August 2013 - openldap-technical

by Quanah Gibson-Mount

If you know how to build OpenLDAP manually, and would like to participate in testing the next set of code for the 2.4.36 release, please do so. Generally, get the code for RE24: <http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...> Configure & build. Execute the test suite (via make test) after it is built. Thanks! --Quanah -- Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

9 years, 9 months

8
17
0 / 0

UNSUBSCRIBE

by Kumar, Amit

9 years, 9 months

1
0
0 / 0

DB config and log files

by jeevan kc

Hello thereMy DB_CONFIG looks like this set_cachesize 0 716800 0set_lg_bsize 2097512set_lg_dir /usr/local/var/openldap-logsset_flags DB_LOG_AUTOREMOVE Recently , we have few batch processes running in the LDAP server for Datawarehouse groups and other apps and this is causing DB logs to grow . When I do a ls -l the size of the logs are almost 4GB in size. This is causing trouble and we don't want this many logs. How do I limit the log size so that it doesn't exceed lets say 1 GB . These DB logs are of very little importance to us. We periodically do a backup using slapcat and we can use this in case we have a fatal crash .Please throw some light on how to limit these DB logs . Thanks Jeevan

9 years, 9 months

3
4
0 / 0

Re: RE24 testing call (OpenLDAP 2.4.36)

by Marco Pizzoli

On Mon, Jul 29, 2013 at 9:44 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > If you know how to build OpenLDAP manually, and would like to participate > in testing the next set of code for the 2.4.36 release, please do so. > > Generally, get the code for RE24: > > <http://www.openldap.org/**devel/gitweb.cgi?p=openldap.** > git;a=snapshot;h=refs/heads/**OPENLDAP_REL_ENG_2_4;sf=tgz<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...> > > > > Configure & build. > > Execute the test suite (via make test) after it is built. > > Thanks! > > --Quanah > All MDB tests passed with current RE24 (apart from the very last additions you just made). RHEL6.4 x86_64 > > -- > > Quanah Gibson-Mount > Lead Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration > >

9 years, 9 months

1
0
0 / 0

MAC and Network Asset Inventory on LDAP

by Nick Milas

Hello, We are planning on using FreeRadius for MAC-auth based on MAC addresses (to be) stored on our OpenLDAP (in parallel to 802.1x using our ldap-stored users). With that opportunity we would be aiming at starting a comprehensive network asset inventory. So, I would like to ask people to share their experience regarding storing MAC addresses and other device info on LDAP. If using LDAP for device inventory, are you simply using device and ieee802Device object classes (in core.schema and nis.schema respectively), or you would suggest a more specialized/extensive schema to be used instead or additionally (auxiliary object class(es))? Which? An example method (found with some googling): http://collaboration.cmc.ec.gc.ca/science/rpn/biblio/ddj/Website/articles... Of course, one could try to re-invent the wheel (custom schema, custom apps), but I am sure there should be some well designed schema(s) around for this purpose. I think that it would also make sense, if possible, to be able to use a storage format that can be leveraged by other open-source network assets management software (like ocsinventory-ng or openipam, which however use SQL backends). Any experiences/suggestions would be highly appreciated. Thanks and Regards, Nick

9 years, 9 months

1
0
0 / 0

Linux quota problem for LDAP users

by Osman ÜNALAN (ULAKBİM)

Hi, I'm trying to set quotas for LDAP users on a Linux server. But all the users' name begins with number and when I try to set quota for a user like "123456" it sets a quota for "#123456" I set quota like this: setquota -u 123456 1500 1500 0 0 -a repquota output is like: user used soft hard grace used soft hard grace 123456 -- 500 0 0 100 0 0 # 123456 -- 0 1500 1500 0 0 0 That's why the quota I set applies to non existing user named #123456. Does anyone know how can I fix that? Thanks, Osman Ünalan

9 years, 9 months

4
3
0 / 0

One questions about nested gourp support of openldap

by ctosgh

Hi, there To meet the following requirement: "groupA" contains user entries: cn=a,ou=users,dc=test,dc=com cn=b,ou=users,dc=test,dc=com "groupB" contains "groupA" I have following questions: 1 Which object classes should I use to implement above requirement? Could anyone give a simple sample ldif file? 2 Is there a standard or commonly used way to implement nested groups? Appreciate your feedback~~~ Thanks, Jacky

9 years, 9 months

3
3
0 / 0

developing module that instantiates check_password() function

by Scott Koranda

Hello, I wish to develop a user-defined loadable module that instantiates the check_password() function as described in the slapo-ppolicy man page. The man page specifies the function prototype as int check_password (char *pPasswd, char **ppErrStr, Entry *pEntry); In which header file is the 'Entry' type defined? Thanks, Scott

9 years, 9 months

2
3
0 / 0

separate login/password for several services?

by Zeus Panchenko

hi all, please, may somebody advice I need to set separate credentials for each service I provide (optionally) to my users I think of something like this: dn: uid=target-user,ou=People,dc=ibs userPassword: ****** ... authorizedService: xmpp authorizedService: smtp authorizedService: pop authorizedService: imap authorizedService: mail ... loginSMTP: mail-send-login passwSMTP: xxx loginPOP3: mail-get-login passwPOP3: yyy ... loginXMPP: login-xmpp passwXMPP: zzz can I achieve it? from which side to approach the issue? -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)

9 years, 9 months

5
10
0 / 0

Re: Schema Replication and data replication

by Christian Kratzer

Hi, On Thu, 8 Aug 2013, espeake(a)oreillyauto.com wrote: > Christian, > > The olcServerID goes in the cn=config file correct? I will do a ldapmodify to change this. yes. use the following: dn: olcDatabase={0}config changetype: modify replace: olcServerID olcServerID: 1 ldap://tntest-ldap-master-1.oreillyauto.com olcServerID: 2 ldap://tntest-ldap-master-2.oreillyauto.com > The consumer config is what was on there and that's why I asked the question about wiping it out and then using slapcat to put it back in. slapcat NEVER shows the checksums and protecting comments that you only see when you go looking at the files under slapd.d # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 3411e7fc Once you have the correct configuration on one server dump it with slapcat -n0 and import it to the second server using slapadd -n0. Be sure to wipe ALL of the contents in the slapd.d directory before importing with slapadd. ps: please keep the mailinglist on the Cc: so what we learn from this is for the greater good. Greetings Christian > > Thanks, > Eric > > > > -----openldap-technical-bounces(a)OpenLDAP.org wrote: -----To: espeake(a)oreillyauto.com > From: Christian Kratzer > Sent by: openldap-technical-bounces(a)OpenLDAP.org > Date: 08/08/2013 06:58AM > Cc: openldap-technical(a)openldap.org > Subject: Re: Schema Replication and data replication > > Hi, > > On Wed, 7 Aug 2013, espeake(a)oreillyauto.com wrote: > > > > > So we are cooking with warm oil and I wan to the cooking with hot oil!!!! > > > > I have been able to get upgraded 2.4.28 on open ldap. Having issue with > > getting a good build of 2.4.35. But that isn't the problem. Below is the > > log on my log from one of my consumers after starting the slapd service. > > > <snipp> > > > > Here is where is stops. > > > > Here in the ldif file from my master: > > > > # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. > > # CRC32 3411e7fc > > use slapcat -n0 instead of copying manually the files from the slapd.d directory. > > > dn: olcDatabase={0}config > > objectClass: olcDatabaseConfig > > olcDatabase: {0}config > > olcUpdateRef: ldap://tntest-ldap-master-1.oreillyauto.com > > olcsyncrepl: rid=002 provider=ldap://tntest-ldap-master-1.oreillyauto.com > > type=refreshAndPersist retry="10 +" searchbase="cn=config" > > bindmethod=simple binddn="uid=admin,dc=oreillyauto,dc=com" > > credentials=<password> > > olcAccess: to * by dn="uid=admin,dc=oreillyauto,dc=com" write by > > dn="uid=ldapadmin,ou=system,dc=oreillyauto,dc=com" write by * none > > olcRootDN: cn=admin,cn=config > > olcRootPW:: c2VjcmV0 > > structuralObjectClass: olcDatabaseConfig > > entryUUID: 35b75e72-93c2-1032-9ca4-711c013d2dcb > > creatorsName: cn=config > > createTimestamp: 20130807153144Z > > entryCSN: 20130807153144.468097Z#000000#000#000000 > > modifiersName: cn=config > > modifyTimestamp: 20130807153144Z > > > > Here is the ldif from my consumer: > > > > dn: olcDatabase={0}config > > objectClass: olcDatabaseConfig > > olcDatabase: {0}config > > olcRootDN: cn=admin,cn=config > > olcRootPW: secret > > structuralObjectClass: olcDatabaseConfig > > olcsyncrepl: {0}rid=002 > > provider=ldap://tntest-ldap-master-1.oreillyauto.com type=refreshOnly > > retry="5 +" searchbase="cn=config" bindmethod=simple > > binddn="cn=admin,cn=config" credentials=<password> schemachecking=on > > olcAccess: to * by dn="uid=admin,dc=oreillyauto,dc=com" write by > > dn="uid=ldapadmin,ou=system,dc=oreillyauto,dc=com" write by * none > > entryUUID: f074ba7c-09ed-1030-952b-0bb60fbd91a8 > > creatorsName: cn=config > > createTimestamp: 20110503162710Z > > entryCSN: 20110503162710.319234Z#000000#000#000000 > > modifiersName: cn=config > > ModifyTimestamp: 20110503162710Z > > > > both your entryCSN have #000# for the serverID. Even though it seems you > have somehow modified the configuration. > > Your replication cannot work when you have not configured a serverID. > > You need at least the following in your configs. > > olcServerID: 1 ldap://tntest-ldap-master-1.oreillyauto.com > olcServerID: 2 ldap://tntest-ldap-master-2.oreillyauto.com > > Also why does the ModifyTimestamp: attribute from your second server start with a capital 'M'. > > Are you still somehow manually poking at the files in slapd.d ? > > Please use slapcat / slapadd with the -n0 option to export and import your configuration. > > > Greetings > Christian > > -- > Christian Kratzer CK Software GmbH > Email: ck(a)cksoft.de Wildberger Weg 24/2 > Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden > Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart > Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer > > > -- > This message has been scanned for viruses and dangerous content, > and is believed to be clean. > Message id: 7014E600847.AEC40 > > > This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended > recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you. > > -- Christian Kratzer CK Software GmbH Email: ck(a)cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer

9 years, 9 months

4
5
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical August 2013