openldap-technical August 2009

openldap-technical@openldap.org

65 participants
73 discussions

SASL LDAP binding over IPv6
by Xu, Qiang (FXSGSC) 07 Aug '09

07 Aug '09

Hi, all: In using ldapsearch to bind to a server with IPv6 address, some error pops up: =========================================================== qxu@durian(pts/3):/etc[133]$ kinit XCTEST100(a)XCIPV6.COM Password for XCTEST100(a)XCIPV6.COM: qxu@durian(pts/3):/etc[134]$ klist Ticket cache: FILE:/tmp/krb5cc_20153 Default principal: XCTEST100(a)XCIPV6.COM Valid starting Expires Service principal 06/09/09 17:35:18 06/10/09 03:34:41 krbtgt/XCIPV6.COM(a)XCIPV6.COM … [View More]

3 20

Secret not in database
by Seau Yeen Su 06 Aug '09

06 Aug '09

Hi everyone, I have successfully installed cyrus-sasl-2.1.23 and openldap-2.3.27 plus BerkeleyDB.4.3 in my RHEL5.2 server. After the installation, i used saslpasswd2 -c to create an admin user: saslpasswd2 -c admin After that, I thought of doing a search on the database with the command : ldapsearch -H ldap:///localhost -Y DIGEST-MD5 -d 2 -U admin but it returned an error of : ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret … [View More]

4 5

Possible workaround to slapo-ppolicy sync limitations
by Jordi Espasa Clofent 06 Aug '09

06 Aug '09

Hi, This post is because of: http://www.openldap.org/lists/openldap-technical/200906/msg00221.html http://www.openldap.org/lists/openldap-technical/200908/msg00028.html So, if you're using ppolicy-slapo in a load-balanced environment, you pool servers never will be sync completely; at least, the ppolicy state atributes will be not replicated. I know isn't really a slapo-ppolicy limitation rather than RFC especification consequence. Well... I want my load-balancing environment and I want … [View More]

3 2

Problems with heimdal ldap backend
by Andreas Roth 06 Aug '09

06 Aug '09

Hello, i've a heimdal (1.2) server which uses the OpenLDAP (2.4.15) directory for data storage. When i run the following script: #!/bin/sh for i in `seq 1 10000`; do kinit --password-file=passwd && echo "ok $i" || break; done At some point the kinit fails, because heimdal cannot connect to the LDAP server. heimdal-kdc server fails at ldap_sasl_bind_s with 'Can't contact LDAP server'. Heimdal access the LDAP directory is using the ldapi:///. When i 'slow-down' the LDAP … [View More]

1 0

error when setting an alias entry.. (ldap_add: Naming violation (64))
by Michael March 05 Aug '09

05 Aug '09

I'm following this: http://www.openldap.org/faq/data/cache/1111.html I'm getting this error: ldap_add: Naming violation (64) additional info: value of naming attribute 'uid' is not present in entry Here are the sample ldif entries: dn: uid=luzer,ou=main,dc=acme,dc=com uid: luzer objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: posixAccount objectClass: shadowAccount loginShell: /bin/bash userPassword: {SSHA}8Sz/… [View More]

4 7

How to detect a corrupt database?
by Jordi Espasa Clofent 05 Aug '09

05 Aug '09

Hi folks, I've experienced some problems in one of my 3 OpenLDAP servers. First glance suggests a ppolicy overlay problem, but, at the end, the problem was resolved, simply, deleting the bbdd (BDB4) and restarting the system (is a consumer server, so the ddbb was automatically regenerated). So, my questions are * ¿How I can detect a corrupt database? * ¿Is there any tool/command to check the ddbb health (DBD4)? * ¿What can I do if the corrupted database is the provider database? -- … [View More]

4 5

ldap database directory permission denied
by yilmaz 05 Aug '09

05 Aug '09

Hello, I have a problem to run openldap in a different directory other than /var/lib/ldap I am using Redhat AS 4 (update 4) with selinux disabled. Openldap version is 2.4.13 . The message written into syslog is "line 24: invalid path: Permission denied " . Line 24 specifies is a different directory than /var/lib/ldap and directory has the 755 permission of the user running ldap daemon. Google search has revealed some issues on ubuntu and on redhat with selinux enabled but I have neither of … [View More]

2 1

objectclass glue problem
by Steinmetz, Robin 05 Aug '09

05 Aug '09

Hi, I created some records with phpldapadmin but now they look like this: dn: ozsSys=aaaaa,o=bbbb,ozsDir=APO-patient,o=ozs,c=nl objectClass: top objectClass: glue structuralObjectClass: glue ozsSys=aaaaa instead of dn: ozsSys=aaaaa,o=bbbb,ozsDir=APO-patient,o=ozs,c=nl objectClass: ozsSystem structuralObjectClass: ozsSystem ozsSys=aaaaa Is There a way to change these glue entries without reloading a complete tree? The normal ldapmodify doesn't allow to change this and ldapsearch can't find … [View More]

1 0

value-based modify operation on binary attribute fails
by Kay.Kirchhoefer＠t-systems.com 05 Aug '09

05 Aug '09

Hi, I´m trying to remove the attribute "userCertificate;binary" from an entry, if it (attr) contains a special value (certificate). I´m trying this operation with perl ldap modules and also with Gawojar ldap browser. Both were working for me when I was using OpenLDAP 2.3.20. Now I´m using OpenLDAP 2.4.12 and I get an error message MOD attr=userCertificate;binary RESULT tag=103 err=16 text=modify/delete: userCertificate;binary: no such value but I send the modify request by using … [View More]

2 2

Re: ldap PDC -- Failed to issue the StartTLS instruction
by Quanah Gibson-Mount 05 Aug '09

05 Aug '09

--On August 4, 2009 4:20:06 PM -0700 Ivan Ordonez <iordonez(a)nature.berkeley.edu> wrote: > Sorry Quanah, I am not following you on what you want me to do. Can you > please elaborate? > > Thank you for all your help. Keep replies on the list please. I was saying, I would have kept the ldaps:// URI in your config file, and drop the start TLS bit, and seen whether or not that works. In either case, I would use the ldapsearch binary to test against your server, both with … [View More]

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical August 2009