how to use ipv6 addresses in olcaccess statements
by Alex Samad
Hi
I am trying to build a olcaccess statement and I am wondering how to
implement a ipv6 network
Currently I have
'to dn.sub="ou=SUDOers,dc=samad,dc=com,dc=au" '.
'by dn.exact="cn=libnss-ldap,ou=Roles,dc=samad,dc=com,dc=au" read '.
'by dn.exact="cn=libpam-ldap,ou=Roles,dc=samad,dc=com,dc=au" read '.
'by peername.ip=192.168.12.0%255.255.252.0 read '.
'by peername.ip=192.168.8.0%255.255.252.0 read '.
'by peername.ip=192.168.4.0%255.255.252.0 read '.
'by peername.ip=127.0.0.1 read '.
'by peername.ipv6=::1 read '.
'by peername.path=/var/run/slapd/ldapi read '.
'by * none ',
I have a ipv6 network 2002:3cf1:f856::/48 but I can't seem to put in
'by peername.ipv6=2002:3cf1:f856::%48 read '.
do I need to write out a complete mask
'by peername.ipv6=2002:3cf1:f856::%<mask> read '.
I am not sure what that mask would look like
65535.65535.65535.0.0.0.0.0 ?
Alex
--
About the only thing we have left that actually discriminates in favor of
the plain people is the stork.
11 years, 8 months
Syncrepl reliability
by Marco Innocenti
Hi,
we are testing a 2 way multimaster setup (debian 64bit, openldap
2.4.21).
If a client that try to e.g. add a record to a node is stopped (killed,
crashed, ...) the record hit the master but it is not replicated and
that is for us a showstopper.
I think that behavior is well known among the developer as I think I'm
talking of ITS#6059. When that bug is expected to be solved?
--
**********************************************************************
Marco Innocenti Dipartimento Sistemi E Tecnologie
CINECA phone:+39 0516171553 / fax:+39 0516132198
Via Magnanelli 6/3 e-mail: innocenti(a)cineca.it
40033 Casalecchio di Reno Bologna (Italia)
**********************************************************************
11 years, 8 months
Openldap installation problem
by Murat Uğur Eminoğlu
Dear all, i 've problem openldap installation. i'm using debian lenny,
openldap 2.4.19. Error's below.
openldap-2.4.19# ./configure --prefix=/usr/local/mailserver/openldap
--enable-crypt --enable-backends --enable-bdb --enable-ldbm --enable-perl=no
checking for ndb_init in -lndbclient... no
configure: error: could not locate ndbclient library
config.log
configure:30018: checking for ndb_init in -lndbclient
configure:30053: cc -o conftest -g -O2 -L/usr/lib/mysql -lmysqlclient_r
conftest.c -lndbclient -lstdc++ -lresolv >&5
/usr/lib/mysql/libndbclient.so: undefined reference to
`base64_needed_decoded_length'
/usr/lib/mysql/libndbclient.so: undefined reference to `base64_decode'
/usr/lib/mysql/libndbclient.so: undefined reference to `decimal_bin_size'
collect2: ld returned 1 exit status
configure:30059: $? = 1
configure: failed program was:
thanks for helps / regards.
--
Murat Uğur Eminoğlu
http://ipucu.murat.ws
http://fotoblog.murat.ws
11 years, 8 months
Need help setting up n-way + cn=config
by Alex Samad
Hi
I am in the process of testing a new n-way setup, I have come across
some problem's.
when trying to setup unique I keep getting undefined attribute error
dn: olcOverlay={2}unique,olcDatabase={1}hdb,cn=config
changetype: modify
add: olcunique_uri
olcunique_uri: ldap:///?uid?sub
but it fails
ldap_modify: Undefined attribute type (17)
additional info: olcunique_uri: AttributeDescription contains
inappropriate characters
also while trying to setting olcaccess parameter I can't find any
information on how setup a ipv6 network
Currently I have
'to dn.sub="ou=SUDOers,dc=samad,dc=com,dc=au" '.
'by dn.exact="cn=libnss-ldap,ou=Roles,dc=samad,dc=com,dc=au" read '.
'by dn.exact="cn=libpam-ldap,ou=Roles,dc=samad,dc=com,dc=au" read '.
'by peername.ip=192.168.12.0%255.255.252.0 read '.
'by peername.ip=192.168.8.0%255.255.252.0 read '.
'by peername.ip=192.168.4.0%255.255.252.0 read '.
'by peername.ip=127.0.0.1 read '.
'by peername.ipv6=::1 read '.
'by peername.path=/var/run/slapd/ldapi read '.
'by * none ',
I have a ipv6 network 2002:3cf1:f856::/48 but I can't seem to put in
'by peername.ipv6=2002:3cf1:f856::%48 read '.
do I need to write out a complete mask
'by peername.ipv6=2002:3cf1:f856::%<mask> read '.
I am not sure what that mask would look like
65535.65535.65535.0.0.0.0.0 ?
Thanks
11 years, 8 months
Unable to Search/Authenticate Users
by Todd Reed
I'm trying to get a Web Application to authenticate to OpenLDAP. I have
one user account that I am binding as (user: webldapauth). I have
another user account that I am trying to log in via the application
(user: webuser). The "webuser" is in a OU called "WebAppUsers". With
an LDAP Browser, I can bind to LDAP as both users. But, when I try to
log in to the web app, I'm binding with the user "webldapauth", but
cannot log in with the "webuser" account. The web application calls are
good because I can point it to an ActiveDirectory server and it works
fine. This is my first attempt with OpenLDAP. I believe there is a
configuration problem with OpenLDAP, but I'm not sure where to look or
troubleshoot at. Would anyone be able to provide any guidance? I've
looked at the manuals and other help files, but nothing has worked so
far.
--Todd
11 years, 8 months
2.4.19 freezed at Debian Lenny
by Frank Bonnet
Hello
I've compiled and installed 2.4.19 on a Debian Lenny server (64 bits)
it freezed few hours ago I had to restart slapd to make it working again.
any info about this problem at this release ?
Thank you
11 years, 8 months
Debian Lenny and Openldap installation Problem?
by Murat Uğur Eminoğlu
Dear List,
I changed debian/configure.options
--enable-backends=yes
--enable-bdb=yes
--enable-ldbm=yes
dpkg-buildpackage -b
errors
cp: cannot stat `./debian/tmp/etc/ldap/schema': No such file or directory
dh_install: command returned error code 256
make: *** [binary-arch] Error 1
dpkg-buildpackage: failure: debian/rules binary gave error exit status 2
how i can solve this problem ?
thanks.
--
Murat Uğur Eminoğlu
http://ipucu.murat.ws
http://fotoblog.murat.ws
11 years, 8 months
Abandon with ldap search free openldap resources ?
by Eduardo Ramos Testillano
Hello all,
I have my ldap client with always ldap connection up; never unbind is
performed.
When certain ldap search expire, i send AbandonRequest to the server.
¿openLdap memory resources will grow if i avoid send that?
That is to say: openldap 'ldap_abandon' primitive implies free internal
openLdap resources?
thanks
Regards
11 years, 8 months
openldap
by Aravind Arjunan
hi,
I am having my Openldap server acting as master/slave in RHEL 3 its in 32
bit architecture.It acts as primary authentication for all my services.I
need to enhance my servers with new version of OS which will be in high
availability. I preferred to go for RHEL 5 in 64 bit architecture.
I need to know if i configure Slave LDAP server in my new setup i.e in RHEL
5, whether i can able get all the users informations which is stored in my
old setup through Master/Slave communication without any downtime.
with regards
A.Aravind
11 years, 8 months
seg fault during slapindex
by tpublic@metro-email.com
Hello,
I'm looking for help with an index building problem. I am running Apple
(Tiger) Open Directory which uses slapd 2.2.19. Upgrading is
unfortunately not an option because the OS has tools / GUI built around
the database. I had noticed some errors in our slapd.log indicating we
needed additional indexes built:
bdb_equality_candidates: (kerio-Mail-AccountEnabled) index_param
failed (18)\n
bdb_equality_candidates: (kerio-Mail-Address) index_param failed (18)\n
bdb_substring_candidates: (apple-group-realname) index_param failed (18)\n
bdb_substring_candidates: (givenName) index_param failed (18)\n
bdb_substring_candidates: (mail) index_param failed (18)\n
So I attempted to create the missing indexes, but slapindex crashes with
a segmentation fault unless I disable most of my config changes. The
lines commented out are the ones which caused a fault:
slapd.conf:
include /etc/openldap/slapd_macosxserver.conf
#index kerio-Mail-Address eq # Seg faults.
index kerio-Mail-AccountEnabled eq
slapd_macosxserver.conf (included via slapd.conf):
# Adding ",sub" to apple-group-realname, due to errors in
/var/log/slapd.log
#index apple-group-realname eq
index apple-group-realname eq,sub
[...]
# Adding mail & givenName indices, due to errors in /var/log/slapd.log
# Both of these cause seg fault on slapindex
#index mail sub
#index givenName sub
I verified that the index names I configured match exactly the spelling
in the error messages. Also slaptest ran successfully. I ran db_recover
to no avail (slapindex was initially hanging even if I just used my base
configuration).
Any hints would be greatly appreciated. I realize this is an older
version, but hopefully there are some tricks that I could use to work
around it? If not, could I install the current openldap, in a different
location, build the indexes, and copy them over?
11 years, 8 months
