Openldap proxy to Active Directory howto?
by Mike W
I am attempting to configure an openldap to proxy with AD that needs to
"rebind"? as a user I believe.
I've been scanning yahoo/google trying to find some documentation of
someone detailing that sort of procedure using the olc configs but no luck.
Anyone know of such a thing that gives a bit more specific detail to
this topic?
--
Mike Wilson
10 years, 1 month
Configure Mirror Mode Replication
by Clint Petty
Ok, now that I have updated to openLDAP 2.4.36, back to my original question below.
Thanks,
Clint
------------------------------------------------------------
I am wanting to implement Mirror Mode Replication. I am using OpenLDAP 2.4.23 on CentOS 6.4,
which uses cn=config format, that does not have a slapd.conf file. The
instructions say to add the following to the slapd.conf file:
database bdb
suffix dc=Example,dc=com
rootdn dc=Example,dc=com
directory /var/ldap/db
index objectclass,entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
MirrorMode node 1:
# Global section
serverID 1
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap-sid2.example.com
bindmethod=simple
binddn="cn=mirrormode,dc=example,dc=com"
credentials=mirrormode
searchbase="dc=example,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
MirrorMode node 2:
# Global section
serverID 2
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap-sid1.example.com
bindmethod=simple
binddn="cn=mirrormode,dc=example,dc=com"
credentials=mirrormode
searchbase="dc=example,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
Since there is no slapd.conf file, how do I configure replication in a cn=config
format?
Do I need to run a slapadd or ldapadd command? Syntax? What files do I need to
create, and where?
Thanks in advance.
10 years, 1 month
Problems recovering my ldap db
by ghooton@scins.ie
Hi all, I am
recovering form a disaster. when I do slapcat I can see all the info
stored in the ldap db However, when I do ldapsearch
I cannot see anything. When I do slapcat -l backup.ldif I get :
unclean shutdown
detected; attempting recovery
recovery skipped in read-only mode.
Run manual
recovery if errors are encountered
I am using Debian 6 2.6.32-5-amd64 and :-
ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.23 (Dec 16 2012 11:48:21) $
root@carillon:/tmp/buildd/openldap-2.4.23/debian/build/clients/tools
(LDAP library: OpenLDAP 20423)
//Ger
10 years, 1 month
Configure Mirror Mode Replication
by Clint Petty
I am wanting to implement Mirror Mode Replication. I am using OpenLDAP 2.4.23 on CentOS 6.4,
which uses cn=config format, that does not have a slapd.conf file. The
instructions say to add the following to the slapd.conf file:
database bdb
suffix dc=Example,dc=com
rootdn dc=Example,dc=com
directory /var/ldap/db
index objectclass,entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
MirrorMode node 1:
# Global section
serverID 1
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap-sid2.example.com
bindmethod=simple
binddn="cn=mirrormode,dc=example,dc=com"
credentials=mirrormode
searchbase="dc=example,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
MirrorMode node 2:
# Global section
serverID 2
# database section
# syncrepl directive
syncrepl rid=001
provider=ldap://ldap-sid1.example.com
bindmethod=simple
binddn="cn=mirrormode,dc=example,dc=com"
credentials=mirrormode
searchbase="dc=example,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
Since there is no slapd.conf file, how do I configure replication in a cn=config
format?
Do I need to run a slapadd or ldapadd command? Syntax? What files do I need to
create, and where?
Thanks in advance.
10 years, 1 month
Slapd - Back-ldap Chain overlay: Proxied Authorization Denied
by Raul Hernandez
Hello!
I've implemented a simple openldap master and consumer architecture. To
achieved this, I had to implement back-ldap chain overlay (in order to have
a read only "slave"), and syncprov overlay, to synchronize data from master
to the slave.
This implementation works fine. I have data from the master, replicated
into the slave. When I try to modify an object from the consumer using the
administrative account "cn=admin,dc=company,dc=com", references the modify
command to the master. The master performs the operation and returns the
consumer the operation result.
When I try to perform any modify operation with another authorized account,
I get the following error
*LDAP said*:Proxied Authorization Denied*Error number*:0x7b ()*Description*:
The account has permission to write the whole tree in both, the master and
the slave. Here is my config on both servers:
#-------
# Master
#-------
dn: cn=module,cn=config
changetype: add
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib/ldap
olcModuleLoad: syncprov
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by
anonymous auth by dn="cn=admin,dc=company,dc=com" write by
dn="cn=idm,ou=Seguridad,dc=company,dc=comdc=company,dc=com" write by
anonymous read by * none
olcAccess: {1}to attrs=shadowWarning,shadowMax,shadowMin by self write by
dn="cn=admin,dc=company,dc=com" write by
dn="cn=idm,ou=Seguridad,dc=company,dc=com" write by anonymous read by * none
olcAccess: {2}to dn.base="" by * read
olcAccess: {3}to * by self write by dn="cn=admin,dc=company,dc=com" write
by dn="cn=idm,ou=Seguridad,dc=company,dc=com" write by * read
#-------
# Consumer
#-------
dn: cn=module,cn=config
changetype: add
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib/ldap
olcModuleLoad: syncprov
olcModuleLoad: back_ldap
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://192.168.123.139binddn="cn=syncReplUser,ou=Seguridad,dc=bandes,dc=gob,dc=ve"
bindmethod=simple credentials=0p3n1d4pPr0d%
searchbase="dc=bandes,dc=gob,dc=ve" type=refreshAndPersist scope=sub
retry="5 10 10 +" timeout=1 sizelimit=unlimited schemachecking=on
-
add: olcUpdateRef
olcUpdateRef: ldap://192.168.123.139
dn: olcOverlay=chain,olcDatabase={-1}frontend,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: chain
olcChainReturnError: TRUE
olcChainMaxReferralDepth: 1
dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
changetype: add
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: ldap
olcDbURI: ldap://192.168.123.139
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: TRUE
olcDbProxyWhoAmI: TRUE
olcDbNoRefs: FALSE
olcDBIDAssertAuthzFrom: *
olcDBACLBind: bindmethod="simple"
binddn="cn=syncReplUser,ou=Seguridad,dc=bandes,dc=gob,dc=ve"
credentials=0p3n1d4pPr0d%
olcDbIDAssertBind: bindmethod="simple"
binddn="cn=syncReplUser,ou=Seguridad,dc=bandes,dc=gob,dc=ve"
credentials=0p3n1d4pPr0d% mode="self"
flags="prescriptive,proxy-authz-non-critical"
Hope someone can help me out! Thanks in advanced
10 years, 1 month
Replication setup
by Vishesh kumar
Hi Members,
I am good in openldap basics but new in Replication.
I am trying to setup replication on CentOS 6 systems. OpenLDAP version
is 2.4.23-32.el6_4.1.x86_64.
I loaded syncprov module using following ldif file on both the
provider and consumer
+++++++++
dn: cn=module,cn=config
ObjectClass: olcModuleList
cn: Module
olcModulepath: /usr/lib64/openldap/
olcModuleLoad: syncprov.la
+++++++++
I also configured replica database on consumer as following
+++++++++
olcsyncrepl: rid=101 provider=ldap://192.168.10.1:389 type=refreshOnly
interval=
00:05:00:00 searchbase="dc=l,dc=local"
scope=sub bindmethod=simple binddn="cn=Man
ager,dc=l,dc=local" credentials=xxxx
+++++++++++++++++++++++++++++
Above configuration is not replicating database. Am I missing something?
--
Vishesh Kumar
10 years, 1 month
sambaSamAccount Problem
by felas
Hi,
i have a ldif file with a
objectClass: sambaSamAccount
objectClass: posixAccount
so i add follow this guide:
https://help.ubuntu.com/12.04/serverguide/samba-ldap.html
the samba.schema and samba.ldif. I restart slapd, but still not found,
because if i try to change this:
objectClass: inetOrgPerson
objectClass: posixAccount
it's work.. but with sambaSamAccount not..
10 years, 1 month
Openldap configuration import LDIF
by felas
hi,
i have install OpenLdap in a UbuntuServer, in virtual with VirtualBox.
Now i want to import in Eclipse via Ldap Browser one file LDIF.
I have a FQDN like this, ldap.***.***.com, and i add this in /etc/hosts
this FQDN with a ip address 192.168.1.156, the ip is my Server.
Now the problem, when i try to import Ldif, i have the problem with auth, i
know i must change something in a slapd config but what?
10 years, 1 month
Re: How to check whether OpenLDAP server is provider or consumer ?
by pramod kulkarni
Hi,
Thanks for the reply.
I have a rootdn,How to query the updateref setting ?
waiting for your inputs
Regards,
Pramod
On Sat, Aug 24, 2013 at 12:51 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote:
> --On Friday, August 23, 2013 3:53 PM +0530 pramod kulkarni <
> pammu.kulkarni(a)gmail.com> wrote:
>
>
>> I am trying to notify a system to check if the openLDAP server is
>> provider or consumer.I can do this by getting a referral error on the
>> consumer side whenever I try to write something on the server , but is
>> their any other way to check if OpenLDAP is provider or consumer without
>> writing to it ? .
>>
>
> You could query for the updateref setting if you are using cn=config out
> of the config DB, but that'd require the rootdn? Or, you could just set up
> slapo-chain on your replica, and then it doesn't matter.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Lead Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
10 years, 1 month
[LMDB] Support for secondary index
by Alain
I am trying to port an application that currently uses BDB and I'm stuck
with how to implement secondary indexes with LMDB.
Can you point me in the right direction here.
Thanks
Alain
10 years, 1 month