Connecting to LDAPS
by Marian Baskharoun
Hi,
I created an iOS app using xcode version 6.0.1. This app should accept the windows login information from the user.
I'm using OpenLDap to do the authentication.
This is the code I'm using, works fine with Ldap and port 389
How do I make it work with Ldaps and port 636?
# define LDAP_SERVER = "ldap://host:389"
- (BOOL)checkValidUser:(NSString *)username password:(NSString *)password
{
LDAP *ld;
int rc;
int desired_version = LDAP_VERSION3;
struct berval cred;
size_t len = strlen([username UTF8String]) + 1;
char usr [len];
memcpy(usr, [usernameUTF8String], len);
size_t len2 = strlen([password UTF8String]) + 1;
char passwd [len2];
memcpy(passwd, [password UTF8String], len2);
cred.bv_val = (char *) passwd;
cred.bv_len = strlen( passwd );
if( ldap_initialize( &ld, LDAP_SERVER ) )
{
return NO;
}
rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version);
if ( rc != LDAP_SUCCESS ) {
perror( "ldap_set_option failed" );
exit(EXIT_FAILURE);
}
else
{
printf("Set LDAPv3 client version.\n");
}
// Simple Authentication
rc = ldap_sasl_bind_s( ld, usr, LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL );
if( rc != LDAP_SUCCESS )
{
fprintf(stderr, "ldap_sasl_bind_s: %s\n", ldap_err2string(rc) );
return NO;
}
else
{
return YES;
}
}
Thanks,
Marian
6 years, 5 months
Meaning of "ppolicy_bind: Setting warning for password expiry for ... = 0 seconds"?
by Ulrich Windl
Hi!
Can someone explain what this message is actually saying:
slapd[3990]: ppolicy_bind: Setting warning for password expiry for uid=testuser,ou=domain,dc=org = 0 seconds
Does this mean a user who mistyped his password before logged in successfully now?
I saw no change to the LDAP database after this message, so what is changed, and where is it cahnged? Also those "0 seconds" don't match my password policy, which looks like this (still testing):
--
objectClass: namedObject
objectClass: pwdPolicy
cn: PP-Default
pwdAttribute: userPassword
pwdMinAge: 30
pwdMaxAge: 86400000
pwdInHistory: 3
pwdCheckQuality: 1
pwdMinLength: 8
pwdExpireWarning: 604800
pwdGraceAuthNLimit: 5
pwdLockout: TRUE
pwdLockoutDuration: 1800
pwdMaxFailure: 10
pwdFailureCountInterval: 1209600
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
--
I'm running SLES11 SP3...
Regards,
Ulrich
6 years, 5 months
is there hardware inventory schema?
by Zeus Panchenko
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
greetings,
please advise, is there schema or what will it be correct to use, for
hardware inventory data to be stored in LDAP (except custom schema)?
perhaps I'm not the first who asks that ...
- --
Zeus V. Panchenko jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlRXWVUACgkQr3jpPg/3oyo4uwCgxUA5AwR6x2r2idQsAYXZSYgM
UHYAoK6uQ87UL2K/k6NlW/1Ns6h1a+Hh
=GvDb
-----END PGP SIGNATURE-----
6 years, 5 months
Migrating from BDB to LMDB
by Michael
Good evening -
I would like to upgrade my OpenLDAP servers and migrate from BDB to LMDB.
What is the recommended path for doing this?
Can I simply take a dump with slapcat while using BDB and then run a slapadd on the resulting LDIF after changing the configuration to MDB?
-Mike
6 years, 5 months
Trying to switch from bdb to mdb
by Jerry
I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is installed via the
FreeBSD ports system and I compile it on my machine.
I recently wanted to switch from BDB since versions greater than 6 are not
acceptable to OpenLDAP. I wanted to use "mdb", but I just cannot seem to get
it configured correctly.
I changed the "database bdb" to "database mdb" but when I try to start
openLDAP, I get this error:
Starting slapd
Unrecognized database type (mdb)
Warning: failed to start slapd
I removed the existing database, so it should be starting up with a clean
environment, but the problem continues.
This is probably a problem specific to FreeBSD. If any user of FreeBSD has
this working, I would love to see how they configured it. Feel free to
contact me off list if it is more convenient.
Thanks!
--
Jerry
6 years, 5 months
Kernel segfault slapd
by Scot Hollingsworth
Issue:
slapd keeps crashing about twice a day on multiple servers. I updated the
kernel and openldap but still see the problem. Anyone point me in the
right direction?
Log:
kernel: slapd[4435]: segfault at 4 ip 00d1984f sp acc3d270 error 4 in
slapd[bcc000+215000]
System:
openldap-2.4.39-8.el6.i686
openldap-clients-2.4.39-8.el6.i686
openldap-servers-2.4.39-8.el6.i686
Kernel:
2.6.32-504.el6.i686
--
Thanks.
Scot H
--
The mission of the Rankin County School District is to prepare every
student with the cognitive and social skills necessary to be productive
members of an ever-changing global society.
--
This email and any attachments to it may be confidential and are intended
solely for the use of the individual to whom it is addressed. If you are
not the intended recipient of this email, you must neither take any action
based upon its contents, nor copy or show it to anyone. Please contact the
sender if you believe you have received this email in error.
6 years, 5 months
journal of changes
by Zeus Panchenko
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
is there way to have something like, I'd call, "journal of changes"
where it could be saved all changes (modifications and deletions in
particular) for each object
what I'm talking about is *whole* history of the actions the object has
undergone after creation
- --
Zeus V. Panchenko jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlRHeGUACgkQr3jpPg/3oyrwuQCgygBCJzX239kZSvAWUj+eDarN
adwAni+d1KSGElOeeHBw10zXb400pSzG
=QEn7
-----END PGP SIGNATURE-----
6 years, 5 months
Windows Server 2012 R2 - TLS 1.2 connection errors
by Jeff Lebo
Have had a public facing OpenLDAP server setup pointing to Windows Server 2008 on the back end for auth.
AD servers are being migrated to Server 2012 R2, and I see this error on the Windows side when OpenLDAP tries to authenticate to them:
"An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205."
I've spent the last few days trying different configs, and reading Microsoft forums, and haven't been able to figure it out. Apparently MS changed the TLS configs with 2012R2 and it doesn't support a key length I am using. I've tried to disable TLS 1.2 on the OpenLDAP side using TLSCiperSuite in slapd.conf, but OpenLDAP fails to start with "main: TLS init def ctx failed: -1".
6 years, 5 months
Re: Need information on alock file in data directory of OpenLDAP 2.4.39
by pramod kulkarni
I am runing slapcat command like this, slapcat -f slapd.conf -l backup.ldif
is it wrong ?
On Thu, Oct 30, 2014 at 10:20 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>
wrote:
> --On Thursday, October 30, 2014 11:16 PM +0100 pramod kulkarni <
> pammu.kulkarni(a)gmail.com> wrote:
>
>
> 5452a973 The first database does not allow slapcat; using the first
>> available on e (2)
>>
>
> You're running slapcat incorrectly if you get this message.
>
> In any case, as already noted, the correct solution is to move to using
> back-mdb, and stop using the deprecated BDB based backend.
>
>
> --Quanah
>
>
>
> --
>
> Quanah Gibson-Mount
> Server Architect
> Zimbra, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
6 years, 5 months
