Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years, 3 months
Authenticate Mac OS X users against OpenLDAP on Debian
by Mi
We added a Mac to our network, and I would like the network users to be able to login with their existing credentials on our Debian openLDAP server.
I configured the LDAP access on the Mac, and it can indeed see the users and groups from the openldap server. But when I try to login after clicking "Other...", the login window shakes around, and nothing happens.
The server logs show the connection from the Mac and it's searches ( http://pastebin.com/MB2JswAa).
(Logging is configured with Parse, Stats, Stats2, Sync. Is there something else I should add to logging that may be useful?)
On the Mac, I didn't find anything looking helpful in the logs (http://pastebin.com/yRreFQrJ), but maybe I don't know what to look for.
I found many instructions on the Internet which concentrate on mounting user homes from the server over NFS. This is NOT what we want. Users would be authenticated with openldap, but have their homes locally on the Mac, like normal users.
I also saw many mentions of adding the apple schema, and I have done that. But maybe I now need to actually use parts of that schema in the user records?
Thanks for any help...
12 years
autofs wild cards
by Collins, Cris
My auto.home has "* host:/export/&" for user directories. When I use
the automount migration tool the * is changed to / and I get the error:
adding new entry "cn=/,ou=auto.home,dc=domain,dc=com"
ldapadd: Naming violation (64)
additional info: value of naming attribute 'cn' is not
present in entry
Is there a way to get the wild card to work or do I need to enter each
user instead of using a wild card?
Thank you for your time.
12 years, 2 months
Slapd 2.4 upgrade woes.
by ray klassen
I recently upgraded to debian squeeze and found that the slapd configuration
had been completely revamped. It's now using the cn=config setup. I was authenticating against a locally
replicated copy of my directory behind a firewall. I was using anonymous binding for my own purposes and I want to continue using it that way. I don't really want to enter into a prolonged discussion of why I
shouldn't. I just want to know if there is a simple way of reconfiguring under the new regime so that it will work the same way it did before.
Any Takers?
12 years, 3 months
when use overlay translucent error
by daydayeat
openldap-2.4.23
man slapo-translucent says:
If neither translucent_local nor translucent_remote are specified, the default behavior is
to search the remote database with the complete search filter. If only translucent_local is
specified, searches will only be run on the local database. Likewise, if only translu-
cent_remote is specified, searches will only be run on the remote database. In any case,
both the local and remote entries corresponding to a search result will be merged before
being returned to the client.
but when i test:
local proxy conf:
#######################################################
# Primary database definitions
#######################################################
######################################################
#databse bdb
#####################################################
database bdb
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=test,dc=com"
rootpw "123456"
directory /usr/local/ldap/var/openldap-data
index objectClass eq
######################################################
#overlays
######################################################
overlay translucent
#translucent_remote street
#translucent_local street
uri ldap://remote:388
lastmod off
idassert-bind bindmethod=simple
binddn="cn=Manager,dc=test,dc=com"
######################################################
remote conf:
#######################################################
# Primary database definitions
#######################################################
database bdb
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=ec,dc=com"
rootpw "123456"
directory "/usr/local/ldap1/var/openldap-data"
index objectClass eq
#######################################################
remote database have a entry:
# 111, GF3, ec.com
dn: o=111,o=GF3,dc=test,dc=com
objectClass: organization
o: 111
street: remote
and in the local database change the street value:
# 111, GF3, ec.com
dn: o=111,o=GF3,dc=test,dc=com
objectClass: organization
o: 111
street: local
then change the value "translucent_remote and translucent_local" in the local proxy conf。Do search in local:
1 set "translucent_local street"
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=local"
the result is:
# extended LDIF
#
# LDAPv3
# base <dc=test,dc=com> with scope subtree
# filter: street=local
# requesting: ALL
#
# 111, GF3, ec.com
dn: o=111,o=GF3,dc=ec,dc=com
objectClass: organization
o: 111
street: local
It is right.
2 set "translucent_remote street"
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=local"
have no result.
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=remote"
have no result
why?
3 do not set any
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=local"
have no result.
"ldapsearch -D "cn=Manager,dc=test,dc=com" -x -w 123456 -b "dc=test,dc=com" street=remote"
have no result
why?
12 years, 3 months
Authenticate with smartcard or other certificate
by Thomas Gäbler
Hi @ all,
is it possible, to authenticate with any kind of certificate (smartcard,
softwaretoken, ...)?
Now, I have the following solution:
I have an additional attribute for the serialNumber of the certificate
stored in the ldap-entry.
If a user will auth with certificate, i search for all entries, where the
serial-attribute match.
for the matching entries i read the certificate from ldap and check the
public key.
but for an other implementation i need a possibility to auth directly with
certificate.
Any idea?
Thanks for help!
procilon IT-Solutions GmbH
Leipziger Stra�e 110
04425 Taucha bei Leipzig
tel: +49 34298 4878-10
fax: +49 34298 4878-11
www.procilon.de
Sitz der Gesellschaft: Leipziger Stra�e 110, 04425 Taucha bei Leipzig
Amtsgericht Leipzig HRB 18003 , Gesch�ftsf�hrer Steffen Scholz
Diese E-Mail kann Betriebs- oder Gesch�ftsgeheimnisse oder sonstige vertrauliche Informationen
enthalten. Sollten Sie diese E-Mail irrt�mlich erhalten haben, ist Ihnen eine Kenntnisnahme des
Inhalts, eine Vervielf�ltigung oder Weitergabe der E-Mail ausdr�cklich untersagt.
Bitte benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail.
Vielen Dank.
This e-mail may contain trade secrets or privileged, undisclosed, or otherwise confidential
information. If you have received this e-mail in error, you are hereby notified that any review,
copying, or distribution of it is strictly prohibited. Please inform us immediately and destroy
the original transmittal. Thank you for your cooperation.
12 years, 3 months
OpenLDAP search filters
by Anita Luca
Hello all,
I need to replace the standard AD filters with OpenLDAP filters. Basically, I assume that what changes is the value of the property (e.g. objectType=user might become objectType=person or any other value, not sure what OpenLDAP works with).
Below the queries on AD:
User search filter: (objectClass=user)
User attribute: sAMAccountName
User browse filter: (|(objectClass=user)(objectClass=organizationalUnit))
Group search filter: (objectClass=group)
Group attribute: member
Group browse filter: (|(objectClass=group)(objectClass=organizationalUnit))
User member of attribute: memberOf
OU search filter: (objectClass=organizationalUnit)
Hope you can help with a suggestion, or at least a list of properties and values for objects, where I could search.
Thanks,
Anita Luca
12 years, 3 months
slapo-rwm to change userPassword attribute into a string
by Lucio Capuani
That is, in OpenLDAP the userPassword attribute is binary, even when its
content is cleartext.
I would need to have an extra attribute of "String" type, containing that
very password. Is it possible to achieve this by using slapo-rmw (or maybe
translucent?), by creating a view that "offers" that "fake" string
attribute, rather than being forced to duplicate the real source attribute
into a second one, only differently encoded?
Thank you so much,
--
Lucio
12 years, 3 months
Should Berkeley DB backends be reloaded occasionally?
by Mark
Back in the days of OpenLDAP 2.1 with Berkeley DB 4.1.25.3 we used to have
to 'reload' out backend database occasionally as non-indexed reads would get
slower and slower over time. The 'reload' entailed:
- stop slapd
- slapcat the contents to an .ldif file
- remove the database files
- slapadd the .ldif file to create a new, fresh db instance
- start slapd
Then our performance problems went away. Re-indexing didn't do the trick.
Is such occasional re-building of the backend database recommended in
OpenLDAP 2.4.25 with Berkeley DB 4.8.30?
Thank you,
Mark
12 years, 3 months
