openldap-technical March 2013

openldap-technical@openldap.org

84 participants
80 discussions

Kinda stuck
by Spyros Mailinglists 26 Mar '13

26 Mar '13

Hello all, New to the list, so be tolerant ? :-) I am trying to build an ubuntu server 12.04 with openldap and samba. I want openldap to handle aspects of the server like having a centrilized user management and samba , naturally, for the shares. In an ideal scenario, I would like this box to be able to authenticate LAN users and create shares depending on each users' priviledges. Anywhoo, I've been trying to built this for about three months now. I cannot get it to work. At the moment I am stuck on smbldap-tools and the (infamous ?) configure.pl script. I've tried tons of howto's and manuals on the topic from the net. But once I am stuck, I cannot continue past the aformentioned point. Would anyone know of any resources out there ? If you have any pointers, please share . . . . Thank you very much, spyros

2 1

Re: openldap-2.4.32 su-ok, rlogin-fails
by Joe Phan 26 Mar '13

26 Mar '13

Hi Doug, Thank you so much for your help. With your questions, I double checked credential levels and authentication methods, and luckily, I found the solution for my problem. Error recap: On the Client Machine, when su from one user to another, /var/log/authlog shows the following error: Mar 22 09:03:53 apggd08dev login: [ID 316739 auth.error] pam_ldap: no legal authentication method configured Solution: Reconfigure Client again using credentialLevel and serviceAuthenticationMethod attributes. apggd08dev# ldapclient -v manual -a defaultsearchbase=dc=pg,dc=dtveng,dc=net \ > -a domainname=pg.dtveng.net \ > -a credentialLevel=anonymous \ > -a serviceAuthenticationMethod=pam_ldap:simple xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is LDAP server IP. Now, I am able to rlogin/telnet/ssh to the client machine (Native Solaris LDAP Client) using a user account defined from LDAP Server. "su" from from one user to another also works well. Thanks, Joe ________________________________ From: Doug Leavitt <doug.leavitt(a)oracle.com> To: Joe Phan <joeanhphan(a)yahoo.com> Sent: Wednesday, March 20, 2013 12:20 PM Subject: Re: openldap-2.4.32 su-ok, rlogin-fails No. SSL is not required for authentication. But if you are using pam_ldap without SSL, your passwords are sent over TCP/IP in the clear. Alternatively you can use pam_unix authentication and have the password hashes sent over the wire (like in NIS) and have the unix client do the authentication. This usually requires that you store the passwords in the LDAP server in {crypt} format. On 03/20/13 14:07, Joe Phan wrote: Hi Doug, > >Do you know if it is required to have SSL for authentication? In other word, do I need to configure SSL Tunnel? >Do I need to change pam.conf on LDAP Server? > >Link: http://www.softpanorama.info/Net/Directories/ldap.shtml >"Because our LDAP service requires SSL connections before allowing authentication, it is necessary to connect to the LDAP server using SSL" > > >Thanks, >Joe > > > > >________________________________ > From: Doug Leavitt <doug.leavitt(a)oracle.com> >To: Joe Phan <joeanhphan(a)yahoo.com> >Sent: Tuesday, March 19, 2013 3:08 PM >Subject: Re: openldap-2.4.32 su-ok, rlogin-fails > > >You probably need to correct your pam settings in pam.conf. >See the pam_ldap man page for more details. I suspect you >need to change the setting to look more like this: > # Authentication management for login service is stacked. > # If pam_unix_auth succeeds, pam_ldap is not invoked. > # The control flag "binding" provides a local overriding > # remote (LDAP) control. The "server_policy" option is used > # to tell pam_unix_auth.so.1 to ignore the LDAP users. > > login auth requisite pam_authtok_get.so.1 > login auth required pam_dhkeys.so.1 > login auth required pam_unix_cred.so.1 > login auth binding pam_unix_auth.so.1 server_policy > login auth required pam_ldap.so.1 > >If your system is set up for anonymous connections may or may not >be an issue depending on your servers acl setups. > >I am referring to the configuration supplied into ldapclient (aka what is in >/var/ldap/ldap_client_file, and presumably ldap_cred_file is you have bind >credentials into the ldap server). > >When we setup DSEE servers we usually recommend at least proxy >credentials and at least simple bind, or more depending on your security >needs. Your needs may vary. > >Doug. > >On 03/19/13 15:32, Joe Phan wrote: >Hi Doug, >> >> >>Thank you for looking at this. >> >>apggd08dev# ldaplist -l passwd jphan >>dn: uid=jphan,ou=people,dc=pg,dc=dtveng,dc=net >> objectClass: top >> objectClass: posixAccount >> objectClass: shadowAccount >> objectClass: posixGroup >> cn: jphan >> uid: jphan >> uidNumber: 2003 >> gidNumber: 203 >> homeDirectory: /export/home/jphan >> loginShell: /usr/bin/csh >> gecos: Joe Phan 310-964-4125 >> shadowLastChange: 0 >> shadowMax: 0 >> shadowWarning: 0 >> userPassword: {SSHA}/... >> >>Also how is your system configured w.r.t anonymous connections? <== Yes, I believed that I configured the system for anonymous connections. Do you know how to verify it? >>What are you credential levels and authentication methods being used in your configuration? <== Not sure about credential levels; I am using PAM for authentication. At the beginning, I don't have SASL/TLS. >> >> >> >>Sorry for unclear answers if existed, b/c I am new to LDAP and PAM. >>Please show me where or which area I should verify the system. >>Thank you so much, >> >> >>Joe Phan >> >> >> >>________________________________ >> From: Doug Leavitt <doug.leavitt(a)oracle.com> >>To: Joe Phan <joeanhphan(a)yahoo.com> >>Sent: Tuesday, March 19, 2013 12:27 PM >>Subject: Re: openldap-2.4.32 su-ok, rlogin-fails >> >> >>What happens if you try: >> >>ldaplist -l passwd jphan >> >>Also how is your system configured w.r.t anonymous connections? >>What are you credential levels and authentication methods being used >>in your configuration? >> >> >>Doug. >> >>On 03/18/13 19:01, Joe Phan wrote: >>Hi, >>> >>> >>> >>>I configured a machine to be LDAP Server (openldap-2.4.32) on Solaris 10. Adding users/groups to LDAP Server seems to be ok. >>> >>> >>> >>>From a second machine, I configured it to be LDAP Client using command "ldapclient manual -v -a defaultsearchbase=dc=pg,dc=dtveng,dc=net -a domainname=pg.dtveng.net 10.26.82.16". It was successful. /var/ldap/ldap_client_file contains appropriate LDAP Server information. >>>Openldap-2.4.32 is not installed on the Client Machine. >>> >>> >>>I updated PAM configuration on Client Machine for su and rlogin, results are listed below: >>>- rlogin into Client Machine using root - OK >>>- rlogin into Client Machine using "jphan" user - Fails >>> >>>- After login to Client Machine as root, su from root to "jphan" user - OK (Note: jphan user does not exist in Client Machine /etc/passwd, jphan user exists in LDAP Server) >>> >>>- From "jphan" user, su to another user - Fails >>> >>> >>>Could someone please take a look at the configuration for rlogin PAM below to see if the configuration is correct. >>>Please let me know if there is anything missing from my setup. >>>Do I need to configure pam.conf on LDAP Server machine as well? >>> >>> >>> >>>Any help is greatly appreciated. >>>Best regards, >>>Joe Phan >>> >>> >>> >>> >>> >>>Downloaded and installed following packages from SunFreeWare.com to LDAP Server: >>>openldap-2.4.32-sol10-sparc-local.gz >>>db-4.7.25.NC-sol10-sparc-local.gz >>>gcc-3.3.2-sol10-sparc-local.gz >>>libgcc-3.3-sol10-sparc-local.gz >>>libtool-2.4.2-sol10-sparc-local.gz >>>openssl-1.0.1c-sol10-sparc-local.gz >>>sasl-2.1.25-sol10-sparc-local.gz >>> >>> >>>Client Machine configuration: >>>- /etc/nsswitch.conf: >>>passwd: files ldap >>>group: files ldap >>>shadow: files ldap >>> >>> >>>- /etc/pam.conf: >>>apggd08dev# more pam.conf >>># >>>login auth requisite pam_authtok_get.so.1 >>>login auth required pam_dhkeys.so.1 >>>login auth required pam_unix_cred.so.1 >>>#login auth required pam_unix_auth.so.1 >>>login auth sufficient pam_unix_auth.so.1 >>>login auth required pam_dial_auth.so.1 >>>login auth required pam_ldap.so.1 debug >>># >>># rlogin service (explicit because of pam_rhost_auth) >>># >>>rlogin auth sufficient pam_rhosts_auth.so.1 >>>rlogin auth requisite pam_authtok_get.so.1 >>>rlogin auth required pam_dhkeys.so.1 >>>rlogin auth required pam_unix_cred.so.1 >>>#rlogin auth required pam_unix_auth.so.1 >>>rlogin auth sufficient pam_unix_auth.so.1 >>>rlogin auth required pam_ldap.so.1 debug >>># >>># Kerberized rlogin service >>># >>>krlogin auth required pam_unix_cred.so.1 >>>krlogin auth binding pam_krb5.so.1 >>>krlogin auth required pam_unix_auth.so.1 >>># >>># rsh service (explicit because of pam_rhost_auth, >>># and pam_unix_auth for meaningful pam_setcred) >>># >>>rsh auth sufficient pam_rhosts_auth.so.1 >>>rsh auth required pam_unix_cred.so.1 >>># >>># Kerberized rsh service >>># >>>krsh auth required pam_unix_cred.so.1 >>>krsh auth binding pam_krb5.so.1 >>>krsh auth required pam_unix_auth.so.1 >>># >>># Kerberized telnet service >>># >>>ktelnet auth required pam_unix_cred.so.1 >>>ktelnet auth binding pam_krb5.so.1 >>>ktelnet auth required pam_unix_auth.so.1 >>># >>># PPP service (explicit because of pam_dial_auth) >>># >>>ppp auth requisite pam_authtok_get.so.1 >>>ppp auth required pam_dhkeys.so.1 >>>ppp auth required pam_unix_cred.so.1 >>>#ppp auth required pam_unix_auth.so.1 >>>ppp auth sufficient pam_unix_auth.so.1 >>>ppp auth required pam_dial_auth.so.1 >>>ppp auth required pam_ldap.so.1 debug >>># >>># Default definitions for Authentication management >>># Used when service name is not explicitly mentioned for authentication >>># >>>other auth requisite pam_authtok_get.so.1 >>>other auth required pam_dhkeys.so.1 >>>other auth required pam_unix_cred.so.1 >>>#other auth required pam_unix_auth.so.1 >>>other auth sufficient pam_unix_auth.so.1 >>>other auth required pam_ldap.so.1 debug >>># >>># passwd command (explicit because of a different authentication module) >>># >>>#passwd auth required pam_passwd_auth.so.1 >>>passwd auth sufficient pam_passwd_auth.so.1 >>>passwd auth required pam_ldap.so.1 debug >>># >>># cron service (explicit because of non-usage of pam_roles.so.1) >>># >>>cron account required pam_unix_account.so.1 >>># >>># Default definition for Account management >>># Used when service name is not explicitly mentioned for account management >>># >>>other account sufficient pam_ldap.so.1 debug >>>other account requisite pam_roles.so.1 >>>other account required pam_unix_account.so.1 >>># >>># Default definition for Session management >>># Used when service name is not explicitly mentioned for session management >>># >>>other session required pam_unix_session.so.1 >>># >>># Default definition for Password management >>># Used when service name is not explicitly mentioned for password management >>># >>>other password required pam_dhkeys.so.1 >>>other password requisite pam_authtok_get.so.1 >>>other password requisite pam_authtok_check.so.1 >>>other password required pam_authtok_store.so.1 >>> >>> >>> >>> >>>jphan user info: >>>apggd04dev# ldapsearch -x -b 'dc=pg,dc=dtveng,dc=net' 'uid=jphan' >>># extended LDIF >>># >>># LDAPv3 >>># base <dc=pg,dc=dtveng,dc=net> with scope subtree >>># filter: uid=jphan >>># requesting: ALL >>># >>> >>># jphan, people, pg.dtveng.net >>>dn: uid=jphan,ou=people,dc=pg,dc=dtveng,dc=net >>>objectClass: top >>>objectClass: posixAccount >>>objectClass: shadowAccount >>>objectClass: posixGroup >>>cn: jphan >>>uid: jphan >>>uidNumber: 2003 >>>gidNumber: 203 >>>homeDirectory: /export/home/jphan >>>loginShell: /usr/bin/csh >>>gecos:: Sm9lIFBoYW4gMzEwLTk2NC00MTI1IA== >>>shadowLastChange: 0 >>>shadowMax: 0 >>>shadowWarning: 0 >>>userPassword:: ....= >>> >>># search result >>>search: 2 >>>result: 0 Success >>> >>># numResponses: 2 >>># numEntries: 1 >>> >>> >> >> > >

1 0

[LMDB] Append To Value
by Yucheng Low 26 Mar '13

26 Mar '13

Hi, I am considering using LMDB to store a dynamic graph structure, and it will be very helpful to support "append to value" having the same semantics as "append" in Kyoto Cabinet. http://fallabs.com/kyotocabinet/api/classkyotocabinet_1_1BasicDB.html#a23e7… For instance, if I were to store an adjacency list representation of a graph in LMDB, I would use vertex ID as the key, and the value is a vector of 64-bit IDs. To insert an edge into the graph will simply require appending 8 bytes to the end of the vector. Re-reading and re-writing the entire value will be somewhat excessive (and will actually change the asymptotic runtime of the insertion). This is also one of those situations where a batch append might be useful. For instance, if I have an edge list on file which is too large to retain in memory. To convert it to an adjacency list in LMDB will require batch-append. Batch-writes are insufficient since that will require me to cache at least, large parts of the adjacency list in memory, and the original edge list could be ordered arbitrarily. The actual graph representation I am thinking of is somewhat more intelligent than a straight adjacency list, but similar concepts hold. I have tried looking through the lmdb source to try to implement append myself, but the put logic is somewhat complicated... Yucheng

2 3

about openldap over udp
by Guo Star 26 Mar '13

26 Mar '13

Hi, i am a freshman on openldap. Now, i can login my openldap client machine, through openldap server machine authentication. And I see openldap use tcp/389 to communicate. Can I set openldap over udp/389 ? Thank a lot. Best Regard, Star Guo >From Guangzhou, China.

2 1

Problem in connecting OpenLDAP server with PostgreSQL DB
by SHEKHAR PODICHETI 26 Mar '13

26 Mar '13

Hello, I compiled and installed openldap-2.4.34 by enabling the back-sql. I installed PostgreSQL database , created the users in DB as per the OpenLDAP Admin guide. However, OpenLDAP server is unable to start and connect to the PostgreSQL database. I got a following problem while I was running a sample SQL read operation from the PostgreSQL DB. root@DevelopmentServer:~/Shekhar/OpenLDAP/openldap-2.4.34/tests#<https://mail.ril.com/owa/UrlBlockedError.aspx>SLAPD_USE_SQL=pgsql ./run sql-test000 Cleaning up test run directory leftover from previous run. Running ./scripts/sql-test000-read for bdb... running defines.sh Starting slapd on TCP/IP port 9011... Testing SQL backend read operations... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... ldapsearch failed (255)! kill: 57: No such process root@DevelopmentServer:~/Shekhar/OpenLDAP/openldap-2.4.34/tests#<https://mail.ril.com/owa/UrlBlockedError.aspx> Regards, Shekhar Podicheti

1 0

Openldap Chaining help
by jeevan kc 26 Mar '13

26 Mar '13

HelloI've set up a chaining overlay on the slave server. I think I followed the proper procedures but every time I try to update entries (delete,add,change)the slave server I get LDAP error code 8 - Strong Authentication Required. How can I modify entries on the slave without getting the error? I've openldap 2.4.30 installed on Red Hat and my configuration is as follows. Any help would be appreciated.dn: olcDatabase={0}ldapobjectClass: olcLDAPConfigobjectClass: olcChainDatabaseolcDatabase: {0}ldapolcDbURI: "ldap://lap00621.cov.vinex.com"olcDbStartTLS: none starttls=noolcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical bindm ethod=simple timeout=0 network-timeout=0 binddn="cn=manager,o=vinex,c=us" credentials="l4s3rj3t" keepalive=0:0:0olcDbRebindAsUser: FALSEolcDbChaseReferrals: TRUEolcDbTFSupport: noolcDbProxyWhoAmI: FALSEolcDbProtocolVersion: 3olcDbSingleConn: FALSEolcDbCancel: abandonolcDbUseTemporaryConn: FALSEolcDbConnectionPoolMax: 16olcDbSessionTrackingRequest: FALSEolcDbNoRefs: FALSEolcDbNoUndefFilter: FALSEstructuralObjectClass: olcLDAPConfigentryUUID: df6c7dc4-26a0-1032-829d-b5d50f9d249ecreatorsName: cn=manager,o=vinex,c=uscreateTimestamp: 20130321182829ZentryCSN: 20130321182829.558457Z#000000#000#000000modifiersName: cn=manager,o=vinex,c=usmodifyTimestamp: 20130321182829Z dn: olcOverlay={0}chainobjectClass: olcOverlayConfigobjectClass: olcChainConfigolcOverlay: {0}chainolcChainCacheURI: FALSEolcChainMaxReferralDepth: 1olcChainReturnError: TRUEstructuralObjectClass: olcChainConfigentryUUID: 8a6734ba-2685-1032-8293-b5d50f9d249ecreatorsName: cn=manager,o=vinex,c=uscreateTimestamp: 20130321151250ZentryCSN: 20130321151250.505781Z#000000#000#000000modifiersName: cn=manager,o=vinex,c=usmodifyTimestamp: 20130321151250Z

1 0

OpenLDAP + Active Directory User and Password Sync
by Suman Karki 26 Mar '13

26 Mar '13

This is what I am looking for: 1. Any User Added to Active Directory shall be added to OpenLDAP as well and any password modified from Active Directory should be modified in OpenLDAP as well - where OpenLDAP would be used for System Auth in a Linux environment. 2. Any User Added to OpenLDAP should be added to Active Directory along with the same credentials and any password modified in OpenLDAP should be modified in Active Directory as well.

1 0

unique olcOverlay: pb in configuration
by Alessandro Dentella 25 Mar '13

25 Mar '13

Hi, I have been struggling to understand how to configure unique overlay and I can't understand the error message I receive. Adding the overlay ================== And I'm trying to add Unique Overlay as:: dn: olcOverlay={0}unique,olcDatabase={1}hdb changetype: add objectClass: olcOverlayConfig objectClass: olcUniqueConfig olcOverlay: {0}unique olcUniqueURI: ldap:///?mail?sub that fails with error:: test-acomea:~# ldapmodify -D cn=admin,cn=config -w isi -f ,ldapvi-test-acomea-3996.ldif adding new entry "olcOverlay={0}unique,olcDatabase={1}hdb" ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax I can't really understand which is the syntax error, my setup is below. Dscription of setup =================== I have a database to which I need to add unique constraint to the 'mail' field. I loaded uniqu module in cn-config:: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}unique and I have a db defined as:: test-acomea:~# ldapsearch -xLLL -D cn=admin,cn=config -b cn=config -W olcSuffix=dc=acomea,dc=it dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=acomea,dc=it ... Thanks in advance sandro *:-) PS: Any pointer to examples is very appreciated

2 2

Help me "Ldap Replication"
by hash 25 Mar '13

25 Mar '13

Hi, sorry to ask simple question, since i am newbie in ldap. I am trying to setup ldap replication provider and consumer, i am using RHEL 6 with openldap-2.4.23-26.el6.x86_64. The problem is the data is not being synchronozing. i am using cn=config. here is the config of provider. [root@hmslogbnc3 slapd.d]# more cn\=config.ldif dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: /etc/openldap/schema/schema_convert.conf olcConfigDir: /etc/openldap/slapd.d olcArgsFile: /var/run/openldap/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcLocalSSF: 71 olcPidFile: /var/run/openldap/slapd.pid olcReadOnly: FALSE olcReverseLookup: FALSE olcSaslSecProps: noplain,noanonymous olcSizeLimit: unlimited olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSVerifyClient: never olcToolThreads: 1 olcWriteTimeout: 0 structuralObjectClass: olcGlobal entryUUID: e683e806-2680-1032-8d81-bf9693325536 creatorsName: cn=config createTimestamp: 20130321143937Z entryCSN: 20130321143937.560581Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20130321143937Z [root@hmslogbnc3 cn=config]# more olcDatabase\=\{1\}bdb.ldif dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {1}bdb olcSuffix: dc=secure-mail,dc=belgacom olcAccess: {0}to attrs=userPassword by dn.base="cn=admin,dc=secure-mail,dc=be lgacom" write by dn.children="ou=administrators,dc=secure-mail,dc=belgacom" write by anonymous auth olcAccess: {1}to * by dn.base="cn=admin,dc=secure-mail,dc=belgacom" write by dn.base="cn=replica,dc=secure-mail,dc=belgacom" write by dn.children="ou=ad ministrators,dc=secure-mail,dc=belgacom" write by users read by anonymous r ead olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=admin,dc=secure-mail,dc=belgacom olcRootPW:: ***** olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /openldap olcDbCacheSize: 20000 olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 20000 olcDbIndex: objectClass eq olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq olcDbIndex: srcIP eq,approx,sub olcDbIndex: finalDestination eq,sub olcDbIndex: policy eq olcDbIndex: customerId eq olcDbIndex: dc eq,approx,sub olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: e68469de-2680-1032-8d8d-bf9693325536 creatorsName: cn=config createTimestamp: 20130321143937Z entryCSN: 20130321143937.560581Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20130321143937Z [root@hmslogbnc3 cn=config]# [root@hmslogbnc3 cn=config]# more cn\=module\{0\}.ldif dn: cn=module{0} objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib64/openldap olcModuleLoad: {0}syncprov.la structuralObjectClass: olcModuleList entryUUID: e683edd8-2680-1032-8d82-bf9693325536 creatorsName: cn=config createTimestamp: 20130321143937Z entryCSN: 20130321143937.560581Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20130321143937Z When i tried to start the consumer server i am getting the log daemon: activity on 1 descriptor daemon: listen=7, new connection on 12 daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: added 12r (active) listener=(nil) daemon: activity on 2 descriptors daemon: activity on: 12r daemon: read active on 12 conn=1000 fd=12 ACCEPT from IP=10.48.12.42:33557 (IP=0.0.0.0:389) daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL connection_get(12) connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 38 02 01 01 60 33 02 08...`3. ldap_read: want=50, got=50 0000: 01 03 04 25 63 6e 3d 72 65 70 6c 69 63 61 2c 64 ...%cn=replica,d 0010: 63 3d 73 65 63 75 72 65 2d 6d 61 69 6c 2c 64 63 c=secure-mail,dc 0020: 3d 62 65 6c 67 61 63 6f 6d 80 07 72 33 70 6c 69 =belgacom..r3pli 0030: 63 61 ca ber_get_next: tag 0x30 len 56 contents: ber_dump: buf=0x7fc7f4002660 ptr=0x7fc7f4002660 end=0x7fc7f4002698 len=56 0000: 02 01 01 60 33 02 01 03 04 25 63 6e 3d 72 65 70 ...`3....%cn=rep 0010: 6c 69 63 61 2c 64 63 3d 73 65 63 75 72 65 2d 6d lica,dc=secure-m 0020: 61 69 6c 2c 64 63 3d 62 65 6c 67 61 63 6f 6d 80 ail,dc=belgacom. 0030: 07 72 33 70 6c 69 63 61 .r3plica op tag 0x60, time 1364215962 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable daemon: activity on 1 descriptor daemon: activity on: conn=1000 op=0 do_bind daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL ber_scanf fmt ({imt) ber: ber_dump: buf=0x7fc7f4002660 ptr=0x7fc7f4002663 end=0x7fc7f4002698 len=53 0000: 60 33 02 01 03 04 25 63 6e 3d 72 65 70 6c 69 63 `3....%cn=replic 0010: 61 2c 64 63 3d 73 65 63 75 72 65 2d 6d 61 69 6c a,dc=secure-mail 0020: 2c 64 63 3d 62 65 6c 67 61 63 6f 6d 80 07 72 33 ,dc=belgacom..r3 0030: 70 6c 69 63 61 plica ber_scanf fmt (m}) ber: ber_dump: buf=0x7fc7f4002660 ptr=0x7fc7f400268f end=0x7fc7f4002698 len=9 0000: 00 07 72 33 70 6c 69 63 61 ..r3plica >>> dnPrettyNormal: <cn=replica,dc=secure-mail,dc=belgacom> => ldap_bv2dn(cn=replica,dc=secure-mail,dc=belgacom,0) <= ldap_bv2dn(cn=replica,dc=secure-mail,dc=belgacom)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=replica,dc=secure-mail,dc=belgacom)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=replica,dc=secure-mail,dc=belgacom)=0 <<< dnPrettyNormal: <cn=replica,dc=secure-mail,dc=belgacom>, <cn=replica,dc=secure-mail,dc=belgacom> conn=1000 op=0 BIND dn="cn=replica,dc=secure-mail,dc=belgacom" method=128 do_bind: version=3 dn="cn=replica,dc=secure-mail,dc=belgacom" method=128 ==> bdb_bind: dn: cn=replica,dc=secure-mail,dc=belgacom bdb_dn2entry("cn=replica,dc=secure-mail,dc=belgacom") => bdb_dn2id("cn=replica,dc=secure-mail,dc=belgacom") <= bdb_dn2id: got id=0x4b7 entry_decode: "cn=replica,dc=secure-mail,dc=belgacom" <= entry_decode(cn=replica,dc=secure-mail,dc=belgacom) => access_allowed: result not in cache (userPassword) => access_allowed: auth access to "cn=replica,dc=secure-mail,dc=belgacom" "userPassword" requested => acl_get: [1] attr userPassword => acl_mask: access to entry "cn=replica,dc=secure-mail,dc=belgacom", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: cn=admin,dc=secure-mail,dc=belgacom <= check a_dn_pat: ou=administrators,dc=secure-mail,dc=belgacom <= check a_dn_pat: anonymous <= acl_mask: [3] applying auth(=xd) (stop) <= acl_mask: [3] mask: auth(=xd) => slap_access_allowed: auth access granted by auth(=xd) => access_allowed: auth access granted by auth(=xd) conn=1000 op=0 BIND dn="cn=replica,dc=secure-mail,dc=belgacom" mech=SIMPLE ssf=0 do_bind: v3 bind: "cn=replica,dc=secure-mail,dc=belgacom" to "cn=replica,dc=secure-mail,dc=belgacom" send_ldap_result: conn=1000 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ conn=1000 op=0 RESULT tag=97 err=0 text= daemon: activity on 1 descriptor daemon: activity on: 12r daemon: read active on 12 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL connection_get(12) connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 81 c1 02 01 02 63 40 0.....c@ ldap_read: want=188, got=188 0000: 04 1a 64 63 3d 73 65 63 75 72 65 2d 6d 61 69 6c ..dc=secure-mail 0010: 2c 64 63 3d 62 65 6c 67 61 63 6f 6d 0a 01 00 0a ,dc=belgacom.... 0020: 01 00 02 01 00 02 01 00 01 01 00 87 0b 6f 62 6a .............obj 0030: 65 63 74 63 6c 61 73 73 30 06 04 01 2a 04 01 2b ectclass0...*..+ 0040: a0 7a 30 5a 04 18 31 2e 33 2e 36 2e 31 2e 34 2e .z0Z..1.3.6.1.4. 0050: 31 2e 34 32 30 33 2e 31 2e 39 2e 31 2e 31 04 3e 1.4203.1.9.1.1.> 0060: 30 3c 0a 01 03 04 34 72 69 64 3d 31 30 30 2c 63 0<....4rid=100,c 0070: 73 6e 3d 32 30 31 33 30 33 32 32 31 34 35 39 30 sn=2013032214590 0080: 33 2e 38 31 36 30 39 36 5a 23 30 30 30 30 30 30 3.816096Z#000000 0090: 23 30 30 30 23 30 30 30 30 30 30 01 01 ff 30 1c #000#000000...0. 00a0: 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 ..2.16.840.1.113 00b0: 37 33 30 2e 33 2e 34 2e 32 01 01 ff 730.3.4.2... ber_get_next: tag 0x30 len 193 contents: ber_dump: buf=0x7fc7f80008c0 ptr=0x7fc7f80008c0 end=0x7fc7f8000981 len=193 0000: 02 01 02 63 40 04 1a 64 63 3d 73 65 63 75 72 65 ...c@..dc=secure 0010: 2d 6d 61 69 6c 2c 64 63 3d 62 65 6c 67 61 63 6f -mail,dc=belgaco 0020: 6d 0a 01 00 0a 01 00 02 01 00 02 01 00 01 01 00 m............... 0030: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 06 04 ..objectclass0.. 0040: 01 2a 04 01 2b a0 7a 30 5a 04 18 31 2e 33 2e 36 .*..+.z0Z..1.3.6 0050: 2e 31 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 39 2e .1.4.1.4203.1.9. 0060: 31 2e 31 04 3e 30 3c 0a 01 03 04 34 72 69 64 3d 1.1.>0<....4rid= 0070: 31 30 30 2c 63 73 6e 3d 32 30 31 33 30 33 32 32 100,csn=20130322 0080: 31 34 35 39 30 33 2e 38 31 36 30 39 36 5a 23 30 145903.816096Z#0 0090: 30 30 30 30 30 23 30 30 30 23 30 30 30 30 30 30 00000#000#000000 00a0: 01 01 ff 30 1c 04 17 32 2e 31 36 2e 38 34 30 2e ...0...2.16.840. 00b0: 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 1.113730.3.4.2.. 00c0: ff . op tag 0x63, time 1364215962 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable daemon: activity on 1 descriptor conn=1000 op=1 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x7fc7f80008c0 ptr=0x7fc7f80008c3 end=0x7fc7f8000981 len=190 0000: 63 40 04 1a 64 63 3d 73 65 63 75 72 65 2d 6d 61 c@..dc=secure-ma 0010: 69 6c 2c 64 63 3d 62 65 6c 67 61 63 6f 6d 0a 01 il,dc=belgacom.. 0020: 00 0a 01 00 02 01 00 02 01 00 01 01 00 87 0b 6f ...............o 0030: 62 6a 65 63 74 63 6c 61 73 73 30 06 04 01 2a 04 bjectclass0...*. 0040: 01 2b a0 7a 30 5a 04 18 31 2e 33 2e 36 2e 31 2e .+.z0Z..1.3.6.1. 0050: 34 2e 31 2e 34 32 30 33 2e 31 2e 39 2e 31 2e 31 4.1.4203.1.9.1.1 0060: 04 3e 30 3c 0a 01 03 04 34 72 69 64 3d 31 30 30 .>0<....4rid=100 0070: 2c 63 73 6e 3d 32 30 31 33 30 33 32 32 31 34 35 ,csn=20130322145 0080: 39 30 33 2e 38 31 36 30 39 36 5a 23 30 30 30 30 903.816096Z#0000 0090: 30 30 23 30 30 30 23 30 30 30 30 30 30 01 01 ff 00#000#000000... 00a0: 30 1c 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 0...2.16.840.1.1 00b0: 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 ff 13730.3.4.2... >>> dnPrettyNormal: <dc=secure-mail,dc=belgacom> => ldap_bv2dn(dc=secure-mail,dc=belgacom,0) <= ldap_bv2dn(dc=secure-mail,dc=belgacom)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=secure-mail,dc=belgacom)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=secure-mail,dc=belgacom)=0 <<< dnPrettyNormal: <dc=secure-mail,dc=belgacom>, <dc=secure-mail,dc=belgacom> SRCH "dc=secure-mail,dc=belgacom" 0 0 0 0 0 begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x7fc7f80008c0 ptr=0x7fc7f80008f0 end=0x7fc7f8000981 len=145 0000: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 06 04 ..objectclass0.. 0010: 01 2a 04 01 2b a0 7a 30 5a 04 18 31 2e 33 2e 36 .*..+.z0Z..1.3.6 0020: 2e 31 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 39 2e .1.4.1.4203.1.9. 0030: 31 2e 31 04 3e 30 3c 0a 01 03 04 34 72 69 64 3d 1.1.>0<....4rid= 0040: 31 30 30 2c 63 73 6e 3d 32 30 31 33 30 33 32 32 100,csn=20130322 0050: 31 34 35 39 30 33 2e 38 31 36 30 39 36 5a 23 30 145903.816096Z#0 0060: 30 30 30 30 30 23 30 30 30 23 30 30 30 30 30 30 00000#000#000000 0070: 01 01 ff 30 1c 04 17 32 2e 31 36 2e 38 34 30 2e ...0...2.16.840. 0080: 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 1.113730.3.4.2.. 0090: ff . end get_filter 0 filter: (objectClass=*) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x7fc7f80008c0 ptr=0x7fc7f80008fd end=0x7fc7f8000981 len=132 0000: 00 06 04 01 2a 04 01 2b a0 7a 30 5a 04 18 31 2e ....*..+.z0Z..1. 0010: 33 2e 36 2e 31 2e 34 2e 31 2e 34 32 30 33 2e 31 3.6.1.4.1.4203.1 0020: 2e 39 2e 31 2e 31 04 3e 30 3c 0a 01 03 04 34 72 .9.1.1.>0<....4r 0030: 69 64 3d 31 30 30 2c 63 73 6e 3d 32 30 31 33 30 id=100,csn=20130 0040: 33 32 32 31 34 35 39 30 33 2e 38 31 36 30 39 36 322145903.816096 0050: 5a 23 30 30 30 30 30 30 23 30 30 30 23 30 30 30 Z#000000#000#000 0060: 30 30 30 01 01 ff 30 1c 04 17 32 2e 31 36 2e 38 000...0...2.16.8 0070: 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 40.1.113730.3.4. 0080: 32 01 01 ff 2... => get_ctrls ber_scanf fmt ({m) ber: ber_dump: buf=0x7fc7f80008c0 ptr=0x7fc7f8000907 end=0x7fc7f8000981 len=122 0000: 30 5a 04 18 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e 0Z..1.3.6.1.4.1. 0010: 34 32 30 33 2e 31 2e 39 2e 31 2e 31 04 3e 30 3c 4203.1.9.1.1.>0< 0020: 0a 01 03 04 34 72 69 64 3d 31 30 30 2c 63 73 6e ....4rid=100,csn 0030: 3d 32 30 31 33 30 33 32 32 31 34 35 39 30 33 2e =20130322145903. 0040: 38 31 36 30 39 36 5a 23 30 30 30 30 30 30 23 30 816096Z#000000#0 0050: 30 30 23 30 30 30 30 30 30 01 01 ff 30 1c 04 17 00#000000...0... 0060: 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 2.16.840.1.11373 0070: 30 2e 33 2e 34 2e 32 01 01 ff 0.3.4.2... ber_scanf fmt (m) ber: ber_dump: buf=0x7fc7f80008c0 ptr=0x7fc7f8000923 end=0x7fc7f8000981 len=94 0000: 00 3e 30 3c 0a 01 03 04 34 72 69 64 3d 31 30 30 .>0<....4rid=100 0010: 2c 63 73 6e 3d 32 30 31 33 30 33 32 32 31 34 35 ,csn=20130322145 0020: 39 30 33 2e 38 31 36 30 39 36 5a 23 30 30 30 30 903.816096Z#0000 0030: 30 30 23 30 30 30 23 30 30 30 30 30 30 01 01 ff 00#000#000000... 0040: 30 1c 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 0...2.16.840.1.1 0050: 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 ff 13730.3.4.2... => get_ctrls: oid="1.3.6.1.4.1.4203.1.9.1.1" (noncritical) ber_scanf fmt ({i) ber: ber_dump: buf=0x7fc7f8000925 ptr=0x7fc7f8000925 end=0x7fc7f8000963 len=62 0000: 30 3c 0a 01 03 04 34 72 69 64 3d 31 30 30 2c 63 0<....4rid=100,c 0010: 73 6e 3d 32 30 31 33 30 33 32 32 31 34 35 39 30 sn=2013032214590 0020: 33 2e 38 31 36 30 39 36 5a 23 30 30 30 30 30 30 3.816096Z#000000 0030: 23 30 30 30 23 30 30 30 30 30 30 01 01 ff #000#000000... ber_scanf fmt (m) ber: ber_dump: buf=0x7fc7f8000925 ptr=0x7fc7f800092a end=0x7fc7f8000963 len=57 0000: 04 34 72 69 64 3d 31 30 30 2c 63 73 6e 3d 32 30 .4rid=100,csn=20 0010: 31 33 30 33 32 32 31 34 35 39 30 33 2e 38 31 36 130322145903.816 0020: 30 39 36 5a 23 30 30 30 30 30 30 23 30 30 30 23 096Z#000000#000# 0030: 30 30 30 30 30 30 01 01 ff 000000... ber_scanf fmt (b) ber: ber_dump: buf=0x7fc7f8000925 ptr=0x7fc7f8000960 end=0x7fc7f8000963 len=3 0000: 00 01 ff ... ber_scanf fmt (}) ber: ber_dump: buf=0x7fc7f8000925 ptr=0x7fc7f8000963 end=0x7fc7f8000963 len=0 daemon: activity on:ber_scanf fmt ({m) ber: ber_dump: buf=0x7fc7f80008c0 ptr=0x7fc7f8000963 end=0x7fc7f8000981 len=30 0000: 00 1c 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 ....2.16.840.1.1 0010: 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 ff 13730.3.4.2... ber_scanf fmt (b) ber: ber_dump: buf=0x7fc7f80008c0 ptr=0x7fc7f800097e end=0x7fc7f8000981 len=3 0000: 00 01 ff ... => get_ctrls: oid="2.16.840.1.113730.3.4.2" (critical) <= get_ctrls: n=2 rc=0 err="" attrs: * + conn=1000 op=1 SRCH base="dc=secure-mail,dc=belgacom" scope=0 deref=0 filter="(objectClass=*)" conn=1000 op=1 SRCH attr=* + daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL ==> limits_get: conn=1000 op=1 self="cn=replica,dc=secure-mail,dc=belgacom" this="dc=secure-mail,dc=belgacom" => bdb_search bdb_dn2entry("dc=secure-mail,dc=belgacom") => access_allowed: search access to "dc=secure-mail,dc=belgacom" "entry" requested => acl_get: [2] attr entry => acl_mask: access to entry "dc=secure-mail,dc=belgacom", attr "entry" requested => acl_mask: to all values by "cn=replica,dc=secure-mail,dc=belgacom", (=0) <= check a_dn_pat: cn=admin,dc=secure-mail,dc=belgacom <= check a_dn_pat: cn=replica,dc=secure-mail,dc=belgacom <= acl_mask: [2] applying write(=wrscxd) (stop) <= acl_mask: [2] mask: write(=wrscxd) => slap_access_allowed: search access granted by write(=wrscxd) => access_allowed: search access granted by write(=wrscxd) base_candidates: base: "dc=secure-mail,dc=belgacom" (0x00000001) => test_filter PRESENT => access_allowed: search access to "dc=secure-mail,dc=belgacom" "objectClass" requested => acl_get: [2] attr objectClass => acl_mask: access to entry "dc=secure-mail,dc=belgacom", attr "objectClass" requested => acl_mask: to all values by "cn=replica,dc=secure-mail,dc=belgacom", (=0) <= check a_dn_pat: cn=admin,dc=secure-mail,dc=belgacom <= check a_dn_pat: cn=replica,dc=secure-mail,dc=belgacom <= acl_mask: [2] applying write(=wrscxd) (stop) <= acl_mask: [2] mask: write(=wrscxd) => slap_access_allowed: search access granted by write(=wrscxd) => access_allowed: search access granted by write(=wrscxd) <= test_filter 6 send_ldap_result: conn=1000 op=1 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_result: conn=1000 op=1 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_intermediate: err=0 oid=1.3.6.1.4.1.4203.1.9.1.4 len=2 send_ldap_response: msgid=2 tag=121 err=0 ber_flush2: 37 bytes to sd 12 0000: 30 23 02 01 02 79 1e 80 18 31 2e 33 2e 36 2e 31 0#...y...1.3.6.1 0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 39 2e 31 2e .4.1.4203.1.9.1. 0020: 34 81 02 a1 00 4.... ldap_write: want=37, written=37 0000: 30 23 02 01 02 79 1e 80 18 31 2e 33 2e 36 2e 31 0#...y...1.3.6.1 0010: 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 39 2e 31 2e .4.1.4203.1.9.1. 0020: 34 81 02 a1 00 4.... conn=1000 op=1 INTERM oid=1.3.6.1.4.1.4203.1.9.1.4 Here is the consumer config. [id828684@hmslogbnc4 slapd.d]$ more cn\=config.ldif dn: cn=config objectClass: olcGlobal cn: config olcConfigFile: /etc/schema/schema_convert.conf olcConfigDir: /etc/openldap/slap.d olcArgsFile: /var/run/openldap/slapd.args olcAttributeOptions: lang- olcAuthzPolicy: none olcConcurrency: 0 olcConnMaxPending: 100 olcConnMaxPendingAuth: 1000 olcGentleHUP: FALSE olcIdleTimeout: 0 olcIndexSubstrIfMaxLen: 4 olcIndexSubstrIfMinLen: 2 olcIndexSubstrAnyLen: 4 olcIndexSubstrAnyStep: 2 olcIndexIntLen: 4 olcLocalSSF: 71 olcPidFile: /var/run/openldap/slapd.pid olcReadOnly: FALSE olcReverseLookup: FALSE olcSaslSecProps: noplain,noanonymous olcSizeLimit: unlimited olcSockbufMaxIncoming: 262143 olcSockbufMaxIncomingAuth: 16777215 olcThreads: 16 olcTLSVerifyClient: never olcToolThreads: 1 olcWriteTimeout: 0 [id828684@hmslogbnc4 cn=config]$ more olcDatabase\=\{2\}bdb.ldif dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcSuffix: dc=secure-mail,dc=belgacom olcAccess: {0}to * by dn.base="cn=admin,dc=secure-mail,dc=belgacom" write by dn.base="cn=replica,dc=secure-mail,dc=belgacom" read by users read by anonymous read olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=admin,dc=secure-mail,dc=belgacom olcRootPW:: dGVzdA== olcSyncUseSubentry: FALSE olcSyncrepl: rid=100 provider=ldap://hmslogbnc3.bc:389 bindmethod=simple timeout=0 network-timeout=0 binddn="cn=replica,dc=secure-mail,dc=belgacom" credentials="r3plica" keepalive=0:0:0 searchbase= "dc=secure-mail,dc=belgacom" scope=base attrs="*,+" schemachecking=on type=refreshAndPersist interval=00:00:01:00 retry="5 5 300 +" syncdata=default olcMirrorMode: FALSE olcMonitoring: TRUE olcDbDirectory: /home/hmslog/data/ldap olcDbCacheSize: 20000 olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 20000 olcDbIndex: objectClass eq olcDbIndex: finalDestination eq,sub olcDbIndex: dc eq,approx,sub olcDbIndex: srcIP eq,approx,sub olcDbIndex: customerId eq olcDbIndex: policy eq olcDbIndex: entryCSN,entryUUID eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 Any help will be appreciated. Thanks Regards KM HASHIM,

2 1

Help me for " LDAP Sync Replication with Active Directory from Openldap side"
by Suman Karki 25 Mar '13

25 Mar '13

I am running open ldap server in redhat server, and active directory in win server 2008. I have admin access to both servers. The thing is that i have to sync both server, like from openldap i could access active directory data. Can it be possible? If possible then then please give me some information that i could proceed this task. I have tried some thing like using openldap admin guide syncrepl rid=001 provider=ldap://IP of AD server/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=Password of AD server searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5" I don't how much i am right. Or is there any different way? Please help me to solve this.

6 10

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical March 2013