openldap-technical December 2009

openldap-technical@openldap.org

59 participants
67 discussions

Is there any accounting software using ldap for customers and suppliers?
by Damiano Venturin 24 Dec '09

24 Dec '09

Hi, that's my first post here. I realize that this is not exactly the kind of message that I should post here but I'm really going mad trying to find an accounting software which uses natively ldap as a backend. I'm not looking for something that can synchronize, import or export into ldap. Are you aware of some good software? It doesn't matter if it's for free or not. It would be cool if it's open. Thank you -- Damiano Venturin http://www.squadrainformatica.com

3 4

Developer's cookbook for adding LDAP support
by Murray S. Kucherawy 23 Dec '09

23 Dec '09

Are there any good documentation sites or books out there for adding LDAP support to a program? The ldap(3) man page is pretty sparse. I've been told that basically studying the OpenLDAP source itself is the best way to figure it out, but I'm hoping there's something better. I have only very rudimentary knowledge of LDAP in general. Almost all of my exposure to OpenLDAP was through a helper library that did a lot of work for me, but that was at a previous job. This is for an open source project. The application to be updated already has support to get key-value pairs from SQL/ODBC and Sleepycat DB sources, and I have a request to include support for LDAP. Essentially in the application I am given an email recipient and I need to get from the database a piece of detail I need to append to that outgoing mail. There's no standard schema for this (yet; it's been suggested we create one through the IETF), so I will need to allow administrators to specify which attributes to request. Any helpful pointers would be appreciated. Happy holidays, -MSK

2 1

LDAPS queries in C/C++ - conceptual question
by Robert Welz 23 Dec '09

23 Dec '09

Hello, I was asked to expand some C++ software to do ldap queries with TLS on a server with SSL certificate. We want the server to authenticate by its certificate so our software is protected from fake servers. Before I dig too deep into the API, I would like to know: - Is it possible with LDAP API to extract the servers certificate data to verify its integrity? - or should I program it directly with openSSL API? Thank you for sharing your wisdom, kind regards, --- Robert Welz

2 1

slapd socket file name and location
by DT Piotr Wadas 23 Dec '09

23 Dec '09

Hello, I'm using openldap 2.4.17 on debian, command line for testing purposes is --- root@host:~# slapd -d16384 -f slapd-1.conf -u openldap -g openldap \ -h "ldapi:///var/run/slapd/foobar/x-mod=-rw-------" @(#) $OpenLDAP: slapd 2.4.17 (Nov 10 2009 18:29:26) $ root@SD6-Casa:/tmp/buildd/openldap-2.4.17/debian/build/servers/slapd slapd starting -- result: root@host:~# lsof -U |grep slapd slapd 2971 openldap 3u unix 0xf65cab80 0t0 967834 socket slapd 2971 openldap 7u unix 0xf65ca380 0t0 967836 /var/run/slapd/ldapi root@lena:~# --- Filesystem directory permissions are fine, well, no matter about x-mod, the problem is I cannot force different file name (location) for socket file, default location seems to be build-dependent, shall I guess it's debian related issue? I expect the socket file to be created where I specify within "ldapi" URI. I tried a few variants of this uri, assuming I misunderstood the triple slash construction, anyway I still have socket file created in the same place. Isn't it supposed to create socket file where specified? What I want, actually, is to start two or more independent slapd servers (completely searated databases), listening on IPC only, on two different IPC sockets on the same machine. Regards, DT -- http://dtpw.pl/buell [ 25th anniversary of Buell - American Motorcycles ] Linux aleft 2.6.27.29-0.1_lustre.1.8.1.1-default #1 SMP drbd 8.3.6-(api:88/proto:86-91) pacemaker 1.0.6-cebe2b6ff49b36b29a3bd7ada1c4701c7470febe

4 8

Help migrating an OpenLdap 1.x directory to 2.x
by Diego Lima 23 Dec '09

23 Dec '09

Hello All, I'm currently working on migrating a directory that is currently running on OpenLDAP 1.x to OpenLDAP 2.x. Is there any online documents which detail how to convert the old schemas (which are on ldif format) to the format used by 2.x? I tried to google for that but I could not find much info on the subject. Currently the settings, acls and schemas are all present on ldif format. Any help would be greatly appreciated. Thanks a lot, Diego Lima

2 1

MD5 password hash with ppolicy
by Joe Friedeggs 23 Dec '09

23 Dec '09

I am working (with RH via Dell support) to solve an issue (that I believe to be a pam_ldap issue). The problem is that the password policy control messaging does not occur when I set 'pam_password md5', thus the Linux client never knows that the password expires. They have informed me that the password policy overlay in LDAP requires clear-text passwords, and will not handle the password policy stuff if the password is hashed. This makes no sense to me, since ppolicy is only handling expiry times, etc. and pam is handling the rest (length, strength, etc., prior to hash). Does the ppolicy overlay require clear-text? Thanks, Joe _________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141665/direct/01/

2 1

Re: openldap-2.4.20 installation
by vishesh kumar 22 Dec '09

22 Dec '09

Thanks friends It require BDB 4.4 and i have 4.3.29 on my system. So what next i should do, should i upgrade existing BDB 4.3 to 4.4 or i should install BDB4.4 in separate path. Thanks On Wed, Dec 9, 2009 at 8:34 PM, Gattegno, Victor (EMEA BSS CC) < victor_gattegno(a)hp.com> wrote: > Hi, > > You may know which bdb version is required by current openldap package by > reading the 2.4.20 Release README: > http://www.openldap.org/software/release/readme.html > > SLAPD: > BDB and HDB backends require Oracle Berkeley DB 4.4, 4.5, > 4.6, 4.7, or 4.8. It is highly recommended to apply the > patches from Oracle for a given release. > > Regards, > Victor > > -----Original Message----- > > On Monday, 7 December 2009 11:26:18 vishesh kumar wrote: > > Dear friends > > Today i tried to install openldap2.4.20 on RHEL 5.2. After firing > > ./configure script, i got following error > > > > *Configure:error: Berkeley DB version incomptible with BDB/HDB > > backend. > > > > *But after investigation i found that db4 with version 4.3.29 is > installed > > on my system. So what i should do now, > > Should i replace my Berkeley DB package? I want to be sure that other > > running programs not get any issue after bdb upgradation. > > How one know which bdb version is required by current openldap package > ? > > > > thanks > > -- http://linuxinterviews.blogspot.com

2 1

Finding a provider to write to
by Jaap Winius 22 Dec '09

22 Dec '09

Hi all, Although I've figured out the basics of synchronization between providers and consumers, I'm not yet clear about one aspect from the client's perspective. In particular, if you've set up an LDAP consumer server with a synchronized, read-only copy of the DIT to service a particular group of clients, and you've configured those clients* to use that consumer server for all of their directory queries, how do those clients know where to find the correct provider in case it becomes necessary for them to write to the DIT (e.g. to change a password)? Thanks, Jaap *) With the URI option in /etc/ldap/ldap.conf

3 2

need help with my backup copy of ldap database...
by Louis-M. Carrière 22 Dec '09

22 Dec '09

Hi ! I had a problem with my system and decided to backup my /var/ /etc, etc. files and reinstall everything (Mandriva 2009). But now, my openldap installation complains about my openldap database being corrupted or something (here is the log): Dec 21 21:23:09 p4server slapd[12999]: @(#) $OpenLDAP: slapd 2.4.11 (Sep 15 2008 10:30:35) $ mandrake@n4.mandriva.com:/home/mandrake/rpm/BUILD/openldap-2.4.11/servers/slapd Dec 21 21:23:09 p4server slapd[12999]: daemon_init: listen on ldap://ldap.louismc.org/ Dec 21 21:23:09 p4server slapd[12999]: daemon_init: listen on ldaps://ldap.louismc.org/ Dec 21 21:23:09 p4server slapd[12999]: daemon_init: 2 listeners to open... Dec 21 21:23:09 p4server slapd[12999]: daemon: listener initialized ldap://ldap.louismc.org/ Dec 21 21:23:09 p4server slapd[12999]: daemon: listener initialized ldaps://ldap.louismc.org/ Dec 21 21:23:09 p4server slapd[12999]: daemon_init: 2 listeners opened Dec 21 21:23:09 p4server slapd[12999]: slapd init: initiated server. Dec 21 21:23:09 p4server slapd[12999]: slap_sasl_init: initialized! Dec 21 21:23:09 p4server slapd[12999]: bdb_back_initialize: initialize BDB backend Dec 21 21:23:09 p4server slapd[12999]: bdb_back_initialize: Berkeley DB 4.6.21: (February 11, 2009) Dec 21 21:23:09 p4server slapd[12999]: hdb_back_initialize: initialize HDB backend Dec 21 21:23:09 p4server slapd[12999]: hdb_back_initialize: Berkeley DB 4.6.21: (February 11, 2009) Dec 21 21:23:09 p4server slapd[12999]: backend_startup_one: starting "cn=config" Dec 21 21:23:09 p4server slapd[12999]: => ldif_enum_tree: failed to open /etc/openldap/slapd.d/cn=config.ldif: No such file or directory Dec 21 21:23:09 p4server slapd[12999]: send_ldap_result: conn=-1 op=0 p=0 Dec 21 21:23:09 p4server slapd[13000]: bdb(dc=louismc,dc=org): file id2entry.bdb has LSN 2/4451165, past end of log at 1/140 Dec 21 21:23:09 p4server slapd[13000]: bdb(dc=louismc,dc=org): Commonly caused by moving a database from one database environment Dec 21 21:23:09 p4server slapd[13000]: bdb(dc=louismc,dc=org): to another without clearing the database LSNs, or by removing all of Dec 21 21:23:09 p4server slapd[13000]: bdb(dc=louismc,dc=org): the log files from a database environment Dec 21 21:23:09 p4server slapd[13000]: bdb(dc=louismc,dc=org): /var/lib/ldap/id2entry.bdb: unexpected file type or format Dec 21 21:23:09 p4server slapd[13000]: bdb_db_open: database "dc=louismc,dc=org": db_open(/var/lib/ldap/id2entry.bdb) failed: Invalid argument (22). Dec 21 21:23:09 p4server slapd[13000]: backend_startup_one: bi_db_open failed! (22) Dec 21 21:23:09 p4server slapd[13000]: bdb_db_close: database "dc=louismc,dc=org": alock_close failed Dec 21 21:23:09 p4server slapd[13000]: slapd stopped. Is there anything I can do to restore it like it was??? Also, but far less important, I have another error but less important since it never prevent me from using openldap before... /etc/openldap/slapd.d/cn=config What can I do about it??? Why does it complain? I never confiruged slapd.conf to use cn=config there... it should look in ldap itself for the config entry.... ?!?!? I'm puzzled and never had chance with google solving this one. thanks ! Louis-Martin Carrière _________________________________________________________________ Tirez parti d’une offre Windows 7 exceptionnelle et voyez comment il vous simplifie la vie. http://go.microsoft.com/?linkid=9691828

2 1

Re: Re : OpenLDAP 2.4 - Problem with rewrite overlay
by masarati＠aero.polimi.it 21 Dec '09

21 Dec '09

> I see your problem, it's when you restart the server using the > in-directory configuration. I couldn't investigate things further right > now; please file an ITS <http://www.openldap.org/its/> I've fixed the problem. I need you to file an ITS to track the issue. p.

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2009