openldap-technical June 2011

openldap-technical@openldap.org

80 participants
92 discussions

Start a nNew thread

userPassword
by Friedrich Locke 30 Jun '11

30 Jun '11

What does userPassword: {SASL}xxx(a)MY.DOMAIN mean? Thanks a lot.

2 1

I cannot auth against SASL
by Friedrich Locke 30 Jun '11

30 Jun '11

Hi! i am trying to authenticate binding the DN below and it works nicely. dn: uid=grios,ou=people,dc=ufv,dc=br uid: grios objectclass: organizationalrole objectclass: posixaccount cn: Gustavo Rios uidnumber: 2000 gidnumber: 2000 homedirectory: /home/grios userpassword: {SSHA}dWhcPjgDn4EGb/FwGMYbxx7fIqAuXCN7 loginshell: /bin/sh gecos: Gustavo V G C Rios,,, But if i change userpassword attribute to {SASL}grios(a)UFV.BR it does not work when i bind the same DN above. Does anybody have an ideia about my mistaken ? Thanks in advance.

3 2

i am desperated: authentication without success
by Friedrich Locke 30 Jun '11

30 Jun '11

Hi folks, i am trying to search my base tree but i am not able to connect due to "invalid credentials (49)". It seems very confusing because i am sure i am using the correct password. sioux@gustav$ ldapsearch -w $my_pass -D uid=grios,ou=people,dc=ufv,dc=br -b 'dc=ufv,dc=br' -s one ldap_bind: Invalid credentials (49) sioux@gustav$ The entry's ldif whose rdn is uid=grios is: dn: uid=grios,ou=people,dc=ufv,dc=br uid: grios objectclass: organizationalrole objectclass: posixaccount cn: Gustavo Rios uidnumber: 2000 gidnumber: 2000 homedirectory: /home/grios userpassword: {SASL}grios(a)ufv.br loginshell: /bin/sh gecos: Gustavo V G C Rios,,, I am monitoring heimdal kerberos log file and cyrus-sasl log file too. Nothing is shown there. I DON'T really have any ideia on my mistaken. May you please help me? Kind regards. Fried.

2 1

slaptest returns "index attribute "reqStart" undefined
by Mike Greene 30 Jun '11

30 Jun '11

Hello list members, I am trying to setup ldap 2.4.23 on new FreeBSD 8.2 "consumer" server to replace a current system that is quite old. I have copied over the slapd.conf file and associated certs, etc from the production system and I'm able to get the server working using the sample slapd.conf and examples in the quick setup guide. When I run slaptest -f slapd.conf.artemis on the configuration file I copied over I get the error: slapd.conf.artemis: line 86: index attribute "reqStart" undefined slaptest: bad configuration file! Running the same test on the production server's slapd.conf produces no error at all. I've googled, RTFM and read man pages trying to get a clue as to what might be causing this, but I'm unable to unearth any leads that have helped so far. What I have tried is to copy the production *.bdb files over to the new server thinking that was the problem, I didn't try re-indexing those files (just read about slapindex late last night, so haven't tried that yet) I was also thinking that I might need to run slapcat on the production db's and then import the ldif file using slapadd (which I'm setting up to test shortly). Clearly I'm missing something, I'm hoping that someone here who is much more adept at LDAP can suggest some additional things to try. Below is what I think are the relevant portions of the slapd.conf file, which shows the section the slaptest complains about, the second section is our replication area which I believe is directly related to the replication process. database bdb suffix cn=accesslog directory /usr/local/var/db/openldap-accesslog rootdn cn=accesslog index default eq index entryCSN,objectClass,reqStart,reqResult,reqEnd overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logpurge 07+00:00 01+00:00 I'm trying to bootstrap my Sys Admin skills (after a 12 year absence) due to the sudden loss of my long time admin, with mixed results! Time will tell, appreciate any suggestions you might have to get me past this particular issue. Mike Greene Rock Island Technology Solutions, Inc. San Juan Islands, WA. 360-378-5884 x201

2 2

slapo-memberof across proxy
by Hugo Monteiro 30 Jun '11

30 Jun '11

Hello list, With this type of setup, Client (A) <-----> back_ldap Proxy (B) <-----> syncrepl Slave (C) <-----> Master (D) I have configured the memberof overlay on both (C) and (D). I am able to query both (C) and (D), either to specifically retrieve the memberof attribute or to perform a query which filter is based on the memberof attribute. All works fine with (C) and (D) If i issue the same type of queries from (A) to (B), i'm able to retrieve the memberof attribute alright *BUT* i cannot perform searches which contain the memberof attribute on the query filter. Does (B) need any special configuration so that back_ldap can cope with the memberof overlay available on the backend servers? Thanks in advance, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email : hugo.monteiro(a)fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.pt apoio(a)fct.unl.pt fct.unl.pt:~# _

2 2

Re: protected entry
by Friedrich Locke 30 Jun '11

30 Jun '11

To which objectclass should the entry belongs to ? What about access rules ? Thanks On Wed, Jun 29, 2011 at 8:14 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > --On Wednesday, June 29, 2011 8:00 PM -0300 Friedrich Locke > <friedrich.locke(a)gmail.com> wrote: > >> Dear list users, >> >> i would like to have an entry in my openldap server thats needs to >> have a password so that it would be able to permit clients to bind as >> it providing its password. >> For instance: cn=x,ou=y,dc=a,dc=b >> So anyone knowing "cn=x,ou=y,dc=a,dc=b" 's password could bind as it. > > Add a userPassword value to that entry. > > --Quanah > > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

2 1

ldap root disable su
by Arif Ali 30 Jun '11

30 Jun '11

Hi list, I have used ldap for a while now, and we are currently looking at some security options for users to not to be able to hack the ldap system what we want is that for anyone who is root not to be able to su to any ldap user. Is there anything in the slapd.conf that can be configured to do that Arif Ali catch me on freenode IRC, username: arif-ali

1 0

OpenLDAP mirror replication ldif format
by Simon Massart 30 Jun '11

30 Jun '11

Hi there, I recently installed a new Debian 6 and OpenLDAP to test the new ldif format configuration. The problem is that I do not have any base configuration to use slaptest to migrate my config to ldif format. My main concern is now to find a manual/tutorial, to be able to setup a mirror replication with ldif format, because all I can find is using the old slapd.conf. Can anyone point me somewhere, where I could find some help or give my a quick example ? Thanks in advance for any return, Sismon

2 1

bad credential
by Friedrich Locke 30 Jun '11

30 Jun '11

I upload the ldif file below into my openldap server: dn: dc=ufv,dc=br dc: ufv objectclass: dcobject objectclass: organization o: Universidade Federal de Vicosa dn: ou=group,dc=ufv,dc=br ou: group objectclass: top objectclass: organizationalunit dn: cn=its,ou=group,dc=ufv,dc=br cn: its objectclass: posixgroup gidnumber: 1000 dn: cn=asd,ou=group,dc=ufv,dc=br cn: asd objectclass: posixgroup gidnumber: 1001 memberuid: sioux dn: cn=dba,ou=group,dc=ufv,dc=br cn: dba objectclass: posixgroup gidnumber: 1002 memberuid: sioux dn: cn=wbx,ou=group,dc=ufv,dc=br cn: wbx objectclass: posixgroup gidnumber: 1003 dn: cn=alg,ou=group,dc=ufv,dc=br cn: alg objectclass: posixgroup gidnumber: 1004 memberuid: sioux dn: cn=djb,ou=group,dc=ufv,dc=br cn: djb objectclass: posixgroup gidnumber: 1005 dn: cn=nofiles,ou=group,dc=ufv,dc=br cn: nofiles objectclass: posixgroup gidnumber: 1006 dn: cn=qmail,ou=group,dc=ufv,dc=br cn: qmail objectclass: posixgroup gidnumber: 1007 dn: cn=ftp,ou=group,dc=ufv,dc=br cn: ftp objectclass: posixgroup gidnumber: 1008 dn: cn=src,ou=group,dc=ufv,dc=br cn: src objectclass: posixgroup gidnumber: 1009 dn: cn=ord,ou=group,dc=ufv,dc=br cn: ord objectclass: posixgroup gidnumber: 2000 dn: cn=adc,ou=group,dc=ufv,dc=br cn: adc objectclass: posixgroup gidnumber: 2001 dn: cn=bod,ou=group,dc=ufv,dc=br cn: bod objectclass: posixgroup gidnumber: 2002 dn: cn=frn,ou=group,dc=ufv,dc=br cn: frn objectclass: posixgroup gidnumber: 2003 dn: ou=people,dc=ufv,dc=br ou: people objectclass: top objectclass: organizationalunit dn: uid=sioux,ou=people,dc=ufv,dc=br uid: sioux objectclass: organizationalrole objectclass: posixaccount cn: Gustavo Rios uidnumber: 1000 gidnumber: 1000 homedirectory: /home/sioux userpassword: {SASL}sioux(a)UFV.BR loginshell: /bin/sh Gecos: Gustavo V G Coelho Rios,,, But when i try the command below, i get invalid credential sioux@gustav$ ldapsearch -x -W -D 'uid=sioux,ou=people,dc=ufv,dc=br' -b dc=ufv,dc=br Enter LDAP Password: ldap_bind: Invalid credentials (49) sioux@gustav$ And when i try: $ ldapsearch -Y GSSAPI -b dc=ufv,dc=br it works perfectly. Any ideia about why it does not work ?

1 0

autofs wild cards
by Collins, Cris 30 Jun '11

30 Jun '11

My auto.home has "* host:/export/&" for user directories. When I use the automount migration tool the * is changed to / and I get the error: adding new entry "cn=/,ou=auto.home,dc=domain,dc=com" ldapadd: Naming violation (64) additional info: value of naming attribute 'cn' is not present in entry Is there a way to get the wild card to work or do I need to enter each user instead of using a wild card? Thank you for your time.

2 1

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical June 2011