modifyTimeStamp not modified on replica
by jehan procaccia
Hello
when I modify the mail attribute on the master, the attribute is
correctly replicated on the replica, but the modifyTimeStamp isn't !?
shouldn't it be modified !?
The master is runing openldap-servers-2.3.43-12.el5_7.10
the replica that failes to replicate modifyTimeStamp is an
openldap-servers-2.4.23-20.el6.i686
on a openldap-servers-2.3.43-12.el5_7.10 replica, modifyTimeStamp is
correctly updated !
could it be a openldap version incompatibility ?
or perhaps an ACL miss-configuration !?
Thanks for your help .
11 years, 8 months
Ubuntu can't connect to SambaPDC
by Imre Bertalan
Hi guys.
This is not really an OpenLDAP question, but it seems we have some fine
qualified users here, so I'll ask this question here. :)
I have a nice working Zentyal 2.2 server with DNS and SambaPDC. Windows
client's can join the domain with the network users ans they see all the
shared folders too.
My problem is that I don't know how to join a domain with Ubuntu.
Tried with likewise-open and likewise-open-gui, but all the time, it sais
Bad_DNS_Package. Same error message comes when I try to join from terminal
with the command "*sudo domainjoin-cli join DOMAIN USER*"
I also installed samba, smbclient, winbind on the client. I heard that it
could be because the server is set to allow Win clients only. Could that be?
Thanks in advance!
Imi
11 years, 8 months
Active Directory connected to OpenLDAP (master)
by Sylvain
Hi !
Currently, we've got an OpenLDAP which acts as a master and contains 20000+
users and groups, we want to keep it.
CIO ask us to deploy Windows with AD connected to our master OpenLDAP.
I've googled a lot and I don't find any clean solutions like replica
(OpenLDAP -> AD). Another solution could be use of referrals on the AD but
I doubt ?
Unclean solutions found are use of LSC or MIIS/FIM which are not
real-time...
A little help would be cool :)
Best regards,
Sylvain
11 years, 8 months
Replication stops working due to objectClass=glue
by frank.offermanns@caseris.de
Hi,
I have a synrepl-master and one slave.
I delete both databases and do a slapadd on the master.
After doing so I start the slave.
Our system has a few dozen processes changing values every minute, so they
also do it when the inital replication is running.
>From time to time replication stops working while doing the initial
replication.
It then always has problems with the values being edited while the intial
replication is running (full replication needs a few minutes).
Here's a quote concerning master/master.
"Both servers will initialize their accesslogs separately from
their main DB since they are empty, and the two logs will have different
timestamps. You need to make sure that the main DB and log DB are
initialized
together on at least one of the servers."
But this quote should not count for master/slave, does it?
If replication works I have slavelogentrys like this:
30.03.2012 11:40:24 4f757f88 oc_check_required entry
(ou=Trinity64.ub2.cae.local,ou=SystemStatus,o=caesar), objectClass
"Server"
If it fails the objectClass is "glue"
30.03.2012 11:25:23 4f757c03 bdb_modify_internal: 0x000006af:
ou=Trinity64.ub2.cae.local,ou=SystemStatus,o=caesar
30.03.2012 11:25:23 4f757c03 oc_check_required entry
(ou=Trinity64.ub2.cae.local,ou=SystemStatus,o=caesar), objectClass "glue"
30.03.2012 11:25:23 4f757c03 oc_check_allowed type "structuralObjectClass"
30.03.2012 11:25:23 4f757c03 oc_check_allowed type "objectClass"
30.03.2012 11:25:23 4f757c03 oc_check_allowed type "entryUUID"
30.03.2012 11:25:23 4f757c03 oc_check_allowed type "creatorsName"
30.03.2012 11:25:23 4f757c03 oc_check_allowed type "createTimestamp"
30.03.2012 11:25:23 4f757c03 oc_check_allowed type
"LastModifiedApplication"
30.03.2012 11:25:23 4f757c03 Entry
(ou=Trinity64.ub2.cae.local,ou=SystemStatus,o=caesar), attribute
'LastModifiedApplication' not allowed
30.03.2012 11:25:23 4f757c03 entry failed schema check: attribute
'LastModifiedApplication' not allowed
30.03.2012 11:25:23 4f757c03 hdb_modify: modify failed (65)
30.03.2012 11:25:23 4f757c03 send_ldap_result: conn=-1 op=0 p=3
30.03.2012 11:25:23 4f757c03 null_callback : error code 0x41
30.03.2012 11:25:23 4f757c03 syncrepl_message_to_op: rid=001 be_modify
ou=Trinity64.ub2.cae.local,ou=SystemStatus,o=caesar (65)
According to post:
http://www.openldap.org/lists/openldap-bugs/200608/msg00044.html
"But eventually the entry should get replicated, and the
consumer should replace everything with the correct objectclasses. I
guess there's a possibility that we're not setting the right flags to
allow the consumer to change the entry's structuralObjectClass."
there has been a possible problem here. Is this fixed?
Version is 2.4.30, Berkeley DB 5.1 using hdb and OS is Windows.
If I should post my config please tell me, but I posted it in different
threads before and I also don't think the config is the problem here,
since it sometimes works.
Regards,
Frank
11 years, 8 months
AD proxy in OpenLDAP
by Chris O'Kelly
Hi guys,
Posted a while back but didn't get far, just trying again to see if I can get this working. We have AD on our DC server, working fine, and a list of external clients in OpenLDAP, also working fine. We have a new web service that needs to authenticate against only one DSA, so I need to have the OpenLDAP DSA proxy to AD. The initial setup in OpenLDAP is -
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
olcModuleload: back_ldap
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=companyname,dc=local
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=companyname,dc=local
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=companyname,dc=local" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=companyname,dc=local" write by * read
the ldap backend I have added with ldapadd is -
olcDatabase: ldap
olcSuffix: dc=internal,dc=companyname,dc=local
olcDbDirectory: /var/lib/ldap
uri: ldap://companyname.local
acl-bind: bindmethod=simple binddn="CN=proxy,OU=Service Accounts,OU=Users,OU=MyBusiness,DC=companyname,DC=local" credentials=secret.
When I attempt to search on dc=companyname,dc=local I get results. When I attempt to search AD directly from the server running OpenLDAP I get results. However if I search dc=internal,dc=companyname,dc=local pointed at OpenLDAP I get No Such Object (32).
I believe this could be related to one of two things, however I have been unable to find the fix (I have read the slapd, slapd-ldap, slapd-relay, slapd-pbind manpages, as well as numerous tutorials). I believe it is either that I am missing the schema files for AD or that I am incorrect in putting the LDAP backend in a seperate dc (internal). On AD the base suffix is also just dc=companyname, dc=local, I put the LDAP backend in this suffix as the rest of the directory is already in dc=companyname,dc=local in OpenLDAP and I wished for it to be separate, I don't know if this has caused the issue. As for the scema files, I used Apache directory studio to export the cn=schema branch from AD into an LDIF file and attempted to add it using ldapadd, the result was
adding new entry "CN=Schema,CN=Configuration,DC=companyname,DC=local"
ldap_add: Undefined attribute type (17)
additional info: instanceType: attribute type undefined
I have been trying to figure out this issue for weeks and I am at my wits end. I am seriously at the point of contemplating trying to find someone I can pay to show me the fix.
11 years, 8 months
groups added to provider not replicating to consumer
by btb@bitrate.net
hi-
i've recently set up delta-syncrepl, with one provider and one consumer. things seemed to be generally working, but i recently noticed that member attributes in group entries were not getting replicated. after a bit of testing, i also found that new groups added to the provider appear to not be replicated to the consumer. it also appears that the operation of adding a group is not being written to the accesslog. on a possibly related note, i'm using the memberof overlay, and the memberof attribute modifications which occur as a result of adding a group are written to the accesslog, and are replicated to the consumer. i'm using 2.4.25, courtesy of ubuntu 11.10. what can i do to better understand what is happening, and why? below is some preliminary data, and log entries using olcloglevel: any
thanks
-ben
>cat add_group.ldif
dn: cn=test_group,ou=general,ou=groups,dc=example,dc=net
changetype: add
objectClass: top
objectClass: groupOfNames
description: test group
cn: test_group
member: uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net
>ldapadd -xZZD 'uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net' -w 'xxxxxxxxxxxx' -f add_group.ldif
adding new entry "cn=test_group,ou=general,ou=groups,dc=example,dc=net"
subsequent ldapsearch on provider:
>ldapsearch -xLLLZZD 'uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net' -w 'xxxxxxxxxxxx' -b 'cn=test_group,ou=general,ou=groups,dc=example,dc=net' -s base '*' '+'
dn: cn=test_group,ou=general,ou=groups,dc=example,dc=net
objectClass: top
objectClass: groupOfNames
description: test group
cn: test_group
member: uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,
dc=net
structuralObjectClass: groupOfNames
entryUUID: d68c73e4-10c1-1031-8246-9dfa8daa46e0
creatorsName: uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net
createTimestamp: 20120402034404Z
entryCSN: 20120402034404.808333Z#000000#000#000000
modifiersName: uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net
modifyTimestamp: 20120402034404Z
entryDN: cn=test_group,ou=general,ou=groups,dc=example,dc=net
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
subsequent ldapsearch on consumer:
>ldapsearch -xLLLZZD 'uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net' -w 'xxxxxxxxxxxx' -b 'cn=test_group,ou=general,ou=groups,dc=example,dc=net' -s base '*' '+'
No such object (32)
Matched DN: ou=general,ou=groups,dc=example,dc=net
provider log entries:
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: slap_listener_activate(8):
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 busy
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: >>> slap_listener(ldap:///)
Apr 1 23:44:04 flip slapd[9255]: daemon: listen=8, new connection on 54
Apr 1 23:44:04 flip slapd[9255]: daemon: added 54r (active) listener=(nil)
Apr 1 23:44:04 flip slapd[9255]: conn=1378 fd=54 ACCEPT from IP=192.168.1.1:47610 (IP=0.0.0.0:389)
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 2 descriptors
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]: 54r
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: connection_get(54)
Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378
Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378
Apr 1 23:44:04 flip slapd[9255]: op tag 0x77, time 1333338244
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=0 do_extended
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Apr 1 23:44:04 flip slapd[9255]: do_extended: oid=1.3.6.1.4.1.1466.20037
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=0 STARTTLS
Apr 1 23:44:04 flip slapd[9255]: send_ldap_extended: err=0 oid= len=0
Apr 1 23:44:04 flip slapd[9255]: send_ldap_response: msgid=1 tag=120 err=0
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=0 RESULT oid= err=0 text=
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]: 54r
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: connection_get(54)
Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378
Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]: 54r
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: connection_get(54)
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378
Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]: 54r
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: connection_get(54)
Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378
Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378
Apr 1 23:44:04 flip slapd[9255]: connection_read(54): unable to get TLS client DN, error=49 id=1378
Apr 1 23:44:04 flip slapd[9255]: conn=1378 fd=54 TLS established tls_ssf=128 ssf=128
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]: 54r
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: connection_get(54)
Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378
Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378
Apr 1 23:44:04 flip slapd[9255]: op tag 0x60, time 1333338244
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=1 do_bind
Apr 1 23:44:04 flip slapd[9255]: >>> dnPrettyNormal: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 flip slapd[9255]: <<< dnPrettyNormal: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net>, <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=1 BIND dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" method=128
Apr 1 23:44:04 flip slapd[9255]: do_bind: version=3 dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" method=128
Apr 1 23:44:04 flip slapd[9255]: ==> hdb_bind: dn: uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net
Apr 1 23:44:04 flip slapd[9255]: bdb_dn2entry("uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net")
Apr 1 23:44:04 flip slapd[9255]: => access_allowed: result not in cache (userPassword)
Apr 1 23:44:04 flip slapd[9255]: => access_allowed: auth access to "uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" "userPassword" requested
Apr 1 23:44:04 flip slapd[9255]: => acl_get: [1] attr userPassword
Apr 1 23:44:04 flip slapd[9255]: => acl_mask: access to entry "uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net", attr "userPassword" requested
Apr 1 23:44:04 flip slapd[9255]: => acl_mask: to value by "", (=0)
Apr 1 23:44:04 flip slapd[9255]: <= check a_dn_pat: anonymous
Apr 1 23:44:04 flip slapd[9255]: <= acl_mask: [1] applying auth(=xd) (stop)
Apr 1 23:44:04 flip slapd[9255]: <= acl_mask: [1] mask: auth(=xd)
Apr 1 23:44:04 flip slapd[9255]: => slap_access_allowed: auth access granted by auth(=xd)
Apr 1 23:44:04 flip slapd[9255]: => access_allowed: auth access granted by auth(=xd)
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=1 BIND dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" mech=SIMPLE ssf=0
Apr 1 23:44:04 flip slapd[9255]: do_bind: v3 bind: "uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net" to "uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net"
Apr 1 23:44:04 flip slapd[9255]: send_ldap_result: conn=1378 op=1 p=3
Apr 1 23:44:04 flip slapd[9255]: send_ldap_result: err=0 matched="" text=""
Apr 1 23:44:04 flip slapd[9255]: send_ldap_response: msgid=2 tag=97 err=0
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on 1 descriptor
Apr 1 23:44:04 flip slapd[9255]: daemon: activity on:
Apr 1 23:44:04 flip slapd[9255]: 54r
Apr 1 23:44:04 flip slapd[9255]:
Apr 1 23:44:04 flip slapd[9255]: daemon: read active on 54
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=10 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: daemon: epoll: listen=11 active_threads=0 tvp=zero
Apr 1 23:44:04 flip slapd[9255]: connection_get(54)
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=1 RESULT tag=97 err=0 text=
Apr 1 23:44:04 flip slapd[9255]: connection_get(54): got connid=1378
Apr 1 23:44:04 flip slapd[9255]: connection_read(54): checking for input on id=1378
Apr 1 23:44:04 flip slapd[9255]: op tag 0x68, time 1333338244
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=2 do_add
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=2 do_add: dn (cn=test_group,ou=general,ou=groups,dc=example,dc=net)
Apr 1 23:44:04 flip slapd[9255]: >>> dnPrettyNormal: <cn=test_group,ou=general,ou=groups,dc=example,dc=net>
Apr 1 23:44:04 flip slapd[9255]: <<< dnPrettyNormal: <cn=test_group,ou=general,ou=groups,dc=example,dc=net>, <cn=test_group,ou=general,ou=groups,dc=example,dc=net>
Apr 1 23:44:04 flip slapd[9255]: conn=1378 op=2 ADD dn="cn=test_group,ou=general,ou=groups,dc=example,dc=net"
Apr 1 23:44:04 flip slapd[9255]: >>> dnPretty: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 flip slapd[9255]: <<< dnPretty: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 flip slapd[9255]: >>> dnNormalize: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 flip slapd[9255]: <<< dnNormalize: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 flip slapd[9255]: bdb_dn2entry("cn=test_group,ou=general,ou=groups,dc=example,dc=net")
Apr 1 23:44:04 flip slapd[9255]: => hdb_dn2id("cn=test_group,ou=general,ou=groups,dc=example,dc=net")
Apr 1 23:44:04 flip slapd[9255]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
Apr 1 23:44:04 flip slapd[9255]: hdb_referrals: tag=104 target="cn=test_group,ou=general,ou=groups,dc=example,dc=net" matched="ou=general,ou=groups,dc=example,dc=net"
Apr 1 23:44:04 flip slapd[9255]: ==> unique_add <cn=test_group,ou=general,ou=groups,dc=example,dc=net>
Apr 1 23:44:04 flip slapd[9255]: ==> hdb_add: cn=test_group,ou=general,ou=groups,dc=example,dc=net
Apr 1 23:44:04 flip slapd[9255]: oc_check_required entry (cn=test_group,ou=general,ou=groups,dc=example,dc=net), objectClass "groupOfNames"
Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "objectClass"
Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "description"
Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "cn"
Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "member"
Apr 1 23:44:04 flip slapd[9255]: oc_check_allowed type "structuralObjectClass"
Apr 1 23:44:04 flip slapd[9255]: slap_queue_csn: queing 0xb2fcd8ce 20120402034404.808333Z#000000#000#000000
Apr 1 23:44:04 flip slapd[9255]: bdb_dn2entry("cn=test_group,ou=general,ou=groups,dc=example,dc=net")
Apr 1 23:44:04 flip slapd[9255]: => hdb_dn2id("cn=test_group,ou=general,ou=groups,dc=example,dc=net")
Apr 1 23:44:04 flip slapd[9255]: <= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
Apr 1 23:44:04 flip slapd[9255]: => access_allowed: add access to "ou=general,ou=groups,dc=example,dc=net" "children" requested
Apr 1 23:44:04 flip slapd[9255]: <= root access granted
Apr 1 23:44:04 flip slapd[9255]: => access_allowed: add access granted by manage(=mwrscxd)
Apr 1 23:44:04 flip slapd[9255]: => access_allowed: add access to "cn=test_group,ou=general,ou=groups,dc=example,dc=net" "entry" requested
Apr 1 23:44:04 flip slapd[9255]: <= root access granted
Apr 1 23:44:04 flip slapd[9255]: => access_allowed: add access granted by manage(=mwrscxd)
Apr 1 23:44:04 flip slapd[9255]: => hdb_dn2id_add 0xe8: "cn=test_group,ou=general,ou=groups,dc=example,dc=net"
Apr 1 23:44:04 flip slapd[9255]: <= hdb_dn2id_add 0xe8: 0
Apr 1 23:44:04 flip slapd[9255]: => index_entry_add( 232, "cn=test_group,ou=general,ou=groups,dc=example,dc=net" )
Apr 1 23:44:04 flip slapd[9255]: => key_change(ADD,e8)
Apr 1 23:44:04 flip slapd[9255]: bdb_idl_insert_key: e8 [0096defd]
Apr 1 23:44:04 flip slapd[9255]: <= key_change 0
Apr 1 23:44:04 flip slapd[9255]: => key_change(ADD,e8)
Apr 1 23:44:04 flip slapd[9255]: bdb_idl_insert_key: e8 [c14a3e76]
Apr 1 23:44:04 flip slapd[9255]: <= key_change 0
Apr 1 23:44:04 flip slapd[9255]: => key_change(ADD,e8)
Apr 1 23:44:04 flip slapd[9255]: bdb_idl_insert_key: e8 [943e86da]
Apr 1 23:44:04 flip slapd[9255]: <= key_change 0
Apr 1 23:44:04 flip slapd[9255]: => key_change(ADD,e8)
Apr 1 23:44:04 flip slapd[9255]: bdb_idl_insert_key: e8 [c866ab14]
Apr 1 23:44:04 flip slapd[9255]: <= key_change 0
consumer log entries:
Apr 1 23:44:04 exo slapd[8007]: daemon: activity on 1 descriptor
Apr 1 23:44:04 exo slapd[8007]: daemon: activity on:
Apr 1 23:44:04 exo slapd[8007]: 12r
Apr 1 23:44:04 exo slapd[8007]:
Apr 1 23:44:04 exo slapd[8007]: daemon: read active on 12
Apr 1 23:44:04 exo slapd[8007]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Apr 1 23:44:04 exo slapd[8007]: daemon: epoll: listen=9 active_threads=0 tvp=NULL
Apr 1 23:44:04 exo slapd[8007]: connection_get(12)
Apr 1 23:44:04 exo slapd[8007]: connection_get(12): got connid=0
Apr 1 23:44:04 exo slapd[8007]: =>do_syncrepl rid=000
Apr 1 23:44:04 exo slapd[8007]: =>do_syncrep2 rid=000
Apr 1 23:44:04 exo slapd[8007]: do_syncrep2: rid=000 cookie=rid=000,csn=20120402034404.869559Z#000000#000#000000
Apr 1 23:44:04 exo slapd[8007]: >>> dnPrettyNormal: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: <<< dnPrettyNormal: <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net>, <uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: slap_queue_csn: queing 0x7f6bd2694710 20120402034404.869559Z#000000#000#000000
Apr 1 23:44:04 exo slapd[8007]: >>> dnPretty: <cn=test_group,ou=general,ou=groups,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: <<< dnPretty: <cn=test_group,ou=general,ou=groups,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: >>> dnNormalize: <cn=test_group,ou=general,ou=groups,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: <<< dnNormalize: <cn=test_group,ou=general,ou=groups,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: >>> dnPretty: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: <<< dnPretty: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: >>> dnNormalize: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: <<< dnNormalize: <uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=net>
Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: ndn: "uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: oc: "(null)", at: "(null)"
Apr 1 23:44:04 exo slapd[8007]: bdb_dn2entry("uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net")
Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: found entry: "uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: bdb_entry_get: rc=0
Apr 1 23:44:04 exo slapd[8007]: hdb_modify: uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net
Apr 1 23:44:04 exo slapd[8007]: bdb_dn2entry("uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net")
Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: 0x0000001a: uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net
Apr 1 23:44:04 exo slapd[8007]: <= acl_access_allowed: granted to database root
Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: add memberOf
Apr 1 23:44:04 exo slapd[8007]: dnMatch 17#012#011"cn=dummy_default,ou=dummy_groups,ou=other,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: dnMatch -19#012#011"cn=all_people,ou=general,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: dnMatch 2#012#011"cn=docs,ou=flip,ou=servers,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: dnMatch 5#012#011"cn=monitor,ou=flip,ou=servers,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: dnMatch 5#012#011"cn=systems,ou=flip,ou=servers,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: dnMatch 14#012#011"cn=mail_submitters-non_auth,ou=general,ou=groups,dc=example,dc=net"#012#011"cn=test_group,ou=general,ou=groups,dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: replace modifiersName
Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: replace entryCSN
Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: replace modifyTimestamp
Apr 1 23:44:04 exo slapd[8007]: oc_check_required entry (uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net), objectClass "inetOrgPerson"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "uid"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "objectClass"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "sn"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "cn"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "structuralObjectClass"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "entryUUID"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "creatorsName"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "createTimestamp"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "memberOf"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "modifiersName"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "entryCSN"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "modifyTimestamp"
Apr 1 23:44:04 exo slapd[8007]: => key_change(DELETE,1a)
Apr 1 23:44:04 exo slapd[8007]: bdb_idl_delete_key: 1a
Apr 1 23:44:04 exo slapd[8007]: <= key_change 0
Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a)
Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [768b75dc]
Apr 1 23:44:04 exo slapd[8007]: <= key_change 0
Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a)
Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [7f0c99d1]
Apr 1 23:44:04 exo slapd[8007]: <= key_change 0
Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a)
Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [0f345f5f]
Apr 1 23:44:04 exo slapd[8007]: <= key_change 0
Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a)
Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [86c8d479]
Apr 1 23:44:04 exo slapd[8007]: <= key_change 0
Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a)
Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [da3d54f3]
Apr 1 23:44:04 exo slapd[8007]: <= key_change 0
Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a)
Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [8d6b497f]
Apr 1 23:44:04 exo slapd[8007]: <= key_change 0
Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a)
Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a [144a6a9d]
Apr 1 23:44:04 exo slapd[8007]: <= key_change 0
Apr 1 23:44:04 exo slapd[8007]: => key_change(ADD,1a)
Apr 1 23:44:04 exo slapd[8007]: bdb_idl_insert_key: 1a
Apr 1 23:44:04 exo slapd[8007]: <= key_change 0
Apr 1 23:44:04 exo slapd[8007]: => entry_encode(0x0000001a):
Apr 1 23:44:04 exo slapd[8007]: <= entry_encode(0x0000001a):
Apr 1 23:44:04 exo slapd[8007]: hdb_modify: updated id=0000001a dn="uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: send_ldap_result: conn=-1 op=0 p=0
Apr 1 23:44:04 exo slapd[8007]: send_ldap_result: err=0 matched="" text=""
Apr 1 23:44:04 exo slapd[8007]: slap_graduate_commit_csn: removing 0x7f6bd267ec10 20120402034404.869559Z#000000#000#000000
Apr 1 23:44:04 exo slapd[8007]: syncrepl_message_to_op: rid=000 be_modify uid=dummy_default,ou=dummy_accounts,ou=other,ou=accounts,dc=example,dc=net (0)
Apr 1 23:44:04 exo slapd[8007]: slap_queue_csn: queing 0x7f6bd268f8c0 20120402034404.869559Z#000000#000#000000
Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: ndn: "dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: oc: "(null)", at: "(null)"
Apr 1 23:44:04 exo slapd[8007]: bdb_dn2entry("dc=example,dc=net")
Apr 1 23:44:04 exo slapd[8007]: => bdb_entry_get: found entry: "dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: bdb_entry_get: rc=0
Apr 1 23:44:04 exo slapd[8007]: hdb_modify: dc=example,dc=net
Apr 1 23:44:04 exo slapd[8007]: bdb_dn2entry("dc=example,dc=net")
Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: 0x00000001: dc=example,dc=net
Apr 1 23:44:04 exo slapd[8007]: <= acl_access_allowed: granted to database root
Apr 1 23:44:04 exo slapd[8007]: bdb_modify_internal: replace contextCSN
Apr 1 23:44:04 exo slapd[8007]: oc_check_required entry (dc=example,dc=net), objectClass "organization"
Apr 1 23:44:04 exo slapd[8007]: oc_check_required entry (dc=example,dc=net), objectClass "dcObject"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "dc"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "objectClass"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "o"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "structuralObjectClass"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "entryUUID"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "creatorsName"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "createTimestamp"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "l"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "st"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "postalCode"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "entryCSN"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "modifiersName"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "modifyTimestamp"
Apr 1 23:44:04 exo slapd[8007]: oc_check_allowed type "contextCSN"
Apr 1 23:44:04 exo slapd[8007]: => entry_encode(0x00000001):
Apr 1 23:44:04 exo slapd[8007]: <= entry_encode(0x00000001):
Apr 1 23:44:04 exo slapd[8007]: hdb_modify: updated id=00000001 dn="dc=example,dc=net"
Apr 1 23:44:04 exo slapd[8007]: send_ldap_result: conn=-1 op=0 p=0
Apr 1 23:44:04 exo slapd[8007]: send_ldap_result: err=0 matched="" text=""
Apr 1 23:44:04 exo slapd[8007]: slap_graduate_commit_csn: removing 0x7f6bd2674970 20120402034404.869559Z#000000#000#000000
Apr 1 23:44:04 exo slapd[8007]: daemon: activity on 1 descriptor
Apr 1 23:44:04 exo slapd[8007]: daemon: activity on:
Apr 1 23:44:04 exo slapd[8007]:
Apr 1 23:44:04 exo slapd[8007]: daemon: epoll: listen=8 active_threads=0 tvp=NULL
Apr 1 23:44:04 exo slapd[8007]: daemon: epoll: listen=9 active_threads=0 tvp=NULL
11 years, 8 months
RE: Solaris client configuration
by Juergen.Sprenger@swisscom.com
Hi Sara,
what You listed is just a part of which has to be done to get a Solaris client authenticated against an OpenLDAP server.
Recommended steps:
- upgrade to OpenLDAP 2.4.30
- upgrade and patch Solaris. You didn't mention the release level of Your Solaris box, and there are quite some patches out which affect Solaris LDAP client. Consult file /etc/release on that box.
- beside output of 'ldapclient list' have a look at config files /etc/nsswitch.conf and /etc/pam.conf
- use more than just one LDAP server in production.
- check Your setup by running ldaplist, getent passwd and getent group
- don't edit files in /var/ldap manually, use ldapclient
- get access to a Solaris person at Your site.
- use duaconfig profiles in Your LDAP server to provide standard configs.
- get proper set up certificates with X509v3 Subject Alternative Names. Solaris client will need that.
- check first whether client is working properly without tls to detect a certificate issue.
- sample output of 'ldapclient list':
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=ourAgent,dc=ourdomain,dc=com
NS_LDAP_BINDPASSWD= ={NS1}ourpassword
NS_LDAP_SERVERS= oly-infra-ldap1.ourdomain.com, oly-infra-ldap2.ourdomain.com, oly-infra-ldap3.ourdomain.com, oly-infra-ldap4.ourdomain.com
NS_LDAP_SEARCH_BASEDN= dc=ourdomain,dc=com
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 0
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= sudoers: ou=sudoers,dc=ourdomain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=Account,dc=ourdomain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=Account,dc=ourdomain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=group,dc=ourdomain,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= netgroup: ou=netgroup,dc=ourdomain,dc=com?one
NS_LDAP_BIND_TIME= 2
- Ymmv depending on Your environment. Not all arising questions will fit into this mailing list.
Regards
Juergen Sprenger
-----Original Message-----
Message: 2
Date: Thu, 29 Mar 2012 10:55:10 -0700
From: "Kline, Sara" <SKline(a)tnsi.com>
To: "openldap-technical(a)openldap.org"
<openldap-technical(a)openldap.org>
Subject: Solaris client configuration
Message-ID:
<C0C9408742654B429ECD3D1FF11A118D16EB097A0D(a)TNS-MAIL-NA1.win2k.corp.tnsi.com>
Content-Type: text/plain; charset="us-ascii"
Hey all,
I am trying to get a Solaris 10 client to authenticate to our OpenLDAP (2.3.43) server, which was built on Red Hat 5.7. Linux clients (RHEL 4,5 and 6, and Oracle 5.7) authenticate without issue. I think it may be a simple misconfiguration but I am really not a Solaris person at all. Would someone be willing to send an ldapclient list to me? I would really appreciate it. Steps I have taken:
1. Imported the SSL cert according to Oracle's instructions
2. Made the 3 files cert8, keys3, and secmod readable to everyone with chmod 444
My current ldapclient list looks like this:
LDAP_CLIENT_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=admin,dc=prod,dc=ourdomain,dc=com
NS_LDAP_BINDPASSWD={NS1}ourpassword
NS_LDAP_SERVERS=oly-infra-ldap1 (this is how the name appears on the cert, it is in the hosts file)
NS_LDAP_SEARCH_BASEDN=dc=prod,dc=ourdomain,dc=com
NS_LDAP_AUTH=tls:simple
NS_LDAP_CACHETTL=0
NS_LDAP_CREDENTIAL_LEVEL=proxy
NS_LDAP_SERVICE_AUTH_METHOD=pam_ldap:tls:simple
NS_LDAP_HOST_CERTPATH=/var/ldap
Any help would be greatly appreciated.
Sara Kline
System Administrator
Transaction Network Services, Inc
4501 Intelco Loop, Lacey WA 98503
Wk: (360) 493-6736
Cell: (360) 280-2495
11 years, 8 months
LDAP transactions
by Chris Card
Hi all,
what is the current state of the support for LDAP transactions (http://tools.ietf.org/html/rfc5805) in openldap?
I can see code for it, protected by #ifdef LDAP_X_TXN, but it looks like it hasn't been touched for several years.
Does the code work? Is anyone actively working on it? If not, are there any plans to in the future?
Chris
11 years, 8 months
problem with ldap backend
by Alex Samad - Yieldbroker
Hi
I am trying to setup a connection from openldap to MS AD
I am using this
dn: olcDatabase={3}ldap
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {3}ldap
olcSuffix: dc=xyz,dc=com
olcAccess: {0}to dn.base="" by * read
olcAccess: {1}to dn.base="cn=Subschema" by * read
olcAccess: {2}to * by self write by users read by anonymous auth
olcReadOnly: TRUE
olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
olcSizeLimit: 500
olcDbURI: "ldap://dc101. xyz.com ldap://dc201. xyz.com"
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: TRUE
This works fine when I pass a bind DN.
I would like to convert this to allow anon access to ldap, which does a user bind to MS AD so I added this
olcdbaclbind: bindmethod=simple binddn="CN=ad readonly,OU= xyz,DC= xyz,DC=com" credentials="secret" starttls=no
but it is not working, I can not make a anon search request, they retrieve any thing frome the MSAD ldap server.
Thanks
11 years, 8 months
REL_ENG versions produce different libraries?
by Nick Milas
Hi,
I noticed that in an installation of openldap-ltb 2.4.30 the libraries
are in the form:
"libldap-2.4.so.2" etc.
However, in an installation of a pre-30 (e.g.
openldap-OPENLDAP_REL_ENG_2_4-eb3ea42.tar.gz with LTB 2.4.28 src.rpm on
Centos 5.7 64bit) I see that libraries are in the form:
"libldap-2.4-releng.so.2" etc.
I guess these differences between the (names of the) libraries of the
official release and the REL_ENG are intentional. (Probably to emphasize
the fact that the package is not final.)
***The Question***: What should we change so as to build the package as
a normal (i.e. non-test) package?
This will allow better compatibility on the system (where the package is
tested), because packages built with ldap lib dependencies expect the
same ldap lib names (liblber-2.4.so.2 and libldap-2.4.so.2).
I would expect some "test" parameter in build/version.var, but I didn't
see any.
An easy solution could be to edit build/version.sh to remove "-releng",
but I don't think this is the best approach.
Please advise.
Thanks,
Nick
11 years, 8 months