Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years, 3 months
Re: (ITS#6666) Feature Request: Triggers implementation
by Buchan Milne
On Thursday, 7 October 2010 20:32:49 Nick Milas wrote:
> It all started for me when I wanted to watch a serial number value from
> an ldap-stored SOArecord (using powerdns with openldap backend) and when
> it changes to fire a bash script. I reached the conclusion it was not
> easy to be done with higher-level means within openldap and I created a
> bash script which scans (using ldapsearch and other linux tools) the
> SOArecords regularly (using cron) to find out if any change has happend
> and do whatever is required. It would be much more elegant if I could
> get a trigger from openldap when the SOArecord changes.
Maybe you need this:
http://memberwebs.com/stef/software/slapi-dnsnotify/
A more generic solution would be nice, but as far as I can tell, this software
satisfies your current need.
Regards,
Buchan
12 years, 4 months
Setting OPENLDAP_FD_SETSIZE on an existing directory
by George Siddiqui
Hi,
I recieved my first of these errrors from openldap server today.
slapd[1648]: warning: cannot open /etc/hosts.deny: Too many open files
The faqomatic suggest that I do the following:
env CPPFLAGS="-DOPENLDAP_FD_
SETSIZE=8192" ./configure
http://www.openldap.org/faq/data/cache/1126.html
Is there anyway I can set this without having to build openldap again?
Best regards,
George
--
George Siddiqui
Systems
BlueBolt Ltd
15-16 Margaret Street
London W1W 8RW
Tel: +44 207 637 5575
Mob: +44 7984 278 483
12 years, 7 months
"slapadd: corrupted double-linked list"
by Marc Patermann
Hi,
what could the following possibly be?
When I do a
# slapadd -q -v -c -l dump.ldif
to a SLES 11 SP1 (openldap 2.3.20)
I get this after a few 1000 entries:
*** glibc detected *** slapadd: corrupted double-linked list:
0x00007f3ef0cb9920 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x75018)[0x7f3eedeb2018]
/lib64/libc.so.6(+0x76e0e)[0x7f3eedeb3e0e]
/lib64/libc.so.6(+0x7ad91)[0x7f3eedeb7d91]
/lib64/libc.so.6(realloc+0xfa)[0x7f3eedeb81aa]
/usr/lib64/liblber-2.4.so.2(ber_memrealloc_x+0x48)[0x7f3eeffd4f48]
slapadd(ldif_read_record+0x121)[0x7f3ef07bcd81]
slapadd(slapadd+0x28b)[0x7f3ef070426b]
slapadd(main+0xd4)[0x7f3ef0678b84]
/lib64/libc.so.6(__libc_start_main+0xe6)[0x7f3eede5bbc6]
slapadd(+0x2d509)[0x7f3ef0678509]
======= Memory map: ========
7f3ecc000000-7f3ecc021000 rw-p 00000000 00:00 0
7f3ecc021000-7f3ed0000000 ---p 00000000 00:00 0
7f3ed0364000-7f3ed037a000 r-xp 00000000 08:02 48688 /lib64/libgcc_s.so.1
7f3ed037a000-7f3ed0579000 ---p 00016000 08:02 48688 /lib64/libgcc_s.so.1
7f3ed0579000-7f3ed057a000 r--p 00015000 08:02 48688 /lib64/libgcc_s.so.1
7f3ed057a000-7f3ed057b000 rw-p 00016000 08:02 48688 /lib64/libgcc_s.so.1
7f3ed057b000-7f3ed094c000 rw-p 00000000 00:00 0
7f3ed094c000-7f3ed1308000 rw-s 00000000 fd:05 172038
/var/lib/ldap/main-data/__db.003
7f3ed1308000-7f3ed16d9000 rw-p 00000000 00:00 0
7f3ed16d9000-7f3ed681b000 rw-s 00000000 fd:05 49158
/var/lib/ldap/human-data/__db.003
7f3ed681b000-7f3ed6d09000 rw-s 00000000 fd:05 49157
/var/lib/ldap/human-data/__db.002
7f3ed6d09000-7f3ed70da000 rw-p 00000000 00:00 0
7f3ed70da000-7f3eeb0dc000 rw-s 00000000 fd:05 335878
/var/lib/ldap/linux-data/__db.003
7f3eeb0dc000-7f3eeba8a000 rw-s 00000000 fd:05 335877
/var/lib/ldap/linux-data/__db.002
7f3eeba8a000-7f3eebaa7000 r-xp 00000000 fd:0a 163907
/usr/lib/openldap/modules/back_meta-2.4.so.2.5.3
7f3eebaa7000-7f3eebca6000 ---p 0001d000 fd:0a 163907
/usr/lib/openldap/modules/back_meta-2.4.so.2.5.3
7f3eebca6000-7f3eebca7000 r--p 0001c000 fd:0a 163907
/usr/lib/openldap/modules/back_meta-2.4.so.2.5.3
7f3eebca7000-7f3eebca8000 rw-p 0001d000 fd:0a 163907
/usr/lib/openldap/modules/back_meta-2.4.so.2.5.3
7f3eebca8000-7f3eebcac000 r-xp 00000000 fd:0a 795580
/usr/lib64/sasl2/libanonymous.so.2.0.22
7f3eebcac000-7f3eebeab000 ---p 00004000 fd:0a 795580
/usr/lib64/sasl2/libanonymous.so.2.0.22
7f3eebeab000-7f3eebeac000 r--p 00003000 fd:0a 795580
/usr/lib64/sasl2/libanonymous.so.2.0.22
7f3eebeac000-7f3eebead000 rw-p 00004000 fd:0a 795580
/usr/lib64/sasl2/libanonymous.so.2.0.22
7f3eebead000-7f3eebeaf000 r-xp 00000000 08:02 48656
/lib64/libkeyutils-1.2.so
7f3eebeaf000-7f3eec0ae000 ---p 00002000 08:02 48656
/lib64/libkeyutils-1.2.so
7f3eec0ae000-7f3eec0af000 r--p 00001000 08:02 48656
/lib64/libkeyutils-1.2.so
7f3eec0af000-7f3eec0b0000 rw-p 00002000 08:02 48656
/lib64/libkeyutils-1.2.so
7f3eec0b0000-7f3eec0b7000 r-xp 00000000 fd:0a 778733
/usr/lib64/libkrb5support.so.0.1
7f3eec0b7000-7f3eec2b7000 ---p 00007000 fd:0a 778733
/usr/lib64/libkrb5support.so.0.1
7f3eec2b7000-7f3eec2b8000 r--p 00007000 fd:0a 778733
/usr/lib64/libkrb5support.so.0.1
7f3eec2b8000-7f3eec2b9000 rw-p 00008000 fd:0a 778733
/usr/lib64/libkrb5support.so.0.1
7f3eec2b9000-7f3eec2bc000 r-xp 00000000 08:02 48700
/lib64/libcom_err.so.2.1
7f3eec2bc000-7f3eec4bb000 ---p 00003000 08:02 48700
/lib64/libcom_err.so.2.1
7f3eec4bb000-7f3eec4bc000 r--p 00002000 08:02 48700
/lib64/libcom_err.so.2.1
7f3eec4bc000-7f3eec4bd000 rw-p 00003000 08:02 48700
/lib64/libcom_err.so.2.1
7f3eec4bd000-7f3eec4e1000 r-xp 00000000 fd:0a 778721
/usr/lib64/libk5crypto.so.3.1
7f3eec4e1000-7f3eec6e0000 ---p 00024000 fd:0a 778721
/usr/lib64/libk5crypto.so.3.1
7f3eec6e0000-7f3eec6e2000 r--p 00023000 fd:0a 778721
/usr/lib64/libk5crypto.so.3.1
7f3eec6e2000-7f3eec6e3000 rw-p 00025000 fd:0a 778721
/usr/lib64/libk5crypto.so.3.1
7f3eec6e3000-7f3eec781000 r-xp 00000000 fd:0a 778731
/usr/lib64/libkrb5.so.3.3
7f3eec781000-7f3eec980000 ---p 0009e000 fd:0a 778731
/usr/lib64/libkrb5.so.3.3
7f3eec980000-7f3eec983000 r--p 0009d000 fd:0a 778731
/usr/lib64/libkrb5.so.3.3
7f3eec983000-7f3eec985000 rw-p 000a0000 fd:0a 778731
/usr/lib64/libkrb5.so.3.3
7f3eec985000-7f3eec9b0000 r-xp 00000000 fd:0a 778717
/usr/lib64/libgssapi_krb5.so.2.2
7f3eec9b0000-7f3eecbaf000 ---p 0002b000 fd:0a 778717
/usr/lib64/libgssapi_krb5.so.2.2
7f3eecbaf000-7f3eecbb0000 r--p 0002a000 fd:0a 778717
/usr/lib64/libgssapi_krb5.so.2.2
7f3eecbb0000-7f3eecbb1000 rw-p 0002b000 fd:0a 778717
/usr/lib64/libgssapi_krb5.so.2.2
7f3eecbb1000-7f3eecbb8000 r-xp 00000000 fd:0a 795710
/usr/lib64/sasl2/libgssapiv2.so.2.0.22
7f3eecbb8000-7f3eecdb7000 ---p 00007000 fd:0a 795710
/usr/lib64/sasl2/libgssapiv2.so.2.0.22
7f3eecdb7000-7f3eecdb8000 r--p 00006000 fd:0a 795710
/usr/lib64/sasl2/libgssapiv2.so.2.0.22
7f3eecdb8000-7f3eecdb9000 rw-p 00007000 fd:0a 795710
/usr/lib64/sasl2/libgssapiv2.so.2.0.22
7f3eecdb9000-7f3eecdbd000 r-xp 00000000 fd:0a 795583
/usr/lib64/sasl2/liblogin.so.2.0.22
7f3eecdbd000-7f3eecfbc000 ---p 00004000 fd:0a 795583
/usr/lib64/sasl2/liblogin.so.2.0.22
7f3eecfbc000-7f3eecfbd000 r--p 00003000 fd:0a 795583
/usr/lib64/sasl2/liblogin.so.2.0.22
7f3eecfbd000-7f3eecfbe000 rw-p 00004000 fd:0a 795583
/usr/lib64/sasl2/liblogin.so.2.0.22
7f3eecfbe000-7f3eecfc3000 r-xp 00000000 fd:0a 795586
/usr/lib64/sasl2/libsasldb.so.2.0.22
7f3eecfc3000-7f3eed1c2000 ---p 00005000 fd:0a 795586
/usr/lib64/sasl2/libsasldb.so.2.0.22
7f3eed1c2000-7f3eed1c3000 r--p 00004000 fd:0a 795586
/usr/lib64/sasl2/libsasldb.so.2.0.22
7f3eed1c3000-7f3eed1c4000 rw-p 00005000 fd:0a 795586
/usr/lib64/sasl2/libsasldb.so.2.0.22
7f3eed1c4000-7f3eed1c8000 r-xp 00000000 fd:0a 795707
/usr/lib64/sasl2/libplain.so.2.0.22
7f3eed1c8000-7f3eed3c7000 ---p 00004000 fd:0a 795707
/usr/lib64/sasl2/libplain.so.2.0.22
7f3eed3c7000-7f3eed3c8000 r--p 00003000 fd:0a 795707
/usr/lib64/sasl2/libplain.so.2.0.22
7f3eed3c8000-7f3eed3c9000 rw-p 00004000 fd:0a 795707
/usr/lib64/sasl2/libplain.so.2.0.22
7f3eed3c9000-7f3eed3cd000 r-xp 00000000 fd:0a 795716
/usr/lib64/sasl2/libcrammd5.so.2.0.22
7f3eed3cd000-7f3eed5cd000 ---p 00004000 fd:0a 795716
Without the "-q" switch it is running happily till the end.
Marc
12 years, 8 months
Granting write to ou
by Thomas D. Dahlmann
Hi
I'm trying to add ordinary users write access to a specific ou.
I've googled a lot and haven't really found any useful regarding to
openldap 2.4 (slapd.d format).
What would be the correct syntax for a ldapmodify command to accomplish
this to the dn: ou=addressbook,dc=example,dc=net ?
Thanks.
/Thomas
12 years, 8 months
Windows ldp.exe kills openldap 2.4.23
by Serge Dubrouski
Hello -
I just found that ldp.exe tool that comes with Windows is able to
successfully kill OpenLDAP 2.4.23 when one tries tp modify DN and
submits an empty old DN. Log files on openldap show this:
Dec 29 15:19:32 ottawa slapd[11818]: conn=1000 op=2 do_modrdn
Dec 29 15:19:32 ottawa slapd[11818]: do_modrdn: dn () newrdn (C=US)
newsuperior ()
Dec 29 15:19:32 ottawa slapd[11818]: >>> dnPrettyNormal: <>
Dec 29 15:19:32 ottawa slapd[11818]: <<< dnPrettyNormal: <>, <>
Dec 29 15:19:32 ottawa slapd[11818]: >>> dnPrettyNormal: <C=US>
Dec 29 15:19:32 ottawa slapd[11818]: <<< dnPrettyNormal: <c=US>, <c=us>
Dec 29 15:19:32 ottawa slapd[11818]: conn=1000 op=2 MODRDN dn=""
Is this a know bug (see ITS#6570) or something new? Is there a workaround it?
--
Serge Dubrouski.
12 years, 8 months
ber_flatten() of incomplete ber
by masarati@aero.polimi.it
I was encoding a ber of the form "{{something}" (note the missing "}")
using HEAD's liblber. ber_flatten() was (correctly?) returning an empty
value; perhaps it should return an error code, indicating that the ber is
incomplete? Am I missing some function to test the validity of a ber?
p.
12 years, 8 months
How Indexes work?
by Steeg Carson
Hello,
I try to understand, how the LDAP-Indexes work.
If I configure a Index for a Attribute like:
index myAttribute eq
the index file myAttribute.bdb is build in the data directory.
When I search then
ldapsearch -x -h localhost -D".." -b"<baseDN>" "(myAttribute=<searched key>)"
how will the LDAP-Server process this request?
Is there anywhere a good documentation?
My assumption is:
* At first, a the Index is looked up. The result are only the matched IDs.
* The LDAP-Server now can quick give back all entries form id2enty.bdb
If I use Indexes, are all other entries are examined too after give
back the result from indexes?
I have a database, and my search is like shown above. The search takes
long. The cache is configured, the size is enough
(approx. dn2id.bdb + id2entry.bdb).
But what I see, is that the write IO from LDAP is enormously (seen
with iotop). During the whole search, the write IO is higher than the
read IO.
Why?
Thanks for help.
Steeg
12 years, 8 months
Kerberos/GSSAPI issues
by Brian Candler
Hello,
I'm setting up an openldap server for Kerberos (GSSAPI) authentication only.
I'm using slapd-2.4.21 from Ubuntu 10.04.1.
It's basically working, and I had to do very little other than change
export KRB5_KTNAME in /etc/default/slapd to point to the service keytab.
However, there are a couple of strange things which I wonder if someone
could help me with.
(1) According to the documentation at
http://www.openldap.org/doc/admin24/sasl.html#GSSAPI
then the authentication DN should be
uid=<primary[/instance]>,cn=<realm>,cn=gssapi,cn=auth
However, running slapd in debug mode I see the cn=<realm> is missing. Here
I have a ticket for inst/admin(a)WS.NSRC.ORG and run slapd -d 255:
...
do_bind: dn () SASL mech GSSAPI
==> sasl_bind: dn="" mech=<continuing> datalen=32
SASL Canonicalize [conn=1000]: authcid="inst/admin"
slap_sasl_getdn: conn 1000 id=inst/admin [len=10]
=> ldap_dn2bv(16)
<= ldap_dn2bv(uid=inst/admin,cn=GSSAPI,cn=auth)=0
slap_sasl_getdn: u:id converted to uid=inst/admin,cn=GSSAPI,cn=auth
>>> dnNormalize: <uid=inst/admin,cn=GSSAPI,cn=auth>
=> ldap_bv2dn(uid=inst/admin,cn=GSSAPI,cn=auth,0)
<= ldap_bv2dn(uid=inst/admin,cn=GSSAPI,cn=auth)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=inst/admin,cn=gssapi,cn=auth)=0
<<< dnNormalize: <uid=inst/admin,cn=gssapi,cn=auth>
==>slap_sasl2dn: converting SASL name uid=inst/admin,cn=gssapi,cn=auth to a DN
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=1000]: slapAuthcDN="uid=inst/admin,cn=gssapi,cn=auth"
SASL proxy authorize [conn=1000]: authcid="inst/admin" authzid="inst/admin"
SASL Authorize [conn=1000]: proxy authorization allowed authzDN=""
send_ldap_sasl: err=0 len=-1
do_bind: SASL/GSSAPI bind: dn="uid=inst/admin,cn=gssapi,cn=auth" sasl_ssf=56
...
==> limits_get: conn=1000 op=3 self="uid=inst/admin,cn=gssapi,cn=auth" this="dc=ws,dc=nsrc,dc=org"
...
Now this works, if I change my ACL to
olcAccess: {0}to * by dn.regex="^uid=([^,]+)/admin,cn=gssapi,cn=auth$" manage by users read
However, I wonder why the realm is missing, and whether it can be included
(because in future, if I end up with a cross-realm setup, I'll want to see
the realm for authorization)
Is this a documentation error, or is there some configuration option which
needs setting to preserve the realm?
(2) I would like to be able to do ldapsearch without specifying -Y GSSAPI
explicitly. However if I omit it, the client picks DIGEST-MD5 instead
(which isn't much use, since I have no passwords in the database)
# ldapsearch -b "ds=ws,dc=nsrc,dc=org"
SASL/DIGEST-MD5 authentication started
Please enter your password:
Adding -d 255 I see that the server is offering these:
...
ldap_sasl_interactive_bind_s: server supports: NTLM DIGEST-MD5 GSSAPI CRAM-MD5
ldap_int_sasl_bind: NTLM DIGEST-MD5 GSSAPI CRAM-MD5
...
How can I configure the server not to offer the other authentication
mechanisms, or else to put GSSAPI at the front of the list?
Thanks,
Brian.
12 years, 8 months
Re: invalid credentials (49) for normal user
by rui
Hi,
After running slapd with "-d 128" i have found lot of messages like this.
Can somebody point me to standard acl for users, i want to
authenticate for every user using ldap browser or c ldap api with
ldap_simple_bind with binddn
bindn=uid=rui,ou=People,o=m1,c=GB
###############################
Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: access to entry
"cn=rui,ou=Group,o=m1,c=GB", attr "objectClass" requested
Dec 29 14:13:53 m4mrh01 slapd: => acl_mask: to value by "", (=n)
Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses,
returning =n (stop)
Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n
Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access to
"cn=m4musers,ou=Group,o=m1,c=GB" "memberUid" requested
Dec 29 14:13:54 m4mrh01 slapd: => acl_get: [2] attr memberUid
Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: access to entry
"cn=m4musers,ou=Group,o=m1,c=GB", attr "memberUid" requested
Dec 29 14:13:54 m4mrh01 slapd: => acl_mask: to value by "", (=n)
Dec 29 14:13:54 m4mrh01 slapd: <= acl_mask: no more <who> clauses,
returning =n (stop)
Dec 29 14:13:54 m4mrh01 slapd: => access_allowed: search access denied by =n
Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access to
"uid=rui,ou=People,o=m1,c=GB" "userPassword" requested
Dec 29 14:18:04 m4mrh01 slapd: => acl_get: [1] attr userPassword
Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: access to entry
"uid=rui,ou=People,o=m1,c=GB", attr "userPassword" requested
Dec 29 14:18:04 m4mrh01 slapd: => acl_mask: to all values by "", (=n)
Dec 29 14:18:04 m4mrh01 slapd: <= acl_mask: no more <who> clauses,
returning =n (stop)
Dec 29 14:18:04 m4mrh01 slapd: => access_allowed: auth access denied by =n
###############################
I have also changed slapd.conf slightly
#############################
access to attr=userPassword
by self write
by dn="uid=root,ou=People,o=M1,c=GB" write
by * read
access to *
by self write
by users read
by anonymous auth
###############################
Regards,
rui
> 1. invalid credentials (49) for normal user (rui)
> 2. Re: invalid credentials (49) for normal user (Dieter Kluenter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 24 Dec 2010 10:32:03 +0000
> From: rui <guideveloper(a)gmail.com>
> To: openldap-technical(a)openldap.org
> Subject: invalid credentials (49) for normal user
> Message-ID:
> <AANLkTikbS2LTj4D-0WMBdJXzMeBMpb3qO2=Y4wzPLv0G(a)mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
>
> I have imported my passwd and groups file in ldap using
> migrate_all_online.sh script.
>
> I am able to simple bind to ldap using
> binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any
> other user like rui etc with their linux password. Its says invalid
> credentials.
>
> I need to bind for authentication and then get all the primary and
> secondary groups of a user(how can i do that). Why am i having this
> problem - do i have to do something extra?
>
> When bound as root, if i do "memberUid=root" i get all the secondary
> groups but i want to do it for any user.
>
> I am using c ldap api at the moment.
>
>
> Here is my slapd.conf file:
> ##################################################
> # # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable. #
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/dyngroup.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/misc.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/openldap.schema
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
> database ldbm
> suffix "o=M1,c=GB"
> rootdn "uid=root,ou=People,o=M1,c=GB"
> rootpw abc123
> directory /var/lib/ldap
>
> # Indices to maintain
> index objectClass,uid,uidNumber,gidNumber eq
> index cn,mail,surname,givenname eq,subinitial
>
> # # ACLs #
> #access to dn="ou=People,o=M1,c=GB"
> #attr=userPassword
> #by self write
> #by dn="uid=root,ou=People,o=M1,c=GB" write
> #by * auth access to dn=".*,o=M1,c=GB" by self write
> #by dn="uid=root,ou=People,o=M1,c=GB" write
> #by * read access to dn=".*,o= M1,c=GB"
> #by * read defaultaccess read
>
> access to attr=userpassword
> by self write
> by dn="uid=root,ou=People,o=M1,c=GB" write
> by * read
>
> access to *
> by self write
> by dn=".+" read
> by * read
>
> ###############################################
>
> Regards,
> rui
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 25 Dec 2010 22:58:14 +0100
> From: "Dieter Kluenter" <dieter(a)dkluenter.de>
> To: openldap-technical(a)openldap.org
> Subject: Re: invalid credentials (49) for normal user
> Message-ID: <87d3op1pmx.fsf(a)rubin.avci.de>
> Content-Type: text/plain; charset=utf-8
>
> rui <guideveloper(a)gmail.com> writes:
>
>> Hi,
>>
>> I have imported my passwd and groups file in ldap using
>> migrate_all_online.sh script.
>>
>> I am able to simple bind to ldap using
>> binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any
>> other user like rui etc with their linux password. Its says invalid
>> credentials.
> [...]
>
> run slapd in debugging mode, i.e. -d acl
>
>
> ############
>> # ldbm database definitions
>> #######################################################################
>> database ldbm
>
> ldbm is historic and not supported.
>
> -Dieter
>
> --
> Dieter Kl?nter | Systemberatung
> http://dkluenter.de
> GPG Key ID:DA147B05
> 53?37'09,95"N
> 10?08'02,42"E
>
>
> ------------------------------
>
> _______________________________________________
> openldap-technical mailing list
> openldap-technical(a)openldap.org
> http://www.openldap.org/lists/mm/listinfo/openldap-technical
>
>
> End of openldap-technical Digest, Vol 37, Issue 22
> **************************************************
>
12 years, 8 months