Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
6 years, 12 months
Re: (ITS#6666) Feature Request: Triggers implementation
by Buchan Milne
On Thursday, 7 October 2010 20:32:49 Nick Milas wrote:
> It all started for me when I wanted to watch a serial number value from
> an ldap-stored SOArecord (using powerdns with openldap backend) and when
> it changes to fire a bash script. I reached the conclusion it was not
> easy to be done with higher-level means within openldap and I created a
> bash script which scans (using ldapsearch and other linux tools) the
> SOArecords regularly (using cron) to find out if any change has happend
> and do whatever is required. It would be much more elegant if I could
> get a trigger from openldap when the SOArecord changes.
Maybe you need this:
http://memberwebs.com/stef/software/slapi-dnsnotify/
A more generic solution would be nice, but as far as I can tell, this software
satisfies your current need.
Regards,
Buchan
12 years
Suitability of LDAP as DNS backend - PowerDNS LDAP backend moving to unmaintained status
by Nick Milas
Hi,
We've been using for several months PowerDNS Authoritative Server v9.22
with LDAP backend (simple mode), using OpenLDAP (v2.4.22) for hosting
our organization's domains (and reverse zones) and it has been working
fine (low query times, reliable etc.) so we enjoy having all our
organization's data stored/maintained in the same DIT in LDAP.
However, as PowerDNS Authoritative Server is preparing for the next
version (3.0), it seems that the LDAP backend will be unmaintained (see:
http://mailman.powerdns.com/pipermail/pdns-users/2011-March/007547.html)
as the LDAP backend developer is no more working on it (see:
http://www.mail-archive.com/pdns-users@mailman.powerdns.com/msg03625.html).
It has been alleged (see ref. above) that "We don't think that LDAP is a
particularly good or interesting place to store DNS data. It will for
example have big problems with PowerDNSSEC because of lack of ordering."
Moreover, PowerDNS LDAP backend (although current open bugs are very few
and of relatively low severity) lacks features (e.g. Notify, which we
implement using custom script, cron and notify-dns-slaves, see:
http://mailman.powerdns.com/pipermail/pdns-users/2010-October/007109.html)
and is not being evolved any more.
Additionally, LDAP/database backend projects for BIND9 (SDB and DLZ) do
not seem very well maintained either. In any case we prefer PowerDNS
approach where backend implementation is cleaner and direct.
So, my questions:
* From the above and your experience, do you consider LDAP should
not be preferred as DNS backend?
* Should LDAP be avoided as a DNS/DNSSEC backend?
* Would any companies / developer(s) from the OpenLDAP world -
perhaps already using or interested in using DNS with LDAP backend
- would be willing to devote some time to fix a couple of small
bugs and keep the very well-designed and developed PowerDNS LDAP
backend in shape? We could even start some community donation
effort (to support this development), but I don't know if there is
sufficient usage/interest in the LDAP backend that would generate
enough funds.
In essence, should we drop LDAP as a DNS Record datastore, due to the
lack of a properly maintained backend and/or unsuitability for (e.g.
DNSSEC) evolution, or you think there IS interest for the maintenance /
evolution of the LDAP backend by the OpenLDAP developers/community (even
by becoming more openldap-oriented rather than being cross-platform)?
Best Regards,
Nick
12 years
help with smbk5pwd-enable
by Brijesh
Hi,
I have recently upgraded the openldap and now it doen't start it stops
saying that
unknown directive <smbk5pwd-enable> inside backend database definition
It has been working fine untill the upgrade. I am using heimdal and
openldap on mandriva. Following are the details of those packages.
openldap-smbk5pwd- 2.4.21-3mdv2010.1
openldap-servers- 2.4.22-2.2mdv2010.2
Any help would be arrciated.
Thanks
Brijesh
12 years
Invalid DN Syntax in Shell Script
by Inácio Alves
Hi to all,
I'm trying write a script shell to simplifies the change of pass of users.
Then I write
function verificaSenha(){
whoAmI=`whoami`
param=`echo "ldapsearch -x -W -D
\"uid=$whoAmI,ou=People,dc=ifce,dc=edu,dc=br\" -b \"dc=ifce,dc=edu,dc=br\"
\"(uid=$whoAmI)\""`
exec `echo "$param"`
}
the line param=... produces a command line that when I write directly in the
term it works, however in the line exec "$param" I am solicitated my LDAP
pass (like in directly term) but when I type I get
ldapsearch -x -W -D "uid=inacio,ou=People,dc=ifce,dc=edu,dc=br" -b
"dc=ifce,dc=edu,dc=br" "(uid=inacio)"
Enter LDAP Password:
ldap_bind: Invalid DN syntax (34)
additional info: invalid DN
what is wrong?
Best regards!!
--
Atenciosamente,
prof. Inácio Alves
IFCE/Campus Maracanaú
Bacharel em Matemática (UFC)/ Técnico em Conectividade(IFCE)
http://www.polluxweb.com/inacioalves/site/
12 years
EnableXPS
by Leonardo
Dear Friends,
I configured XPS in slapd.conf,
but when i start my OpenLDAP, it stop and show the following msg "unknown
directive <EnableXPS> outside backend info and database definitions.",
anybody could help me?
Thanks.
12 years
[OpenLDAP 2.4.23-7 ] Trouble using rwm to delete ObjectClass & attribute
by Cédric COPY
Hi there,
I have some trouble using rwm overlay. In fact, i am not sure it fits
my need, but the documentation isn't explicit about that point.
I am trying to make some replication from a master OpenLDAP server to
some other server in my DMZ, through a proxy. The proxy retrieve what
i need from the master, then push it to DMZ server.
There is some attribute on my master server that I don't want on the
DMZ server, for instance sambaGroupMapping & sambaSamAccount. The idea
was using rwm to delete those objectClass, and attribute.
But it doesn't work, i can change objectClass name, but i can't delete
them, and i can delete attribute, not rename them (doesn't matter in
my case).
Here is my configuration, i tried something with the relay backend,
but it doesn't matter, focus on rwm configuration.
########################################################
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/authldap.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel -1
modulepath /usr/lib/ldap
moduleload back_ldap
moduleload back_relay
moduleload syncprov
moduleload rwm
database ldap
suffix "ou=proxy,o=ca,c=net"
uri ldap://ldap-dmz
acl-bind bindmethod=simple
idassert-bind
bindmethod=simple
binddn="cn=admin,ou=real,o=ca,c=net"
credentials="secret"
database relay
suffix "ou=real,o=ca,c=net"
relay "ou=proxy,o=ca,c=net"
rootdn "cn=admin,ou=real,o=ca,c=net"
lastmod on
restrict all
overlay rwm
rwm-rewriteEngine on
#Don't work
rwm-map objectclass sambaGroupMapping
#Work
rwm-map objectclass sambaSamAccount sa
#Don't work
rwm-map objectclass *
syncrepl rid=001
provider=ldap://ldap
attrs="@inetOrgPerson,@posixAccount,@shadowAccount,@organizationalPerson,@person"
bindmethod=simple
searchbase="ou=people,ou=real,o=ca,c=net"
type=refreshAndPersist
retry="60 +"
interval=00:00:01:00
schemachecking=off
overlay syncprov
########################################################
Documentation about rwm overlay does not indicate that objectClass
can't be renamed.
I also tried to filter those attribute thanks to exattrs / attrs of my
syncrepl overlay, but don't work either, it doesn't delete the
objectClass (seen with wireshark).
Maybe it's not the right way to delete those things. If you have any
idea about how to do it.
Thanks you for help.
Regards,
Cédric.
12 years
Replicating a translucent proxy
by Jonathan Hanks
Is it possible to replicate a translucent proxy?
In our project we have a central LDAP repository that is populated with
generic information about our collaboration and its users. This is
replicated out to various sites in a master -> slave setup via syncrepl.
At the sites we may need site local information. We have been
addressing this via a translucent overlay.
However it would be nice to have some redundancy on the translucent overlay.
What is the best way to approach this?
My ldap servers (including the translucent proxy) are on CentOS 5
running OpenLDAP 2.4.18 (built from source). The master is running on a
Debian system on 2.4.x.
--
Jonathan Hanks
General Computing Sys Admin
LIGO Hanford Observatory
12 years, 1 month
Recover User Password?
by Alberto Moreno
Hi.
I had been using samba with openldap as a backend.
But I had never need to recover a user password from LDAP.
Exist a way to recover user passwords?
Ldap running on Centos 5.5 2.3.43.x
Samba 3.3.x
DB: dbd.
Thanks!!!
--
LIving the dream...
12 years, 1 month
RE: Problem Compiling openldap-2.4.23
by Darouichi, Aziz
Thanks I got it to work after I re-checked my env.
-----Original Message-----
From: Michael Ströder [mailto:michael@stroeder.com]
Sent: Friday, April 29, 2011 11:30 AM
To: Darouichi, Aziz
Subject: Re: Problem Compiling openldap-2.4.23
Please keep responses on the mailing list.
Darouichi, Aziz wrote:
> But I am using BDB 5.1.23
It seems this is not used. Maybe a typo in this path:
/usr/local/Berkely-5.1
^^
missing "e"?
Ciao, Michael.
> -----Original Message-----
> From: Michael Ströder [mailto:michael@stroeder.com]
> Sent: Friday, April 29, 2011 11:20 AM
> To: Darouichi, Aziz
> Cc: openldap-technical(a)openldap.org
> Subject: Re: Problem Compiling openldap-2.4.23
>
> Darouichi, Aziz wrote:
>> I installed Berkeley 5.1.25.NC in RHEL 32 when I try to compile
>> openldap-2.4.23 using the followings.
>>
>> CPPFLAGS="-I/usr/local/Berkely-5.1/include"
>> LDFLAGS="-L/usr/local/Berkley-5.1/lib" ./configure --prefix=/opt/local
>>
>> LD_LIBRARY_PATH=/usr/local/Berkley-5.1/lib , export LD_LIBRARY_PATH.
>>
>> I get the error message.
>>
>> checking for Berkeley DB major version in db.h... 4
>> checking for Berkeley DB minor version in db.h... 3
>> checking if Berkeley DB version supported by BDB/HDB backends... no
>> configure: error: BerkeleyDB version incompatible with BDB/HDB backends
>
> BDB 4.3.x should not be used because of severe issues with this version:
>
> http://www.openldap.org/faq/data/cache/44.html
>
> Ciao, Michael.
12 years, 1 month
