clients: libnss-ldapd or libnss-ldap?
by stefano
hi,
am installing ldap clients. the server is squeeze so i used libnss-ldapd.
what about ubuntu 9.10-10-10 clients? libnss-ldap or libnss-ldapd?
11 years, 6 months
Re: can't modify or add uidNumber attribute
by stefano
On 03/27/2012 09:34 AM, Hallvard B Furuseth wrote:
> On Tue, 27 Mar 2012 09:10:17 +0200, stefano <stefano.malini(a)gmail.com>
> wrote:
>> On 03/27/2012 08:13 AM, Hallvard B Furuseth wrote: I wrote:
>> Have you done something as root, so root owns some of the
>> database files but you try to run slapd as another user (with -u)?
>> If so, fix the file permsisions and then avoid working as root.
>>
>> Sorry, I mean file ownerships. Though it could be file or
>> directory permissions too, come to think of it.
>>
>> thanks, but, which permissions of which file do i have to check?
>
> The directory and contentes named by the 'directory'
> directive(s) in slapd.conf, aka olcDbDirectory in cn=config.
>
these are the permissions of 'directory' /var/lib/ldap/
drwxr-xr-x 2 openldap openldap 4096 Mar 27 07:58 ldap
must be writable by users also? i mean rwxrwxr-x?
and its contents is:
root@amahoro:/var/lib/ldap# ls -l
total 11448
-rw-r--r-- 1 openldap openldap 4096 Mar 27 07:58 alock
-rw------- 1 root root 24576 Mar 26 16:08 __db.001
-rw------- 1 root root 352256 Mar 26 16:08 __db.002
-rw------- 1 root root 2629632 Mar 26 16:08 __db.003
-rw------- 1 root root 163840 Mar 26 16:07 __db.004
-rw------- 1 root root 876544 Mar 26 16:08 __db.005
-rw------- 1 root root 32768 Mar 26 16:08 __db.006
-rw-r--r-- 1 openldap openldap 96 Mar 23 08:24 DB_CONFIG
-rw------- 1 openldap openldap 8192 Mar 26 16:07 dn2id.bdb
-rw------- 1 openldap openldap 32768 Mar 26 15:14 id2entry.bdb
-rw------- 1 openldap openldap 10485760 Mar 26 16:07 log.0000000001
-rw------- 1 root root 8192 Mar 26 16:07 objectClass.bdb
11 years, 6 months
Re: can't modify or add uidNumber attribute
by stefano
The situationis worsethan expected
the situation is worse.
now, trying to run an ldapsearch i have the message "can't contact LDAP
server".
on syslog the last lines are:
Mar 26 16:11:33 amahoro slapd[1603]: @(#) $OpenLDAP: slapd 2.4.23 (Jun
16 2011 02:53:39)
$#012#011buildd@murphy:/build/buildd-openldap_2.4.23-7.2-i386-Y1mwvF/openldap-2.4.23/debian/build/servers/slapd
Mar 26 16:11:33 amahoro slapd[1604]: hdb_db_open: database
"dc=amahoro,dc=bi" cannot be opened, err 13. Restore from backup!
Mar 26 16:11:33 amahoro slapd[1604]: bdb(dc=amahoro,dc=bi):
txn_checkpoint interface requires an environment configured for the
transaction subsystem
Mar 26 16:11:33 amahoro slapd[1604]: bdb_db_close: database
"dc=amahoro,dc=bi": txn_checkpoint failed: Invalid argument (22).
Mar 26 16:11:33 amahoro slapd[1604]: backend_startup_one (type=hdb,
suffix="dc=amahoro,dc=bi"): bi_db_open failed! (13)
Mar 26 16:11:33 amahoro slapd[1604]: bdb_db_close: database
"dc=amahoro,dc=bi": alock_close failed
Mar 26 16:11:33 amahoro slapd[1604]: slapd stopped.
what's happens?
-------- Original Message --------
Subject: can't modify or add uidNumber attribute
Date: Mon, 26 Mar 2012 16:21:17 +0200
From: stefano <stefano.malini(a)gmail.com>
To: openldap-technical(a)openldap.org
hi, i was modifying uidNumber attribute of a user but then has been
standing for a few minutes and I stopped it:
root@amahoro:~# ldapmodify -x -W -D 'cn=Manager,dc=amahoro,dc=bi'
Enter LDAP Password:
dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi
changetype: modify
replace: uidNumber
uidNumber: 1001
modifying entry "uid=stefano,cn=Admins,dc=amahoro,dc=bi"
.
.
.
ctrl+c
then with an ldapsearch for this user there was not the uidNumber attribute:
dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi
uid: stefano
cn: Stefano Malini
sn: Malini
gidNumber: 1000
homeDirectory: /home/Admins/stefano
mail: stefano.malini(a)gmail.com
objectClass: inetOrgPerson
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: e1NTSEF9b2pNOG1UT3NrT2ZVaDVyd1pUWUpSeWg3YXNxc1lXSHo=
uidNumber: 1001
trying to add it
root@amahoro:~# ldapmodify -x -W -D 'cn=Manager,dc=amahoro,dc=bi'
Enter LDAP Password:
dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi
changetype: add
add: uidNumber
uidNumber: 1001
adding new entry "uid=stefano,cn=Admins,dc=amahoro,dc=bi"
ldap_add: Undefined attribute type (17)
additional info: add: attribute type undefined
you can see the error message
what is wrong?
11 years, 6 months
idletimeout and writetimeout
by Tianyin Xu
Hi,
Who can kindly tell me what are the two directives "idletimeout" and
"writetimeout" used for? I do appreciate if someone can give me some sample
examples. I set the values of the two configurations to be very small but
no connections are terminated. :-(
Thanks in advance!
Tianyin
--
Tianyin XU,
http://cseweb.ucsd.edu/~tixu/
11 years, 6 months
database cannot be opened
by stefano
hi,
am working on my ldap server.
it was ok until 2 hours ago but now, ldapsearch doesn't run.
this is the output on syslog:
@(#) $OpenLDAP: slapd 2.4.23 (Jun 16 2011 02:53:39)
$#012#011buildd@murphy:/build/buildd-openldap_2.4.23-7.2-i386-Y1mwvF/openldap-2.4.23/debian/build/servers/slapd
Mar 26 16:11:33 amahoro slapd[1604]: hdb_db_open: database
"dc=amahoro,dc=bi" cannot be opened, err 13. Restore from backup!
Mar 26 16:11:33 amahoro slapd[1604]: bdb(dc=amahoro,dc=bi):
txn_checkpoint interface requires an environment configured for the
transaction subsystem
Mar 26 16:11:33 amahoro slapd[1604]: bdb_db_close: database
"dc=amahoro,dc=bi": txn_checkpoint failed: Invalid argument (22).
Mar 26 16:11:33 amahoro slapd[1604]: backend_startup_one (type=hdb,
suffix="dc=amahoro,dc=bi"): bi_db_open failed! (13)
Mar 26 16:11:33 amahoro slapd[1604]: bdb_db_close: database
"dc=amahoro,dc=bi": alock_close failed
Mar 26 16:11:33 amahoro slapd[1604]: slapd stopped.
what is the problem?
11 years, 6 months
can't modify or add uidNumber attribute
by stefano
hi, i was modifying uidNumber attribute of a user but then has been
standing for a few minutes and I stopped it:
root@amahoro:~# ldapmodify -x -W -D 'cn=Manager,dc=amahoro,dc=bi'
Enter LDAP Password:
dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi
changetype: modify
replace: uidNumber
uidNumber: 1001
modifying entry "uid=stefano,cn=Admins,dc=amahoro,dc=bi"
.
.
.
ctrl+c
then with an ldapsearch for this user there was not the uidNumber attribute:
dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi
uid: stefano
cn: Stefano Malini
sn: Malini
gidNumber: 1000
homeDirectory: /home/Admins/stefano
mail: stefano.malini(a)gmail.com
objectClass: inetOrgPerson
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: e1NTSEF9b2pNOG1UT3NrT2ZVaDVyd1pUWUpSeWg3YXNxc1lXSHo=
uidNumber: 1001
trying to add it
root@amahoro:~# ldapmodify -x -W -D 'cn=Manager,dc=amahoro,dc=bi'
Enter LDAP Password:
dn: uid=stefano,cn=Admins,dc=amahoro,dc=bi
changetype: add
add: uidNumber
uidNumber: 1001
adding new entry "uid=stefano,cn=Admins,dc=amahoro,dc=bi"
ldap_add: Undefined attribute type (17)
additional info: add: attribute type undefined
you can see the error message
what is wrong?
11 years, 6 months
usage of slapadd with replication/option -w
by frank.offermanns@caseris.de
Hi all,
at the end of the thread "Re: delta-syncrepl and mirrormode problem
(2.4.29 and 2.4.30)/ slapadd Usage"
I already asked some questions. But probably due to the wrong threadname I
got no answer.
So here again with a clearer threadname:
Multimaster only works when slapdadd for initial filling is used with -w
Is this a bug or does it work as designed?
If it works as designed maybe the manualpage for slapadd should be more
clearly that when you work with replication you always have to use the -w
option.
Wouldn't it be helpfull if slapadd internally always use the -w option or
are there cases in which this option could be harmfull?
What happens if I use -w and have no replication configured?
Regards,
Frank
11 years, 6 months
syncrepl and structuralObjectClass operational attribute
by Jehan PROCACCIA
Hello
I installed a new openldap replica
(openldap-servers-2.4.23-20.el6.i686) , with a partial replication
enabled by restricting certain branches/attributes to the binddn
account that replicate from the master.
However, on some operation (modify userPassword for example) the
modification fails:
Mar 22 17:51:20 ldapz2 slapd[24456]: No structuralObjectClass for entry
(uid=bde,ou=People,dc=int-evry,dc=fr)
Mar 22 17:51:20 ldapz2 slapd[24456]: entry failed schema check: no
structuralObjectClass operational attribute
Mar 22 17:51:20 ldapz2 slapd[24456]: null_callback : error code 0x50
Mar 22 17:51:20 ldapz2 slapd[24456]: syncrepl_entry: rid=001 be_modify
failed (80)
Mar 22 17:51:20 ldapz2 slapd[24456]: do_syncrepl: rid=001 rc 80 retrying
(9 retries left)
what's wrong ?
could it be related to the fact that the binddn account cannot read all
attributes from the master ?
I did checked that he can read userpassword attribute though .
is there an ACL to be set to hte replica binddn account to allow him to
read operational attributes ?
thanks for your help.
11 years, 6 months
Desperate JuniorAdmin needs help ASAP
by Imre Bertalan
Hello out there!
I'm Imre from Hungary and I need some help with LDAP. My main problem is
the time. I have 2 weeks to finish a project and a part of it is setting up
an LDAP server.
To be honest I'll be a big problem if anybody wishes to help me because
there is quite a chaos on my head right now and I'm very desperate. I need
someone who I can chat with and he/she can show me ( not just write ) how
to manage an LDAP server and how to install the client. I wanted to use
Webmin because it looks simple enough, but since I don't really getting the
point I can't go onward.
My suggestion is that someone enters my desktop ( with teamview-er
optionally ) and shows me the method on a virtual computer.
I would be very, very grateful for you guys. :( PLZ help a poor guy.
Best Regards:
Imre Bertalan
11 years, 6 months
i don't find slapd.pid
by stefano
Hi,
am creating a database ldap on squeeze. the configuration was ok.
due to some errors adding new entries, following the guide "Mastering
OpenLDAP", page 96, i deleted with this command:
rm __db.* *.bdb log.*
then i succesfully added two ldif files using slapdadd. i started slapd with
/etc/init.d/slapd start.
i launching ldapsearch but the answer ii can't contact the server. i
checked with ps -aux about the slapd process but i didn't find it.
i checked in /var/run/slapd/ and there is not slapd.pid.
have you got idea about this? what could i do?
thanks
11 years, 6 months
