openldap-technical January 2010

openldap-technical@openldap.org

56 participants
66 discussions

how to use ipv6 addresses in olcaccess statements
by Alex Samad 15 Jan '10

15 Jan '10

Hi I am trying to build a olcaccess statement and I am wondering how to implement a ipv6 network Currently I have 'to dn.sub="ou=SUDOers,dc=samad,dc=com,dc=au" '. 'by dn.exact="cn=libnss-ldap,ou=Roles,dc=samad,dc=com,dc=au" read '. 'by dn.exact="cn=libpam-ldap,ou=Roles,dc=samad,dc=com,dc=au" read '. 'by peername.ip=192.168.12.0%255.255.252.0 read '. 'by peername.ip=192.168.8.0%255.255.252.0 read '. 'by peername.ip=192.168.4.0%255.255.252.0 read '. 'by peername.ip=127.0.0.1 read '. 'by peername.ipv6=::1 read '. 'by peername.path=/var/run/slapd/ldapi read '. 'by * none ', I have a ipv6 network 2002:3cf1:f856::/48 but I can't seem to put in 'by peername.ipv6=2002:3cf1:f856::%48 read '. do I need to write out a complete mask 'by peername.ipv6=2002:3cf1:f856::%<mask> read '. I am not sure what that mask would look like 65535.65535.65535.0.0.0.0.0 ? Alex -- About the only thing we have left that actually discriminates in favor of the plain people is the stork.

2 2

Syncrepl reliability
by Marco Innocenti 15 Jan '10

15 Jan '10

Hi, we are testing a 2 way multimaster setup (debian 64bit, openldap 2.4.21). If a client that try to e.g. add a record to a node is stopped (killed, crashed, ...) the record hit the master but it is not replicated and that is for us a showstopper. I think that behavior is well known among the developer as I think I'm talking of ITS#6059. When that bug is expected to be solved? -- ********************************************************************** Marco Innocenti Dipartimento Sistemi E Tecnologie CINECA phone:+39 0516171553 / fax:+39 0516132198 Via Magnanelli 6/3 e-mail: innocenti(a)cineca.it 40033 Casalecchio di Reno Bologna (Italia) **********************************************************************

1 0

Openldap installation problem
by Murat Uğur Eminoğlu 15 Jan '10

15 Jan '10

Dear all, i 've problem openldap installation. i'm using debian lenny, openldap 2.4.19. Error's below. openldap-2.4.19# ./configure --prefix=/usr/local/mailserver/openldap --enable-crypt --enable-backends --enable-bdb --enable-ldbm --enable-perl=no checking for ndb_init in -lndbclient... no configure: error: could not locate ndbclient library config.log configure:30018: checking for ndb_init in -lndbclient configure:30053: cc -o conftest -g -O2 -L/usr/lib/mysql -lmysqlclient_r conftest.c -lndbclient -lstdc++ -lresolv >&5 /usr/lib/mysql/libndbclient.so: undefined reference to `base64_needed_decoded_length' /usr/lib/mysql/libndbclient.so: undefined reference to `base64_decode' /usr/lib/mysql/libndbclient.so: undefined reference to `decimal_bin_size' collect2: ld returned 1 exit status configure:30059: $? = 1 configure: failed program was: thanks for helps / regards. -- Murat Uğur Eminoğlu http://ipucu.murat.ws http://fotoblog.murat.ws

4 7

Need help setting up n-way + cn=config
by Alex Samad 14 Jan '10

14 Jan '10

Hi I am in the process of testing a new n-way setup, I have come across some problem's. when trying to setup unique I keep getting undefined attribute error dn: olcOverlay={2}unique,olcDatabase={1}hdb,cn=config changetype: modify add: olcunique_uri olcunique_uri: ldap:///?uid?sub but it fails ldap_modify: Undefined attribute type (17) additional info: olcunique_uri: AttributeDescription contains inappropriate characters also while trying to setting olcaccess parameter I can't find any information on how setup a ipv6 network Currently I have 'to dn.sub="ou=SUDOers,dc=samad,dc=com,dc=au" '. 'by dn.exact="cn=libnss-ldap,ou=Roles,dc=samad,dc=com,dc=au" read '. 'by dn.exact="cn=libpam-ldap,ou=Roles,dc=samad,dc=com,dc=au" read '. 'by peername.ip=192.168.12.0%255.255.252.0 read '. 'by peername.ip=192.168.8.0%255.255.252.0 read '. 'by peername.ip=192.168.4.0%255.255.252.0 read '. 'by peername.ip=127.0.0.1 read '. 'by peername.ipv6=::1 read '. 'by peername.path=/var/run/slapd/ldapi read '. 'by * none ', I have a ipv6 network 2002:3cf1:f856::/48 but I can't seem to put in 'by peername.ipv6=2002:3cf1:f856::%48 read '. do I need to write out a complete mask 'by peername.ipv6=2002:3cf1:f856::%<mask> read '. I am not sure what that mask would look like 65535.65535.65535.0.0.0.0.0 ? Thanks

1 0

Unable to Search/Authenticate Users
by Todd Reed 14 Jan '10

14 Jan '10

I'm trying to get a Web Application to authenticate to OpenLDAP. I have one user account that I am binding as (user: webldapauth). I have another user account that I am trying to log in via the application (user: webuser). The "webuser" is in a OU called "WebAppUsers". With an LDAP Browser, I can bind to LDAP as both users. But, when I try to log in to the web app, I'm binding with the user "webldapauth", but cannot log in with the "webuser" account. The web application calls are good because I can point it to an ActiveDirectory server and it works fine. This is my first attempt with OpenLDAP. I believe there is a configuration problem with OpenLDAP, but I'm not sure where to look or troubleshoot at. Would anyone be able to provide any guidance? I've looked at the manuals and other help files, but nothing has worked so far. --Todd

2 1

2.4.19 freezed at Debian Lenny
by Frank Bonnet 14 Jan '10

14 Jan '10

Hello I've compiled and installed 2.4.19 on a Debian Lenny server (64 bits) it freezed few hours ago I had to restart slapd to make it working again. any info about this problem at this release ? Thank you

2 2

Debian Lenny and Openldap installation Problem?
by Murat Uğur Eminoğlu 14 Jan '10

14 Jan '10

Dear List, I changed debian/configure.options --enable-backends=yes --enable-bdb=yes --enable-ldbm=yes dpkg-buildpackage -b errors cp: cannot stat `./debian/tmp/etc/ldap/schema': No such file or directory dh_install: command returned error code 256 make: *** [binary-arch] Error 1 dpkg-buildpackage: failure: debian/rules binary gave error exit status 2 how i can solve this problem ? thanks. -- Murat Uğur Eminoğlu http://ipucu.murat.ws http://fotoblog.murat.ws

1 0

Abandon with ldap search free openldap resources ?
by Eduardo Ramos Testillano 13 Jan '10

13 Jan '10

Hello all, I have my ldap client with always ldap connection up; never unbind is performed. When certain ldap search expire, i send AbandonRequest to the server. ¿openLdap memory resources will grow if i avoid send that? That is to say: openldap 'ldap_abandon' primitive implies free internal openLdap resources? thanks Regards

1 0

openldap
by Aravind Arjunan 12 Jan '10

12 Jan '10

hi, I am having my Openldap server acting as master/slave in RHEL 3 its in 32 bit architecture.It acts as primary authentication for all my services.I need to enhance my servers with new version of OS which will be in high availability. I preferred to go for RHEL 5 in 64 bit architecture. I need to know if i configure Slave LDAP server in my new setup i.e in RHEL 5, whether i can able get all the users informations which is stored in my old setup through Master/Slave communication without any downtime. with regards A.Aravind

1 0

seg fault during slapindex
by tpublic＠metro-email.com 12 Jan '10

12 Jan '10

Hello, I'm looking for help with an index building problem. I am running Apple (Tiger) Open Directory which uses slapd 2.2.19. Upgrading is unfortunately not an option because the OS has tools / GUI built around the database. I had noticed some errors in our slapd.log indicating we needed additional indexes built: bdb_equality_candidates: (kerio-Mail-AccountEnabled) index_param failed (18)\n bdb_equality_candidates: (kerio-Mail-Address) index_param failed (18)\n bdb_substring_candidates: (apple-group-realname) index_param failed (18)\n bdb_substring_candidates: (givenName) index_param failed (18)\n bdb_substring_candidates: (mail) index_param failed (18)\n So I attempted to create the missing indexes, but slapindex crashes with a segmentation fault unless I disable most of my config changes. The lines commented out are the ones which caused a fault: slapd.conf: include /etc/openldap/slapd_macosxserver.conf #index kerio-Mail-Address eq # Seg faults. index kerio-Mail-AccountEnabled eq slapd_macosxserver.conf (included via slapd.conf): # Adding ",sub" to apple-group-realname, due to errors in /var/log/slapd.log #index apple-group-realname eq index apple-group-realname eq,sub [...] # Adding mail & givenName indices, due to errors in /var/log/slapd.log # Both of these cause seg fault on slapindex #index mail sub #index givenName sub I verified that the index names I configured match exactly the spelling in the error messages. Also slaptest ran successfully. I ran db_recover to no avail (slapindex was initially hanging even if I just used my base configuration). Any hints would be greatly appreciated. I realize this is an older version, but hopefully there are some tricks that I could use to work around it? If not, could I install the current openldap, in a different location, build the indexes, and copy them over?

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical January 2010