openldap-technical November 2014

openldap-technical@openldap.org

66 participants
69 discussions

Connecting to LDAPS
by Marian Baskharoun 07 Nov '14

07 Nov '14

Hi, I created an iOS app using xcode version 6.0.1. This app should accept the windows login information from the user. I'm using OpenLDap to do the authentication. This is the code I'm using, works fine with Ldap and port 389 How do I make it work with Ldaps and port 636? # define LDAP_SERVER = "ldap://host:389" - (BOOL)checkValidUser:(NSString *)username password:(NSString *)password { LDAP *ld; int rc; int desired_version = LDAP_VERSION3; struct berval cred; size_t len = strlen([username UTF8String]) + 1; char usr [len]; memcpy(usr, [usernameUTF8String], len); size_t len2 = strlen([password UTF8String]) + 1; char passwd [len2]; memcpy(passwd, [password UTF8String], len2); cred.bv_val = (char *) passwd; cred.bv_len = strlen( passwd ); if( ldap_initialize( &ld, LDAP_SERVER ) ) { return NO; } rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version); if ( rc != LDAP_SUCCESS ) { perror( "ldap_set_option failed" ); exit(EXIT_FAILURE); } else { printf("Set LDAPv3 client version.\n"); } // Simple Authentication rc = ldap_sasl_bind_s( ld, usr, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL ); if( rc != LDAP_SUCCESS ) { fprintf(stderr, "ldap_sasl_bind_s: %s\n", ldap_err2string(rc) ); return NO; } else { return YES; } } Thanks, Marian

3 2

Meaning of "ppolicy_bind: Setting warning for password expiry for ... = 0 seconds"?
by Ulrich Windl 06 Nov '14

06 Nov '14

Hi! Can someone explain what this message is actually saying: slapd[3990]: ppolicy_bind: Setting warning for password expiry for uid=testuser,ou=domain,dc=org = 0 seconds Does this mean a user who mistyped his password before logged in successfully now? I saw no change to the LDAP database after this message, so what is changed, and where is it cahnged? Also those "0 seconds" don't match my password policy, which looks like this (still testing): -- objectClass: namedObject objectClass: pwdPolicy cn: PP-Default pwdAttribute: userPassword pwdMinAge: 30 pwdMaxAge: 86400000 pwdInHistory: 3 pwdCheckQuality: 1 pwdMinLength: 8 pwdExpireWarning: 604800 pwdGraceAuthNLimit: 5 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMaxFailure: 10 pwdFailureCountInterval: 1209600 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: FALSE -- I'm running SLES11 SP3... Regards, Ulrich

2 3

is there hardware inventory schema?
by Zeus Panchenko 05 Nov '14

05 Nov '14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 greetings, please advise, is there schema or what will it be correct to use, for hardware inventory data to be stored in LDAP (except custom schema)? perhaps I'm not the first who asks that ... - -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlRXWVUACgkQr3jpPg/3oyo4uwCgxUA5AwR6x2r2idQsAYXZSYgM UHYAoK6uQ87UL2K/k6NlW/1Ns6h1a+Hh =GvDb -----END PGP SIGNATURE-----

3 4

Migrating from BDB to LMDB
by Michael 04 Nov '14

04 Nov '14

Good evening - I would like to upgrade my OpenLDAP servers and migrate from BDB to LMDB. What is the recommended path for doing this? Can I simply take a dump with slapcat while using BDB and then run a slapadd on the resulting LDIF after changing the configuration to MDB? -Mike

2 2

Trying to switch from bdb to mdb
by Jerry 04 Nov '14

04 Nov '14

I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is installed via the FreeBSD ports system and I compile it on my machine. I recently wanted to switch from BDB since versions greater than 6 are not acceptable to OpenLDAP. I wanted to use "mdb", but I just cannot seem to get it configured correctly. I changed the "database bdb" to "database mdb" but when I try to start openLDAP, I get this error: Starting slapd Unrecognized database type (mdb) Warning: failed to start slapd I removed the existing database, so it should be starting up with a clean environment, but the problem continues. This is probably a problem specific to FreeBSD. If any user of FreeBSD has this working, I would love to see how they configured it. Feel free to contact me off list if it is more convenient. Thanks! -- Jerry

7 21

Kernel segfault slapd
by Scot Hollingsworth 04 Nov '14

04 Nov '14

Issue: slapd keeps crashing about twice a day on multiple servers. I updated the kernel and openldap but still see the problem. Anyone point me in the right direction? Log: kernel: slapd[4435]: segfault at 4 ip 00d1984f sp acc3d270 error 4 in slapd[bcc000+215000] System: openldap-2.4.39-8.el6.i686 openldap-clients-2.4.39-8.el6.i686 openldap-servers-2.4.39-8.el6.i686 Kernel: 2.6.32-504.el6.i686 -- Thanks. Scot H -- The mission of the Rankin County School District is to prepare every student with the cognitive and social skills necessary to be productive members of an ever-changing global society. -- This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.

4 4

journal of changes
by Zeus Panchenko 03 Nov '14

03 Nov '14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, is there way to have something like, I'd call, "journal of changes" where it could be saved all changes (modifications and deletions in particular) for each object what I'm talking about is *whole* history of the actions the object has undergone after creation - -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlRHeGUACgkQr3jpPg/3oyrwuQCgygBCJzX239kZSvAWUj+eDarN adwAni+d1KSGElOeeHBw10zXb400pSzG =QEn7 -----END PGP SIGNATURE-----

2 2

Windows Server 2012 R2 - TLS 1.2 connection errors
by Jeff Lebo 02 Nov '14

02 Nov '14

Have had a public facing OpenLDAP server setup pointing to Windows Server 2008 on the back end for auth. AD servers are being migrated to Server 2012 R2, and I see this error on the Windows side when OpenLDAP tries to authenticate to them: "An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed." "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205." I've spent the last few days trying different configs, and reading Microsoft forums, and haven't been able to figure it out. Apparently MS changed the TLS configs with 2012R2 and it doesn't support a key length I am using. I've tried to disable TLS 1.2 on the OpenLDAP side using TLSCiperSuite in slapd.conf, but OpenLDAP fails to start with "main: TLS init def ctx failed: -1".

2 3

Re: Need information on alock file in data directory of OpenLDAP 2.4.39
by pramod kulkarni 01 Nov '14

01 Nov '14

I am runing slapcat command like this, slapcat -f slapd.conf -l backup.ldif is it wrong ? On Thu, Oct 30, 2014 at 10:20 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > --On Thursday, October 30, 2014 11:16 PM +0100 pramod kulkarni < > pammu.kulkarni(a)gmail.com> wrote: > > > 5452a973 The first database does not allow slapcat; using the first >> available on e (2) >> > > You're running slapcat incorrectly if you get this message. > > In any case, as already noted, the correct solution is to move to using > back-mdb, and stop using the deprecated BDB based backend. > > > --Quanah > > > > -- > > Quanah Gibson-Mount > Server Architect > Zimbra, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

6 8

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical November 2014