ldapmodify chando password
by Márcio Luciano Donada
Hi list,
I'm using ldapmodify to change the user password, but I am not able to
use the MD5 it. My question is, you can use the encryption method with
the ldapmodify?
thanks
--
Márcio Luciano Donada <mdonada -at- auroraalimentos -dot- com -dot- br>
Aurora Alimentos - Cooperativa Central Oeste Catarinense
Departamento de T.I.
13 years, 7 months
Re: bdb_index_read: failed
by Chris Jacobs
Ah, hah. I admit, I hadn't read that far back and made some ass/umptions.
Doh.
- chris
Chris Jacobs, Systems Administrator
Apollo Group | Apollo Marketing | Aptimus
2001 6th Ave Ste 3200 | Seattle, WA 98121
phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs(a)apollogrp.edu
----- Original Message -----
From: Howard Chu <hyc(a)symas.com>
To: Chris Jacobs
Cc: 'arwin(a)infopact.nl' <arwin(a)infopact.nl>; 'openldap-technical(a)openldap.org' <openldap-technical(a)openldap.org>
Sent: Fri May 07 01:06:15 2010
Subject: Re: bdb_index_read: failed
Chris Jacobs wrote:
> This was all assuming that this was an established service - and if you've
> simply taken over an admin role, this could have been going on for a while
> and the final 'culprit' may simply be missing indexes.
There is no missing index. The index is working correctly, it was simply asked
to find a value that does not exist. There's nothing abnormal about that,
there's nothing to fix. This whole thread is much ado about nothing.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
13 years, 7 months
Re: bdb_index_read: failed
by Chris Jacobs
I'd totally forgotten to reply-to-all:
Arwin,
You'd have to turn log levels up, and/or restrict usage to narrow that down (classic trouble shooting, to the rescue).
Personally, I'd ask your staff to start with (devs and IT) and ask what's being done different, or if there are new users of LDAP.
I can understand something being done that's 'new' or 'different' could very well be some snoop, but more likely the 'culprit' is going to be something 'ok'.
Moving on...
See when the events occur and (and perhaps who is authenticating)turn the log levels up during that time - that'll require a restart of slapd if your config is static files (now I really see the beauty of olconfig).
Start with just logging auth, whether you find a link there or not, and if you need more detail, log the queries (shudder).
Oh, and you'll need some 'spare' disk and cpu if this is a modestly used service. If you get to the latter part, you'll likely crush your box.
And back again...
Seriously, ask around. It'll likely be easier.
This was all assuming that this was an established service - and if you've simply taken over an admin role, this could have been going on for a while and the final 'culprit' may simply be missing indexes.
Good luck,
- chris
Chris Jacobs, Systems Administrator
Apollo Group | Apollo Marketing | Aptimus
2001 6th Ave Ste 3200 | Seattle, WA 98121
phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs(a)apollogrp.edu
----- Original Message -----
From: openldap-technical-bounces+chris.jacobs=apollogrp.edu(a)OpenLDAP.org <openldap-technical-bounces+chris.jacobs=apollogrp.edu(a)OpenLDAP.org>
To: Howard Chu <hyc(a)symas.com>
Cc: openldap-technical(a)openldap.org <openldap-technical(a)openldap.org>
Sent: Wed May 05 22:33:27 2010
Subject: Re: bdb_index_read: failed
Thanks Howard, thats good news.
However, I would like to know what or who is causing this.
I've tried different loglevels but matchting the error with the query/filter that's causing it is
rather challenging to say the least...
Any hints on how to find the query responsible?
Thanks!
Arwin.
Howard Chu schreef:
> Arwin wrote:
>> Hi all,
>>
>> We are running 1 master server and a couple of slaves, all
>> openldap-2.4 on Ubuntu 8.04 lts, syncrepl
>> and cn=config configuration.
>> The last couple of days we are getting a few of the following errors
>> in the slapd logs:
>>
>> Apr 29 11:03:41 ldapsrvr-1 slapd[6112]: bdb_idl_fetch_key: [b49d1940]
>> Apr 29 11:03:41 ldapsrvr-1 slapd[6112]:<= bdb_index_read: failed (-30990)
>> Apr 29 11:03:41 ldapsrvr-1 slapd[6112]:<= bdb_equality_candidates:
>> id=0, first=0, last=0
>> Apr 29 11:03:41 ldapsrvr-1 slapd[6112]: => bdb_equality_candidates
>> (objectClass)
>>
>> Tried solving it by re-adding the index and running slapindex but the
>> errors still remain.
>>
>> Everything seems to work ok though, replication works, we can add/edit
>> entries and user
>> authentication of accounts in the dit work just fine.
>>
>> Can anybody tell me if this (bdb_index_read: failed (-30990)) is
>> something that needs to be fixed
>> and if so, how?
>
> No. It's normal, it just means it was looking for the index of a value
> that doesn't exist in your DB.
>
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
13 years, 7 months
Re: LDAP_SERVER_DOWN in win32?
by Chris Jacobs
Ummm... I suspect your machine's firewall (likely built in one from Windows) might be blocking it.
- chris
Chris Jacobs, Systems Administrator
Apollo Group | Apollo Marketing | Aptimus
2001 6th Ave Ste 3200 | Seattle, WA 98121
phone: 206.441.9100 x1245 | mobile: 206.601.3256 | fax: 206.441.9661
email: chris.jacobs(a)apollogrp.edu
________________________________
From: openldap-technical-bounces+chris.jacobs=apollogrp.edu(a)OpenLDAP.org
To: openldap-technical(a)openldap.org
Sent: Fri May 07 00:30:26 2010
Subject: LDAP_SERVER_DOWN in win32?
I try to use openldap in windows xp. there is some implentations of openldap-win32-2.4.x. I have used every one of them, and openldap for linux in debian.
the same problem is i can't connect them except the server is in localhost if my client run at win32, even i try to build my client in openldap, novel cldap and winldap.
init is ok, bind is ok( i'm sure bind result should be >0 ,not LDAP_SUCCESS), but it report LDAP_SERVER_DOWN when i try to do some operations like search, add ...
and the problem do not exist if I run my client(build with openldap or novell cldap) in linux(debian testing ), all server is ok.
I try PHPLDAPAdmin and config it use openldap running at some window host, the problem is the same , LDAP_SERVER_DOWN.
thanks for help
gtalk:freeespeech@gmail.com<mailto:gtalk%3Afreeespeech@gmail.com>
________________________________
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
13 years, 7 months
LDAP_SERVER_DOWN in win32?
by owen nirvana
I try to use openldap in windows xp. there is some implentations of
openldap-win32-2.4.x. I have used every one of them, and openldap for linux
in debian.
the same problem is i can't connect them except the server is in localhost
if my client run at win32, even i try to build my client in openldap, novel
cldap and winldap.
init is ok, bind is ok( i'm sure bind result should be >0 ,not
LDAP_SUCCESS), but it report LDAP_SERVER_DOWN when i try to do some
operations like search, add ...
and the problem do not exist if I run my client(build with openldap or
novell cldap) in linux(debian testing ), all server is ok.
I try PHPLDAPAdmin and config it use openldap running at some window host,
the problem is the same , LDAP_SERVER_DOWN.
thanks for help
gtalk:freeespeech@gmail.com <gtalk%3Afreeespeech(a)gmail.com>
13 years, 7 months
testing bind result in slapi pluging
by Gianluigi Nigro
Hi,
i'm writing a plugin for SLAPI_PLUGIN_POST_BIND_FN operation:
int mia_init(Slapi_PBlock *pb)
{
...
...
If( slapi_pblock_set(pb, SLAPI_PLUGIN_POST_BIND_FN, (void *)mia_get) !=
0)
{
slapi_log_error(SLAPI_LOG_PLUGIN, "mia_init", "error" );
return -1;
}
...
return 0;
}
int mia_get(Slapi_PBlock *pb)
{
...
int oprc = -1;
...
if( slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0
)
{
If ( oprc == 0 )
Do something
else
Do something else
}
...
}
The slapi_pblock_get for SLAPI_PLUGIN_OPRETURN always return 0 even if
the bind operation is failed (for example following an error 49 Invalid
Credentials ).
Is there a way to test if the bind operation is successful or failed ?
Tanks
Gianluigi Nigro
gianluigi.nigro(a)passepartout.sm <mailto:gianluigi.nigro@passepartout.sm>
------------------------------
Passepartout s.a.
World Trade Center - Edificio A
Via Consiglio dei Sessanta, 99 - 47891 Dogana - RSM
tel. 0549 978011
fax 0549 978005
www.passepartout.net <http://www.passepartout.net>
--------------------------------------------------------------------
Il contenuto di questo messaggio di posta elettronica e ogni eventuale documento a quest'ultimo allegato puo contenere informazioni la cui riservatezza e' tutelata ed e' rivolto unicamente agli effettivi destinatari i quali prendono atto del carattere non strettamente personale dei messaggi di risposta, che potranno essere noti all'organizzazione aziendale. Sono vietati la riproduzione e l'uso di questo messaggio in mancanza di autorizzazione del destinatario. Se avete ricevuto questo messaggio per errore, vogliate cortesemente chiamarci immediatamente per telefono o fax e distruggere quanto ricevuto (compresi i file allegati) senza farne copia. Qualsivoglia utilizzo non autorizzato del contenuto di questo messaggio costituisce violazione dell'obbligo di non prendere cognizione della corrispondenza tra altri soggetti.
13 years, 7 months
bdb_index_read: failed
by Arwin
Hi all,
We are running 1 master server and a couple of slaves, all openldap-2.4 on Ubuntu 8.04 lts, syncrepl
and cn=config configuration.
The last couple of days we are getting a few of the following errors in the slapd logs:
Apr 29 11:03:41 ldapsrvr-1 slapd[6112]: bdb_idl_fetch_key: [b49d1940]
Apr 29 11:03:41 ldapsrvr-1 slapd[6112]: <= bdb_index_read: failed (-30990)
Apr 29 11:03:41 ldapsrvr-1 slapd[6112]: <= bdb_equality_candidates: id=0, first=0, last=0
Apr 29 11:03:41 ldapsrvr-1 slapd[6112]: => bdb_equality_candidates (objectClass)
Tried solving it by re-adding the index and running slapindex but the errors still remain.
Everything seems to work ok though, replication works, we can add/edit entries and user
authentication of accounts in the dit work just fine.
Can anybody tell me if this (bdb_index_read: failed (-30990)) is something that needs to be fixed
and if so, how?
T.i.a.
Arwin.
13 years, 7 months
cn=monitor attributes (monitorOpInitiated for example) missing in cn=Subschema
by mike
Hi Everyone,
I am having an issue accessing attributes that are not in "cn=Subschema"
I'm using openldap-stable-20100219.tgz build. When I look at cn=Monitor with browsing tools (like Softerra LDAP browser) I do see entries for monitorOpInitiated and monitorOpCompleted in DN cn=Operations,cn=Monitor. For example from a ldapsearch result:
# Modify, Operations, Monitor
dn: cn=Modify,cn=Operations,cn=Monitor
structuralObjectClass: monitorOperation
creatorsName:
modifiersName:
createTimestamp: 20100421205801Z
modifyTimestamp: 20100421205801Z
monitorOpInitiated: 39
monitorOpCompleted: 39
entryDN: cn=Modify,cn=Operations,cn=Monitor
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
When I look at cn=Subschema, I do not see any definitions of these two attributes. Shouldn't they be there?
Using (unfortunately) Microsoft's VBScript, ADODB, and ADsDSOOBJECT to access to access cn=Monitor, I can access everything that is defined in the subschema (entryDN, modifyTimestamp, etc); however, I cannot access MonitorOpInitiated and such. Looking at the logs, It looks like the query never gets to the ldap server because MS checks it against the cn=subschema.
I saw ITS#4947 and ITS#5576 which sounds like what my problem is (attributes not published). Is there a fix for this and what would that fix be?
My OS for the ldap server is Redhat Enterprise 5.4.
At the end of this email is my redacted slapd.conf file.
I had sent this to the bugs mail-list, but they said to post it here.
---Thanks
Mike Cannady
[root@vmLDAPdev2 openldap]# cat slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/HTC/iaaa-radius.schema
include /usr/local/etc/openldap/HTC/radius.schema
include /usr/local/etc/openldap/HTC/users.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
loglevel 0x100
#loglevel any
sizelimit unlimited
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
ServerID 002
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
access to *
by dn.one="ou=replicants,ou=admin,dc=htc,dc=com" read
by * break
access to dn.subtree="dc=htc,dc=com"
by dn.one="ou=admin,dc=htc,dc=com" manage
by self write
by anonymous auth
access to *
by self write
by users read
by anonymous auth
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=htc,dc=com"
rootdn "cn=Manager,dc=htc,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {xxxxxxx}xxxxxxxxxxxxxxxxxxxxxxxxxx
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
cachesize 50000
dncachesize 50000
idlcachesize 150000
checkpoint 1024 5
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryCSN eq
index entryUUID eq
# Replicas of this database
syncrepl rid=001
provider=ldap://vmldapdev1.htc.external:389
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=htc,dc=com"
attrs="*,+"
bindmethod=simple
binddn="uid=vmldapdev2,ou=replicants,ou=admin,dc=htc,dc=com"
credentials=atest2
mirrormode TRUE
overlay syncprov
syncprov-checkpoint 1000 1
database monitor
[root@vmLDAPdev2 openldap]
13 years, 7 months
slapo-memberof Usage
by Stuart Cherrington
Hello again,
Having successfully upgraded my LDAP install to 2.4.22 on Redhat 5.3 I've been looking at use of the 'slapo-memberof' schema as provided by openldap2.4-server package.
The man page for slapo-memberof2.4 indicates I can use the 'memberof-dn' directive.
So, I've updated my slapd.conf file to allow the 'moduleload memberof.la' to be used and restarted ldap2.4 services. On the client I have configured my ldap.conf without the memberof directive and it works fine, but when I use memberof I can no longer login.
nss_base_passwd ou=people,dc=ldn,dc=sw,dc=com
Works fine
nss_base_passwd ou=people,dc=ldn,dc=sw,dc=com?sub?memberof-dn=cn=access,ou=auth,dc=ldn,dc=sw,dc=com
Fails to log me in.
I can see the people and auth OU's from the client using ldapsearch.
Questions:
What is the correct syntax for using the memberof-dn directive?
If the client does NOT have the openldap2.4-server package installed, does it pass the 'memberof-dn' directive to my LDAP server to be parsed?
TIA,
Stuart.
_________________________________________________________________
http://clk.atdmt.com/UKM/go/195013117/direct/01/
We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now
13 years, 7 months
cross-compiling for different hardware
by Michael Pitcher
Is it possible to use OpenLDAP to cross-compile on a build(host) machine (e.g., little-endian) for a different target (big-endian)?
If so, how?
I have tried several ways to setup configure but no success.
It looks like, for example, liblber generates the same objects (.lo) for the target and also (.o) for the build(host). Is this correct?
Pointers, hints would be welcome. Thanks.
--
Mike
13 years, 7 months
