Q: syntax 1.3.6.1.4.1.1466.115.121.1.51
by Ulrich Windl
Hi!
I see that core.schema defines:
---
attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
DESC 'RFC2256: Teletex Terminal Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
---
However I cannot locate the syntax for the OID. It's mentioned in secion 6.5 of RFC 2256, however.
How is an LDAP client expected to resolve this?
I see the following syntaxes defines in the LDAP schema:
DB<17> print sort map { $_->{name} . "\n" } $s->all_syntaxes
1.2.36.79672281.1.5.0
1.3.6.1.1.1.0.0
1.3.6.1.1.1.0.1
1.3.6.1.1.16.1
1.3.6.1.4.1.1466.115.121.1.10
1.3.6.1.4.1.1466.115.121.1.11
1.3.6.1.4.1.1466.115.121.1.12
1.3.6.1.4.1.1466.115.121.1.14
1.3.6.1.4.1.1466.115.121.1.15
1.3.6.1.4.1.1466.115.121.1.22
1.3.6.1.4.1.1466.115.121.1.24
1.3.6.1.4.1.1466.115.121.1.26
1.3.6.1.4.1.1466.115.121.1.27
1.3.6.1.4.1.1466.115.121.1.28
1.3.6.1.4.1.1466.115.121.1.34
1.3.6.1.4.1.1466.115.121.1.36
1.3.6.1.4.1.1466.115.121.1.38
1.3.6.1.4.1.1466.115.121.1.39
1.3.6.1.4.1.1466.115.121.1.4
1.3.6.1.4.1.1466.115.121.1.40
1.3.6.1.4.1.1466.115.121.1.41
1.3.6.1.4.1.1466.115.121.1.44
1.3.6.1.4.1.1466.115.121.1.45
1.3.6.1.4.1.1466.115.121.1.49
1.3.6.1.4.1.1466.115.121.1.5
1.3.6.1.4.1.1466.115.121.1.50
1.3.6.1.4.1.1466.115.121.1.52
1.3.6.1.4.1.1466.115.121.1.6
1.3.6.1.4.1.1466.115.121.1.7
1.3.6.1.4.1.1466.115.121.1.8
1.3.6.1.4.1.1466.115.121.1.9
1.3.6.1.4.1.4203.666.11.10.2.1
Regards,
Ulrich
7 years, 5 months
OpenLDAP on CF disk
by richard lucassen
Hello list,
I want to migrate some OpenLDAP servers from 3.5" disks to CF-disks.
The data in the OpenLDAP is only updated once a month or so. It is just
an "99%-read-only" LDAP implementation.
However, with a standard Debian install, some files in
the /var/lib/ldap directory are updated upon each query:
# ls -altr
-rw-r--r-- 1 openldap openldap 96 2008-11-19 11:45 DB_CONFIG
drwxr-xr-x 28 root root 4096 2008-12-03 15:03 ..
-rw------- 1 openldap openldap 8192 2013-04-08 10:50 cn.bdb
-rw------- 1 openldap openldap 24576 2013-09-29 13:49 objectClass.bdb
-rw------- 1 openldap openldap 180224 2013-09-29 13:49 id2entry.bdb
-rw------- 1 openldap openldap 8192 2013-09-29 13:49 entryUUID.bdb
-rw------- 1 openldap openldap 8192 2013-09-29 13:49 entryCSN.bdb
-rw------- 1 openldap openldap 36864 2013-09-29 13:49 dn2id.bdb
-rw------- 1 openldap openldap 1168654 2013-10-17 09:40 log.0000000001
-rw------- 1 openldap openldap 24576 2013-11-07 05:45 __db.005
-rw------- 1 openldap openldap 98304 2013-11-07 05:45 __db.003
-rw-r--r-- 1 openldap openldap 4096 2013-11-07 05:45 alock
drwx------ 2 openldap openldap 4096 2013-11-07 05:45 accesslog
drwx------ 3 openldap openldap 4096 2013-11-07 05:45 .
-rw------- 1 openldap openldap 565248 2013-11-07 11:30 __db.004
-rw------- 1 openldap openldap 2629632 2013-11-07 11:30 __db.002
-rw------- 1 openldap openldap 8192 2013-11-07 11:30 __db.001
Apparently the cluster is doing some synchronizing at 05:45 in the
morning, but that's once a day. My concern is the files called
__db.001
__db.002
__db.004
Is there a simple way to prevent OpenLDAP from updating these files at
each query?
R.
--
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.
+------------------------------------------------------------------+
| Richard Lucassen, Utrecht |
+------------------------------------------------------------------+
7 years, 5 months
New objectClass
by Merve Temizer
How can i add mailacceptinggeneralid and maildrop attirbutes to use postfix
with openldap ?
I tried to adding a schema like (into /etc/ldap/schema)
#
# postfix.schema - basic attributes based on default queries
# postfix will make for alias and virtual account lookups
# I don't think there is an official postfix schema out there,
# but if there is, this most certainly is not it.
#
# leah(a)frauerpower.com
#
# mailacceptinguser and mailAccount added by Barrie Bremner <
bjb(a)netcraft.com>
#
attributetype ( 1.3.6.1.4.1.25260.1.000
NAME 'mailacceptinggeneralid'
DESC 'Defines an address that we accept mail for'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.25260.1.001
NAME 'maildrop'
DESC 'Defines the address mail goes to'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.25260.1.002
NAME 'mailacceptinguser'
DESC 'Defines if this user accepts mail'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectClass ( 1.3.6.1.4.1.25260.1.1.100
NAME 'virtualaccount'
DESC 'Holds mail info for a virtual account'
STRUCTURAL
MUST ( owner $ mailacceptinggeneralid $
maildrop $ cn )
)
objectClass ( 1.3.6.1.4.1.25260.1.1.101
NAME 'maillist'
DESC 'Virtual account for holding mailing list info'
STRUCTURAL
MUST ( mailacceptinggeneralid $
maildrop $ cn )
)
objectClass ( 1.3.6.1.4.1.25260.1.1.102
NAME 'mailAccount'
DESC 'Email account details'
AUXILIARY
MUST ( mailacceptinguser $
maildrop $ cn )
MAY ( mailacceptinggeneralid )
)
and add a line into
/usr/share/slapd/slapd.conf
" include /etc/ldap/schema/inetorgperson.schema"
But i am geting
ldap_add: Invalid syntax (21)
additional info: objectClass: value #3 invalid per syntax
when i try to add an object
objectClass:mailAccount
Where am i wrong?
Thanks
7 years, 5 months
ldapmodify replace olcAccess
by Daniel Jung
Hi all,
Is it possible to use the replace the instead of delete then add again
for olcAccess?
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcDbCacheSize
olcDbCacheSize: 10240
-
replace: olcAccess
olcAccess: {0}to dn.base="" attrs=namingContexts by * none
olcAccess: {1}to * by * read
-
Thanks
7 years, 5 months
Re: ldap syncrepl issue.
by Ashok Kumar Shah
I don't see any fix done for syncrepl on 2.4.36. Speaking about the actual
problem i have noticed that the do_syncrep* is not getting triggered as
defined in the config:
interval=00:00:05:00
retry="60 +"
and get triggered after long delay about ~23hrs or so. Not sure if this a
bug.
Thanks,
Ashok
On Sun, Nov 10, 2013 at 6:14 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote:
> I suggest you read the openldap changelog and upgrade to 2.4.36.
>
> --Quanah
>
> On Nov 9, 2013, at 12:34 AM, Ashok Kumar Shah <ashok.shah(a)flipkart.com>
> wrote:
>
> I have upgraded to OpenLDAP 2.4.31. I was hoping that the syncrepl issue
> will subside with the upgrade, but problem continue to persist even now.
> Just to point out that the master still runs the older version i.e 2.4.31,
> but i guess that should be ok since the issue is with the replication or
> perhaps with contextCSN not getting updated on the client(slaves).
>
> Thanks,
> Ashok
>
>
> On Mon, Jul 15, 2013 at 3:47 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote:
>
>> --On Sunday, July 14, 2013 10:35 PM +0530 Ashok Kumar Shah <
>> ashok.shah(a)flipkart.com> wrote:
>>
>>
>>> I am running OpenLDAP 2.4.23.
>>>
>>
>> I would advise you to run a modern release. I would strongly advise you
>> to read the changes log since 2.4.23.
>>
>>
>> --Quanah
>>
>>
>> --
>>
>> Quanah Gibson-Mount
>> Sr. Member of Technical Staff
>> Zimbra, Inc
>> A Division of VMware, Inc.
>> --------------------
>> Zimbra :: the leader in open source messaging and collaboration
>>
>
>
7 years, 5 months
How to say not to use a particular objectClass for a dn
by Harishkumar Pathangay
Hi,How to say not to use a particular objectClass for a dn.
For example,harish@openSUSE:~> ldapsearch -x -b 'dc=my-domain,dc=com' '(objectclass=*)' # extended LDIF## LDAPv3# base <dc=my-domain,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL#
# my-domain.comdn: dc=my-domain,dc=comobjectClass: dcObjectobjectClass: organizationdc: my-domaino: Example Corporation
# Manager, my-domain.comdn: cn=Manager,dc=my-domain,dc=comobjectClass: organizationalRolecn: Managerdescription: Directory Manager
# search resultsearch: 2result: 0 Success
Here, we see that dn: dc=my-domain,dc=com uses objectClass: organizationI want to say not to use objectClass: organization.
How to do this?
Thanks,Harish Pathangay
7 years, 5 months
Restricting Login based on AD GID
by Manish Nene
Hello,
I've LDAP authentication functioning well against Novell e-directory. Is
there a way I can restrict the login access to appliance based on the
GID of an user?
Thanks,
- Manish.
------------------------
Powered by BigRock.com
7 years, 5 months
Re: ldap syncrepl issue.
by Ashok Kumar Shah
I have upgraded to OpenLDAP 2.4.31. I was hoping that the syncrepl issue
will subside with the upgrade, but problem continue to persist even now.
Just to point out that the master still runs the older version i.e 2.4.31,
but i guess that should be ok since the issue is with the replication or
perhaps with contextCSN not getting updated on the client(slaves).
Thanks,
Ashok
On Mon, Jul 15, 2013 at 3:47 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote:
> --On Sunday, July 14, 2013 10:35 PM +0530 Ashok Kumar Shah <
> ashok.shah(a)flipkart.com> wrote:
>
>
>> I am running OpenLDAP 2.4.23.
>>
>
> I would advise you to run a modern release. I would strongly advise you
> to read the changes log since 2.4.23.
>
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
7 years, 5 months
Re: Reseting content/database/schema
by Ryan Tandy
Hi,
Please, let's keep the discussion on the list.
On 13-11-08 12:26 AM, Merve Temizer wrote:
> Tandy thanks for your answer.
>
> Might the problem be about default conf despite that i was able to add
> my ldif at first installation?
Sure, it's definitely possible that I was wrong. It doesn't really
matter, though: stop the daemon and remove everything from
/etc/ldap/slapd.d and from /var/lib/ldap, and you're immediately in a
clean and unconfigured state. Purging and reinstalling the package
doesn't do much else.
If you want more detailed help, please provide more details about the
problem: a full transcript of the commands you're running (including any
input files) and their output, plus the exact version of OpenLDAP you're
running, would be a good start.
--
Ryan Tandy - Programmer/Analyst rtandy(a)sd63.bc.ca
School District 63 (Saanich) +1 250 652 7385
7 years, 5 months
PBKDF2 for OpenLDAP
by Tsukasa HAMANO
Hi,
I was concerned that OpenLDAP have no modern key derivation function.
(It seems eglibc's crypt(3) has bcrypt, but it's depends environment)
So I just implemented PBKDF2 module for OpenLDAP.
https://github.com/hamano/openldap-pbkdf2
# Installation
$ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/
$ git clone https://github.com/hamano/openldap-pbkdf2.git
$ cd openldap-pbkdf2/
$ make
# make install
in slapd.conf:
moduleload pw-pbkdf2.so
password-hash {PBKDF2}
# Usage
$ slappasswd -o module-load=pw-pbkdf2.la -h {PBKDF2} -s secret
{PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw
This format is compatible with Python's passlib.hash.ldap_pbkdf2_sha1
http://pythonhosted.org/passlib/lib/passlib.hash.ldap_pbkdf2_digest.html
And also, I have roadmap to implement {PBKDF2-SHA256} and
{PBKDF2-SHA512} schemes in the future.
Could you merge the module into contrib/ directory?
Thank you.
--
Open Source Solution Technology Corporation
HAMANO Tsukasa <hamano(a)osstech.co.jp>
fingerprint = 2285 2111 6D34 3816 3C2E A5B9 16BE D101 6069 BE55
7 years, 5 months