Map attributes to access LDAP addressbook with thunderbird too
by Matthias Fechner
Hi,
I have written a small web application some time ago which stores all
information inside a openldap directory.
When I access now information via thunderbird it displays some value,
but some values are not shown.
I searched now a little why and it seems that thunderbird asks his own
fields like mozillaHomeStreet, mozillaHomeUrl and so on.
But i stored my information in homepostaladdress and some other field
the schema file give you.
My question now is:
Is it possible that when tunderbird ask for the field mozillaHomeStreet
return there the field homepostaladdress?
Thanks a lot for answers
Matthias
--
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook
11 years, 6 months
how difference x509 attribute and extensions
by owen nirvana
sorry , I am a newbie.
I could not know how to use x509 attribute, maybe do not.
in x509.h, all functions about x509 attribute are not related with other parts.
and if I might add an unstandard attribute to x509 certificate, so ,
why I need x509 extentions
gtalk:freeespeech@gmail.com
11 years, 6 months
ldap_bind error
by Mburu, Patrick
When i use this command;
/usr/bin/ldapadd -x -D 'uid=root,dc=fedora,dc=directory,dc=server' -W -f
/tmp/domain.ldif
after entering the LDAP password i get this error: ldap_bind cannot contact
ldap server.
Any help or guideline will be appreciated.
Regards,
--
Patrick Mburu | Systems Engineer
OPENWORLD LTD | Kenindia House |2nd Floor | P.O. Box 10918 00100 GPO NAIROBI
Tel: 020 6750212, 2210772/3 | Fax: 020 2210772
Cell: 0725 550 906 - 0770 078 804
Email: pmburu(a)openworld.co.ke
Web: www.openworld.co.ke
Awards: CSK ' Open Source Solution Provider of the Year 2006 Award'
11 years, 6 months
sasl binding with ssl encryption
by Xu, Qiang (FXSGSC)
Hi, all:
My LDAP SASL binding is successful, but when I want to channel the traffic over SSL, it fails:
=====================================================================
qxu@durian(pts/0):/etc[201]$ kinit XCTEST100(a)XCIPV6.COM
Password for XCTEST100(a)XCIPV6.COM:
...
qxu@durian(pts/0):/etc[203]$ klist
Ticket cache: FILE:/tmp/krb5cc_20153
Default principal: XCTEST100(a)XCIPV6.COM
Valid starting Expires Service principal
10/19/09 10:31:28 10/19/09 20:28:25 krbtgt/XCIPV6.COM(a)XCIPV6.COM
renew until 10/20/09 10:31:28
...
qxu@durian(pts/0):/etc[204]$ ldapsearch -Y GSSAPI -H ldap://13.198.97.42:389 -b dc=xcipv6,dc=com -s sub -LLL cn=XCTEST100 mail
SASL/GSSAPI authentication started
SASL username: XCTEST100(a)XCIPV6.COM
SASL SSF: 56
SASL installing layers
dn: CN=XCTEST100,CN=Users,DC=XCIPV6,DC=COM
mail: XCTEST100(a)xcipv6.com
# refldap://ForestDnsZones.XCIPV6.COM/DC=ForestDnsZones,DC=XCIPV6,DC=COM
# refldap://DomainDnsZones.XCIPV6.COM/DC=DomainDnsZones,DC=XCIPV6,DC=COM
# refldap://XCIPV6.COM/CN=Configuration,DC=XCIPV6,DC=COM
...
qxu@durian(pts/0):/etc[205]$ ldapsearch -Y GSSAPI -H ldaps://13.198.97.42:636 -b dc=xcipv6,dc=com -s sub -LLL cn=XCTEST100 mail
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Server is unwilling to perform (53)
additional info: 00002029: LdapErr: DSID-0C09048A, comment: Cannot bind
using sign/seal on a connection on which TLS or SSL is in effect, data 0, v1771
...
qxu@durian(pts/0):/etc[206]$ ldapsearch -Y GSSAPI -O maxssf=0 -H ldaps://13.198.97.42:636 -b dc=xcipv6,dc=com -s sub -LLL cn=XCTEST100 mail
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Server is unwilling to perform (53)
additional info: 00002029: LdapErr: DSID-0C09048A, comment: Cannot bind
using sign/seal on a connection on which TLS or SSL is in effect, data 0, v1771
=====================================================================
Someone has mentioned that in order to do sasl binding over ssl, the security property " -O maxssf=0" must be set. However, this still fails.
Any suggestions?
Thanks,
Xu Qiang
11 years, 6 months
Database corruption revisited.
by Cliff Pratt
In an email of 5 August 2009 Howard Chu says "If your disks are working
and haven't run out of space, database corruption pretty much never
happens. You probably should describe the situation that leads you to
believe there was a corruption. You should also list the versions of
software in use."
We have been plagued over the years with instances where the database
appears to have been corrupted. I'm quite happy to be proved wrong, and
would be pleased, very pleased to find a solution. As I said this has
happened over the years, on ancient Debian systems, through RedHat's
RHEL3, RHEL4, and maybe RHEL5. I'm not sure of the last. Every three or
four months the application that uses OpenLDAP stops responding. We then
run 'slapcat' against the LDAP datastore and if it hangs we stop
slapd, run a recovery on the BDB and start everything up again. Now and
then slapd refuses to start and we have to restore from a backup (also
taken by slapcat).
As I said, this has happened on many versions of OpenLDAP and on
different operating systems. The latest version that I am sure it has
happened on is RHEL 4.2 and OpenLDAP 2.2.13-4 (I think that is the
version - I'm not able to access the servers at present so I'm going by
memory).
I'd be very pleased, ecstatic even, to find a solution to this. It's
been a thorn in my side for many years. What information would be useful
in pointing me at a solution? I'd only add that I am not an LDAP or
OpenLDAP expert - the systems only get touched when an upgrade is
necessary. Any advice would be appreciated.
Cheers, hoping for a solution, or at least pointers to one.
Cliff
11 years, 6 months
2.4.18 refint getting "no such attribute" in bdb_modify_internal with removal; works with rename
by Andreas Hasenack
Hi,
I'm using the refint overlay with a few attributes, but I can't get it
to work with krbPwdPolicyReference from MIT kerberos 1.7. I get the
error from the subject when deleting the entry this attribute
references.
If, however, I *rename* the entry, the krbPwdPolicyReference attribute
gets updated correctly. It seems to fail only when I remove the entry.
This is the config:
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
objectClass: olcRefintConfig
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: krbObjectReferences
olcRefintAttribute: member
olcRefintAttribute: krbPwdPolicyReference
olcRefintNothing: cn=localroot,cn=config
This is the entry which has the attribute pointing to the entry I will
remove (some attributes omitted for brevity):
dn: krbPrincipalName=andreas(a)EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=
example,dc=com
krbPrincipalName: andreas(a)EXAMPLE.COM
objectClass: krbPrincipal
objectClass: krbPrincipalAux
objectClass: krbTicketPolicyAux
krbObjectReferences: uid=andreas,ou=people,dc=example,dc=com
krbPwdPolicyReference: cn=default,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example
,dc=com
This is the entry I'm deleting. I would expect the
krbPwdPolicyReference attribute from my entry above to be deleted. If
I rename this cn=default, then krbPwdPolicyReference gets updated
correctly.
dn: cn=default,cn=EXAMPLE.COM,ou=Kerberos Realms,dc=example,dc=com
cn: default
objectClass: krbPwdPolicy
krbMaxPwdLife: 36000
krbMinPwdLife: 0
krbPwdMinDiffChars: 1
krbPwdMinLength: 1
krbPwdHistoryLength: 1
These are the relevant logs (level 16383):
Oct 7 16:55:33 maestro slapd[6381]: refint_search_cb <NOTHING>
Oct 7 16:55:33 maestro slapd[6381]: ==> unique_modify
<krbPrincipalName=andreas(a)EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos
Realms,dc=example,dc=com>
Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: ndn:
"krbPrincipalName=andreas(a)EXAMPLE.COM,cn=example.com,ou=kerberos
realms,dc=example,dc=com"
Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: oc: "(null)",
at: "(null)"
Oct 7 16:55:33 maestro slapd[6381]:
bdb_dn2entry("krbPrincipalName=andreas(a)EXAMPLE.COM,cn=example.com,ou=kerberos
realms,dc=example,dc=com")
Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: found entry:
"krbPrincipalName=andreas(a)EXAMPLE.COM,cn=example.com,ou=kerberos
realms,dc=example,dc=com"
Oct 7 16:55:33 maestro slapd[6381]: bdb_entry_get: rc=0
Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: ndn:
"krbPrincipalName=andreas(a)EXAMPLE.COM,cn=example.com,ou=kerberos
realms,dc=example,dc=com"
Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: oc: "(null)",
at: "(null)"
Oct 7 16:55:33 maestro slapd[6381]:
bdb_dn2entry("krbPrincipalName=andreas(a)EXAMPLE.COM,cn=example.com,ou=kerberos
realms,dc=example,dc=com")
Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: found entry:
"krbPrincipalName=andreas(a)EXAMPLE.COM,cn=example.com,ou=kerberos
realms,dc=example,dc=com"
Oct 7 16:55:33 maestro slapd[6381]: bdb_entry_get: rc=0
Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: ndn:
"cn=default,ou=password policies,dc=example,dc=com"
Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: oc: "(null)",
at: "(null)"
Oct 7 16:55:33 maestro slapd[6381]:
bdb_dn2entry("cn=default,ou=password policies,dc=example,dc=com")
Oct 7 16:55:33 maestro slapd[6381]: => bdb_entry_get: found entry:
"cn=default,ou=password policies,dc=example,dc=com"
Oct 7 16:55:33 maestro slapd[6381]: bdb_entry_get: rc=0
Oct 7 16:55:33 maestro slapd[6381]: hdb_modify:
krbPrincipalName=andreas(a)EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos
Realms,dc=example,dc=com
Oct 7 16:55:33 maestro slapd[6381]:
bdb_dn2entry("krbPrincipalName=andreas(a)EXAMPLE.COM,cn=example.com,ou=kerberos
realms,dc=example,dc=com")
Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: 0x00000042:
krbPrincipalName=andreas(a)EXAMPLE.COM,cn=EXAMPLE.COM,ou=Kerberos
Realms,dc=example,dc=com
Oct 7 16:55:33 maestro slapd[6381]: <= acl_access_allowed: granted to
database root
Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: delete
krbPwdPolicyReference
Oct 7 16:55:33 maestro slapd[6381]: dnMatch
0#012#011"cn=default,cn=example.com,ou=kerberos
realms,dc=example,dc=com"#012#011"cn=default,cn=example.com,ou=kerberos
realms,dc=example,dc=com"
Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: replace modifiersName
Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: delete
krbPwdPolicyReference
Oct 7 16:55:33 maestro slapd[6381]: bdb_modify_internal: 16
modify/delete: krbPwdPolicyReference: no such attribute
Oct 7 16:55:33 maestro slapd[6381]: hdb_modify: modify failed (16)
Oct 7 16:55:33 maestro slapd[6381]: send_ldap_result: conn=-1 op=0 p=0
Oct 7 16:55:33 maestro slapd[6381]: send_ldap_result: err=16
matched="" text="modify/delete: krbPwdPolicyReference: no such
attribute"
Oct 7 16:55:33 maestro slapd[6381]: refint_repair: dependent modify failed: 16
Any hints?
11 years, 6 months
ldap_search: LDAP Adminstration Limit Error
by Parag Kalra
Hello Friends,
I am using a 'ldapsearch' command from Ubuntu machine to fetch entries from
SunOne directory server hosted on Windows machine.
I am able to retrieve the records but not all. At one stage it aborts
abruptly and throws following error -
ldap_search: LDAP Adminstration Limit Error
Any pointers on what this error is all about and how can I get rid of it?
Cheers,
Parag
11 years, 6 months
OpenLDAP 2.4.16: LDAP entry deletions not propaged in certain syncrepl multimaster scenario
by Alvin Wong
Hi
I've encounter a problem in OpenLDAP 2.4.16 on 2 LDAP servers system setup with syncrepl multimaster and all data are synchronized. If server A is down and LDAP entries (leaf or subtree) are deleted on server B, when server A comes up, those LDAP entries are not removed from server A by syncrepl. If LDAP operations are done on either servers while both are up, syncrepl correctly propagates them to the other server.
Below are the slapd.conf files for both server A and B. Is there something wrong with the way they are configured or is this a known issue?
Thanks in advance.
========= SERVER A SLAPD.CONF ==============
ucdata-path "C:/Program Files/MyApp/database"
include "C:/Program Files/MyApp/schemaconf/core.schema"
include "C:/Program Files/MyApp/schemaconf/corba.schema"
include "C:/Program Files/MyApp/schemaconf/cosine.schema"
include "C:/Program Files/MyApp/schemaconf/inetorgperson.schema"
include "C:/Program Files/MyApp/schemaconf/nis.schema"
include "C:/Program Files/MyApp/schemaconf/spanlink.schema"
pidfile "C:/Program Files/MyApp/bin/slapd.pid"
argsfile "C:/Program Files/MyApp/bin/slapd.args"
idletimeout 300
sizelimit unlimited
allow bind_v2
conn_max_pending_auth 2000
access to dn.subtree="ou=People,o=Spanlink Communications"
by dn="cn=user,ou=People,o=Spanlink Communications" read
by * read
access to *
by dn="cn=user,ou=People,o=Spanlink Communications" write
by dn="cn=replication1,ou=People,o=Spanlink Communications" write
by dn="cn=replication2,ou=People,o=Spanlink Communications" write
by * read
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=Spanlink Communications"
rootdn "cn=super,ou=People,o=Spanlink Communications"
checkpoint 10 1
cachesize 50000
searchstack 8
rootpw secret
directory "C:/Program Files/MyApp/database"
# Indices to maintain
index objectClass eq
index entryCSN eq
# for sync repl
serverID 1
syncrepl rid=123
searchbase="o=Spanlink Communications"
provider=ldap://10.10.10.75:38983
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=on
attrs=*
bindmethod=simple
binddn="cn=replication1,ou=People,o=Spanlink Communications"
credentials=secret
mirrormode true
overlay syncprov
syncprov-checkpoint 100 1
========= SERVER B SLAPD.CONF ==============
ucdata-path "C:/Program Files/MyApp/database"
include "C:/Program Files/MyApp/schemaconf/core.schema"
include "C:/Program Files/MyApp/schemaconf/corba.schema"
include "C:/Program Files/MyApp/schemaconf/cosine.schema"
include "C:/Program Files/MyApp/schemaconf/inetorgperson.schema"
include "C:/Program Files/MyApp/schemaconf/nis.schema"
include "C:/Program Files/MyApp/schemaconf/spanlink.schema"
pidfile "C:/Program Files/MyApp/bin/slapd.pid"
argsfile "C:/Program Files/MyApp/bin/slapd.args"
idletimeout 300
sizelimit unlimited
allow bind_v2
conn_max_pending_auth 2000
access to dn.subtree="ou=People,o=Spanlink Communications"
by dn="cn=user,ou=People,o=Spanlink Communications" read
by * read
access to *
by dn="cn=user,ou=People,o=Spanlink Communications" write
by dn="cn=replication1,ou=People,o=Spanlink Communications" write
by dn="cn=replication2,ou=People,o=Spanlink Communications" write
by * read
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "o=Spanlink Communications"
rootdn "cn=super,ou=People,o=Spanlink Communications"
checkpoint 10 1
cachesize 50000
searchstack 8
rootpw secret
directory "C:/Program Files/MyApp/database"
# Indices to maintain
index objectClass eq
index entryCSN eq
# for sync repl
serverID 2
syncrepl rid=123
searchbase="o=Spanlink Communications"
provider=ldap://10.10.10.196:38983
type=refreshAndPersist
retry="5 5 300 +"
schemachecking=on
attrs=*
bindmethod=simple
binddn="cn=replication2,ou=People,o=Spanlink Communications"
credentials=secret
mirrormode true
overlay syncprov
syncprov-checkpoint 100 1
[cid:image001.gif@01CA4E62.2F0CA5C0]
ALVIN WONG
SENIOR SOFTWARE ENGINEER
DIRECT +1 (763).795.7752
alvin.wong(a)calabrio.com<mailto:alvin.wong@calabrio.com>
Download vCard File
Products<http://www.calabrio.com/products.asp> | Partners<http://www.calabrio.com/partners.asp> | Contact Us<http://www.calabrio.com/contact.asp>
This message is confidential, and any unauthorized disclosure, use or dissemination (either whole or in part) is prohibited. If you are not the intended recipient of the message please notify the sender immediately and delete the message from your system.
11 years, 6 months
ipv6 support in openldap
by Bad Guy
Dear sir,
I want to ask whether openldap support ipv6, if yes, which version of openldap support it ?
Thanks
_________________________________________________________________
隨身的 Windows Live Messenger 和 Hotmail,不限時地掌握資訊盡在指間 — Windows Live for Mobile
http://3c.msn.com.tw/mobile/
11 years, 6 months
Replication
by Márcio Luciano Donada
Hi People
My LDAP server (master) is debian Lenny with 2.4.11-1 version, I am
implementing a server that will be in a unit of the company, I need to
replicate the LDAP, but because of the hardware I am using CentOS 5.3
with ldap version openldap-servers-2.3.43-3.el5. This will be a problem
for replication or can do do otherwise?
--
Márcio Luciano Donada <mdonada at auroraalimentos dot com dot br>
Aurora Alimentos - Cooperativa Central Oeste Catarinense
Departamento de T.I.
11 years, 6 months