openldap-technical March 2012

openldap-technical@openldap.org

96 participants
116 discussions

clients: libnss-ldapd or libnss-ldap?
by stefano 27 Mar '12

27 Mar '12

hi, am installing ldap clients. the server is squeeze so i used libnss-ldapd. what about ubuntu 9.10-10-10 clients? libnss-ldap or libnss-ldapd?

2 2

Re: can't modify or add uidNumber attribute
by stefano 27 Mar '12

27 Mar '12

On 03/27/2012 09:34 AM, Hallvard B Furuseth wrote: > On Tue, 27 Mar 2012 09:10:17 +0200, stefano <stefano.malini(a)gmail.com> > wrote: >> On 03/27/2012 08:13 AM, Hallvard B Furuseth wrote: I wrote: >> Have you done something as root, so root owns some of the >> database files but you try to run slapd as another user (with -u)? >> If so, fix the file permsisions and then avoid working as root. >> >> Sorry, I mean file ownerships. Though it could be file or >> directory permissions too, come to think of it. >> >> thanks, but, which permissions of which file do i have to check? > > The directory and contentes named by the 'directory' > directive(s) in slapd.conf, aka olcDbDirectory in cn=config. > these are the permissions of 'directory' /var/lib/ldap/ drwxr-xr-x 2 openldap openldap 4096 Mar 27 07:58 ldap must be writable by users also? i mean rwxrwxr-x? and its contents is: root@amahoro:/var/lib/ldap# ls -l total 11448 -rw-r--r-- 1 openldap openldap 4096 Mar 27 07:58 alock -rw------- 1 root root 24576 Mar 26 16:08 __db.001 -rw------- 1 root root 352256 Mar 26 16:08 __db.002 -rw------- 1 root root 2629632 Mar 26 16:08 __db.003 -rw------- 1 root root 163840 Mar 26 16:07 __db.004 -rw------- 1 root root 876544 Mar 26 16:08 __db.005 -rw------- 1 root root 32768 Mar 26 16:08 __db.006 -rw-r--r-- 1 openldap openldap 96 Mar 23 08:24 DB_CONFIG -rw------- 1 openldap openldap 8192 Mar 26 16:07 dn2id.bdb -rw------- 1 openldap openldap 32768 Mar 26 15:14 id2entry.bdb -rw------- 1 openldap openldap 10485760 Mar 26 16:07 log.0000000001 -rw------- 1 root root 8192 Mar 26 16:07 objectClass.bdb

2 1

Re: can't modify or add uidNumber attribute
by stefano 26 Mar '12

26 Mar '12

The situationis worsethan expected the situation is worse. now, trying to run an ldapsearch i have the message "can't contact LDAP server". on syslog the last lines are: Mar 26 16:11:33 amahoro slapd[1603]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 16 2011 02:53:39) $#012#011buildd@murphy:/build/buildd-openldap_2.4.23-7.2-i386-Y1mwvF/openldap-2.4.23/debian/build/servers/slapd Mar 26 16:11:33 amahoro slapd[1604]: hdb_db_open: database "dc=amahoro,dc=bi" cannot be opened, err 13. Restore from backup! Mar 26 16:11:33 amahoro slapd[1604]: bdb(dc=amahoro,dc=bi): txn_checkpoint interface requires an environment configured for the transaction subsystem Mar 26 16:11:33 amahoro slapd[1604]: bdb_db_close: database "dc=amahoro,dc=bi": txn_checkpoint failed: Invalid argument (22). Mar 26 16:11:33 amahoro slapd[1604]: backend_startup_one (type=hdb, suffix="dc=amahoro,dc=bi"): bi_db_open failed! (13) Mar 26 16:11:33 amahoro slapd[1604]: bdb_db_close: database "dc=amahoro,dc=bi": alock_close failed Mar 26 16:11:33 amahoro slapd[1604]: slapd stopped. what's happens? -------- Original Message -------- Subject: can't modify or add uidNumber attribute Date: Mon, 26 Mar 2012 16:21:17 +0200 From: stefano <stefano.malini(a)gmail.com> To: openldap-technical(a)openldap.org hi, i was modifying uidNumber attribute of a user but then has been standing for a few minutes and I stopped it: root@amahoro:~# ldapmodify -x -W -D 'cn=Manager,dc=amahoro,dc=bi' Enter LDAP Password: dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi changetype: modify replace: uidNumber uidNumber: 1001 modifying entry "uid=stefano,cn=Admins,dc=amahoro,dc=bi" . . . ctrl+c then with an ldapsearch for this user there was not the uidNumber attribute: dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi uid: stefano cn: Stefano Malini sn: Malini gidNumber: 1000 homeDirectory: /home/Admins/stefano mail: stefano.malini(a)gmail.com objectClass: inetOrgPerson objectClass: top objectClass: posixAccount objectClass: shadowAccount userPassword:: e1NTSEF9b2pNOG1UT3NrT2ZVaDVyd1pUWUpSeWg3YXNxc1lXSHo= uidNumber: 1001 trying to add it root@amahoro:~# ldapmodify -x -W -D 'cn=Manager,dc=amahoro,dc=bi' Enter LDAP Password: dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi changetype: add add: uidNumber uidNumber: 1001 adding new entry "uid=stefano,cn=Admins,dc=amahoro,dc=bi" ldap_add: Undefined attribute type (17) additional info: add: attribute type undefined you can see the error message what is wrong?

2 2

idletimeout and writetimeout
by Tianyin Xu 26 Mar '12

26 Mar '12

Hi, Who can kindly tell me what are the two directives "idletimeout" and "writetimeout" used for? I do appreciate if someone can give me some sample examples. I set the values of the two configurations to be very small but no connections are terminated. :-( Thanks in advance! Tianyin -- Tianyin XU, http://cseweb.ucsd.edu/~tixu/

1 0

database cannot be opened
by stefano 26 Mar '12

26 Mar '12

hi, am working on my ldap server. it was ok until 2 hours ago but now, ldapsearch doesn't run. this is the output on syslog: @(#) $OpenLDAP: slapd 2.4.23 (Jun 16 2011 02:53:39) $#012#011buildd@murphy:/build/buildd-openldap_2.4.23-7.2-i386-Y1mwvF/openldap-2.4.23/debian/build/servers/slapd Mar 26 16:11:33 amahoro slapd[1604]: hdb_db_open: database "dc=amahoro,dc=bi" cannot be opened, err 13. Restore from backup! Mar 26 16:11:33 amahoro slapd[1604]: bdb(dc=amahoro,dc=bi): txn_checkpoint interface requires an environment configured for the transaction subsystem Mar 26 16:11:33 amahoro slapd[1604]: bdb_db_close: database "dc=amahoro,dc=bi": txn_checkpoint failed: Invalid argument (22). Mar 26 16:11:33 amahoro slapd[1604]: backend_startup_one (type=hdb, suffix="dc=amahoro,dc=bi"): bi_db_open failed! (13) Mar 26 16:11:33 amahoro slapd[1604]: bdb_db_close: database "dc=amahoro,dc=bi": alock_close failed Mar 26 16:11:33 amahoro slapd[1604]: slapd stopped. what is the problem?

2 1

can't modify or add uidNumber attribute
by stefano 26 Mar '12

26 Mar '12

hi, i was modifying uidNumber attribute of a user but then has been standing for a few minutes and I stopped it: root@amahoro:~# ldapmodify -x -W -D 'cn=Manager,dc=amahoro,dc=bi' Enter LDAP Password: dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi changetype: modify replace: uidNumber uidNumber: 1001 modifying entry "uid=stefano,cn=Admins,dc=amahoro,dc=bi" . . . ctrl+c then with an ldapsearch for this user there was not the uidNumber attribute: dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi uid: stefano cn: Stefano Malini sn: Malini gidNumber: 1000 homeDirectory: /home/Admins/stefano mail: stefano.malini(a)gmail.com objectClass: inetOrgPerson objectClass: top objectClass: posixAccount objectClass: shadowAccount userPassword:: e1NTSEF9b2pNOG1UT3NrT2ZVaDVyd1pUWUpSeWg3YXNxc1lXSHo= uidNumber: 1001 trying to add it root@amahoro:~# ldapmodify -x -W -D 'cn=Manager,dc=amahoro,dc=bi' Enter LDAP Password: dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi changetype: add add: uidNumber uidNumber: 1001 adding new entry "uid=stefano,cn=Admins,dc=amahoro,dc=bi" ldap_add: Undefined attribute type (17) additional info: add: attribute type undefined you can see the error message what is wrong?

4 5

usage of slapadd with replication/option -w
by frank.offermanns＠caseris.de 26 Mar '12

26 Mar '12

Hi all, at the end of the thread "Re: delta-syncrepl and mirrormode problem (2.4.29 and 2.4.30)/ slapadd Usage" I already asked some questions. But probably due to the wrong threadname I got no answer. So here again with a clearer threadname: Multimaster only works when slapdadd for initial filling is used with -w Is this a bug or does it work as designed? If it works as designed maybe the manualpage for slapadd should be more clearly that when you work with replication you always have to use the -w option. Wouldn't it be helpfull if slapadd internally always use the -w option or are there cases in which this option could be harmfull? What happens if I use -w and have no replication configured? Regards, Frank

2 3

syncrepl and structuralObjectClass operational attribute
by Jehan PROCACCIA 26 Mar '12

26 Mar '12

Hello I installed a new openldap replica (openldap-servers-2.4.23-20.el6.i686) , with a partial replication enabled by restricting certain branches/attributes to the binddn account that replicate from the master. However, on some operation (modify userPassword for example) the modification fails: Mar 22 17:51:20 ldapz2 slapd[24456]: No structuralObjectClass for entry (uid=bde,ou=People,dc=int-evry,dc=fr) Mar 22 17:51:20 ldapz2 slapd[24456]: entry failed schema check: no structuralObjectClass operational attribute Mar 22 17:51:20 ldapz2 slapd[24456]: null_callback : error code 0x50 Mar 22 17:51:20 ldapz2 slapd[24456]: syncrepl_entry: rid=001 be_modify failed (80) Mar 22 17:51:20 ldapz2 slapd[24456]: do_syncrepl: rid=001 rc 80 retrying (9 retries left) what's wrong ? could it be related to the fact that the binddn account cannot read all attributes from the master ? I did checked that he can read userpassword attribute though . is there an ACL to be set to hte replica binddn account to allow him to read operational attributes ? thanks for your help.

3 3

Desperate JuniorAdmin needs help ASAP
by Imre Bertalan 26 Mar '12

26 Mar '12

Hello out there! I'm Imre from Hungary and I need some help with LDAP. My main problem is the time. I have 2 weeks to finish a project and a part of it is setting up an LDAP server. To be honest I'll be a big problem if anybody wishes to help me because there is quite a chaos on my head right now and I'm very desperate. I need someone who I can chat with and he/she can show me ( not just write ) how to manage an LDAP server and how to install the client. I wanted to use Webmin because it looks simple enough, but since I don't really getting the point I can't go onward. My suggestion is that someone enters my desktop ( with teamview-er optionally ) and shows me the method on a virtual computer. I would be very, very grateful for you guys. :( PLZ help a poor guy. Best Regards: Imre Bertalan

2 1

i don't find slapd.pid
by stefano 26 Mar '12

26 Mar '12

Hi, am creating a database ldap on squeeze. the configuration was ok. due to some errors adding new entries, following the guide "Mastering OpenLDAP", page 96, i deleted with this command: rm __db.* *.bdb log.* then i succesfully added two ldif files using slapdadd. i started slapd with /etc/init.d/slapd start. i launching ldapsearch but the answer ii can't contact the server. i checked with ps -aux about the slapd process but i didn't find it. i checked in /var/run/slapd/ and there is not slapd.pid. have you got idea about this? what could i do? thanks

3 3

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical March 2012