December 2010 - openldap-technical

by Venish Khant

Hi all I am using cpan Net::LDAP module to access LDAP entries. I want to search LDAP entries using Net::LDAP search method. When I do search, I want some limited number of entries from search result, for this(searching) process I am using Net::LDAP::Control::VLV module. But I get error on VLV response control. Please, any one have idea about this error. * Error:* Died at vlv.pl line 50, This is my example. I changed the font style of line 50 #!/usr/bin/perl -w use Net::LDAP; use Net::LDAP::Control::VLV; use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE ); use Net::LDAP::Control::Sort; sub procentry { my ( $mesg, $entry) = @_; # Return if there is no entry to process if ( !defined($entry) ) { return; } print "dn: " . $entry->dn() . "\n"; @attrs = $entry->attributes(); foreach $attr (@attrs) { #printf("\t%s: %s\n", $attr, $entry->get_value($attr)); $attrvalue = $entry->get_value($attr,asref=>1); #print $attr.":". $entry->get_value($attr)."\n"; foreach $value(@$attrvalue) { print "$attr: $value\n"; } } $mesg->pop_entry; print "\n"; } $ldap = Net::LDAP->new( "localhost" ); # Get the first 20 entries $vlv = Net::LDAP::Control::VLV->new( before => 0, # No entries from before target entry after => 19, # 19 entries after target entry content => 0, # List size unknown offset => 1, # Target entry is the first ); my $sort = Net::LDAP::Control::Sort->new( order => 'cn' ); @args = ( base => "dc=example,dc=co,dc=in", scope => "subtree", filter => "(objectClass=inetOrgPerson)", callback => \&procentry, # Call this sub for each entry control => [ $sort, $vlv ], ); $mesg = $ldap->search( @args ); # Get VLV response control *($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;* $vlv->response( $resp ); # Set the control to get the last 20 entries $vlv->end; $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); # Now get the previous page $vlv->scroll_page( -1 ); $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mes # Now page with first entry starting with "B" in the middle $vlv->before(9); # Change page to show 9 before $vlv->after(10); # Change page to show 10 after $vlv->assert("B"); # assert "B" $mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); -- Venish Khant www.deeproot.co.in

6 years, 10 months

4
11
0 / 0

Re: (ITS#6666) Feature Request: Triggers implementation

by Buchan Milne

On Thursday, 7 October 2010 20:32:49 Nick Milas wrote: > It all started for me when I wanted to watch a serial number value from > an ldap-stored SOArecord (using powerdns with openldap backend) and when > it changes to fire a bash script. I reached the conclusion it was not > easy to be done with higher-level means within openldap and I created a > bash script which scans (using ldapsearch and other linux tools) the > SOArecords regularly (using cron) to find out if any change has happend > and do whatever is required. It would be much more elegant if I could > get a trigger from openldap when the SOArecord changes. Maybe you need this: http://memberwebs.com/stef/software/slapi-dnsnotify/ A more generic solution would be nice, but as far as I can tell, this software satisfies your current need. Regards, Buchan

11 years, 10 months

7
18
0 / 0

Setting OPENLDAP_FD_SETSIZE on an existing directory

by George Siddiqui

Hi, I recieved my first of these errrors from openldap server today. slapd[1648]: warning: cannot open /etc/hosts.deny: Too many open files The faqomatic suggest that I do the following: env CPPFLAGS="-DOPENLDAP_FD_ SETSIZE=8192" ./configure http://www.openldap.org/faq/data/cache/1126.html Is there anyway I can set this without having to build openldap again? Best regards, George -- George Siddiqui Systems BlueBolt Ltd 15-16 Margaret Street London W1W 8RW Tel: +44 207 637 5575 Mob: +44 7984 278 483

12 years, 2 months

2
2
0 / 0

"slapadd: corrupted double-linked list"

by Marc Patermann

Hi, what could the following possibly be? When I do a # slapadd -q -v -c -l dump.ldif to a SLES 11 SP1 (openldap 2.3.20) I get this after a few 1000 entries: *** glibc detected *** slapadd: corrupted double-linked list: 0x00007f3ef0cb9920 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x75018)[0x7f3eedeb2018] /lib64/libc.so.6(+0x76e0e)[0x7f3eedeb3e0e] /lib64/libc.so.6(+0x7ad91)[0x7f3eedeb7d91] /lib64/libc.so.6(realloc+0xfa)[0x7f3eedeb81aa] /usr/lib64/liblber-2.4.so.2(ber_memrealloc_x+0x48)[0x7f3eeffd4f48] slapadd(ldif_read_record+0x121)[0x7f3ef07bcd81] slapadd(slapadd+0x28b)[0x7f3ef070426b] slapadd(main+0xd4)[0x7f3ef0678b84] /lib64/libc.so.6(__libc_start_main+0xe6)[0x7f3eede5bbc6] slapadd(+0x2d509)[0x7f3ef0678509] ======= Memory map: ======== 7f3ecc000000-7f3ecc021000 rw-p 00000000 00:00 0 7f3ecc021000-7f3ed0000000 ---p 00000000 00:00 0 7f3ed0364000-7f3ed037a000 r-xp 00000000 08:02 48688 /lib64/libgcc_s.so.1 7f3ed037a000-7f3ed0579000 ---p 00016000 08:02 48688 /lib64/libgcc_s.so.1 7f3ed0579000-7f3ed057a000 r--p 00015000 08:02 48688 /lib64/libgcc_s.so.1 7f3ed057a000-7f3ed057b000 rw-p 00016000 08:02 48688 /lib64/libgcc_s.so.1 7f3ed057b000-7f3ed094c000 rw-p 00000000 00:00 0 7f3ed094c000-7f3ed1308000 rw-s 00000000 fd:05 172038 /var/lib/ldap/main-data/__db.003 7f3ed1308000-7f3ed16d9000 rw-p 00000000 00:00 0 7f3ed16d9000-7f3ed681b000 rw-s 00000000 fd:05 49158 /var/lib/ldap/human-data/__db.003 7f3ed681b000-7f3ed6d09000 rw-s 00000000 fd:05 49157 /var/lib/ldap/human-data/__db.002 7f3ed6d09000-7f3ed70da000 rw-p 00000000 00:00 0 7f3ed70da000-7f3eeb0dc000 rw-s 00000000 fd:05 335878 /var/lib/ldap/linux-data/__db.003 7f3eeb0dc000-7f3eeba8a000 rw-s 00000000 fd:05 335877 /var/lib/ldap/linux-data/__db.002 7f3eeba8a000-7f3eebaa7000 r-xp 00000000 fd:0a 163907 /usr/lib/openldap/modules/back_meta-2.4.so.2.5.3 7f3eebaa7000-7f3eebca6000 ---p 0001d000 fd:0a 163907 /usr/lib/openldap/modules/back_meta-2.4.so.2.5.3 7f3eebca6000-7f3eebca7000 r--p 0001c000 fd:0a 163907 /usr/lib/openldap/modules/back_meta-2.4.so.2.5.3 7f3eebca7000-7f3eebca8000 rw-p 0001d000 fd:0a 163907 /usr/lib/openldap/modules/back_meta-2.4.so.2.5.3 7f3eebca8000-7f3eebcac000 r-xp 00000000 fd:0a 795580 /usr/lib64/sasl2/libanonymous.so.2.0.22 7f3eebcac000-7f3eebeab000 ---p 00004000 fd:0a 795580 /usr/lib64/sasl2/libanonymous.so.2.0.22 7f3eebeab000-7f3eebeac000 r--p 00003000 fd:0a 795580 /usr/lib64/sasl2/libanonymous.so.2.0.22 7f3eebeac000-7f3eebead000 rw-p 00004000 fd:0a 795580 /usr/lib64/sasl2/libanonymous.so.2.0.22 7f3eebead000-7f3eebeaf000 r-xp 00000000 08:02 48656 /lib64/libkeyutils-1.2.so 7f3eebeaf000-7f3eec0ae000 ---p 00002000 08:02 48656 /lib64/libkeyutils-1.2.so 7f3eec0ae000-7f3eec0af000 r--p 00001000 08:02 48656 /lib64/libkeyutils-1.2.so 7f3eec0af000-7f3eec0b0000 rw-p 00002000 08:02 48656 /lib64/libkeyutils-1.2.so 7f3eec0b0000-7f3eec0b7000 r-xp 00000000 fd:0a 778733 /usr/lib64/libkrb5support.so.0.1 7f3eec0b7000-7f3eec2b7000 ---p 00007000 fd:0a 778733 /usr/lib64/libkrb5support.so.0.1 7f3eec2b7000-7f3eec2b8000 r--p 00007000 fd:0a 778733 /usr/lib64/libkrb5support.so.0.1 7f3eec2b8000-7f3eec2b9000 rw-p 00008000 fd:0a 778733 /usr/lib64/libkrb5support.so.0.1 7f3eec2b9000-7f3eec2bc000 r-xp 00000000 08:02 48700 /lib64/libcom_err.so.2.1 7f3eec2bc000-7f3eec4bb000 ---p 00003000 08:02 48700 /lib64/libcom_err.so.2.1 7f3eec4bb000-7f3eec4bc000 r--p 00002000 08:02 48700 /lib64/libcom_err.so.2.1 7f3eec4bc000-7f3eec4bd000 rw-p 00003000 08:02 48700 /lib64/libcom_err.so.2.1 7f3eec4bd000-7f3eec4e1000 r-xp 00000000 fd:0a 778721 /usr/lib64/libk5crypto.so.3.1 7f3eec4e1000-7f3eec6e0000 ---p 00024000 fd:0a 778721 /usr/lib64/libk5crypto.so.3.1 7f3eec6e0000-7f3eec6e2000 r--p 00023000 fd:0a 778721 /usr/lib64/libk5crypto.so.3.1 7f3eec6e2000-7f3eec6e3000 rw-p 00025000 fd:0a 778721 /usr/lib64/libk5crypto.so.3.1 7f3eec6e3000-7f3eec781000 r-xp 00000000 fd:0a 778731 /usr/lib64/libkrb5.so.3.3 7f3eec781000-7f3eec980000 ---p 0009e000 fd:0a 778731 /usr/lib64/libkrb5.so.3.3 7f3eec980000-7f3eec983000 r--p 0009d000 fd:0a 778731 /usr/lib64/libkrb5.so.3.3 7f3eec983000-7f3eec985000 rw-p 000a0000 fd:0a 778731 /usr/lib64/libkrb5.so.3.3 7f3eec985000-7f3eec9b0000 r-xp 00000000 fd:0a 778717 /usr/lib64/libgssapi_krb5.so.2.2 7f3eec9b0000-7f3eecbaf000 ---p 0002b000 fd:0a 778717 /usr/lib64/libgssapi_krb5.so.2.2 7f3eecbaf000-7f3eecbb0000 r--p 0002a000 fd:0a 778717 /usr/lib64/libgssapi_krb5.so.2.2 7f3eecbb0000-7f3eecbb1000 rw-p 0002b000 fd:0a 778717 /usr/lib64/libgssapi_krb5.so.2.2 7f3eecbb1000-7f3eecbb8000 r-xp 00000000 fd:0a 795710 /usr/lib64/sasl2/libgssapiv2.so.2.0.22 7f3eecbb8000-7f3eecdb7000 ---p 00007000 fd:0a 795710 /usr/lib64/sasl2/libgssapiv2.so.2.0.22 7f3eecdb7000-7f3eecdb8000 r--p 00006000 fd:0a 795710 /usr/lib64/sasl2/libgssapiv2.so.2.0.22 7f3eecdb8000-7f3eecdb9000 rw-p 00007000 fd:0a 795710 /usr/lib64/sasl2/libgssapiv2.so.2.0.22 7f3eecdb9000-7f3eecdbd000 r-xp 00000000 fd:0a 795583 /usr/lib64/sasl2/liblogin.so.2.0.22 7f3eecdbd000-7f3eecfbc000 ---p 00004000 fd:0a 795583 /usr/lib64/sasl2/liblogin.so.2.0.22 7f3eecfbc000-7f3eecfbd000 r--p 00003000 fd:0a 795583 /usr/lib64/sasl2/liblogin.so.2.0.22 7f3eecfbd000-7f3eecfbe000 rw-p 00004000 fd:0a 795583 /usr/lib64/sasl2/liblogin.so.2.0.22 7f3eecfbe000-7f3eecfc3000 r-xp 00000000 fd:0a 795586 /usr/lib64/sasl2/libsasldb.so.2.0.22 7f3eecfc3000-7f3eed1c2000 ---p 00005000 fd:0a 795586 /usr/lib64/sasl2/libsasldb.so.2.0.22 7f3eed1c2000-7f3eed1c3000 r--p 00004000 fd:0a 795586 /usr/lib64/sasl2/libsasldb.so.2.0.22 7f3eed1c3000-7f3eed1c4000 rw-p 00005000 fd:0a 795586 /usr/lib64/sasl2/libsasldb.so.2.0.22 7f3eed1c4000-7f3eed1c8000 r-xp 00000000 fd:0a 795707 /usr/lib64/sasl2/libplain.so.2.0.22 7f3eed1c8000-7f3eed3c7000 ---p 00004000 fd:0a 795707 /usr/lib64/sasl2/libplain.so.2.0.22 7f3eed3c7000-7f3eed3c8000 r--p 00003000 fd:0a 795707 /usr/lib64/sasl2/libplain.so.2.0.22 7f3eed3c8000-7f3eed3c9000 rw-p 00004000 fd:0a 795707 /usr/lib64/sasl2/libplain.so.2.0.22 7f3eed3c9000-7f3eed3cd000 r-xp 00000000 fd:0a 795716 /usr/lib64/sasl2/libcrammd5.so.2.0.22 7f3eed3cd000-7f3eed5cd000 ---p 00004000 fd:0a 795716 Without the "-q" switch it is running happily till the end. Marc

12 years, 2 months

8
24
0 / 0

Granting write to ou

by Thomas D. Dahlmann

Hi I'm trying to add ordinary users write access to a specific ou. I've googled a lot and haven't really found any useful regarding to openldap 2.4 (slapd.d format). What would be the correct syntax for a ldapmodify command to accomplish this to the dn: ou=addressbook,dc=example,dc=net ? Thanks. /Thomas

12 years, 2 months

4
7
0 / 0

Windows ldp.exe kills openldap 2.4.23

by Serge Dubrouski

Hello - I just found that ldp.exe tool that comes with Windows is able to successfully kill OpenLDAP 2.4.23 when one tries tp modify DN and submits an empty old DN. Log files on openldap show this: Dec 29 15:19:32 ottawa slapd[11818]: conn=1000 op=2 do_modrdn Dec 29 15:19:32 ottawa slapd[11818]: do_modrdn: dn () newrdn (C=US) newsuperior () Dec 29 15:19:32 ottawa slapd[11818]: >>> dnPrettyNormal: <> Dec 29 15:19:32 ottawa slapd[11818]: <<< dnPrettyNormal: <>, <> Dec 29 15:19:32 ottawa slapd[11818]: >>> dnPrettyNormal: <C=US> Dec 29 15:19:32 ottawa slapd[11818]: <<< dnPrettyNormal: <c=US>, <c=us> Dec 29 15:19:32 ottawa slapd[11818]: conn=1000 op=2 MODRDN dn="" Is this a know bug (see ITS#6570) or something new? Is there a workaround it? -- Serge Dubrouski.

12 years, 2 months

2
1
0 / 0

ber_flatten() of incomplete ber

by masarati＠aero.polimi.it

I was encoding a ber of the form "{{something}" (note the missing "}") using HEAD's liblber. ber_flatten() was (correctly?) returning an empty value; perhaps it should return an error code, indicating that the ber is incomplete? Am I missing some function to test the validity of a ber? p.

12 years, 2 months

2
3
0 / 0

How Indexes work?

by Steeg Carson

Hello, I try to understand, how the LDAP-Indexes work. If I configure a Index for a Attribute like: index myAttribute eq the index file myAttribute.bdb is build in the data directory. When I search then ldapsearch -x -h localhost -D".." -b"<baseDN>" "(myAttribute=<searched key>)" how will the LDAP-Server process this request? Is there anywhere a good documentation? My assumption is: * At first, a the Index is looked up. The result are only the matched IDs. * The LDAP-Server now can quick give back all entries form id2enty.bdb If I use Indexes, are all other entries are examined too after give back the result from indexes? I have a database, and my search is like shown above. The search takes long. The cache is configured, the size is enough (approx. dn2id.bdb + id2entry.bdb). But what I see, is that the write IO from LDAP is enormously (seen with iotop). During the whole search, the write IO is higher than the read IO. Why? Thanks for help. Steeg

12 years, 2 months

3
6
0 / 0

Kerberos/GSSAPI issues

by Brian Candler

Hello, I'm setting up an openldap server for Kerberos (GSSAPI) authentication only. I'm using slapd-2.4.21 from Ubuntu 10.04.1. It's basically working, and I had to do very little other than change export KRB5_KTNAME in /etc/default/slapd to point to the service keytab. However, there are a couple of strange things which I wonder if someone could help me with. (1) According to the documentation at http://www.openldap.org/doc/admin24/sasl.html#GSSAPI then the authentication DN should be uid=<primary[/instance]>,cn=<realm>,cn=gssapi,cn=auth However, running slapd in debug mode I see the cn=<realm> is missing. Here I have a ticket for inst/admin(a)WS.NSRC.ORG and run slapd -d 255: ... do_bind: dn () SASL mech GSSAPI ==> sasl_bind: dn="" mech=<continuing> datalen=32 SASL Canonicalize [conn=1000]: authcid="inst/admin" slap_sasl_getdn: conn 1000 id=inst/admin [len=10] => ldap_dn2bv(16) <= ldap_dn2bv(uid=inst/admin,cn=GSSAPI,cn=auth)=0 slap_sasl_getdn: u:id converted to uid=inst/admin,cn=GSSAPI,cn=auth >>> dnNormalize: <uid=inst/admin,cn=GSSAPI,cn=auth> => ldap_bv2dn(uid=inst/admin,cn=GSSAPI,cn=auth,0) <= ldap_bv2dn(uid=inst/admin,cn=GSSAPI,cn=auth)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=inst/admin,cn=gssapi,cn=auth)=0 <<< dnNormalize: <uid=inst/admin,cn=gssapi,cn=auth> ==>slap_sasl2dn: converting SASL name uid=inst/admin,cn=gssapi,cn=auth to a DN <==slap_sasl2dn: Converted SASL name to <nothing> SASL Canonicalize [conn=1000]: slapAuthcDN="uid=inst/admin,cn=gssapi,cn=auth" SASL proxy authorize [conn=1000]: authcid="inst/admin" authzid="inst/admin" SASL Authorize [conn=1000]: proxy authorization allowed authzDN="" send_ldap_sasl: err=0 len=-1 do_bind: SASL/GSSAPI bind: dn="uid=inst/admin,cn=gssapi,cn=auth" sasl_ssf=56 ... ==> limits_get: conn=1000 op=3 self="uid=inst/admin,cn=gssapi,cn=auth" this="dc=ws,dc=nsrc,dc=org" ... Now this works, if I change my ACL to olcAccess: {0}to * by dn.regex="^uid=([^,]+)/admin,cn=gssapi,cn=auth$" manage by users read However, I wonder why the realm is missing, and whether it can be included (because in future, if I end up with a cross-realm setup, I'll want to see the realm for authorization) Is this a documentation error, or is there some configuration option which needs setting to preserve the realm? (2) I would like to be able to do ldapsearch without specifying -Y GSSAPI explicitly. However if I omit it, the client picks DIGEST-MD5 instead (which isn't much use, since I have no passwords in the database) # ldapsearch -b "ds=ws,dc=nsrc,dc=org" SASL/DIGEST-MD5 authentication started Please enter your password: Adding -d 255 I see that the server is offering these: ... ldap_sasl_interactive_bind_s: server supports: NTLM DIGEST-MD5 GSSAPI CRAM-MD5 ldap_int_sasl_bind: NTLM DIGEST-MD5 GSSAPI CRAM-MD5 ... How can I configure the server not to offer the other authentication mechanisms, or else to put GSSAPI at the front of the list? Thanks, Brian.

12 years, 2 months

4
13
0 / 0

Re: invalid credentials (49) for normal user

by rui

Hi, After running slapd with "-d 128" i have found lot of messages like this. Can somebody point me to standard acl for users, i want to authenticate for every user using ldap browser or c ldap api with ldap_simple_bind with binddn bindn=uid=rui,ou=People,o=m1,c=GB ############################### Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: access to entry "cn=rui,ou=Group,o=m1,c=GB", attr "objectClass" requested Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: to value by "", (=n) Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses, returning =n (stop) Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access to "cn=m4musers,ou=Group,o=m1,c=GB" "memberUid" requested Dec 29 14:13:54 m4mrh01 slapd: => acl_get: [2] attr memberUid Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: access to entry "cn=m4musers,ou=Group,o=m1,c=GB", attr "memberUid" requested Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: to value by "", (=n) Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses, returning =n (stop) Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access to "uid=rui,ou=People,o=m1,c=GB" "userPassword" requested Dec 29 14:18:04 m4mrh01 slapd: => acl_get: [1] attr userPassword Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: access to entry "uid=rui,ou=People,o=m1,c=GB", attr "userPassword" requested Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: to all values by "", (=n) Dec 29 14:18:04 m4mrh01 slapd: <= acl_mask: no more <who> clauses, returning =n (stop) Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access denied by =n ############################### I have also changed slapd.conf slightly ############################# access to attr=userPassword by self write by dn="uid=root,ou=People,o=M1,c=GB" write by * read access to * by self write by users read by anonymous auth ############################### Regards, rui > 1. invalid credentials (49) for normal user (rui) > 2. Re: invalid credentials (49) for normal user (Dieter Kluenter) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 24 Dec 2010 10:32:03 +0000 > From: rui <guideveloper(a)gmail.com> > To: openldap-technical(a)openldap.org > Subject: invalid credentials (49) for normal user > Message-ID: > <AANLkTikbS2LTj4D-0WMBdJXzMeBMpb3qO2=Y4wzPLv0G(a)mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, > > I have imported my passwd and groups file in ldap using > migrate_all_online.sh script. > > I am able to simple bind to ldap using > binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any > other user like rui etc with their linux password. Its says invalid > credentials. > > I need to bind for authentication and then get all the primary and > secondary groups of a user(how can i do that). Why am i having this > problem - do i have to do something extra? > > When bound as root, if i do "memberUid=root" i get all the secondary > groups but i want to do it for any user. > > I am using c ldap api at the moment. > > > Here is my slapd.conf file: > ################################################## > # # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. # > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/dyngroup.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/misc.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/openldap.schema > > ####################################################################### > # ldbm database definitions > ####################################################################### > database ldbm > suffix "o=M1,c=GB" > rootdn "uid=root,ou=People,o=M1,c=GB" > rootpw abc123 > directory /var/lib/ldap > > # Indices to maintain > index objectClass,uid,uidNumber,gidNumber eq > index cn,mail,surname,givenname eq,subinitial > > # # ACLs # > #access to dn="ou=People,o=M1,c=GB" > #attr=userPassword > #by self write > #by dn="uid=root,ou=People,o=M1,c=GB" write > #by * auth access to dn=".*,o=M1,c=GB" by self write > #by dn="uid=root,ou=People,o=M1,c=GB" write > #by * read access to dn=".*,o= M1,c=GB" > #by * read defaultaccess read > > access to attr=userpassword > by self write > by dn="uid=root,ou=People,o=M1,c=GB" write > by * read > > access to * > by self write > by dn=".+" read > by * read > > ############################################### > > Regards, > rui > > > ------------------------------ > > Message: 2 > Date: Sat, 25 Dec 2010 22:58:14 +0100 > From: "Dieter Kluenter" <dieter(a)dkluenter.de> > To: openldap-technical(a)openldap.org > Subject: Re: invalid credentials (49) for normal user > Message-ID: <87d3op1pmx.fsf(a)rubin.avci.de> > Content-Type: text/plain; charset=utf-8 > > rui <guideveloper(a)gmail.com> writes: > >> Hi, >> >> I have imported my passwd and groups file in ldap using >> migrate_all_online.sh script. >> >> I am able to simple bind to ldap using >> binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any >> other user like rui etc with their linux password. Its says invalid >> credentials. > [...] > > run slapd in debugging mode, i.e. -d acl > > > ############ >> # ldbm database definitions >> ####################################################################### >> database ldbm > > ldbm is historic and not supported. > > -Dieter > > -- > Dieter Kl?nter | Systemberatung > http://dkluenter.de > GPG Key ID:DA147B05 > 53?37'09,95"N > 10?08'02,42"E > > > ------------------------------ > > _______________________________________________ > openldap-technical mailing list > openldap-technical(a)openldap.org > http://www.openldap.org/lists/mm/listinfo/openldap-technical > > > End of openldap-technical Digest, Vol 37, Issue 22 > ************************************************** >

12 years, 2 months

3
6
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2010