openldap-technical July 2012

openldap-technical@openldap.org

69 participants
71 discussions

Re: Docs To Do list and other ideas. Please contribute
by Gavin Henry 06 Jul '12

06 Jul '12

On 5 July 2012 16:44, Gavin Henry <gavin.henry(a)gmail.com> wrote: > On 5 July 2012 08:23, Michael Ströder <michael(a)stroeder.com> wrote: >> xsun wrote: >>> I don't remember if we talked about a wiki in the past but it's definitely a >>> good idea. I mean, if available, we could start to migrate/review the content >>> of openldap documentation page (AdminGuid, FAQ, etc) to the wiki. >> >> While Wikis seem to be attractive at first glance the biggest caveat is that >> you can't cut a doc release of all the pages for a certain software release. >> >> In other open source projects which have all the docs in a Wiki this turned >> out to be a major issue. > Good point. We would just need to decide what docs go in the Wiki and what format we export them as for the guide. > Gavin. -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk

6 5

consumer doesn't send search requests
by jimy 06 Jul '12

06 Jul '12

Hello, migrating from slurpd I try to setup syncrepl. I read the slapd.conf man page and http://www.openldap.org/doc/admin24/replication.html#LDAP%20Sync%20Replicat… to get it up and running but I can't even get the consumer to send search requests to the provider. tcpdump shows that the consumer doesn't even start to talk with the provider after startup and openldap -d 16384 doesn't give me a hint also. Can someone here point me to the right direction how to proceed please? My configs can be viewed here: provider config: http://58c.om.sl.pt consumer config: http://58c.oy.sl.pt I also gathered the logging output from slapd -d -1 but this are two ~1.5MB files and too big to paste them in pastebin. I'll happily email the files per request. thx jimy

2 2

Fwd: [Foswiki-discuss] Mass import advice from OpenLDAP project Faq-O-Matic to foswiki?
by Gavin Henry 05 Jul '12

05 Jul '12

I found this from last year I misplaced. ---------- Forwarded message ---------- From: lars.eik(a)gmail.com <lars.eik(a)gmail.com> Date: 3 May 2011 23:43 Subject: Re: [Foswiki-discuss] Mass import advice from OpenLDAP project Faq-O-Matic to foswiki? To: foswiki-discuss(a)lists.sourceforge.net Hi Gavin, I have only done some minor text hacking but here's some feedback anyways. THIS will help you. If you make out the structure between file names then you can script creation and set the relevant parameters, like 'topicparent' and get the breadcrumb right. That could be a start. Another way could be by using JQuery and doing import from 'GUI' in Foswiki. Prepare much the same structure as you would if using CLI and use your browser to do the 'save' script. This would let you preview etc (by INCLUDE url) and give som other options, like let other users do some import and quality checking. Your old pages have a structure where the meaningful info is in the first two tables. Maybe even only the first if you don't really need the Previous/Next bit. So the structure seem simple enough but I have not examined all of the FAQ's. Perhaps create a mapping table between the old '226.html' and new 'WhichVersionShouldIUse'. The new names can be created by removing the spaces and ' signs in the title so it would be a valid wikiname. You can override so it doesnt have to be tough. Another name scenario is LdapFaqAUTOINC0 where the AUTOINC0 will get next available nr, like LdapFaq38 etc.. table1, tbody row1, skip first td, row1, second td has a tags that are top, second, third, fourth level/category. row1, last b tag is the current document "name" or caption. Could be your page name (topic name) other tablerows are data/info ..and that's about all I had time for :) Jquery is really nice when doing stuff like html tags, children, find the 'b' tag etc. About text files, you can copy them all into a new 'test web' and rename them to .txt but and it will work butt will need heavy refactoring. If you take out the first table of each and saved at txt file it would be much easier. Best of luck Lars 2011/5/2 Olivier 'Babar' Raginel <wiki(a)babar.us> > > On Mon, May 02, 2011 at 09:46:07PM +0100, Gavin Henry wrote: > > I'm the doc dev for the OpenLDAP project (ghenry(a)OpenLDAP.org) and I'm > > moving our Faq content from Faq-O-Matic to our new wiki: > > That's great news! > > > Any tips for moving over? I can scrape the HTML into wiki syntax but > > I'm sure others have done this before. > > Hum, I'm afraid most if not all of us have no idea how a Faq-O-Matic > text looks like. From what I could grasp with 3 minutes web-browsing, > it seems a very old and simple syntax, with not that many rules or fancy > stuff, so writing a converter should be pretty much trivial. > > > Please save me from copy and paste! > > I'm not sure we can save you from copy and paste, but I'm pretty sure > you can save yourself easily with one not so complex perl script, which > should be able to migrate your content pretty easily. > > But the hard part is not migrating, it's defining the structure you want > your new content to use. In Foswiki, things like FAQs are usually best > used through pre-defined structures, either strict topic format, or > forms, or both. So before migrating I suggest you think of what you want > to achieve, and then you start hacking some perl script to convert your > Faq-O-Matic to what you want. > > And if you need help in the process, you know where to find us :) > > Good luck, > > -- > Babar > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > Foswiki-discuss mailing list > Foswiki-discuss(a)lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/foswiki-discuss ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Foswiki-discuss mailing list Foswiki-discuss(a)lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/foswiki-discuss -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk

1 0

Re: Docs To Do list and other ideas. Please contribute
by Gavin Henry 05 Jul '12

05 Jul '12

So where are we? Wiki - no then? Or Wiki like dokuwiki which does plain text files, stick them in the back of a git repo, add some hooks to do commits so we can all work offline and use the Dokuwiki PDF exports? We just need something to look "new" :-) -- http://www.suretecsystems.com/services/openldap/ http://www.surevoip.co.uk

1 1

Ldap Replication Query
by Hanumanth Rao 05 Jul '12

05 Jul '12

Hello LDAP Brains, I have setup a Samba PDC (192.168.1.2) and a Samba BDC (192.168.4.2) both are on different subnets, there are two issues for me as below *PDC - SUSE Linux Enterprise Server 11 (x86_64), VERSION = 11, PATCHLEVEL = 2, samba-3.6.3-0.18.3, openldap2-2.4.26-0.12.1 BDC - SUSE Linux Enterprise Server 10 (i586) , VERSION = 10, samba-3.0.22-13.16, openldap2-2.3.19-18.7* 1. On the BDC if I give the command below I get Unable to find a suitable server BDC2:~ # net rpc info Unable to find a suitable server 2. I am not able to sync ldap database, BDC with the PDC I have enclosed my slapd.conf of PDC and BDC, can anybody let me know where I have gone wrong. Your help is highly appreciated, thanks in advance. Hanumanth Rao

2 1

SASL passthrough - multiple domains
by Liam Gretton 05 Jul '12

05 Jul '12

I have a working configuration with pass-through auth to an AD domain using saslauthd. However now there is a requirement to be able to handle another domain too, and I cannot work out how to do this. It seems that saslauthd cannot deal with multiple Kerberos realms, no matter what hoops one jumps through it eventually boils down to only using whatever 'default_realm' is set to in the krb5.conf file. Using multiple saslauthd daemons isn't possible either as there's no way (that I can work out) of getting OpenLDAP to use anything other than the single socket specified in /etc/sasl2/slapd.conf. My final idea was to run an LDAP instance per realm, each talking to the separate saslauthd daemons, and have another outward facing LDAP service with these as the backends but that's a non starter too because there's no way of specifying the sasl slapd.conf file, it seems sasl always looks in /etc/sasl2 for a file derived from the process name (a chroot environment for each LDAP server is therefore the next thing to look at). But this seems like a lot of work just to be able to authenticate users against multiple domains. I appreciate this is a SASL issue rather than a problem with OpenLDAP, but I'm hoping that someone here has cracked this already. Googling hasn't thrown up an solution that I can find. -- Liam Gretton liam.gretton(a)le.ac.uk HPC Architect http://www.le.ac.uk/its IT Services Tel: +44 (0)116 2522254 University of Leicester, University Road Leicestershire LE1 7RH, United Kingdom

8 10

Docs To Do list and other ideas. Please contribute
by Gavin Henry 05 Jul '12

05 Jul '12

On 4 July 2012 22:34, xsun <matheus.morais(a)gmail.com> wrote: > Hello guys, > > I can help on documentation in my spare time. I tryed to submit a patch for > ITS#6339 in the past but I don't know why it was not accepted and I did not > received any feedback about it. There is some TODO list for documentation? > There is a TODO list which, I can't believe, I started in 2008 and haven't made much progress: OpenLDAP Test suite Go through Samba stuff again OpenLDAP contrib scripts for generating LDIF etc. OpenLDAP Admin Guide - Intro Tighten "LDAP vs RDBMS" Check "What is slapd and what can it do?" "Replicated Directory Service" - add MultiMaster picture. "Configuring slapd" - check DIT layout is right "The slapd Configuration File" - check backends are correct and in above "Access Control" - Finish "Converting from slapd.conf(5) to a cn=config directory format" Backends section to finish Overlays section to finish Maintenance section to finish Monitoring section to finish Tuning section to finish More in Troubleshooting section More in Upgrading from 2.3.x section Check "Recommended OpenLDAP Software Dependency Versions" section Do some "Real World OpenLDAP Deployments and Examples" "OpenLDAP Software Contributions" to complete "Configuration File Examples" to complete Some are done and I'd rather build a build farm RESTful API now so we can have a central build farm. We did get a server from Google for that with 32GB Ram but last I heard it was down. Kurt? I'll check out your ITS and also we talked about a new wiki at some point?

3 2

Cannot remove LDAP entry ...
by Frank Bonnet 03 Jul '12

03 Jul '12

Hello I have a problem removing ONE ( and only ONE !!! ) entry in my directory server ldapdelete fails like the following ldap_delete: Other (e.g., implementation specific) error (80) additional info: entry index delete failed I've checked online openldap documentation and this error refers to a access rights problem, but it is not the case for my server , all db files belong to ldap:ldap which is the identity the slapd deamon runs on. the server runs 2.4.23 version on a FreeBSD 8.1-RELEASE-p5 compiled and installed from ports. ldap# /usr/local/libexec/slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Oct 15 2010 16:35:06) $ root@ldap3.esiee.fr:/usr/ports/net/openldap24-server/work/openldap-2.4.23/servers/slapd Any help welcome thank you

2 1

bug in unique overlay
by Anton Yuzhaninov 03 Jul '12

03 Jul '12

According to slapo-unique(5) it is possible to specify several URLs in one domain (in single unique_uri dircetive). I have in my slapd.conf settings like: unique_uri ldap:///ou=lists,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias) ldap:///ou=aliases,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias) But in OpenLDAP 2.4.31 all URLs except first one is silently ignored. Debug logs show: 4ff309e3 line 208 (unique_uri ldap:///ou=lists,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias) ldap:///ou=aliases,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias)) 4ff309e3 ==> unique_new_domain <ldap:///ou=lists,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias)> ldap_url_parse_ext(ldap:///ou=lists,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias)) 4ff309e3 >>> dnPrettyNormal: <ou=lists,dc=example.ru,ou=mail,o=foo> 4ff309e3 <<< dnPrettyNormal: <ou=lists,dc=example.ru,ou=mail,o=foo>, <ou=lists,dc=example.ru,ou=mail,o=foo> Prblem is around this code in servers/slapd/overlays/unique.c: if ( c->line ) rc = unique_new_domain ( &domain, c->line, c ); else rc = unique_new_domain ( &domain, c->argv[1], c ); c->line is empty by some reason. c->argv[1] contains only first URL. Is anybody know how to fix this bug? Is it normal, that c->line is empty? -- Anton Yuzhaninov

3 3

overlay nssov and pass-though authentication
by Uwe Werler 02 Jul '12

02 Jul '12

Hello list, sis there a way to use pass-through authentication with saslauthd and the new nssov overlay? The only thing I got working at the moment was to use overlay pbind. But then I have to split my database 'cause I need local passwords stored in the database too. Thanks in aadvance! Uwe

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical July 2012