Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years, 3 months
OpenLDAP 2.4.16 hanging - ideas welcome
by J. Landamore
We run 4 2.4.16 servers as 2 provider/consumer pairs, one pair for our
staff systems and one pair for our teaching facilities.
They are all on Solaris10u7 xen virtual hosts.
The staff pair run fine
The consumer on the teaching pair runs fine
The provider on the teaching pair runs fine until it gets hit by a heavy
load, eg start of a lab when ~100 PCs try and authenticate their user. At
this point it refuses to serve LDAP requests. Traffic is still coming in
to the box and existing connections seem OK.
The break point is about 35PCs, below that there isn't a problem.
Restarting slapd cures the problem and off we go until the start of the
next big lab.
I've run at various log levels but not been able to see any obvious
messages. All I see, even when everything is fine, are messages of the
form
send_search_entry: conn 11639 ber write failed.
connection_read(38): no connection!
The slapd.conf (minux the syncprov bit) is:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/duaconf.schema
include /usr/local/etc/openldap/schema/local.schema
pidfile /var/openldap/run/slapd.pid
argsfile /var/openldap/run/slapd.args
conn_max_pending 200
idletimeout 60
sizelimit 2000
loglevel 256
database bdb
suffix "dc=my,dc=domain"
rootdn "cn=me,dc=my,dc=domain"
rootpw {SSHA}guess
directory /var/openldap/openldap-data
index cn,entryCSN,entryUUID,gidNumber,ipHostNumber,memberUid eq
index objectclass,uid,uidNumber,uniqueMember eq
cachefree 16
cachesize 1500
checkpoint 0 60
dncachesize 1500
idlcachesize 3000
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=fred,ou=Profile,dc=my,dc=domain"
read
by * none
access to *
by self write
by users read
by * read
The only entry in DB_CONFIG is set_cachesize 0 26214400 0
cache hits are at 99%
I'm stumped for a cause/solution, can anyone either give me a pointer as
to what to look for in the logs or suggest a possible cause. Could it be
hitting the 256 open file limit?
Thanks
--
John Landamore
Department of Computer Science
University of Leicester
University Road, LEICESTER, LE1 7RH
J.Landamore(a)mcs.le.ac.uk
Phone: +44 (0)116 2523410 Fax: +44 (0)116 2523604
13 years, 9 months
dynlist overlay feature request
by Alexander 'Leo' Bergolth
Are there any plans to extend the dynlist overlays dynamic group feature
to return not the DNs of the matched entries but an attribute of the
entries?
This would be useful for defining dynamic groups based on posixGroup
(which need only the username, not the full DN) and populating them with
entries from posixAccounts.
If the dynlist-attrset could be extended by one parameter like:
dynlist-attrset <group-oc> <URL-ad> [<member-ad>] [<result-ad>]
... where the additional parameter specifies the attribute that should
be returned from the search results, a dynamic posixGroup could be
configured like that:
dynlist-attrset myposixGroup memberURL memberUid uid
with a search filter like that:
ldap:///ou=users,dc=local,dc=site??sub?(&(objectClass=posixAccount)(<searchfilter>))
I.e. "take the uid attribute of the matched entries and add them as
memberUid."
Could this extension be easily implemented?
Is there currently any workaround?
E.g. a way to dynamically add a memberUid to each posixAccount that
contains the same data as the uid attribute? If that works, a filter like
ldap:///ou=users,dc=local,dc=site?memberUid?sub?(&(objectClass=posixAccount)(<searchfilter>))
... could work.
Thanks in advance,
--leo
--
e-mail ::: Leo.Bergolth (at) wu.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
13 years, 9 months
Poor Performance on HP-UX 11v3
by 宋杨
Hi
I install openldap(ixOpenLDAP_A.13.00-2.4.16.001_HP-UX_B.11.23_IA_PA.depot) on HP-UX 11v3
But I have a low performance when multi thread search,
when one search thead about 0-1 ms, but when 10 search threads about 300+ms.
By the way all conf files are default.
Any suggestions?
Thanks
13 years, 10 months
/etc/nsswitch cause delay in start
by vishesh kumar
Dear friends
I am facing a unique problem in openldap 2.3.43 on rhel 5. 2. If i specify
ldap in /etc/nsswitch.conf like
passwd files ldap
shadow files ldap
group files ldap
And then start my ldap server, it takes lots of time to start ldap server.
If i remove ldap from /etc/nsswitch.conf , it start immediately.
Can anyone suggest be any solution for this problem.
Thanks
--
http://linuxinterviews.blogspot.com
13 years, 10 months
Syncrepl : Authentication issue
by smainklh@free.fr
Hello guys,
I'm meeting an issue when configuring ldap replication.
The synchronisation account doesn't authenticate with the provider.
Here are my configuration files :
/etc/ldap/slapd.conf (provider):
-----------------------
moduleload syncprov
database bdb
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
index objectClass,entryCSN,entryUUID eq
/etc/ldap/slapd.conf (consumer):
--------------------------
Syncrepl rid=666
provider=ldaps://provider.domain.tld:636/
type=refreshOnly
retry="60 10 600 +"
interval=00:00:30:00
searchbase="dc=domain,dc=tld"
scope=sub
schemachecking=on
bindmethod=simple
binddn="cn=syncrepluser,dc=domain,dc=tld"
credentials=secret
Errors below :
>From consumer
------------
slap_client_connect: URI=ldaps://provider.domain.tld:636/
DN="cn=syncrepluser,dc=domain,dc=tld" ldap_sasl_bind_s failed (49)
do_syncrepl: rid=666 retrying (9 retries left)
>From provider
------------
Nov 26 15:28:47 provider slapd[2514]: do_bind: version=3
dn="cn=syncrepluser,dc=domain,dc=tld" method=128
Nov 26 15:28:47 provider slapd[2514]:
bdb_dn2entry("cn=syncrepluser,dc=domain,dc=tld")
Nov 26 15:28:47 provider slapd[2514]: =>
bdb_dn2id("cn=syncrepluser,dc=domain,dc=tld")
Nov 26 15:28:47 provider slapd[2514]: <= bdb_dn2id: get failed: DB_NOTFOUND: No
matching key/data pair found (-30990)
Nov 26 15:28:47 provider slapd[2514]: send_ldap_result: conn=3 op=0 p=3
Nov 26 15:28:47 provider slapd[2514]: send_ldap_response: msgid=1 tag=97 err=49
Nov 26 15:28:47 provider slapd[2514]: connection_get(14): got connid=3
Nov 26 15:28:47 provider slapd[2514]: connection_read(14): checking for input on
id=3
Nov 26 15:28:47 provider slapd[2514]: ber_get_next on fd 14 failed errno=0
(Success)
Nov 26 15:28:47 provider slapd[2514]: connection_closing: readying conn=3 sd=14
for close
Nov 26 15:28:47 provider slapd[2514]: connection_close: deferring conn=3 sd=14
Nov 26 15:28:47 provider slapd[2514]: conn=3 op=1 do_unbind
Nov 26 15:28:47 provider slapd[2514]: connection_resched: attempting closing
conn=3 sd=14
Nov 26 15:28:47 provider slapd[2514]: connection_close: conn=3 sd=14
Do i have to create an account in the ldap tree?
Is there a problem using SSL?
Thank you for your help.
Regards,
Grifith
13 years, 10 months
LDAP + squid
by Bruno Steven
Hello ...
My squid work fine with Openldap, but I need change method authentication of
user for groups , so I made the configuration follow .
# As linhas abaixo se referem a autenticaç de usuáos no AD
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -R -b
"dc=amblivre,dc=com" -D "cn=proxy_user,ou=Internet,dc=amblivre,dc=com" -w
"password" -f sAMAccountName=%s -h 192.168.4.55
auth_param basic realm Input your password
auth_param basic children 5
auth_param basic credentialsttl 15 minutes
#acl senha proxy_auth REQUIRED
#http_access allow senha
# ACL externa para autenticaç nas bases LDAP do PDC
external_acl_type ldap_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group -R -b "dc=amblivre,dc=com" -D
"cn=proxy_user,ou=Internet,dc=amblivre,dc=co
m" -w "password" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=Internet,dc=amblivre,dc=com))"
-h 192.168.4.55
acl AcessoLivre external ldap_group AcessoLivre
http_access AcessoLivre
When the I input user and passord for auth the Squid doesn´t recognize the
credentials . There are some problem in my configuration ?
Thanks.
--
Bruno Steven - Administrador de sistemas.
LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
https://www.lpi.org/caf/Xamman/certification
MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
https://mcp.microsoft.com/authenticate/validatemcp.aspx
P Antes de imprimir pense em sua responsabilidade e comprometimento com o
Meio Ambiente. Before printing this message, think about your ecologic
responsability and environment commitment.
13 years, 10 months
Migrate BD for Mysql
by Bruno Steven
Hello
I am testing many cenarios of Open-Ldap, now I want test mysql such data
base for Openldap . Somebody know how migrate BD Openldap for Mysql ?
Thanks.
--
Bruno Steven - Administrador de sistemas.
LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
https://www.lpi.org/caf/Xamman/certification
MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
https://mcp.microsoft.com/authenticate/validatemcp.aspx
P Antes de imprimir pense em sua responsabilidade e comprometimento com o
Meio Ambiente. Before printing this message, think about your ecologic
responsability and environment commitment.
13 years, 10 months
Search responses with incorrect msgId
by Eduardo Ramos Testillano
Hi all,
My application is an ldap client based on openLdap suite. I'm having
problems when receiving search responses with incorrect msgId.
The problem is: always returns error -1 being impossible to discriminate
other situations like remote server close.
The application always detach the connection fd when -1 is received (99%
is broken connection).
But we don't want to do close this when "receive a search response with
out-of-context msgId" (usually "out-of-time search result entries" after
sending AbandonRequest from client).
I can't use ldap_msgid, because 'LDAPMessage*' is NULL and causes abort()
(anyway, no special result code is specified for this situation at
ldap_msgid API description).
My code:
LDAP* handle = (LDAP*) a_ldap;
LDAPMessage* hmessage (NULL);
resultCode = ldap_result (handle, LDAP_RES_ANY, LDAP_MSG_ONE, NULL,
&hmessage);
// I test the following, hoping result is not -1 with
LDAP_RES_UNSOLICITED, but it returned -1 again...
if (resultCode.getValue () == -1)
resultCode = ldap_result (handle, LDAP_RES_UNSOLICITED,
LDAP_MSG_ONE, NULL, &hmessage);
¿do you know any other way to identify responses with incorrect msgid?
thnks
Regard,
Edu
13 years, 10 months