openldap-technical July 2013

openldap-technical@openldap.org

68 participants
86 discussions

undefined symbol: ldap_x_utf8s_to_wcs
by Michael 26 Jul '13

26 Jul '13

Hi, I originally sent this to the wrong mail list. I hope this is the correct one. I've compiled v2.4.35 on CentOS v6.4 with the smbk5pwd overlay. When I change my password the openldap terminates with the message: /usr/sbin/slapd: symbol lookup error: /usr/lib64/openldap/smbk5pwd-2.4.so.2: undefined symbol: ldap_x_utf8s_to_wcs Thanks for any help. Google wasn't so helpful this time. Mike

1 0

Example for SASL bind to Microsoft AD
by radiatejava 26 Jul '13

26 Jul '13

I am trying to do OpenLDAP integration with Microsoft AD/LDAP. For some initial troublehooting purpose, I am looking for using ldapsearch command with SASL bind (DIGEST-MD5). Can anyone give me the exact syntax for how to use ldapsearch command with SASL bind for active directory ? Appreciate your help. I have been trying out whats there over the web but no luck yet. Thanks.

3 5

Fwd: Fwd: Example for SASL bind to Microsoft AD
by radiatejava 26 Jul '13

26 Jul '13

These are my tries, do you see anything wrong here: ldapsearch -h 10.77.125.83 -p 389 -Y DIGEST-MD5 -R agentdev-dc.agentdev.com -X "dn:CN=sburnwal,CN=Users,DC=agentdev,DC=com" -b "dc=agentdev,dc=com" "(cn=iqsyed)" SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: 80090303: LdapErr: DSID-0C0904BE, comment: The digest-uri does not match any LDAP SPN's registered for this server., data 0, v1db1 ldapsearch -h 10.77.125.83 -p 389 -Y DIGEST-MD5 -R agentdev-dc.agentdev.com -U sburnwal(a)agentdev.com -X "dn:CN=sburnwal,CN=Users,DC=agentdev,DC=com" -b "dc=agentdev,dc=com" "(cn=iqsyed)" SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: 8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1 Thanks.

1 0

Replicating schema
by espeake＠oreillyauto.com 26 Jul '13

26 Jul '13

Okay so I am very new to openLDAP and we are running v 2.4.28 on ubuntu 12.04. In trying to set up a mirror with two servers that will grow to 3 soon. THis is what I get in the log about syncing the schema: Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: conn=1004 fd=16 ACCEPT from IP= 172.17.3.148:39672 (IP=0.0.0.0:389) Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: conn=1004 op=0 BIND dn="uid=admin,dc=example,dc=com" method=128 Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: conn=1004 op=0 BIND dn="uid=admin,dc=example,dc=com" mech=SIMPLE ssf=0 Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: conn=1004 op=0 RESULT tag=97 err=0 text= Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: conn=1004 op=1 SRCH base="cn=config" scope=2 deref=0 filter="(objectClass=*)" Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: conn=1004 op=1 SRCH attr=* + Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: findbase failed! 32 Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: conn=1004 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: conn=1004 op=2 UNBIND Jul 25 13:26:42 tntest-ldap-1 slapd[27954]: conn=1004 fd=16 closed >From what I can tell it is binding with the simple methad establishes the search base looking at all of the object classes. but then it says it can't find the data base. Here is the ldif file from olcDatabase{0}config.ldif dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootDN: cn=admin,cn=config olcRootPW: secret structuralObjectClass: olcDatabaseConfig olcsyncrepl: rid=001 provider=ldap://tntest-ldap-1.example.com type=refreshAndPersist retry="5 +" searchbase="cn=config" bindmethod=simple binddn="uid=admin,dc=example,dc=com" credentials=secret olcsyncrepl: rid=002 provider=ldap://tntest-ldap-2.example.com type=refreshAndPersist retry="5 +" searchbase="cn=config" bindmethod=simple binddn="uid=admin,example,dc=com" credentials=secret olcMirrorMode: TRUE olcAccess: to * by by dn="uid=admin,dc=example,dc=com" write by dn="uid=ldapadmin,ou=system,dc=oreillyauto,dc=com" read by * none Any ideas on where I should be looking to make a correction or any other information you need to help me figure this out? Thank you, Eric Speake Web Systems Administrator O'Reilly Auto Parts This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.

2 1

Replicating the Access Log
by Tim Gustafson 25 Jul '13

25 Jul '13

Hi, I'm using the accesslog overlay on all three of my LDAP servers to record BIND and WRITE operations. Is there any reason I can't replicate the data from cn=log on all three of my servers in MirrorMode so that all three of my servers contain a complete audit log of all bind and write operations? I tried to Google this, but all I'm findind is how-tos and questions about using accesslog and delta replication, which is not what I want. I want to actually replicate the contents of the accesslog itself between all of my servers. -- Tim Gustafson tjg(a)ucsc.edu 831-459-5354 Baskin Engineering, Room 313A

1 0

delta sync error message in log
by Ludovic Brochard 25 Jul '13

25 Jul '13

Hello, I use the 2.4.35 version of openldap. I have three master ldap mulit-delta-sync: ldap01, ldap02 and ldap03. We import data ldap03 on two others by a copy of the FileSystem. Upon restart, the three seem OK but we have in the logs files 3GB of message like this: Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Jul 22 20:10:46 ldap02 slapd[31439]: do_syncrep2: rid=992 (4096) Content Sync Refresh Required Someone had an idea of the problem? Or significatuion of this message ? Thank you. -- If the automobile had followed the same development cycle as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside. Robert X. Cringely, InfoWorld magazine

6 5

cn=monitor issues.
by Mónico Briseño 25 Jul '13

25 Jul '13

Hi, there. I have installed ldap in Ubuntu 12.04. I decided to use cn=monitor. I added that line in the slap.conf script. I stopped and started the slpad deamon. After that I typed the following command: ldapsearch -x -D 'cn=admin,dc=example,dc=com' -W \ -b 'cn=monitor' -s base '(objectClass=*)' '*' '+' The results of this command is: extended LDIF # # LDAPv3 # base <> (default) with scope baseObject # filter: (objectclass=*) # requesting: -b cn=monitor (objectClass=*) * + # # dn: objectClass: top objectClass: OpenLDAProotDSE structuralObjectClass: OpenLDAProotDSE configContext: cn=config namingContexts: dc=example,dc=com supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.3344810.2.3 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.12 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.1.8 supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 3 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: NTLM entryDN: subschemaSubentry: cn=Subschema # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 However, I don't see nothing related with cn=monitor. What did I do wrong? Thanks in Advance -- M.S. José M. Briseño Cortés Universidad de Guadalajara Instructional Technologist Univ. Houston Moodle Teacher Certificate NTCM, IACEP, iNACOL, ACM member

4 3

Ldap features installed.
by Mónico Briseño 25 Jul '13

25 Jul '13

Hi, there. I installed Ldap in Ubuntu 12.04 Question: How can I know the ldap features are installed? -- M.S. José M. Briseño Cortés Universidad de Guadalajara Instructional Technologist Univ. Houston Moodle Teacher Certificate NTCM, IACEP, iNACOL, ACM member

2 1

str2entry: invalid value for attributeType objectClass #2 URGENT
by 25Dollar Tech 25 Jul '13

25 Jul '13

Hello Team, I have a problem with OpenLDAP exporting and importing in to a different machine. When I use slapadd -l /backupfilname.ldif I used to get below error message _ 0.16% eta 05m31s elapsed none spd 6.7 k/s 51f0c75b str2entry: invalid value for attributeType objectClass #2 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=168) . 0.28% eta 04m29s elapsed none spd 12.1 k/s Closing DB... Below is the line 168 168 dn: ou=Idmap,dc=example,dc=test,dc=com 169 objectClass: top 170 objectClass: organizationalUnit 171 objectClass: sambaUnixIdPool 172 ou: Idmap 173 structuralObjectClass: organizationalUnit 174 entryUUID: 22da7a76-16e0-102f-87b0-799f55e47d38 175 creatorsName: cn=admin,dc=example,dc=test,dc=com 176 createTimestamp: 20100628090609Z 177 uidNumber: 1000 178 gidNumber: 20001 179 entryCSN: 20100814084304.552975Z#000000#002#000000 180 modifiersName: cn=admin,dc=example,dc=test,dc=com 181 modifyTimestamp: 20100814084304Z I already installed samba.schema. what could be the reason then. -- *Thanks & Regards, 25dollarTech Team https://sites.google.com/site/25dollartech/* *Email: 25dollartechhelp(a)gmail.com*

2 1

lmdb - atomic actions
by Tomer Doron 24 Jul '13

24 Jul '13

wondering what the best strategy to achieve atomic updates with LMDB. what i am trying to achieve is a read then update atomic action given a highly concurrent use case, for example, if a key/value pair represents a counter, how does one increment or decrement the counter atomically. i am pretty sure mdb_get -> mdv_set sequence is not atomic, wondering if mdb_cursor_get -> mdv_cursor_put sequence is? perhaps a certain flag is required on the get action to achieve a lock? in my bdb implementation i used lockers to achieve this. thanks, tomer

2 3

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical July 2013