openldap-technical July 2011

openldap-technical@openldap.org

80 participants
92 discussions

Re: cannot access entries
by ian logan 04 Jul '11

04 Jul '11

Why not adjust your logLevel to include ACL processing, its usually very informative. On Jul 4, 2011, at 1:23 PM, Friedrich Locke wrote: > This is for learning purposes, the password will not be that one on a > production system. > ypldap access is just before any other more restrictive. > > My questions still remains: how may i have a listing of entry directly > below (one level only) a given base ? > Searching with a filter is interest too. But i am being prevented. > Does anybody here know how it could be done given my access rules on > the prior email ? > > Thanks once more. > > > On Mon, Jul 4, 2011 at 4:01 PM, Chris Jacobs <Chris.Jacobs(a)apollogrp.edu> wrote: >> The ypldap access should be before the one that limits more - the more restrictive one will match first. >> >> If that account is intended as you main 'root'-ish account, it should probably be granted access to all right off the bat. >> >> Also: change your ldap password now. (I've done this; sent a password to the mailing list - dumb). >> >> - chris >> >> Chris Jacobs, Systems Administrator, Technology Services Group >> Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. >> 2001 6th Ave | Ste 3200 | Seattle, WA 98121 >> phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 >> email: chris.jacobs(a)apollogrp.edu >> >> ----- Original Message ----- >> From: openldap-technical-bounces(a)OpenLDAP.org <openldap-technical-bounces(a)OpenLDAP.org> >> To: openldap-technical(a)openldap.org <openldap-technical(a)openldap.org> >> Sent: Mon Jul 04 11:19:45 2011 >> Subject: cannot access entries >> >> Hi list members, >> >> i am trying to configure accesses to my ldap server, but i am doing >> some wrong i am not aware about. The access list is below: >> >> access to dn.one="ou=appsrv,dc=ufv,dc=br" attrs=userpassword >> by self read >> by anonymous auth >> by * none >> >> access to dn.one="ou=appsrv,dc=ufv,dc=br" >> by self read >> by * none >> >> access to dn.one="ou=people,dc=ufv,dc=br" attrs=userpassword >> by self read >> by anonymous auth >> by * none >> >> access to dn.one="ou=people,dc=ufv,dc=br" >> by self read >> by dn.exact="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read >> by * none >> >> access to dn.one="ou=group,dc=ufv,dc=br" >> by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read >> by * none >> >> >> ======================================= >> >> The command i am executing and its output is below >> >> sioux@gustav$ ldapsearch -x -w ypldapA4esuopdV -D >> cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -s one >> # extended LDIF >> # >> # LDAPv3 >> # base <ou=people,dc=ufv,dc=br> with scope oneLevel >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # search result >> search: 2 >> result: 32 No such object >> >> # numResponses: 1 >> sioux@gustav$ >> >> Why am i not getting a list of entries below ou=people,dc=ufv,dc=br ? >> >> Thanks in advance. >> >> >> >> This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system. >> >> >> >

1 0

Status of support for draft-wahl-ldap-session
by Michael Ströder 04 Jul '11

04 Jul '11

HI! It seems there is support for draft-wahl-ldap-session in OpenLDAP's source since 2007 but it seems not to be enabled in a default build. Is it sufficient to compile with -DSLAP_CONTROL_X_SESSION_TRACKING or do I also have to use -DLDAP_DEVEL (because of ifdef in ldap.h). The latter does not work with 2.4.26... Should I file an ITS for it? Ciao, Michael.

1 1

cannot access entries
by Friedrich Locke 04 Jul '11

04 Jul '11

Hi list members, i am trying to configure accesses to my ldap server, but i am doing some wrong i am not aware about. The access list is below: access to dn.one="ou=appsrv,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none access to dn.one="ou=appsrv,dc=ufv,dc=br" by self read by * none access to dn.one="ou=people,dc=ufv,dc=br" attrs=userpassword by self read by anonymous auth by * none access to dn.one="ou=people,dc=ufv,dc=br" by self read by dn.exact="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none access to dn.one="ou=group,dc=ufv,dc=br" by dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" read by * none ======================================= The command i am executing and its output is below sioux@gustav$ ldapsearch -x -w ypldapA4esuopdV -D cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -s one # extended LDIF # # LDAPv3 # base <ou=people,dc=ufv,dc=br> with scope oneLevel # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1 sioux@gustav$ Why am i not getting a list of entries below ou=people,dc=ufv,dc=br ? Thanks in advance.

2 2

problem with pwdReset
by Cyril Grosjean 04 Jul '11

04 Jul '11

2 1

cn=config and plugins
by Hanns Mattes 03 Jul '11

03 Jul '11

Hi, I'm interested in using the slapi-dnsnotify-plugin to notify slaves of changes in the pdns-server. There's an example configuration using slapd.conf[1], but I'd like to know how a plugin is configured using cn=config. Distribution ist Opensuse 11.3 zypper info shows: Name: openldap2 Version: 2.4.21-10.3.1 Arch: x86_64 (As far as I understand the *.spec-file, plugins aren't enabled in this built, so I'll have to compile my own version. Or am I wrong?) Any advice? Please let me know, if any further information is required (and please be patient, as my writing and understanding in english is limited :-)) TIA Hanns Mattes [1] http://thewalter.net/stef/software/slapi-dnsnotify/configuration.html

1 0

how to configure use of tls w/ rwm-rewritemap
by Ron Peterson 01 Jul '11

01 Jul '11

Hi, I have a rewrite map configured like: database ldap suffix "ou=myou" uri "ldap://my.backend/" tls start tls_cacertdir=/my/ca/cert/dir rwm-rewriteMap ldap uid2adminDN "ldap://my.backend/ou=yada,dc=yada?dn?sub" binddn="uid=someone,..." credentials="etc" My back end is configured to require tls, i.e. security ssf=128 update_ssf=128 simple_bind=128 If I remove that requirement, everything works. When I add it, my back end ldap server logs: Jul 1 09:24:28 mid slapd[13011]: conn=1006 op=0 BIND dn="uid=someone,..." method=128 Jul 1 09:24:28 mid slapd[13011]: conn=1006 op=0 RESULT tag=97 err=13 text=confidentiality required How do I configure rwm-rewritemap to use tls? -Ron-

2 3

stange log
by Friedrich Locke 01 Jul '11

01 Jul '11

I am seeing the log messages below on my openldap installation: @(#) $OpenLDAP: slapd 2.4.23 (Jun 28 2011 17:55:44) $ @gustav.cpd.ufv.br:/usr/ports/pobj/openldap-2.4.23/build-amd64/servers/slapd Backend ACL: access to dn.subtree="cn=monitor" by dn.base="cn=oldap,dc=ufv,dc=br" read by * none Backend ACL: access to * by * none config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context slapd starting What does it mean? How may i avoid these messages ? What do i need to fix ? Thanks once more.

2 1

schema
by Friedrich Locke 01 Jul '11

01 Jul '11

Hi! Does anybody know where i could download the schema for simpleSecurityObject class ? Thanks in advance.

2 1

Re: schema
by ian logan 01 Jul '11

01 Jul '11

It comes with OpenLDAP, its in the Cosine schema file. On Jul 1, 2011, at 8:18 AM, Friedrich Locke wrote: > Hi! > > Does anybody know where i could download the schema for > simpleSecurityObject class ? > > Thanks in advance. >

1 0

Re: simple binds
by Friedrich Locke 01 Jul '11

01 Jul '11

Quanah, thank you for your support and patience too; now i got it working as i wished. If you come to brasil, let me know and i'll pay you some beers. Fried. On Thu, Jun 30, 2011 at 7:38 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > --On Thursday, June 30, 2011 7:22 PM -0300 Friedrich Locke > <friedrich.locke(a)gmail.com> wrote: > >> Is it possible to perform simple binds but looking up the entry's >> password in a kerberos server? > > Please spend some time reading the OpenLDAP documentation. Your question > here is clearly answered in the OpenLDAP Admin guide, section 14.5: > > <http://www.openldap.org/doc/admin24/security.html> > > --Quanah > > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

1 0

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical July 2011