Re: Samba, Openldap and ppolicy
by smainklh@free.fr
Hi Dieter,
I did a "slaptest -f $configfile -F $path" command, here are the results :
/etc/ldap/slapd.d/cn=config/cn\=module\{0\}.ldif
----
...
olcModuleLoad: {0}back_bdb
olcModuleLoad: {1}ppolicy.la
olcModuleLoad: {2}smbk5pwd.la
...
/etc/ldap/slapd.d/cn=config/olcDatabase\=\{1\}bdb/olcOverlay\=\{2\}smbk5pwd.ldif
---
dn: olcOverlay={2}smbk5pwd
objectClass: olcOverlayConfig
objectClass: olcSmbK5PwdConfig
olcOverlay: {2}smbk5pwd
olcSmbK5PwdEnable: samba
olcSmbK5PwdMustChange: 0
olcSmbK5PwdCanChange: 0
structuralObjectClass: olcSmbK5PwdConfig
entryUUID: 4fffa030-4543-102f-8b00-5f29b421ba43
creatorsName: cn=config
createTimestamp: 20100826095158Z
entryCSN: 20100826095158.762397Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20100826095158Z
I still have the following errors :
smbk5pwd: unable to find "krb5KDCEntry" objectClass.
Aug 26 11:52:03 deathnote2 slapd[13165]: config error processing olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config: <olcSmbK5PwdEnable> handler exited with 1
Aug 26 11:52:03 deathnote2 slapd[13165]: slapd stopped.
I thought that if i specify "olcSmbK5PwdEnable" parameter, it doesn't look for the krb5KDCEntry attribute...
Thanks for your help,
Smaine
----- Mail Original -----
De: "Dieter Kluenter" <dieter(a)dkluenter.de>
À: openldap-technical(a)openldap.org
Envoyé: Jeudi 26 Août 2010 11h12:47 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
Objet: Re: Samba, Openldap and ppolicy
smainklh(a)free.fr writes:
> Now another error :(
>
> @(#) $OpenLDAP: slapd 2.4.23 (Aug 24 2010 14:56:29) $ root@myserver:/root/openldap-2.4.23/debian/build/servers/slapd
> slapd[11666]: UNKNOWN attributeDescription "OLCSMBK5PWDENABLE" inserted.
> slapd[11666]: config error processing olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config,olcDatabase={1}bdb,cn=config:
The module smbk5pwd has not been loaded
>
> Old fashion configuration file :
> ---
> include /etc/ldap/schema/samba.schema
> ...
>
> moduleload smbk5pwd.la
> ...
> overlay smbk5pwd
> smbk5pwd-enable samba
>
>
>
> Overlay configuration :
> ---
> dn: olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcSmbK5PwdConfig
> olcOverlay: {2}smbk5pwd
> olcSmbK5PwdEnable: samba
You didn't provide a cn={x}module,cn=config entry, so most likely you
have not added an entry to load the module.
-Dieter
--
Dieter Klünter | Systemberatung
sip: 7770535(a)sipgate.de
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
10 years, 7 months
LDAP backend: schema synchronization?
by Mark J. Reed
OK, so I've got the ldap backend set up to talk to a couple different
servers, and it's working, but I can only see attributes that exist in
slapd's local schema. any way to import the schemas of the backends?
automatically would be great, manually would be ok...
--
Mark J. Reed <markjreed(a)gmail.com>
10 years, 7 months
Re: Samba, Openldap and ppolicy
by smainklh@free.fr
Now another error :(
@(#) $OpenLDAP: slapd 2.4.23 (Aug 24 2010 14:56:29) $ root@myserver:/root/openldap-2.4.23/debian/build/servers/slapd
slapd[11666]: UNKNOWN attributeDescription "OLCSMBK5PWDENABLE" inserted.
slapd[11666]: config error processing olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config,olcDatabase={1}bdb,cn=config:
Old fashion configuration file :
---
include /etc/ldap/schema/samba.schema
...
moduleload smbk5pwd.la
...
overlay smbk5pwd
smbk5pwd-enable samba
Overlay configuration :
---
dn: olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSmbK5PwdConfig
olcOverlay: {2}smbk5pwd
olcSmbK5PwdEnable: samba
----- Mail Original -----
De: smainklh(a)free.fr
À: smainklh(a)free.fr
Cc: openldap-technical(a)openldap.org
Envoyé: Jeudi 26 Août 2010 10h12:54 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
Objet: Re: Samba, Openldap and ppolicy
Ok,
now i followed the documentation and configured my slapd server like that :
include /etc/ldap/schema/samba.schema
...
moduleload smbk5pwd.la
...
overlay smbk5pwd
smbk5pwd-enable samba
But i still have the following error :
config error processing olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config:
Regards,
Smaine
Selon smainklh(a)free.fr:
>
> Hi,
>
> I already have an openldap server configured with a password policy.
> Now, i need to implement a samba server in order to authenticate my alfresco
> users.
>
> I would like to know how to keep my password policy working with these two
> authentication services.
> I've heard of the smbk5pwd but i don't know how to configure it.
>
> I upgraded to slapd 2.4.23.
>
> my slapd configuration :
> include samba.schema
> ...
> moduleload smbk5pwd.la
> ...
> overlay smbk5pwd
>
> But when i start the slapd service, it complains that some ObjectClass are
> missing.
> Maybe Samba needs to be upraded too ? ...
>
> I need your advices please.
>
> Regards,
> Smaine
10 years, 7 months
Re: Samba, Openldap and ppolicy
by smainklh@free.fr
Ok,
now i followed the documentation and configured my slapd server like that :
include /etc/ldap/schema/samba.schema
...
moduleload smbk5pwd.la
...
overlay smbk5pwd
smbk5pwd-enable samba
But i still have the following error :
config error processing olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config:
Regards,
Smaine
Selon smainklh(a)free.fr:
>
> Hi,
>
> I already have an openldap server configured with a password policy.
> Now, i need to implement a samba server in order to authenticate my alfresco
> users.
>
> I would like to know how to keep my password policy working with these two
> authentication services.
> I've heard of the smbk5pwd but i don't know how to configure it.
>
> I upgraded to slapd 2.4.23.
>
> my slapd configuration :
> include samba.schema
> ...
> moduleload smbk5pwd.la
> ...
> overlay smbk5pwd
>
> But when i start the slapd service, it complains that some ObjectClass are
> missing.
> Maybe Samba needs to be upraded too ? ...
>
> I need your advices please.
>
> Regards,
> Smaine
10 years, 7 months
Samba, Openldap and ppolicy
by smainklh@free.fr
Hi,
I already have an openldap server configured with a password policy.
Now, i need to implement a samba server in order to authenticate my alfresco
users.
I would like to know how to keep my password policy working with these two
authentication services.
I've heard of the smbk5pwd but i don't know how to configure it.
I upgraded to slapd 2.4.23.
my slapd configuration :
include samba.schema
...
moduleload smbk5pwd.la
...
overlay smbk5pwd
But when i start the slapd service, it complains that some ObjectClass are
missing.
Maybe Samba needs to be upraded too ? ...
I need your advices please.
Regards,
Smaine
10 years, 7 months
filter to find attributes with multiple values
by Tim Gustafson
Hi,
Is there any way to search for records that have multiple attributes?
For example, I'd like to know how many users have multiple userPassword values. Is there some filter syntax that can find that out for me?
Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
tjg(a)soe.ucsc.edu
831-459-5354
10 years, 7 months
stats2 and stats level logging
by Derek Yarnell
Hi,
So a while back we had to go away form stats (256) level debugging because it was spiking our Spunk traffic so much and go to stat2 (512). Even now 1 days worth of LDAP logs on one replica is 1.5G. Now the problem is that stat2 never gives a way to map the connection to a host. Is there anyway to do this? We seem to have one host that might be misbehaving in the amounts of ldap queries it is making but I can't exactly pin point it.
Thanks,
derek
Derek Yarnell
UNIX Systems Administrator
University of Maryland
Institute for Advanced Computer Studies
10 years, 7 months
replicate two branches?
by Isaac Hailperin
Hi,
I was wondering whether there is a way to replicate more then one
branch. I tried to replicate two branches using two syncrepl sections in
slapd.conf with different rid, but that got me an error
"syncrepl: database already shadowed"
So I suppose its at least not that easy.
The alternative would be to move all the branches into the same subtree
and just replicate that subtree.
Which raises the question: Is there a simpler way to move branches other
then dumping to ldif, do an intelligent search and replace for all the
dns, and then add the ldif again?
Isaac
10 years, 7 months
overlay: How to not apply attribute modification to background ?
by Lucas Brasilino
Hi
I'm writing an overlay which it's principal function is being called
on 'modify' operation. This
function basically see if a given attribute is being modified. If so,
it pass it's value to an external
daemon through an unix domain socket to store this value in an
external database.
Of course, when the 'modify' callback ends with SLAP_CB_CONTINUE, the operation
continues and the new value is committed to background. This is my
problem, I don't want
to really modify the attribute value at background....
So, Is there a way to 'abort' modify operation in my overlay without
stopping to pass control
to other overlays?
I saw there's others return values from callbacks, as SLAP_CB_BYPASS
and SLAP_CB_FREEME
but I'm not sure about it... I guess SLAP_CB_BYPASS do the trick, but
I'm not sure.
Thanks a lot in advance
Lucas Brasilino
10 years, 7 months
openldap-2.4.23 Segfault with Error number: 0xffffffffffffffff ()
by Yusuf Rajah
Hi All
I am using openldap-2.4.23 which I compiled from source with back-ndb
support.
I am able to browse the directory and add some data. When I try to add
the posixAccount to any entry, even a new one, I get an Error number:
0xffffffffffffffff () . I am using PhpLDAPadmin to manage the data. When
I have a look at /var/log/syslog the last three lines are :
Aug 24 15:45:24 sms slapd[1406]: conn=1001 op=5 MOD
dn="uid=test,ou=UIDs,ou=School Management System"
Aug 24 15:45:24 sms slapd[1406]: conn=1001 op=5 MOD attr=cn gidnumber
homedirectory objectclass uidnumber
Aug 24 15:45:24 sms kernel: [ 3368.265357] slapd[1437]: segfault at 28
ip 00000000004aa995 sp 00007f5b9b78ac10 error 4 in slapd[400000+169000]
I am not sure how to tackle this, your pearls of wisdom will be
tremendously appreciated.
Thank you kindly.
Yusuf Rajah
10 years, 8 months
