Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years
OpenLDAP and dynalogin (two-factor auth with HOTP)
by Daniel Pocock
Some time ago I created the dynalogin ( http://www.dynalogin.org )
solution for two-factor authentication.
I'm just contemplating how to make it easier to integrate, and making it
convenient to use with OpenLDAP seems like a good strategy: can anyone
comment on that?
The initial thoughts that I have about the subject:
- SASL based solution (dynalogin has digest capability already, so it
could be adapted for SASL PLAIN or DIGEST-MD5)
- should not prevent password logins (user should be able to use either
password or HOTP code)
- should enable people to use it indirectly (e.g. if someone already has
pam_ldap working, they should be able to add dynalogin to their OpenLDAP
server and get immediate benefit)
- use cases: UNIX login, high-security webmail login, VPN and OpenID
provider backed by OpenLDAP
I know that SASL already supports OTP, but that is not HOTP, it is OPIE
(or S/Key) RFC 2289:
http://tools.ietf.org/html/rfc2289
whereas HOTP is RFC 4226:
http://www.ietf.org/rfc/rfc4226.txt
HOTP is considered more secure and more widely implemented.
7 years, 11 months
rid tracking
by Sven Jourgensen
Is there any way to get a master to divulge the rid of each slave that is
using it to keep in sync?
10 years, 2 months
RE24 testing call (OpenLDAP 2.4.35)
by Quanah Gibson-Mount
If you know how to build OpenLDAP manually, and would like to participate
in testing the next set of code for the 2.4.35 release, please do so.
Generally, get the code for RE24:
<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...>
Configure & build.
Execute the test suite (via make test) after it is built.
Thanks!
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
10 years, 2 months
Chaining
by jeevan kc
HelloI've set up a chaining overlay on the slave server. I think I followed the proper procedures but every time I try to update entries (delete,add,change)the slave server I get LDAP error code 8 - Strong Authentication Required. How can I modify entries on the slave without getting the error? I've openldap 2.4.30 installed on Red Hat and my configuration is as follows. Any help would be appreciated.
dn: olcDatabase={0}ldapobjectClass: olcLDAPConfigobjectClass: olcChainDatabaseolcDatabase: {0}ldapolcDbURI: "ldap://lap00621.cov.vinex.com"olcDbStartTLS: none starttls=noolcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical bindm ethod=simple timeout=0 network-timeout=0 binddn="cn=manager,o=vinex,c=us" credentials="l4s3rj3t" keepalive=0:0:0olcDbRebindAsUser: FALSEolcDbChaseReferrals: TRUEolcDbTFSupport: noolcDbProxyWhoAmI: FALSEolcDbProtocolVersion: 3olcDbSingleConn: FALSEolcDbCancel: abandonolcDbUseTemporaryConn: FALSEolcDbConnectionPoolMax: 16olcDbSessionTrackingRequest: FALSEolcDbNoRefs: FALSEolcDbNoUndefFilter: FALSEstructuralObjectClass: olcLDAPConfigentryUUID: df6c7dc4-26a0-1032-829d-b5d50f9d249ecreatorsName: cn=manager,o=vinex,c=uscreateTimestamp: 20130321182829ZentryCSN: 20130321182829.558457Z#000000#000#000000modifiersName: cn=manager,o=vinex,c=usmodifyTimestamp: 20130321182829Z
dn: olcOverlay={0}chainobjectClass: olcOverlayConfigobjectClass: olcChainConfigolcOverlay: {0}chainolcChainCacheURI: FALSEolcChainMaxReferralDepth: 1olcChainReturnError: TRUEstructuralObjectClass: olcChainConfigentryUUID: 8a6734ba-2685-1032-8293-b5d50f9d249ecreatorsName: cn=manager,o=vinex,c=uscreateTimestamp: 20130321151250ZentryCSN: 20130321151250.505781Z#000000#000#000000modifiersName: cn=manager,o=vinex,c=usmodifyTimestamp: 20130321151250Z
10 years, 2 months
Translucent + ProxyCache
by Kevin Vargo
Hi,
Has anyone been able to get Translucent Proxy
(slapo-translucent) working with Proxy Cache (slapo-pcache)? I'm using
v2.4.31, and the translucent is working great to mix in some attributes
specific to that server. Problem is we're converting the "upstream"
LDAP to Back-SQL which ends up mighty slow in some use-cases. It would
be great to be able to cache the results from the translucent's
back-LDAP call.
I've tried placing the pcache overlay in various places, but either it the server doesn't start and yields a:
no structural objectClass add function
error, which may/not be related; or the service starts fine, but doesn't appear to hit the cache at all.
Looks like someone tried a while ago, but I can't find any answer:
http://www.openldap.org/lists/openldap-software/200803/msg00004.html
Perhaps the back-ldap implementation under slapo-translucent isn't fully-functional for some reason?
Thanks,
Kevin
10 years, 2 months
Replicating more than 1 subtree from a single master
by Carlo Santos
Hi,
I have a single master and single slave replication setup. Is it possible
to replicate different subtrees.
I have thought of the following ways to do this:
Given we have root node dc=my,dc=ldap with 2 subtrees
cn=subtree1,dc=my,dc=ldap and cn=subtree2,dc=my,dc=ldap
- use the dn's of the subtrees as searchbases
- Assuming that the cn attribute is propagated under the subtrees, use
the filter attribute.
- A mix of both.
Are all of these possible? Or is it even possible to replicate multiple
subtrees from a single master?
10 years, 2 months
Quick setup replica with openldap-2.4.33
by Takashi Komatsubara
Hi team,
This is my first time to post a question.
Please forgive me if I am making miss-posting.
I have a big ldap master which is based on openldap-2.4.33.
The mdb file size is 50 GB.
In order to setup an replica server quickly, can we copy the mdb and
config to the replica server?
files:
data/ldap/mdb/db/data.mdb
data/ldap/config/cn=config
data/ldap/config/cn=config/....
Thank you very much,
Takashi.
10 years, 2 months