I have completed the prototyping of openldap, samba/pdc, on a
VirtualBox appliance. The setup works fine with 4-5 different
desktop clients connecting to
Appliance details: VirtualBox 3.0.6 - 512MB RAM, 8MB Video RAM, 9GB
VDI with 1GB Swap and CentOS 5.3 64bit).
I am considering deploying this appliance into production with 1GB
RAM. The no. of clients connecting to the server will be approx. 150.
Has anyone deployed openLDAP + Samba/PDC in a VirtualBox appliance?
I'd appreciate if you could share your experience, gotchas etc with
respect to an appliance environment as well as resources allocated to
the appliance e.g. amount of RAM.
Can I with the rwm-overlay also introduce new static attribute?
(Or change the content of an existing attribute and its name to use it for
Or do I need to combine it with the translucent overlay to gets things
If it can be done and somebody has an example it would be appreciated.
I configured my 2 tests server to replicate with syncrepl using this
It works well. If I create a new user on any servers it's immediately
replicated to the other. However I have some error in the log files:
(these 2 messages appears every 10 seconds on the first server
Sep 22 11:53:56 vmlinux01 slapd: <= bdb_equality_candidates:
(entryCSN) not indexed
Sep 22 11:53:56 vmlinux01 slapd: <= bdb_inequality_candidates:
(entryCSN) not indexed
Sep 22 11:24:51 vmlinux02 slapd: do_syncrep2: rid=001 (-1) Can't
contact LDAP server
Sep 22 11:24:51 vmlinux02 slapd: do_syncrepl: rid=001 retrying (4
Also, when I configure the server to authenticate using LDAP
(pam-auth-update) I can connect to the system using an LDAP account (say
maxime) but look at the prompt and whoami result :
Do I need to create the users on both LDAP and Linux ?
I am currently busy configuring OpenLdap on my newly installed Ubuntu 9.04.
Here is what I have done till now.
I followed the steps defined in
installation was successful. I installed PhpLdapAdmin also.
After I created certificate, key etc, I created a .ldif file
(enable-ca.ldif) with the following content :
Then I executed the command :
*ldapmodify -D "cn=admin,cn=config" -x -w 12345678 -f enable-ca.ldif*
and it was a success.
But after this, when I tried to restart slapd, I got errors like the
*main: TLS init def ctx failed: -1*
I noticed that after I executed "ldapmodify -D "cn=admin,cn=config" -x -w
12345678 -f enable-ca.ldif", 3 lines are added to
and when I commented the last two lines like the following, slapd started
This looks quite strange.
Please help me resolving the same.
I noticed today that my syncrepl consumer was not up to date with the
last change contained in the provider. (I am using slapd 2.4.11-1 from
Looking at /var/log/syslog I see
Sep 16 13:49:37 ur slapd: syncrepl_entry: rid=100 be_search (0)
Sep 16 13:49:37 ur slapd: syncrepl_entry: rid=100
Sep 16 13:49:37 ur slapd: syncrepl_entry: rid=100 be_modrdn (32)
Sep 16 13:49:37 ur slapd: do_syncrepl: rid=100 quitting
and in debug mode
bdb_modrdn: new parent
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
see the cname/CNAME case difference ? the provider dn is indeed written
openForce Information Technology GesmbH
It is a book about a Spanish guy called Manual. You should read it.
i'm having a problem that i can't understand:
i create an openldap tree with a subtree called studenti.
when i add an entry in the main tree i can bind correctly.
when i insert an entry in the studenti subtree i can't bind.
In attachment you will find the log files.
What can i do?
Hello to everybody,
I need an help...
I have an Antivirus Server (Appliance) that performs requests to Active
I don't have installed Active Directory but I have installed Open Ldap 2.3, so
I have to convert the request from Active Directory format to Open Ldap
format. In other words I have to create a Proxy.
E.g. The structure where to take the data has this form:
# extended LDIF
# base <dc=unina,dc=it> with scope subtree
# filter: uid=rciotola
# requesting: ALL
# xxxx yyyy (xxxx.yyyy(a)unina.it), CSI - CENTRO DI ATENEO PER I SERVIZI
INFORMATIVI (295550), ALTRA STRUTTURA (100000), PersonaleT.A., istituzionali
dn: cn=xxxy yyyy (xxxx.yyyy(a)unina.it),ou=CSI - CENTRO DI ATENEO PER I SE
RVIZI INFORMATIVI (295550),ou=ALTRA STRUTTURA
physicalDeliveryOfficeName: CSI - CENTRO DI ATENEO PER I SERVIZI INFORMATIVI
title: Personale tecnico amm.vo
# search result
result: 0 Success
# numResponses: 2
# numEntries: 1
These data should be tranformed in Active Directory format and should have the
fields sAMAccountName, mail, group and ProxyAddresses; both that concerns data
I hope that you can help me...
I hope someone can give me a hand on this issue.
I'd like my ldap server to automaitcally set the value of an attribute,
based on the value of another.
In the simplest version I'd like it to copy the value of an attribute into
another attribute, whenever the first one gets modified.
my example entry would be:
now with ldapmodify I change *ONLY* 1st_attrib to
24_07_2009 and I'd like the result to be:
with both attributes changed.
Even better would be if the second attribute could be written to a value
based on the firs one (e.g. automatically adding 7 days to the date).
Any help would be gratly appreciated,
I just installed OpenLDAP ('slapd-2.4.11') and 'ldap-utils' on my Ubuntu
8.10 using Synaptic Manager.
I have following queries related to configuring LDAP on Ubuntu. First &
Foremost I am completely new to LDAP so please don't mind if my questions
are really funny
1. After installation the file '/etc/ldap/ldap.conf' doesn't seem to contain
the parameters like 'rootpw' & 'rootdn'. Am I seeing the wrong file or is
there any other ldap configuration file on Ubuntu?
2. What is my default root node address and how to change it?
3. My machine doesn't have any FQDN. Its name is - 'station3' and I don't
intend to give it a FQDN. Now my question can I have my root node address
set to 'dc=station3,dc=home'? If yes, then I guess it has to be through
'ldapmodify' but can someone please share the exact syntax?
Thanks in Advance....
Can anybody help in this matter.I want to integrate Active Directory with External LDAP Directory. Means if a user login then user request goes to AD Server if not found it searches from external LDAP Server which might any LDAP Server and gives the user login.
Now, send attachments up to 25MB with Yahoo! India Mail. Learn how. http://in.overview.mail.yahoo.com/photos