openldap-technical October 2009

openldap-technical@openldap.org

62 participants
53 discussions

Virtual list view problem
by Venish Khant 31 May '16

31 May '16

Hi all I am using cpan Net::LDAP module to access LDAP entries. I want to search LDAP entries using Net::LDAP search method. When I do search, I want some limited number of entries from search result, for this(searching) process I am using Net::LDAP::Control::VLV module. But I get error on VLV response control. Please, any one have idea about this error. * Error:* Died at vlv.pl line 50, This is my example. I changed the font style of line 50 #!/usr/bin/perl -w use Net::LDAP; use Net::LDAP::Control::VLV; use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE ); use Net::LDAP::Control::Sort; sub procentry { my ( $mesg, $entry) = @_; # Return if there is no entry to process if ( !defined($entry) ) { return; } print "dn: " . $entry->dn() . "\n"; @attrs = $entry->attributes(); foreach $attr (@attrs) { #printf("\t%s: %s\n", $attr, $entry->get_value($attr)); $attrvalue = $entry->get_value($attr,asref=>1); #print $attr.":". $entry->get_value($attr)."\n"; foreach $value(@$attrvalue) { print "$attr: $value\n"; } } $mesg->pop_entry; print "\n"; } $ldap = Net::LDAP->new( "localhost" ); # Get the first 20 entries $vlv = Net::LDAP::Control::VLV->new( before => 0, # No entries from before target entry after => 19, # 19 entries after target entry content => 0, # List size unknown offset => 1, # Target entry is the first ); my $sort = Net::LDAP::Control::Sort->new( order => 'cn' ); @args = ( base => "dc=example,dc=co,dc=in", scope => "subtree", filter => "(objectClass=inetOrgPerson)", callback => \&procentry, # Call this sub for each entry control => [ $sort, $vlv ], ); $mesg = $ldap->search( @args ); # Get VLV response control *($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;* $vlv->response( $resp ); # Set the control to get the last 20 entries $vlv->end; $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); # Now get the previous page $vlv->scroll_page( -1 ); $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mes # Now page with first entry starting with "B" in the middle $vlv->before(9); # Change page to show 9 before $vlv->after(10); # Change page to show 10 after $vlv->assert("B"); # assert "B" $mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); -- Venish Khant www.deeproot.co.in

4 11

dynlist overlay feature request
by Alexander 'Leo' Bergolth 02 Dec '09

02 Dec '09

Are there any plans to extend the dynlist overlays dynamic group feature to return not the DNs of the matched entries but an attribute of the entries? This would be useful for defining dynamic groups based on posixGroup (which need only the username, not the full DN) and populating them with entries from posixAccounts. If the dynlist-attrset could be extended by one parameter like: dynlist-attrset <group-oc> <URL-ad> [<member-ad>] [<result-ad>] ... where the additional parameter specifies the attribute that should be returned from the search results, a dynamic posixGroup could be configured like that: dynlist-attrset myposixGroup memberURL memberUid uid with a search filter like that: ldap:///ou=users,dc=local,dc=site??sub?(&(objectClass=posixAccount)(<searchfilter>)) I.e. "take the uid attribute of the matched entries and add them as memberUid." Could this extension be easily implemented? Is there currently any workaround? E.g. a way to dynamically add a memberUid to each posixAccount that contains the same data as the uid attribute? If that works, a filter like ldap:///ou=users,dc=local,dc=site?memberUid?sub?(&(objectClass=posixAccount)(<searchfilter>)) ... could work. Thanks in advance, --leo -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria

3 6

Help on Replication
by Márcio Luciano Donada 04 Nov '09

04 Nov '09

Hi People, I am doing replication and until yesterday I was doing successfully, but now to include two new users to master the slave server does not have the information yet, I'm checking the logs with the following message: got empty syncUUID with LDAP_SYNC_ADD configuration of the master server: overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 index entryCSN,entryUUID eq lastmod on configuration of the slave server: syncrepl rid=001 provider=ldap://xxx.xxx.xxx.245 type=refreshOnly interval=00:00:10:00 searchbase="dc=xxxxxxxxxxxxxx,dc=com,dc=br" filter="(objectclass=*)" scope=sub attrs="*,+" schemachecking=off bindmethod=simple binddn="cn=yyyyyyyyyy,dc=xxxxxxxxxxxx,dc=com,dc=br" credentials="xxxxxxxxxxxxx" updateref ldap://xxx.xxx.xxx.245 -- Márcio Luciano Donada <mdonada at auroraalimentos dot com dot br> Aurora Alimentos - Cooperativa Central Oeste Catarinense Departamento de T.I.

4 5

nonpresent_callback in syncrepl
by Volker Wetzelaer 29 Oct '09

29 Oct '09

> Hi there, > > i got a problem with syncrepl, o at least i think it is a problem. > The consumer runs totally normal for a time and the the logfile shows messages > like tge following one. > In fact there are such messages for the whole ldap-entries and the consumer > does no replication while > it is "walking" through the database. > > Can anyone help me with that and tell me how to avoid ? > Or is it not a problem at all ? > > I got 2 other consumers using exactly the same configuration (apart from the > rid) ant those servers > do not show the same problem. > > Oct 28 14:22:29 dusradius02-pluto-voip slapd[31908]: nonpresent_callback: > rid=003 got UUID cf8e7434-574b-102e-9935-cd4b3be449f8, dn > qscId=616351,dc=radius,dc=123 > > thanks, volker >

2 1

Which overlays are present in my openldap server ?
by vishesh kumar 29 Oct '09

29 Oct '09

Dear members Is there any way to know which overlays are present in my openldap servers? Can overrlays can be introduced in precompiled slapd ? Thanks

4 6

Re: samba ldap
by Brett Maxfield 28 Oct '09

28 Oct '09

The log from samba says ldap: where's your test command says ldaps: maybe try ldap: from test command in case you only listen for ssl? On 27/10/2009, at 7:28 PM, Kaushal Shriyan <kaushalshriyan(a)gmail.com> wrote: > Hi, > > I am following https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html > and ldap works perfectly fine. > I have issues with connecting to ldap from samba. > > I get > > [2009/10/27 12:37:28, 1] lib/smbldap.c:another_ldap_try(1153) > Connection to LDAP server failed for the 9 try! > [2009/10/27 12:37:29, 2] lib/smbldap.c:smbldap_open_connection(786) > smbldap_open_connection: connection opened > [2009/10/27 12:37:29, 2] lib/smbldap.c:smbldap_connect_system(982) > failed to bind to server ldap://localhost/ with > dn="cn=admin,dc=mt,dc=webaroo,dc=com" Error: Can't contact LDAP server > (unknown) > > I have ldapserver running on the same server as samba server is > running. when i run ldapsearch -x -H ldaps://localhost. I am able to > see the user details. > Please let me know if anyone needs configs and additional information. > Also when i run smbldap-populate, i get > http://paste.ubuntu.com/302630/ > > Thanks, > > Kaushal

4 7

defining own attributes/class
by Zdenek Styblik 27 Oct '09

27 Oct '09

Hello, I would like to ask, if somebody knows a really good how-to about $subj. I've read couple books, let's say I'm able to define my own attribute, even extend some existing object - I think these are no problem, as they are based on trying right-wrong. My biggest concern is about numbering [OID/PEN ?]. I've requested PEN from IANA, no problem here. But how should I divide numbers to attributes? Does it matter? Can I run out of space? Do something [utterly] wrong? I just haven't seen this [numbering] explained to the last bit anywhere. Or may be, I've just read wrong. I mean, should it be like tree structure and eg. class1 = prefix.PEN.1.X; class2 = prefix.PEN.2.X; ...; classN = prefix.PEN.N.X; ? But may be there is no "bigger" sense I'm looking for and incremental numbering (+1 per attribute) is just enough. PS: for example, I would like to add JID [jabber ID]/IM [which would hold whatever Instant Messaging string] attribute and extend InetOrgPerson with this attribute. Thanks in advance for explanation/pointing me to the right direction. Regards, Zdenek -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla(a)turnovfree.net jabber: stybla(a)jabber.turnovfree.net

2 1

samba ldap
by Kaushal Shriyan 27 Oct '09

27 Oct '09

Hi, I am following https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html and ldap works perfectly fine. I have issues with connecting to ldap from samba. I get [2009/10/27 12:37:28, 1] lib/smbldap.c:another_ldap_try(1153) Connection to LDAP server failed for the 9 try! [2009/10/27 12:37:29, 2] lib/smbldap.c:smbldap_open_connection(786) smbldap_open_connection: connection opened [2009/10/27 12:37:29, 2] lib/smbldap.c:smbldap_connect_system(982) failed to bind to server ldap://localhost/ with dn="cn=admin,dc=mt,dc=webaroo,dc=com" Error: Can't contact LDAP server (unknown) I have ldapserver running on the same server as samba server is running. when i run ldapsearch -x -H ldaps://localhost. I am able to see the user details. Please let me know if anyone needs configs and additional information. Also when i run smbldap-populate, i get http://paste.ubuntu.com/302630/ Thanks, Kaushal

2 1

Openldap + GroupOffice
by Bruno Steven 27 Oct '09

27 Oct '09

Hi I trying integrate openldap more group-office, somebody have documentation or how to for this ? Thanks.... -- Bruno Steven - Administrador de sistemas. LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4 https://www.lpi.org/caf/Xamman/certification MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100 https://mcp.microsoft.com/authenticate/validatemcp.aspx P Antes de imprimir pense em sua responsabilidade e comprometimento com o Meio Ambiente. Before printing this message, think about your ecologic responsability and environment commitment.

1 0

Making copies of attribute values
by Ravi Verma 27 Oct '09

27 Oct '09

Dear Friends, I have a need to extend an LDAP schema by adding an attribute and copy the value from an existing attribute to it. We need to keep the two copies of the attribute values in synch. It is a kind of replication where it is replicating one attribute into another in the same record. I appreciate your help. -- Kind regards. Ravi Verma Chief Executive Officer Telecommand Software and Services 3175 Sunset Blvd, Suite 104-B Rocklin, CA 95677 Phone:9167053261 Fax:9169142008 www.telecommand.com

3 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical October 2009