Nssov overlay in Ubuntu 12.04
by Simone Scremin
Hi all,
I'm trying to setup the nssov overlay in Ubuntu 12.04.
I setup the server as the official doc suggested here:
https://help.ubuntu.com/12.04/serverguide/openldap-server.html
Now I'm stuck because I didn't find anywhere a working ldif example to enable the addon.
I tried with the following ldif:
dn: olcOverlay={0}nssov,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcNssOvConfig
olcOverlay: {0}nssov
olcNssSsd: test ldap:///ou=People,dc=example,dc=com
but I get:
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
Can someone please give some advice?
Thank you!
Simone Scremin
10 years, 10 months
Lastlogon attribute
by jeevan kc
Hello there
Does any versions of openldap schema support the last logon attribute? I am asked to add that attribute to run a report through a application? I don't know if simply addding that attribute on the local schema configuration(openldap 2.4.30) would do it.Is it possible? Thanks
John
10 years, 10 months
TLS issue with self-signed certificate
by Luc MAIGNAN
Hi,
I want to setup a LDAPS connection with a self signed certificate.
Unfortunaly, I have the following error :
Peer's certificate issuer has been marked as not trusted by the user
I tried to trust is by a : certutil -d ... -A -n 'CA' -t CT,,, -a -i ca.crt
But it doen't change anything.
Has someone an idea for me ?
Best regards
10 years, 10 months
Replication account kept being deleted
by sgao@frontier.com
Hi,
I am running into a problem with replication accounts being deleted from directory from time to time.
Here is my setup:
1. Master-master replication configuration:
On ldap1
Syncrepl rid=002
provider=ldaps://ldap2.example.com
interval=00:00:02:00
retry="60 5 300 5"
type=refreshAndPersist
searchbase="dc=example,dc=com"
schemachecking=off
bindmethod=simple
binddn="cn=repl1,dc=example,dc=com"
credentials=password
On ldap2
Syncrepl rid=001
provider=ldaps://ldap1.example.com
interval=00:00:01:00
retry="60 5 300 5"
type=refreshAndPersist
searchbase="dc=example,dc=com"
schemachecking=off
bindmethod=simple
binddn="cn=repl2,dc=example,dc=com"
credentials=password
The DNs "cn=repl1,dc=example,dc=com" and "cn=repl2,dc=example,dc=com" are kept being removed from directory on ldap1 or ldap2. When the DNs exist, replication worked fine. However, once the DNs got removed, replication would stop working upon restarting slapd.
The version of OpenLDAP is 2.4.23. Any help would be very much appreciated.
Simon
10 years, 10 months
TLS issue
by Luc MAIGNAN
Hi,
I try to setup a LDAPS server.
The chain of my certificate seems to be right (openssl s_client
showcerts id ok) but I have the following error :
unable to get TLS client DN : error -49
Can anyone help me ?
Thanks for any help
BR
10 years, 10 months
SASL issue
by Luc MAIGNAN
Hi,
I want to configure SASL in my OpenLDAP server.
I saw in documentation that I have to set 'sasl-host' and 'sasl-realm'
in slapd.conf
In fact I don't use slapd.conf but the cn=config architecture.
So where put the parameters ?
Thanks for any help
10 years, 10 months
local password change in read-only replica?
by Marc Patermann
Hi,
from a central master/provider server we replicate to (a lot of)
sync-repl slave/consumers.
Which are then - of course - read-only.
We have passwordpolicy turned on on all the servers.
Now we have three accounts - each an another "home" replica - which have
a newer modifyTimestamp value on their replica then on the master and
all other slaves.
The userPassword attribute is different on the "home" replica.
What could have caused this?
In the log I cannot find any changing operation on the replica according
to the time in modifyTimestamp.
Marc
10 years, 10 months
Re: Error : when create usermachine in LDAP
by rodrigo tavares
Hello Mauricio,
1) How comfortable are you with linux/unix in general and debian
specifically? Do not take this as an insult; I just want to know what
I need to ask. Remember I have no access to your machine. ;)
I like much Debian Linux, it's very fast. I began work with Linux, i used Conetiva 6.0 and Red Hat Enteprise/Fedora both using format RPM. Debian have a lot packages. And is free, diffent red hat.
2) Are you using ldap to login to this machine or just to check mail?
Well I have a server email with LDAP and Suport Samba.
So the base ldap the mailserver is replicated from server samba.
Then, all modifications LDAP made go to server samba. It run about 5 minutes.
I create users emails e samba users. Making intgretion with users samba.
3) I do speak portuguese (I lived in SJC and then Rio). Would you
prefer that a gente fale em portugues? Once again, it is all about
your comfort level.
Speak an English. For others in discussion
________________________________
De: Mauricio Tavares <raubvogel(a)gmail.com>
Para: rodrigo tavares <rodrigofariat(a)yahoo.com.br>
Enviadas: Quarta-feira, 31 de Outubro de 2012 14:14
Assunto: Re: Error : when create usermachine in LDAP
A few questions (I am replying directly to you instead of to the list):
1) How comfortable are you with linux/unix in general and debian
specifically? Do not take this as an insult; I just want to know what
I need to ask. Remember I have no access to your machine. ;)
2) Are you using ldap to login to this machine or just to check mail?
3) I do speak portuguese (I lived in SJC and then Rio). Would you
prefer that a gente fale em portugues? Once again, it is all about
your comfort level.
On Wed, Oct 31, 2012 at 11:49 AM, rodrigo tavares
<rodrigofariat(a)yahoo.com.br> wrote:
> Hello,
>
>
> How exactly are you adding the computer to ldap? I take it is not
> using ldapadd. ;)
>
>
> In Brazil in state Parana, exists on sofwtare called Expresso Mail Free.
> It have a easy interface, and you can create mail users, users samba and
> machine, all integrate in
> LDAP. It have cyrus-imap, openldap, posfix and postgresql.
>
>
> http://rodrigofariat.files.wordpress.com/2012/10/ldap-error.png
>
> Some logs:
>
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1542 op=1 SRCH
> base="dc=defensoria,dc=mg,dc=gov,dc=br" scope=2 deref=0
> filter="(uid=computer2$)"
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1542 op=1 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1542 op=2 UNBIND
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1542 fd=38 closed
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1543 fd=38 ACCEPT from
> IP=127.0.0.1:50679 (IP=0.0.0.0:389)
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1543 op=0 BIND
> dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" method=128
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1543 op=0 BIND
> dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" mech=SIMPLE ssf=0
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1543 op=0 RESULT tag=97 err=0
> text=
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1543 op=1 ADD
> dn="uid=computer2$,ou=defensoria,dc=defensoria,dc=mg,dc=gov,dc=br"
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1543 op=1 RESULT tag=105 err=21
> text=gidNumber: value #0 invalid per syntax
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1543 op=2 UNBIND
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1543 fd=38 closed
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1544 fd=38 ACCEPT from
> IP=127.0.0.1:50680 (IP=0.0.0.0:389)
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1544 op=0 BIND
> dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" method=128
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1544 op=0 BIND
> dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" mech=SIMPLE ssf=0
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1544 op=0 RESULT tag=97 err=0
> text=
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1545 fd=39 ACCEPT from
> IP=127.0.0.1:50681 (IP=0.0.0.0:389)
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1545 op=0 BIND
> dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" method=128
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1545 op=0 BIND
> dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" mech=SIMPLE ssf=0
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1545 op=0 RESULT tag=97 err=0
> text=
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1545 op=1 SRCH
> base="dc=defensoria,dc=mg,dc=gov,dc=br" scope=2 deref=0
> filter="(objectClass=organizationalUnit)"
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1545 op=1 SRCH attr=dn
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1545 op=1 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1545 op=2 UNBIND
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1545 fd=39 closed
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1544 op=1 UNBIND
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1544 fd=38 closed
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1541 op=1 UNBIND
> Oct 31 13:59:08 defensoria slapd[1688]: conn=1541 fd=17 closed
> Oct 31 13:59:10 defensoria slapd[1688]: conn=1546 fd=17 ACCEPT from
> IP=127.0.0.1:50682 (IP=0.0.0.0:389)
> Oct 31 13:59:10 defensoria slapd[1688]: conn=1546 op=0 do_search: invalid
> dn: "LDAP_DN"
> Oct 31 13:59:10 defensoria slapd[1688]: conn=1546 op=0 SEARCH RESULT tag=101
> err=34 nentries=0 text=invalid DN
> Oct 31 13:59:10 defensoria slapd[1688]: conn=1546 op=1 UNBIND
> Oct 31 13:59:10 defensoria slapd[1688]: conn=1546 fd=17 closed
>
> Thanks !
>
> Rodrigo
>
>
>
> ________________________________
> De: Mauricio Tavares <raubvogel(a)gmail.com>
> Para: "openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
> Cc: rodrigo tavares <rodrigofariat(a)yahoo.com.br>
> Enviadas: Quarta-feira, 31 de Outubro de 2012 12:47
>
> Assunto: Re: Error : when create usermachine in LDAP
>
> On Wed, Oct 31, 2012 at 9:46 AM, Dan White <dwhite(a)olp.net> wrote:
>> On 10/31/12 06:16 -0700, rodrigo tavares wrote:
>>>
>>> Hello,
>>>
>>> I try to create a computer in LDAP, come this message:
>>> Error in OpenLDAP recording computer.*
>>>
>>> What is wrong ?
>>
>>
>> Rodrigo,
>>
>> I am unfamiliar with the error message you are seeing. However, your
>> post lacks some important information. See:
>>
>> http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
>>
>> Provide a better mental image of what command or action you are performing
>> that is causing your error, and what output you are expecting to see; what
>> software are using that is causing this error? What version of OpenLDAP
>> are
>> you using?
>>
>> --
>> Dan White
>>
> Rodrigo:
>
> How exactly are you adding the computer to ldap? I take it is not
> using ldapadd. ;)
>
> Does whatever you are using have a log and a debugging/verbose mode?
>
>
>
10 years, 11 months
general protection fault when deleting members from a large group (mdb)
by Mundry, Marvin
Hi,
i was trying to remove all members from a group initially having 48428 members one by one.
i.e.:
dn: cn=students,ou=groups,dc=university,dc=com
changetype: modify
delete: member
member: cn=user1,ou=users,dc=uni-hamburg,dc=de
dn: cn=students,ou=groups,dc=university,dc=com
changetype: modify
delete: member
member: cn=user2,ou=users,dc=uni-hamburg,dc=de
[...]
after some time ldapmodify stops as the slapd stops running. In the syslog i see the following message:
Nov 3 15:05:45 oscar slapd[11040]: conn=1000 op=133 MOD dn="cn=students,ou=groups,dc=university,dc=com"
Nov 3 15:05:45 oscar slapd[11040]: conn=1000 op=133 MOD attr=member
Nov 3 15:05:45 oscar slapd[11040]: conn=1000 op=134 MOD dn="cn=students,ou=groups,dc=university,dc=com"
Nov 3 15:05:45 oscar slapd[11040]: conn=1000 op=134 MOD attr=member
Nov 3 15:05:45 oscar slapd[11040]: conn=1000 op=133 RESULT tag=103 err=0 text=
Nov 3 15:05:45 oscar kernel: [21207.720483] slapd[11045] general protection ip:7fae665cbc1f sp:7faded9c9fc0 error:0 in back_mdb-2.4.so.2.8.5[7fae665a5000+30000]
am i doing something wrong or is there a bug in my slapd?
i am running openldap-2.4.33 on ubuntu 12.10, compiled with:
--enable-dynamic=yes --enable-syslog=yes --enable-slapd=yes --enable-dynacl=yes --enable-crypt=yes --enable-modules=yes --enable-rewrite=yes --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod --enable-mdb=mod --enable-meta=mod --enable-monitor=mod --enable-overlays=mod --with-tls=openssl
Best regards,
Marvin Mundry
10 years, 11 months
