 51 03 05 e6 66 c2 .....sAEO.Q...f. 0010: f5 65 d2 a9 ab 03 aa 8d d1 79 ef 18 8c .e.......y.... TLS trace: SSL3 alert write:warning:close notify conn=5 fd=13 closed (connection lost) daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL

4 4

updateref difficulty
by John Oliver 05 Aug '08

05 Aug '08

I added an updateref statement to my slave/consumer server, referring back to the master/producer: updateref ldap://test1.mydomain.com In the logs on the slave, I can see that it does look like it refers the client to the master... Aug 5 09:21:19 unix-services2 slapd[29985]: daemon: select: listen=7 active_threads=0 tvp=zero Aug 5 09:21:19 unix-services2 slapd[29985]: daemon: select: listen=8 active_threads=0 tvp=zero Aug 5 09:21:19 unix-services2 slapd[29985]: do_modify Aug 5 09:21:19 unix-services2 slapd[29985]: do_modify: dn (uid=joliver,ou=People,dc=mydomain,dc=com) Aug 5 09:21:19 unix-services2 slapd[29985]: >>> dnPrettyNormal: <uid=joliver,ou=People,dc=mydomain,dc=com> Aug 5 09:21:19 unix-services2 slapd[29985]: <<< dnPrettyNormal: <uid=joliver,ou=People,dc=mydomain,dc=com>, <uid=joliver,ou=people,dc=mydomain,dc=com> Aug 5 09:21:19 unix-services2 slapd[29985]: modifications: Aug 5 09:21:19 unix-services2 slapd[29985]: replace: userPassword Aug 5 09:21:19 unix-services2 slapd[29985]: one value, length 41 Aug 5 09:21:19 unix-services2 slapd[29985]: conn=22 op=5 MOD dn="uid=joliver,ou=People,dc=mydomain,dc=com" Aug 5 09:21:19 unix-services2 slapd[29985]: conn=22 op=5 MOD attr=userPassword Aug 5 09:21:19 unix-services2 slapd[29985]: bdb_dn2entry("uid=joliver,ou=people,dc=mydomain,dc=com") Aug 5 09:21:19 unix-services2 slapd[29985]: send_ldap_result: conn=22 op=5 p=3 Aug 5 09:21:19 unix-services2 slapd[29985]: send_ldap_result: err=10 matched="" text="" Aug 5 09:21:19 unix-services2 slapd[29985]: send_ldap_result: referral="ldap://test1.mydomain.com/uid=joliver,ou=People,dc=mydomain,dc=com" Aug 5 09:21:19 unix-services2 slapd[29985]: send_ldap_response: msgid=6 tag=103 err=10 Aug 5 09:21:19 unix-services2 slapd[29985]: send_ldap_response: ref="ldap://test1.mydomain.com/uid=joliver,ou=People,dc=mydomain,dc=com" Aug 5 09:21:19 unix-services2 slapd[29985]: conn=22 op=5 RESULT tag=103 err=10 text= Aug 5 09:21:22 unix-services2 slapd[29985]: daemon: activity on 1 descriptor Aug 5 09:21:22 unix-services2 slapd[29985]: daemon: activity on: Aug 5 09:21:22 unix-services2 slapd[29985]: 28r Aug 5 09:21:22 unix-services2 slapd[29985]: Aug 5 09:21:22 unix-services2 slapd[29985]: daemon: read active on 28 Aug 5 09:21:22 unix-services2 slapd[29985]: connection_get(28) Aug 5 09:21:22 unix-services2 slapd[29985]: connection_get(28): got connid=22 Aug 5 09:21:22 unix-services2 slapd[29985]: connection_read(28): checking for input on id=22 Aug 5 09:21:22 unix-services2 slapd[29985]: do_unbind Aug 5 09:21:22 unix-services2 slapd[29985]: ber_get_next on fd 28 failed errno=0 (Success) Aug 5 09:21:22 unix-services2 slapd[29985]: conn=22 op=6 UNBIND Aug 5 09:21:22 unix-services2 slapd[29985]: connection_read(28): input error=-2 id=22, closing. Aug 5 09:21:22 unix-services2 slapd[29985]: connection_closing: readying conn=22 sd=28 for close Aug 5 09:21:22 unix-services2 slapd[29985]: connection_close: deferring conn=22 sd=28 Aug 5 09:21:22 unix-services2 slapd[29985]: daemon: select: listen=7 active_threads=0 tvp=zero Aug 5 09:21:22 unix-services2 slapd[29985]: connection_resched: attempting closing conn=22 sd=28 Howver, nothing is logged on the master, and the client bombs out with: LDAP password information update failed: Can't contact LDAP server The client can authenticate against test1 (the master server) with the appropriate change to /etc/ldap.conf -- *********************************************************************** * John Oliver http://www.john-oliver.net/ * * * ***********************************************************************

2 2

Multiple email addresses +Postfix
by Stelios A. 05 Aug '08

05 Aug '08

Hello all, I have a master/slave Openldap 2.4.9 running on ubuntu server along with Postfix and dovecot. At the moment email server is able to server email for domain1.com with Maildir support for Dovecot at /home/username/ for each user. There is a need to add a 2nd domain let's say domain2.com. My question is where that domain will store the emails as the user home dir is already setup in ldap at /home/username Is there a way to define a new attribute like alternative email and have the same user with same auth details authenticate to both domains like user1(a)domain1.com and with same pass on user1(a)domain2.com? I'm not sure if I'm explain enough the situation, please ask for any clarification if you want to. -- Stelios A

2 1

Creating a "big" database... large LDIF file. automated procedure?
by Brad T Waldorf 04 Aug '08

04 Aug '08

Hi again. Thanks again for your responses to my prior posts. So far, all of my experience with OpenLDAP has been with databases with a minimal number of entries... 200 at the most. I'd like to do some performance experiments with a much larger database, say 10,000 database entries or so. What would you recommend for creating such a database? (Entries don't have to have real, sensible data... maybe the distinguished name is an integer that increases by 1?) Is there an automated way for creating such a database? Thanks,

2 2

Organizational Unit Listing
by Emre Yilmaz 04 Aug '08

04 Aug '08

hi list, We need list to all of organizational unit's in Active Directory with members. Its very important for me. Is there any idea? _________________________________________________________________ Windows Live Spaces – hayatınız, Alanınız. Daha fazlasını öğrenmek için buraya tıklayın. http://get.live.com/spaces/overview

5 5

Newbi question.
by Narsi Bala 03 Aug '08

03 Aug '08

I have just started to dig into openLDAP and I am against a roadblock right now...I am sure the issue i am having is straightforward for those LDAP experts out there, so bear with my ignorance. My slapd.conf file is listed below # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # ucdata-path ./ucdata include ./schema/core.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap:/root.openldap.org pidfile ./run/slapd.pid argsfile ./run/slapd.args # Load dynamic backend modules: # modulepath ./libexec/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory ./data # Indices to maintain index objectClass eq I am connecting to the server just fine, and I am looking at the database through eclipse apache DS studio plugin. Notice how I have the rootDN set to "cn=Manager,dc=my-domain,dc=com" and the suffix set to "dc=my-domain,dc=com", but I dont see this root entry in my editor. all I see is Root DSE(1). I expand that tree and there is nothing underneath it. I assume that by starting the server with the above slapd.conf, I should be able to create the rootDN, if not how does one go about creating a rootDN ? Thanks Narsi

4 4

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical August 2008