March 2013 - openldap-technical

by Venish Khant

Hi all I am using cpan Net::LDAP module to access LDAP entries. I want to search LDAP entries using Net::LDAP search method. When I do search, I want some limited number of entries from search result, for this(searching) process I am using Net::LDAP::Control::VLV module. But I get error on VLV response control. Please, any one have idea about this error. * Error:* Died at vlv.pl line 50, This is my example. I changed the font style of line 50 #!/usr/bin/perl -w use Net::LDAP; use Net::LDAP::Control::VLV; use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE ); use Net::LDAP::Control::Sort; sub procentry { my ( $mesg, $entry) = @_; # Return if there is no entry to process if ( !defined($entry) ) { return; } print "dn: " . $entry->dn() . "\n"; @attrs = $entry->attributes(); foreach $attr (@attrs) { #printf("\t%s: %s\n", $attr, $entry->get_value($attr)); $attrvalue = $entry->get_value($attr,asref=>1); #print $attr.":". $entry->get_value($attr)."\n"; foreach $value(@$attrvalue) { print "$attr: $value\n"; } } $mesg->pop_entry; print "\n"; } $ldap = Net::LDAP->new( "localhost" ); # Get the first 20 entries $vlv = Net::LDAP::Control::VLV->new( before => 0, # No entries from before target entry after => 19, # 19 entries after target entry content => 0, # List size unknown offset => 1, # Target entry is the first ); my $sort = Net::LDAP::Control::Sort->new( order => 'cn' ); @args = ( base => "dc=example,dc=co,dc=in", scope => "subtree", filter => "(objectClass=inetOrgPerson)", callback => \&procentry, # Call this sub for each entry control => [ $sort, $vlv ], ); $mesg = $ldap->search( @args ); # Get VLV response control *($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;* $vlv->response( $resp ); # Set the control to get the last 20 entries $vlv->end; $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); # Now get the previous page $vlv->scroll_page( -1 ); $mesg = $ldap->search( @args ); # Get VLV response control ($resp) = $mes # Now page with first entry starting with "B" in the middle $vlv->before(9); # Change page to show 9 before $vlv->after(10); # Change page to show 10 after $vlv->assert("B"); # assert "B" $mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or die; $vlv->response( $resp ); -- Venish Khant www.deeproot.co.in

7 years

4
11
0 / 0

OpenLDAP and dynalogin (two-factor auth with HOTP)

by Daniel Pocock

Some time ago I created the dynalogin ( http://www.dynalogin.org ) solution for two-factor authentication. I'm just contemplating how to make it easier to integrate, and making it convenient to use with OpenLDAP seems like a good strategy: can anyone comment on that? The initial thoughts that I have about the subject: - SASL based solution (dynalogin has digest capability already, so it could be adapted for SASL PLAIN or DIGEST-MD5) - should not prevent password logins (user should be able to use either password or HOTP code) - should enable people to use it indirectly (e.g. if someone already has pam_ldap working, they should be able to add dynalogin to their OpenLDAP server and get immediate benefit) - use cases: UNIX login, high-security webmail login, VPN and OpenID provider backed by OpenLDAP I know that SASL already supports OTP, but that is not HOTP, it is OPIE (or S/Key) RFC 2289: http://tools.ietf.org/html/rfc2289 whereas HOTP is RFC 4226: http://www.ietf.org/rfc/rfc4226.txt HOTP is considered more secure and more widely implemented.

7 years, 11 months

5
6
0 / 0

LMDB vs FastDB

by Tobias Oberstein

Hello, I have read the - very interesting - performance comparison http://symas.com/mdb/microbench/ I'd like to ask if someone did benchmark LMDB (and/or the others) against http://www.garret.ru/fastdb.html FastDB is an in-memory ACID database that works via shadow paging, and without a transaction log. Thanks, Tobias

10 years, 2 months

3
7
0 / 0

Re: RE24 testing call (OpenLDAP 2.4.35)

by Marco Pizzoli

On Wed, Mar 27, 2013 at 2:14 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > If you know how to build OpenLDAP manually, and would like to participate > in testing the next set of code for the 2.4.35 release, please do so. > > Generally, get the code for RE24: > > <http://www.openldap.org/**devel/gitweb.cgi?p=openldap.** > git;a=snapshot;h=refs/heads/**OPENLDAP_REL_ENG_2_4;sf=tgz<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...> > > > > Configure & build. > > Execute the test suite (via make test) after it is built. > > Thanks! > > --Quanah > > All tests ok for me, too. RHEL6.3 x86_64 Tested for HDB and MDB Marco

10 years, 2 months

1
0
0 / 0

rid tracking

by Sven Jourgensen

Is there any way to get a master to divulge the rid of each slave that is using it to keep in sync?

10 years, 2 months

3
4
0 / 0

RE24 testing call (OpenLDAP 2.4.35)

by Quanah Gibson-Mount

If you know how to build OpenLDAP manually, and would like to participate in testing the next set of code for the 2.4.35 release, please do so. Generally, get the code for RE24: <http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...> Configure & build. Execute the test suite (via make test) after it is built. Thanks! --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

10 years, 2 months

3
2
0 / 0

Chaining

by jeevan kc

HelloI've set up a chaining overlay on the slave server. I think I followed the proper procedures but every time I try to update entries (delete,add,change)the slave server I get LDAP error code 8 - Strong Authentication Required. How can I modify entries on the slave without getting the error? I've openldap 2.4.30 installed on Red Hat and my configuration is as follows. Any help would be appreciated. dn: olcDatabase={0}ldapobjectClass: olcLDAPConfigobjectClass: olcChainDatabaseolcDatabase: {0}ldapolcDbURI: "ldap://lap00621.cov.vinex.com"olcDbStartTLS: none starttls=noolcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical bindm ethod=simple timeout=0 network-timeout=0 binddn="cn=manager,o=vinex,c=us" credentials="l4s3rj3t" keepalive=0:0:0olcDbRebindAsUser: FALSEolcDbChaseReferrals: TRUEolcDbTFSupport: noolcDbProxyWhoAmI: FALSEolcDbProtocolVersion: 3olcDbSingleConn: FALSEolcDbCancel: abandonolcDbUseTemporaryConn: FALSEolcDbConnectionPoolMax: 16olcDbSessionTrackingRequest: FALSEolcDbNoRefs: FALSEolcDbNoUndefFilter: FALSEstructuralObjectClass: olcLDAPConfigentryUUID: df6c7dc4-26a0-1032-829d-b5d50f9d249ecreatorsName: cn=manager,o=vinex,c=uscreateTimestamp: 20130321182829ZentryCSN: 20130321182829.558457Z#000000#000#000000modifiersName: cn=manager,o=vinex,c=usmodifyTimestamp: 20130321182829Z dn: olcOverlay={0}chainobjectClass: olcOverlayConfigobjectClass: olcChainConfigolcOverlay: {0}chainolcChainCacheURI: FALSEolcChainMaxReferralDepth: 1olcChainReturnError: TRUEstructuralObjectClass: olcChainConfigentryUUID: 8a6734ba-2685-1032-8293-b5d50f9d249ecreatorsName: cn=manager,o=vinex,c=uscreateTimestamp: 20130321151250ZentryCSN: 20130321151250.505781Z#000000#000#000000modifiersName: cn=manager,o=vinex,c=usmodifyTimestamp: 20130321151250Z

10 years, 2 months

3
2
0 / 0

Translucent + ProxyCache

by Kevin Vargo

Hi, Has anyone been able to get Translucent Proxy (slapo-translucent) working with Proxy Cache (slapo-pcache)? I'm using v2.4.31, and the translucent is working great to mix in some attributes specific to that server. Problem is we're converting the "upstream" LDAP to Back-SQL which ends up mighty slow in some use-cases. It would be great to be able to cache the results from the translucent's back-LDAP call. I've tried placing the pcache overlay in various places, but either it the server doesn't start and yields a: no structural objectClass add function error, which may/not be related; or the service starts fine, but doesn't appear to hit the cache at all. Looks like someone tried a while ago, but I can't find any answer: http://www.openldap.org/lists/openldap-software/200803/msg00004.html Perhaps the back-ldap implementation under slapo-translucent isn't fully-functional for some reason? Thanks, Kevin

10 years, 2 months

1
0
0 / 0

Replicating more than 1 subtree from a single master

by Carlo Santos

Hi, I have a single master and single slave replication setup. Is it possible to replicate different subtrees. I have thought of the following ways to do this: Given we have root node dc=my,dc=ldap with 2 subtrees cn=subtree1,dc=my,dc=ldap and cn=subtree2,dc=my,dc=ldap - use the dn's of the subtrees as searchbases - Assuming that the cn attribute is propagated under the subtrees, use the filter attribute. - A mix of both. Are all of these possible? Or is it even possible to replicate multiple subtrees from a single master?

10 years, 2 months

1
0
0 / 0

Quick setup replica with openldap-2.4.33

by Takashi Komatsubara

Hi team, This is my first time to post a question. Please forgive me if I am making miss-posting. I have a big ldap master which is based on openldap-2.4.33. The mdb file size is 50 GB. In order to setup an replica server quickly, can we copy the mdb and config to the replica server? files: data/ldap/mdb/db/data.mdb data/ldap/config/cn=config data/ldap/config/cn=config/.... Thank you very much, Takashi.

10 years, 2 months

3
5
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical March 2013