openldap-technical August 2013

openldap-technical@openldap.org

70 participants
88 discussions

Openldap proxy to Active Directory howto?
by Mike W 28 Aug '13

28 Aug '13

I am attempting to configure an openldap to proxy with AD that needs to "rebind"? as a user I believe. I've been scanning yahoo/google trying to find some documentation of someone detailing that sort of procedure using the olc configs but no luck. Anyone know of such a thing that gives a bit more specific detail to this topic? -- Mike Wilson

1 0

Configure Mirror Mode Replication
by Clint Petty 28 Aug '13

28 Aug '13

Ok, now that I have updated to openLDAP 2.4.36, back to my original question below. Thanks, Clint ------------------------------------------------------------ I am wanting to implement Mirror Mode Replication. I am using OpenLDAP 2.4.23 on CentOS 6.4, which uses cn=config format, that does not have a slapd.conf file. The instructions say to add the following to the slapd.conf file: database bdb suffix dc=Example,dc=com rootdn dc=Example,dc=com directory /var/ldap/db index objectclass,entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 MirrorMode node 1: # Global section serverID 1 # database section # syncrepl directive syncrepl rid=001 provider=ldap://ldap-sid2.example.com bindmethod=simple binddn="cn=mirrormode,dc=example,dc=com" credentials=mirrormode searchbase="dc=example,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on MirrorMode node 2: # Global section serverID 2 # database section # syncrepl directive syncrepl rid=001 provider=ldap://ldap-sid1.example.com bindmethod=simple binddn="cn=mirrormode,dc=example,dc=com" credentials=mirrormode searchbase="dc=example,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on Since there is no slapd.conf file, how do I configure replication in a cn=config format? Do I need to run a slapadd or ldapadd command? Syntax? What files do I need to create, and where? Thanks in advance.

2 1

Problems recovering my ldap db
by ghooton＠scins.ie 28 Aug '13

28 Aug '13

Hi all, I am recovering form a disaster. when I do slapcat I can see all the info stored in the ldap db However, when I do ldapsearch I cannot see anything. When I do slapcat -l backup.ldif I get : unclean shutdown detected; attempting recovery recovery skipped in read-only mode. Run manual recovery if errors are encountered I am using Debian 6 2.6.32-5-amd64 and :- ldapsearch -VV ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.23 (Dec 16 2012 11:48:21) $ root@carillon:/tmp/buildd/openldap-2.4.23/debian/build/clients/tools (LDAP library: OpenLDAP 20423) //Ger

2 1

Configure Mirror Mode Replication
by Clint Petty 27 Aug '13

27 Aug '13

I am wanting to implement Mirror Mode Replication. I am using OpenLDAP 2.4.23 on CentOS 6.4, which uses cn=config format, that does not have a slapd.conf file. The instructions say to add the following to the slapd.conf file: database bdb suffix dc=Example,dc=com rootdn dc=Example,dc=com directory /var/ldap/db index objectclass,entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 MirrorMode node 1: # Global section serverID 1 # database section # syncrepl directive syncrepl rid=001 provider=ldap://ldap-sid2.example.com bindmethod=simple binddn="cn=mirrormode,dc=example,dc=com" credentials=mirrormode searchbase="dc=example,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on MirrorMode node 2: # Global section serverID 2 # database section # syncrepl directive syncrepl rid=001 provider=ldap://ldap-sid1.example.com bindmethod=simple binddn="cn=mirrormode,dc=example,dc=com" credentials=mirrormode searchbase="dc=example,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on Since there is no slapd.conf file, how do I configure replication in a cn=config format? Do I need to run a slapadd or ldapadd command? Syntax? What files do I need to create, and where? Thanks in advance.

2 1

Slapd - Back-ldap Chain overlay: Proxied Authorization Denied
by Raul Hernandez 27 Aug '13

27 Aug '13

Hello! I've implemented a simple openldap master and consumer architecture. To achieved this, I had to implement back-ldap chain overlay (in order to have a read only "slave"), and syncprov overlay, to synchronize data from master to the slave. This implementation works fine. I have data from the master, replicated into the slave. When I try to modify an object from the consumer using the administrative account "cn=admin,dc=company,dc=com", references the modify command to the master. The master performs the operation and returns the consumer the operation result. When I try to perform any modify operation with another authorized account, I get the following error *LDAP said*:Proxied Authorization Denied*Error number*:0x7b ()*Description*: The account has permission to write the whole tree in both, the master and the slave. Here is my config on both servers: #------- # Master #------- dn: cn=module,cn=config changetype: add objectClass: olcModuleList cn: module olcModulePath: /usr/lib/ldap olcModuleLoad: syncprov dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov dn: olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=company,dc=com" write by dn="cn=idm,ou=Seguridad,dc=company,dc=comdc=company,dc=com" write by anonymous read by * none olcAccess: {1}to attrs=shadowWarning,shadowMax,shadowMin by self write by dn="cn=admin,dc=company,dc=com" write by dn="cn=idm,ou=Seguridad,dc=company,dc=com" write by anonymous read by * none olcAccess: {2}to dn.base="" by * read olcAccess: {3}to * by self write by dn="cn=admin,dc=company,dc=com" write by dn="cn=idm,ou=Seguridad,dc=company,dc=com" write by * read #------- # Consumer #------- dn: cn=module,cn=config changetype: add objectClass: olcModuleList cn: module olcModulePath: /usr/lib/ldap olcModuleLoad: syncprov olcModuleLoad: back_ldap dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://192.168.123.139binddn="cn=syncReplUser,ou=Seguridad,dc=bandes,dc=gob,dc=ve" bindmethod=simple credentials=0p3n1d4pPr0d% searchbase="dc=bandes,dc=gob,dc=ve" type=refreshAndPersist scope=sub retry="5 10 10 +" timeout=1 sizelimit=unlimited schemachecking=on - add: olcUpdateRef olcUpdateRef: ldap://192.168.123.139 dn: olcOverlay=chain,olcDatabase={-1}frontend,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcChainConfig olcOverlay: chain olcChainReturnError: TRUE olcChainMaxReferralDepth: 1 dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config changetype: add objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDatabase: ldap olcDbURI: ldap://192.168.123.139 olcDbRebindAsUser: TRUE olcDbChaseReferrals: TRUE olcDbProxyWhoAmI: TRUE olcDbNoRefs: FALSE olcDBIDAssertAuthzFrom: * olcDBACLBind: bindmethod="simple" binddn="cn=syncReplUser,ou=Seguridad,dc=bandes,dc=gob,dc=ve" credentials=0p3n1d4pPr0d% olcDbIDAssertBind: bindmethod="simple" binddn="cn=syncReplUser,ou=Seguridad,dc=bandes,dc=gob,dc=ve" credentials=0p3n1d4pPr0d% mode="self" flags="prescriptive,proxy-authz-non-critical" Hope someone can help me out! Thanks in advanced

1 0

Replication setup
by Vishesh kumar 27 Aug '13

27 Aug '13

Hi Members, I am good in openldap basics but new in Replication. I am trying to setup replication on CentOS 6 systems. OpenLDAP version is 2.4.23-32.el6_4.1.x86_64. I loaded syncprov module using following ldif file on both the provider and consumer +++++++++ dn: cn=module,cn=config ObjectClass: olcModuleList cn: Module olcModulepath: /usr/lib64/openldap/ olcModuleLoad: syncprov.la +++++++++ I also configured replica database on consumer as following +++++++++ olcsyncrepl: rid=101 provider=ldap://192.168.10.1:389 type=refreshOnly interval= 00:05:00:00 searchbase="dc=l,dc=local" scope=sub bindmethod=simple binddn="cn=Man ager,dc=l,dc=local" credentials=xxxx +++++++++++++++++++++++++++++ Above configuration is not replicating database. Am I missing something? -- Vishesh Kumar

2 1

sambaSamAccount Problem
by felas 27 Aug '13

27 Aug '13

Hi, i have a ldif file with a objectClass: sambaSamAccount objectClass: posixAccount so i add follow this guide: https://help.ubuntu.com/12.04/serverguide/samba-ldap.html the samba.schema and samba.ldif. I restart slapd, but still not found, because if i try to change this: objectClass: inetOrgPerson objectClass: posixAccount it's work.. but with sambaSamAccount not..

1 0

Openldap configuration import LDIF
by felas 27 Aug '13

27 Aug '13

hi, i have install OpenLdap in a UbuntuServer, in virtual with VirtualBox. Now i want to import in Eclipse via Ldap Browser one file LDIF. I have a FQDN like this, ldap.***.***.com, and i add this in /etc/hosts this FQDN with a ip address 192.168.1.156, the ip is my Server. Now the problem, when i try to import Ldif, i have the problem with auth, i know i must change something in a slapd config but what?

5 21

Re: How to check whether OpenLDAP server is provider or consumer ?
by pramod kulkarni 27 Aug '13

27 Aug '13

Hi, Thanks for the reply. I have a rootdn,How to query the updateref setting ? waiting for your inputs Regards, Pramod On Sat, Aug 24, 2013 at 12:51 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > --On Friday, August 23, 2013 3:53 PM +0530 pramod kulkarni < > pammu.kulkarni(a)gmail.com> wrote: > > >> I am trying to notify a system to check if the openLDAP server is >> provider or consumer.I can do this by getting a referral error on the >> consumer side whenever I try to write something on the server , but is >> their any other way to check if OpenLDAP is provider or consumer without >> writing to it ? . >> > > You could query for the updateref setting if you are using cn=config out > of the config DB, but that'd require the rootdn? Or, you could just set up > slapo-chain on your replica, and then it doesn't matter. > > --Quanah > > -- > > Quanah Gibson-Mount > Lead Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

3 5

[LMDB] Support for secondary index
by Alain 26 Aug '13

26 Aug '13

I am trying to port an application that currently uses BDB and I'm stuck with how to implement secondary indexes with LMDB. Can you point me in the right direction here. Thanks Alain

2 1

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical August 2013