openldap-technical June 2010

openldap-technical@openldap.org

104 participants
113 discussions

Unique Overlay Help
by Piyush Joshi 24 Jun '10

24 Jun '10

Dear Expert, I have used unique overlay with my openldap install and that's working now i want two of my attributes to be unique and that's not possible currnetly. Can it be added in following openldap releases or can any one make change in unique overlay to perform the same. -- Regards ****************************** Piyush Joshi System administrator 9415414376 ****************************** "Ability is what you're capable of doing. Motivation determines what you do. Attitude determines how well you do it"

3 3

Overlays and OpenLDAP multi-threading model
by Lucas Brasilino 24 Jun '10

24 Jun '10

Hi! I'm starting to see how overlays works to write one. But I've got a doubt and I'm asking to be sure: Is the overlay stack called within each thread ? If so, I think it can't block an entire thread pool, right ? My concern is about performance. The overlay I'm writing will only take place in some backend data modifications but it can be quite slow in terms of OpenLDAP connection handling, because it will be communicating via IPC with another process... If this overlay blocks only one connection, it's ok. But if it's blocks an entire thread pool, I'll have to figure out another solution. Thanks a lot in advance Lucas Brasilino

2 5

LDAP Account Manager
by Foo Bar 24 Jun '10

24 Jun '10

hi thanks for your answers. I have begin to test with the *LDAP Account Manager and it works. :-) know my question. **i** have create a user with a standard password. i will when the user make his first login than the client make a request to cange his password. how can i create this on **LDAP Account Manager* or must i do this on the openldap? * * * * thx m.enderlein -- Mit freundlichen Grüßen / Best Regards fooCCfoo

3 2

Re-investigating ppolicy + chain issues on a consumer: chain configuration
by Siddhartha Jain 23 Jun '10

23 Jun '10

I am still stuck at the same place where a chained consumer allows a client to auth with a bad password. Remove chaining and bad passwords are no longer accepted. To troubleshoot from scratch, I am curious about how chaining should be configured in the new ldif-based configuration scheme? Initially, I created a slapd.conf with the appropriate chaining statements and converted that file to "slapd.d". The conversion places all the chaining config under the "frontend" database. : [0115] root@ldaps01:olcDatabase={-1}frontend # ; ls -lR .: total 8 drwxr-x--- 2 ldap ldap 4096 Jun 24 00:30 olcOverlay={0}chain -rw------- 1 ldap ldap 433 Jun 22 23:00 olcOverlay={0}chain.ldif ./olcOverlay={0}chain: total 8 -rw------- 1 ldap ldap 591 Jun 23 23:53 olcDatabase={0}ldap.ldif -rw------- 1 ldap ldap 893 Jun 24 00:30 olcDatabase={1}ldap.ldif Interestingly, it creates two "ldap" databases for a single "chain" overlay. Can someone please explain why/how is this so? Why does chaining go to "frontend" db instead of being under the database that is chained? I tried to create the "ldap" databases under a "bdb" database but OpenLDAP won't allow that. Thanks, Siddhartha

2 1

data for search_base and bind_dn in postfix config.
by sam 23 Jun '10

23 Jun '10

Hi, With Openldap 24, postfix 2.8, I want to add the following entries in mydestination.cf file into my openldap database, Content of file mydestination.cf: server_host = 127.0.0.1 server_port = 389 search_base = lookupName=mydestination,cn=postfix,cn=mailstore,ou=server,ou=edv,dc=example,dc=net scope = sub timeout = 30 bind = yes bind_dn = cn=postfix,ou=system,ou=accounts,dc=example,dc=net bind_pw = XXXXXXXXXX version = 3 start_tls = no query_filter = (lookupKey=%s) result_attribute = lookupValue My current openldap entry is shown below: # cat initial.ldif dn: dc=ip6,dc=com,dc=au objectClass: top objectClass: dcObject objectClass: organization o: IP6 Networks dc: ip6 # super user node dn: cn=root,dc=ip6,dc=com,dc=au objectclass: organizationalRole objectclass: simpleSecurityObject cn: root description: LDAP administrator userPassword: {MD5}cW2LX0AjZxSBzv/mflD3xQ== According to my current initial openldap database entries, can I change the entires in the mydesitination.cf file into the following data? search_base = lookupName=mydestination,cn=postfix,ou=hometest,dc=ip6,dc=com,dc=au scope = sub timeout = 30 bind = yes bind_dn = cn=postfix,ou=accounts,dc=ip6,dc=com,dc=au bind_pw = {MD5}cW2LX0AjZxSBzv/mflD3xQ== Very appreciate for any suggestion and help. Thanks Sam

1 0

openldap pwdReset
by Allgood, John 23 Jun '10

23 Jun '10

Hey All I have a question for you all. I am using openldap 2.4.31 on Centos 5.5 and using the ppolicy overlay. I have also compiled the smbk5 module to update the samba attr when the user password is updated. My problem is to change the password and have the samba password update I have to use ldappasswrd which works great. If I force a pwdReset and login via gdm the password program take over and sets the posix password but this does not change the samba side nor does it adhere to the ppolicy. I am thinking this may something related to /etc/pamd/system-auth file but not sure. Any feedback would be appreciated. John Allgood Senior Systems Administrator OHL Transportation Services 2251 Jesse Jewell Pky. NE Gainesville, GA 30507 tel: (678) 989-3051 fax: (770) 531-7878 jallgood(a)ohl.com<mailto:jallgood@ohl.com> www.ohl.com<http://www.ohl.com> ______________________________________________________ This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.

4 5

Copying trees from one consumer to another
by Nick Urbanik 23 Jun '10

23 Jun '10

Dear Folks, With slurpd, copying a tree from one slave to another was like this: 1. stop slapd on both slaves. 2. netcat the directory across from one slave to the other. 3. stop slurpd on master 4. edit slurpd.status to make the time and replication number match by copying that for the source to that for the destination slave. 5. start everything back up. My question with syncrepl is: How do I copy the database for a tree from one consumer to another consumer (of the same producer) so that the newly copied replica knows where its replication should continue from? Is the state for replication of the database stored in the contextCSN of the suffix entry? If so, does that mean that with syncrepl, the above operation is reduced to the following three steps? 1. Stop slapd on both consumers. 2. Netcat the database from one to the other. 3. start both consumers. -- Nick Urbanik http://nicku.org 808-71011 nick.urbanik(a)optusnet.com.au GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24 I disclaim, therefore I am.

5 12

Re: smbk5pwd: ldappassword hangs
by Frank Van Damme 23 Jun '10

23 Jun '10

2010/6/10 Quanah Gibson-Mount <quanah(a)zimbra.com>: > --On Thursday, June 10, 2010 1:36 PM +0200 Frank Van Damme > <frank.vandamme(a)gmail.com> wrote: > >> 2010/6/7 Quanah Gibson-Mount <quanah(a)zimbra.com>: >>> >>> --On Monday, June 07, 2010 11:56 AM +0200 Frank Van Damme >>> What version of OpenLDAP are you using? You've failed to mention that >>> anywhere. >> >> 2.4.11 (Debian 5.0). > > There have been multiple fixes to smbk5pwd since that release. Plus > hundreds of fixes elsewhere in the software. I would highly advise you to > upgrade to a current release, and most specifically to build OpenLDAP with > OpenSSL rather than GnuTLS. Once you've done that, then see if you continue > to have issues. > > --Quanah I did so. I had some rough times trying to get through the compilation process (of version 2.4.21), because test 44 kept failing - then I disabled the dynlist overlay which tests the dynlist and compilation succeeded fine. The server works, too. But the original problem has not gone away. As soon as I try ldappasswd-ing with the smb5kpwd overlay enabled, the process hangs (at least, if authentication of the user I test this with, succeeds). The module is off course compiled from the contrib tree of 2.4.21. -- Frank Van Damme A: Because it destroys the flow of the conversation. Q: Why is it bad? A: No, it's bad. Q: Should I top post in replies to mailing lists or on Usenet?

2 2

How to change OpenLDAP database directory
by Mail Admin 23 Jun '10

23 Jun '10

Hello, I am very new to Linux and Openldap. We have setup a mail server on CentOS, Postfix, Dovecot, etc witth OpenLDAP as backend. 1) We want to change the daabase directory of Openldap from /var/lib/ldap to /var/vmail/ldap. Could someone please let me know the settings I need to make to achieve this? 2) I tried to creae /var/lib/ldap as a linked folder (actual database located under /var/vmail/ldap). Permissions to the files and folders under this were set exactly the same. when I start ldap service, i get the following error: backend_startup_one: bi_db_open failed! (-1) slap_startup failed (test would succeed using the -u switch) [FAILED] stale lock files may be present in /var/lib/ldap/dbname [WARNING] If I remove the linked folder and copy the contents to /var/lib/ldap, everything works perfectly fine. Is linked folder not going to work for ldap? or am I missing something here? (Please note that the folder /var/vmail is a separate LUN in the SAN). I would like to achieve any one of the scinario mentioned above. Any help on this would be highly appreciated. Best Regards PineMail Admin

1 0

Configuring slapd.conf-less OpenLDAP
by Braden McDaniel 22 Jun '10

22 Jun '10

I'm trying to get OpenLDAP up and running on Fedora (12) using the cn=config-based configuration. I've changed /etc/openldap/slapd.d/cn=config/oldCatabase={1}bdb.ldif to point to my domain: olcSuffix: dc=endoframe,dc=net olcRootDN: cn=Manager,dc=endoframe,dc=net And I've added: olcRootPW: [slappasswd output] However, I haven't had any luck using this password: # ldapadd -x -D "cn=Manager,dc=endoframe,dc=net" -W -f Manager.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) Is there some other way I should be specifying the password? -- Braden McDaniel <braden(a)endoframe.com>

2 2

← Newer
1
2
3
4
5
6
7
...
12
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical June 2010