Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years, 3 months
Problem with nss-ldap using GSSAPI
by Wojtek Polcwiartek
Hello,
we use ldap as name source in our system (libnss-ldap).
Until now we used anonymous bind with LDAP and it worked fine.
Now we want to switch to GSSAPI (MIT Krb5), but getting names ('getent
passwd <name>') does not work: no result is returned/printed.
Strange is that, when we run the query in debug-mode (debug 7 in
/etc/ldap.conf), you can see the correct result in the debug part (in
"hexes") but at the end no result is printed .
The only error message we could see is:
res_errno: 14, res_error: <SASL(0): successful result: >, res_matched: <>
Querying LDAP with ldapsearch still works fine.
Do You have any idea how to get closer to the source of the problem?
We use Ubuntu Karmic as client (repo package) and Solaris10 (with
OpenLdap 2.4.16) as server.
Greetings!
--
Wojtek Polcwiartek
------
tubIT
TU-Berlin
Web : www.tubit.tu-berlin.de
Email : tubit(a)tu-berlin.de
Tel : +49.30.314.28000
13 years, 7 months
Server Side sort and the cn attribute
by Edward Capriolo
We use openldap as a back end for many things. One of the thing, it
can be used for is an address book for outlook. Recently we upgrade to
2.4.16->2.4.20 from 2.(who knows how old).
Outlook 2003 clients stopped working:
http://support.microsoft.com/kb/555536
So I followed the instructions here to enable server side sorting:
http://bacedifo.blogspot.com/2009/09/server-side-sort-with-openldap2418.html
I was able to add the ordering to the sn attribute.
attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
ORDERING caseIgnoreOrderingMatch
SUP name )
Unfortunately outlook is looking at the cn attribute
@400000004b21316a0e808064 sssvlv: no ordering rule specified and no
default ordering rule for attribute cn
@400000004b21316a0e808834 <= get_ctrls: n=1 rc=18 err="serverSort
control: No ordering rule"
That unfortunately is not defined in the core.schema
# system schema
#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
# DESC 'RFC2256: common name(s) for which the entity is known by'
# SUP name )
I am sure there is a good reason why cn does not have an ordering, but
I am guessing it used to have this in the distant past since this
previously worked. So how would I go about changing the system schema?
Or does anyone have a better way to deal with this.
(I know I could play with client registry (kb) article but I would
like to handle this server side)
Thank you for your insights.
13 years, 8 months
changing rootdn password
by Mihamina Rakotomandimby
Manao ahoana, Hello, Bonjour,
On a Debian and a Ubuntu I install OpenLDAP with the package manager.
It usually asks for an admin password.
But when looking in /etc/ldap/ I found no place where it is stored
(even in an encrypted form).
I would like to change that admin password without calling
'dpkg-reconfigure slapd'.
Is there an ldap utility or built-in command for that purpose?
Misaotra, Thanks, Merci.
--
Architecte Informatique chez Blueline/Gulfsat:
Administration Systeme, Recherche & Developpement
+261 34 29 155 34 / +261 33 11 207 36
13 years, 8 months
Clients can't authenticate via consumer server
by Jaap Winius
Hi all,
On my test system, which uses OpenLDAP simple authentication, I'm
unable to get clients to authenticate to a consumer server, although
they can authenticate to its provider server without a problem. Here's
a snippet of the consumer's syslog, for which I've set the slapd.conf
loglevel to "acl":
==================
Dec 30 02:13:28 ldapc2 slapd[3031]: => acl_mask: access to entry
"uid=ccolumbus,ou=People,dc=example,dc=com", attr "userPassword"
requested
Dec 30 02:13:28 ldapc2 slapd[3031]: => acl_mask: to value by "", (=0)
Dec 30 02:13:28 ldapc2 slapd[3031]: <= check a_dn_pat:
cn=admin,dc=example,dc=com
Dec 30 02:13:28 ldapc2 slapd[3031]: <= check a_dn_pat: anonymous
Dec 30 02:13:28 ldapc2 slapd[3031]: <= acl_mask: [2] applying auth(=xd) (stop)
Dec 30 02:13:28 ldapc2 slapd[3031]: <= acl_mask: [2] mask: auth(=xd)
==================
Judging from this, I suspect that I've misconfigured the account on
the consumer server that the client machines must use to access
password values in the database to authenticate clients. Currently,
the consumer's ACLs look like this:
==================
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=example,dc=com" read
by anonymous auth
by * none
access to dn.base="" by * read
access to *
by * read
==================
This is the same admin account that I use on the provider. If I set
the client's libnss-ldap configuration to use this account and its
matching password to authenticate users via the consumer server, it
doesn't work.
Any idea about what I'm doing wrong?
Thanks,
Jaap
13 years, 9 months
Renaming of attributes in ldap schema
by Thilko Richter
Hello,
I have a general ldap question: I would like to use ldap as
configuration store for my applications. Each application gets his own
object schema, since then the number properties is deterministic.
Since a number of developers are involved, I try to generate the
schema definition from a ruby DSL. I am now thinking about what
happens to existing entries in the dit if the oids or names of the
attribute definitons has changed? Are they invalid after ldap server
restart? Would you recommend not to renaming any elements in the
schema?
I have seen that the attributes on existing entries disappeared if I
change the name in the schema.
Regards,
Thilko
13 years, 9 months
LDAP programming book
by Murray S. Kucherawy
Is the 1997 book "LDAP: Programming Directory-Enabled Applications" by Smith & Howes reasonably current to the latest OpenLDAP releases, or has enough changed in the intervening 12 years that it's not worth getting?
13 years, 9 months
Chain overlay not available in Debian lenny?
by Jaap Winius
Hi all,
Can anyone confirm that the chain overlay is not available in the
version of OpenLDAP (2.4.11-1) that comes with Debian lenny?
Although the man page for it still exists, loading it as a module
result in an error (lt_dlopenext failed: (chain) chain.so: cannot open
shared object file: No such file or directory), as does activating it
(overlay "chain" not found) as well as attempts to use any of the
"chain-" options in slapd.conf.
Also, there's a Debian bug report (#502769, 19 Oct. 2008) with the
subject "when adding overlay chain to the slapd.conf slapd crashes
with overlay chain not found." No mention is made of a solution, but
could it be that the chain overlay was simply removed from the slapd
package as result?
Thanks,
Jaap
13 years, 9 months
ACL problem
by Il Neofita
Hi
I am new and probably I am facing a very basic error
I am tring to create an admin for a subset
I create this ldif
dn: cn=mmmm,dc=test,dc=xx
cn: mmmm
sn: mmmm
objectClass: person
objectClass: top
userPassword: test
then on sladp.conf
...
access to dn.subtree="ou=people,dc=test,dc=xx"
by dn="cn=mmmm,dc=test,dc=xx" write
by * read
...
Restarted ldap
ldapsearch -x -D "cn=mmmm,dc=test,dc=xx" -W '(objectclass=*)'
ldap_bind: Invalid credentials (49)
What am I do wrong?
13 years, 9 months
deprecated function ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp
by DT Piotr Wadas
Hello,
using openldap 2.4.17
I'm fixing obsolete things in my old application, e.g. removed some extern
statements. When building I got
xxx.c:790: error: 'ldap_sort_strcasecmp' undeclared (first use
in this function)
After further investigation I discovered this
http://www.mail-archive.com/openldap-devel@openldap.org/msg01517.html
quote:
" ldap_sort_entries
ldap_sort_values
ldap_sort_strcasecmp
of which Net::LDAPapi only uses ldap_sort_entries.
Is there a replacement function for this? If not, any thoughts on what
the steps are to duplicate that functionality?
So no one else knows what these functions do either? ;)
Well, functions tend to get deprecated due to neglect. If nobody has ever
used them thus far.....
-- Howard Chu"
Well, seems I know what these function do, I used it to sort set of values
of the retrieved attribute ( char ** ), specifying function, which is
to be used for sorting. The form of call was (is)
ldap_sort_values( LDAP * ldc, char ** vals, ( fn & ) ldap_sort_strcasecmp);
The idea was, that when I got attribute values set like
attrName: /abc/xyz
attrName: /abc/x/nnnn
attrName: /abc
attrName: /abc/xyz/u/m
numericAttrName: 10
numericAttrName: 5
numericAttrName: 123
I need to process it in some resonable order, according to application
needs, it was easier to use library functions than create my own's.
I denoted these with ' //LDAP_SORT_AV_CMP_PROC *cmp ', but don't remember
was I meant, must have been about 3 years ago.
Any suggestions? Shall I create my own function to sort retrieved values,
or use some server control?
AFAIR one has no influence on the order, in which attribute values are
PUT into the entry, but when it comes to use it, it is important to be
sure, that there's NO variable of value "7" processed before value "10"
ldap_sort (3) - LDAP sorting routines (deprecated)
ldap_sort_entries (3) - LDAP sorting routines (deprecated)
ldap_sort_strcasecmp (3) - LDAP sorting routines (deprecated)
ldap_sort_values (3) - LDAP sorting routines (deprecated)
Regards,
DT
--
http://dtpw.pl/buell [ 25th anniversary of Buell - American Motorcycles ]
Linux aleft 2.6.27.29-0.1_lustre.1.8.1.1-default #1 SMP
drbd 8.3.6-(api:88/proto:86-91)
pacemaker 1.0.6-cebe2b6ff49b36b29a3bd7ada1c4701c7470febe
13 years, 9 months