cannot login using ldap user credential
by stefano malini
Hi,
I installed and configured an ldap server on debian squeeze and i've a
problem trying the login using ldap user credential. nslcd debug shows
"user not found". using getent passwd i can see every user and also ldap
users but i don't understand why i can't login. Could you help me please?
Thanks
11 years, 7 months
Distribution List in Outlook
by Krisztián Bielik
Running Openldap 2.4.30, with Berkeley DB
I'd like to create an address book which is usable under Outlook 2007. There are no problems with single contacts, but regarding distribution lists i wasn't able to found any working solution. Checked back all the mailing list, also searched on internet, but there was only a few threads about this subject, without solution.
Every tries(groupOfNames, proxyAddresses etc.) had the same results: Outlooks sees groups I created, but no addresses are
associated with those groups.
Any help would be appreciated.
Thank you,
Krisztian
______________________________________
Take a green step today. Think before you print.
********************************NOTICE*************************************
This transmittal and/or attachments have been issued by Agility. The information contained here within may be privileged or confidential. If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination, distribution or copying of this transmittal is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify us immediately by reply or by telephone (Tel. +965-1809-222) and immediately delete this message and all its attachments.
11 years, 7 months
Distribution List on Outlook
by Krisztián Bielik
Running Openldap 2.4.30, with Berkeley DB
I'd like to create an address book which is usable under Outlook 2007. There are no problems with single contacts, but regarding distribution lists i wasn't able to found any working solution. Checked back all the mailing list, also searched on internet, but there was only a few threads about this subject, without solution.
Every tries(groupOfNames, proxyAddresses etc.) had the same results: Outlooks sees groups I created, but no addresses are
associated with those groups.
Any help would be appreciated.
Thank you,
Krisztian
______________________________________
Take a green step today. Think before you print.
********************************NOTICE*************************************
This transmittal and/or attachments have been issued by Agility. The information contained here within may be privileged or confidential. If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination, distribution or copying of this transmittal is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify us immediately by reply or by telephone (Tel. +965-1809-222) and immediately delete this message and all its attachments.
11 years, 7 months
Add 'EQUALITY' to an existing attribute definition
by RICHARDSON Matt (SPARQ)
Hello all,
I've got a problem with a user-defined attribute. The schema was written locally and used in a 389-DS directory. I made the necessary changes so that OpenLDAP 2.4.23-20.el6 could use it (attributeTypes -> olcAtrributeTypes, etc.). There is an attribute that needs to be added multiple times with different values. Under 389, this worked:
olcAttributeTypes: {0}(1.3.6...1000 NAME 'x-myGroup' DESC 'My Group' SYNTAX 1.3...1.15 X-ORIGIN 'user defined')
It works for adding one 'x-myGroup' attribute to an entry. However, if I try to add a second I get:
Ldap_modify: Inappropriate matching (18)
additional info: modify/add: x-myGroup: no equality matching rule
The syntax specifies it's a directory string type, but adding 'EQUALITY caseIgnoreMatch' to the definition causes slapd to crash when I run ldapmodify to add an x-myGroup attribute to an existing entry. This seemed to be similar to this issue http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5540 , so I did a slapcat, deleted the files in /var/lib/ldap/ and restarted slapd. Loading the ldif with ldapadd caused slapd to crash again. Removing the EQUALITY statement from the attribute definition allowed me to load the ldif.
If someone could point me in the right direction, I would greatly appreciate it.
Matt
**************************************************************************************************
This email message (including any file attachments transmitted with it) is for the sole use of the intended recipient(s) and may contain confidential and legally privileged information. Any unauthorised review, use, alteration, disclosure or distribution of this email (including any attachments) by an unintended recipient is prohibited. If you have received this email in error, please notify the sender by return email and destroy all copies of the original message. Any confidential or legal professional privilege is not waived or lost by any mistaken delivery of the email. SPARQ Solutions accepts no responsibility for the content of any email which is sent by an employee which is of a personal nature.
Sender Details:
SPARQ Solutions
PO Box 15760 City East, Brisbane QLD Australia 4002
+61 7 4931 2222
SPARQ Solutions policy is to not send unsolicited electronic messages. Suspected breaches of this policy can be reported by replying to this message including the original message and the word "UNSUBSCRIBE" in the subject.
**************************************************************************************************
11 years, 7 months
RE24 testing call #2 (2.4.31)
by Quanah Gibson-Mount
If you know how to build OpenLDAP manually, and would like to participate
in testing the next set of code for the 2.4.31 release, please do so.
Generally, get the code for RE24:
<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...>
Configure & build.
Execute the test suite (via make test) after it is built.
Thanks!
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
11 years, 7 months
RE: ldapd vs. slapd
by Richards, Toby
I meant in terms of the LDIF file:
objectClass: top
objectClass: account
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
The above doesn't work. It says that top/account isn't a valid chain.
-Toby
-----Original Message-----
From: Kline, Sara [mailto:SKline@tnsi.com]
Sent: Tuesday, April 17, 2012 8:45 AM
To: Richards, Toby
Subject: RE: ldapd vs. slapd
1. This is the order mine are in, you can ignore solaris and DUA as those
are for the solaris boxes, also you can ignore policy that is for the
password policy overlay.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/DUAConfigProfile.schema
include /etc/openldap/schema/solaris.schema
2. What do you have in your slapd.conf?
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/pki/tls/certs/slapd-cert.pem TLSCertificateKeyFile
/etc/pki/tls/certs/slapd-key.pem TLSCACertificateFile
/etc/pki/tls/certs/slapd-cert.pem TLSVerifyClient never
security update_ssf=1 update_ssf=112 simple_bind=64
Thanks,
Sara Kline
-----Original Message-----
From: openldap-technical-bounces(a)OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Richards, Toby
Sent: Tuesday, April 17, 2012 8:25 AM
To: Brandon Hume; openldap-technical(a)openldap.org
Subject: RE: ldapd vs. slapd
OK got it. I realized that ldapd is a different product after some more
research this morning. I've got slapd running & responding; however:
1. I cannot figure out the correct order of objectClass statements to reach
inetOrgPerson. I do have the core, cosine, nis, and inetorgperson schemas
included in slapd.conf.
2. slapd won't run on port 636 even though I put "TLS_CACERT
/path/to/cert.crt" and "URI ldaps://toby.org.org" into ldap.conf
-Toby
-----Original Message-----
From: openldap-technical-bounces(a)OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Brandon Hume
Sent: Tuesday, April 17, 2012 7:58 AM
To: openldap-technical(a)openldap.org
Subject: Re: ldapd vs. slapd
On 04/16/12 11:02 PM, Richards, Toby wrote:
> For those of you wondering, I'm running OpenBSD 5.0.
openldap-server-2.4.25p0.tgz (depends on: openldap-client-2.4.25.tgz
(depends on cyrus-sasl-2.1.23p7-ldap.tgz)). Typing "ldapd" gets the
appropriate tcp/ip ports responding. Typing "/etc/rc.d/slapd start" does
something, but doesn't give me responses on 349 or 636.
"ldapd" is a service that comes with OpenBSD, and it definitely is not
OpenLDAP. It will start and sit on the same ports, however, making it
impossible for you to start slapd.
So don't start ldapd. Kill it if it's already running, then you might be
able to start OpenLDAP.
Also, this might have been a typo, but the non-SSL port for LDAP is 389/tcp,
not 349.
This e-mail message is for the sole use of the intended recipient(s)and may
contain confidential and privileged information of Transaction Network
Services.
Any unauthorised review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please contact the sender by reply
e-mail and destroy all copies of the original message.
11 years, 7 months
overlays and frontend database
by Jan Vcelak
Hello list.
I have some questions about defining overlays on the frontend
database. Documentation (manual pages) is not very consistent
about it:
slapd.overlays
| Most of the overlays are only allowed to be configured on
| individual databases, but some may also be configured
| globally.
slapd.conf
| Note that all of the database's regular settings should be
| configured before any overlay settings.
slapd-config
| Settings in the frontend database are inherited by the other
| databases, unless they are explicitly overridden in a
| specific database.
| Overlays must be configured as child entries of a specific
| database.
FAQ
| Starting from OpenLDAP 2.3 they can be stacked on the
| frontend as well; this means that they can be executed after
| a request is parsed and validated, but right before the
| appropriate database is selected.
Are there are some overlays that can be applied on the
fronted database (globally)?
What about the inheritance as mentioned in slapd-config?
(Maybe I didn't understand this correctly.)
>From what I have tried, enabling an overlay on fronted
database makes slapd to segfault due to accessing a null
pointer or due to a heap overflow. It seems that there
are no verifications of overlay settings, because both
slapadd and ldapmodify succeed when enabling the void
configuration.
Please, what is the expected behavior?
Regards,
Jan
11 years, 7 months
Authenticate a Samba box to a pre-existing LDAP server
by Marcelo Pereira
Hello,
I have been reading some documentation on how to setup a Samba+LDAP
environment, but they are all considering that I'm setting up a "new" LDAP
server on the same machine.
I want to set up a Samba server (which is my server) but I would like to
use an external LDAP server (which I don't have any access other than just
authenticate myself) to authenticate the users in my Samba box.
The LDAP server is up and running (I can't do anything there). I just need
to connect my Samba box to this LDAP server in order to authenticate the
users.
Would you please suggest the right documentation so I could read it?? I
will appreciate any help on this regard!!
Thanks,
Marcelo
11 years, 7 months
ldapd vs. slapd
by Richards, Toby
I've been attempting to get an OpenLDAP server running all day, and I've
been reading official documentation, tutorials, and anything else relevant
on Google. I have some questions:
1. What is the difference between ldapd & slapd (and commands such as
ldapadd & slapdadd)? Slapd doesn't seem to respond on LDAP ports, but ldapd
does.
2. When using commands & configuring ldap.conf, can I use an IP address
instead of an FQDN for the host URI?
3. Do self-signed certificates break ldapadd?
4. I'm running with an SSL certificate, but no TLS. I commonly get the error
"Confidentiality Required." The -Z option is for TLS. How do I tell ldapadd
that I'm using SSL only? I tried with -Hldaps://hostname:636, but then I get
"ldap_sasl_bind(SIMPLE): Can't connect to LDAP server" (even if I use the -x
option). I know that the ldap server is running because when ldapd is
running, I can connect with external tools such as jxplorer or ldap-at (but
trying to make changes to my database will crash both of those utilities).
Respectfully Submitted,
R. Toby Richards
Network Administrator
Superior Court of California
In and For the County of San Luis Obispo
(805) 781-4150
11 years, 7 months
