Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years, 3 months
OpenLDAP and dynalogin (two-factor auth with HOTP)
by Daniel Pocock
Some time ago I created the dynalogin ( http://www.dynalogin.org )
solution for two-factor authentication.
I'm just contemplating how to make it easier to integrate, and making it
convenient to use with OpenLDAP seems like a good strategy: can anyone
comment on that?
The initial thoughts that I have about the subject:
- SASL based solution (dynalogin has digest capability already, so it
could be adapted for SASL PLAIN or DIGEST-MD5)
- should not prevent password logins (user should be able to use either
password or HOTP code)
- should enable people to use it indirectly (e.g. if someone already has
pam_ldap working, they should be able to add dynalogin to their OpenLDAP
server and get immediate benefit)
- use cases: UNIX login, high-security webmail login, VPN and OpenID
provider backed by OpenLDAP
I know that SASL already supports OTP, but that is not HOTP, it is OPIE
(or S/Key) RFC 2289:
http://tools.ietf.org/html/rfc2289
whereas HOTP is RFC 4226:
http://www.ietf.org/rfc/rfc4226.txt
HOTP is considered more secure and more widely implemented.
8 years, 2 months
2.4.40 RPMs for openSUSE
by Michael Ströder
HI!
After some struggle and help by some opensuse-packaging list members (thanks!)
I achieved almost what I wanted.
I'd appreciate if someone could work on SLES support.
Build status and files:
https://build.opensuse.org/package/show/home:stroeder:branches:network:ld...
If you're using the openldap packages shipped with openSUSE make sure to read
the .changes files to see whether something could break your current setup.
Up to now I've tested openSUSE 13.2 and Factory on x86_64 and Factory_ARM on
rasperry pi. Note: openSUSE 12.3 was announced to be EOL so I've disabled the
repo in my home project. I can easily re-enable it if needed (or branch my
repo in your own home project).
The usual disclaimer: Don't play with it in production!
The download repos are here:
http://download.opensuse.org/repositories/home:/stroeder:/branches:/netwo...
Make yourself familiar with zypper commands.
Example: Add the repo in openSUSE 13.1 (command in one line):
zypper addrepo --refresh
http://download.opensuse.org/repositories/home:/stroeder:/branches:/netwo...
Please test. Your feedback is appreciated. Especially have a look at whether
the RPMs behave well regarding config files, package descriptions etc.
There's a new package openldap2-contrib with a selection of overlays from, you
might have guessed, the contrib/ source directory.
slapo-noopsrch is still missing because of
http://www.openldap.org/its/index.cgi?findid=7998
Since web2ldap makes heavy use of noop search control I'd be glad if someone
could look into ITS#7998. ;-)
Ciao, Michael.
8 years, 7 months
cannot start instance
by Brendan Kearney
i have been doing a bunch of testing and now have an instance that wont
start up. if i run:
/usr/sbin/slapd -u ldap -h "ldapi:/// ldap:///" -4 -d9
it runs through and fails with:
54a45a96 read_config: no serverID / URL match found. Check slapd -h
arguments.
not sure where to look for issues. the ldapi and ldap listeners start
up during daemon_init:
54a45551 daemon_init: listen on ldapi:///
54a45551 daemon_init: listen on ldap:///
54a45551 daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldapi:///)
54a45551 daemon: listener initialized ldapi:///
ldap_url_parse_ext(ldap:///)
54a45551 daemon: listener initialized ldap:///
54a45551 daemon_init: 2 listeners opened
the olcServerID lines are in cn=config.ldif:
olcServerID: 1 ldap://ldap1.bpk2.com
olcServerID: 2 ldap://ldap2.bpk2.com
not sure what is wrong. can someone point me in the right direction?
8 years, 8 months
Non OpenLDAP use of LMDB
by Harry B
Hello,
I am planning to use LMDB to create a resonably large database, few TBs, >
500mil keys, on a Fusion IO flash storage. Memory to storage ratio of the
available hardware is about 1:10
Assuming the caching of "5 to 10%" of most-frequently-accessed data is good
enough for my use-case, is this a valid/legitimate use of LMDB ? Or am I
using the wrong tool for the job?
My other choices are RocksDB (haven't looked at it) or Postgres (using a
limited subset of features), the latter mainly because we already use it
across the company.
Any advice is appreciated.
Thanks
--
Harry
8 years, 8 months
GSSAPI vs GSS-SPNEGO
by Brendan Kearney
i am in the process of updating all of my systems to fedora 20 from
fedora 16, and am using all the latest available builds for openldap,
cyrus-sasl and mit kerberos. i have put everything together as i had on
fedora 16, and i am finding that the sasl instance is using
sasl/gss-spnego, and not sasl/gssapi like it did on the older version.
i am not sure if i should be concerned about this, but it feels like i
should be. i am not able to find anything that allow me to configure
things one way or another, so i can force the use of gssapi from
configs, it seems.
can anyone point me in a direction about this, tell me if i should be
concerned, or if you might have come across this before what i should be
doing that i am not?
thank you,
brendan
8 years, 8 months
DB_Config
by Craig White
I inherited an OpenLDAP server that is in production use and it suffers from a lack of knowledge and I am slowly trying to remedy that.
One of the things I noticed was that it complained at startup about the lack of a DB_Config and a caution about it being slow - which it definitely seems to be.
As this server is in production use, I am not allowed to do anything to impact it without thorough testing - which I think I have done.
Does anyone see any problems if I just drop the following DB_Config file in a data directory so the next time the server is restarted, it takes effect? (Yes, it's a DBD configuration)
# cat DB_CONFIG
set_cachesize 0 10485760 1
set_lg_regionmax 1048576
set_lg_max 10485760
set_lg_bsize 2097152
set_lg_dir /var/tmp/bdb-log
set_flags DB_LOG_AUTOREMOVE
Seems safe and I do back it up regularly but if I drop the file in the data directory, I may not be watching when the server is patched/restarted.
Comments?
Thanks Craig
8 years, 9 months
Upgrade Ubuntu server will purge OpenLDAP data
by Onno van der Straaten
Because this is so unexpected and it impacts OpenLDAP installations, I
though I share this information here.
Ubuntu server upgrade from 12.04 to 14.04 LTS will purge the OpenLDAP
directory data. I don't understand why the or a upgrade would want to
purge data but that is what happens. I can't find anything on the internet
explaining why this is unavoidable and necessary.
>From what I have learned so far the best way to recover from this is to
completly remove OpenLDAP and start a fresh installation and import data
from backup. I'm sure you will have it, for exactly this types of
situations that are I'm afraid typical for OpenLDAP.
The reason is that it is unclear what state the upgrade leaves OpenLDAP in.
I think it will take more time to figure out what was purged, what not,
what was changed than it takes to do a complete reinstall.
8 years, 9 months
OpenLDAP and FIM 2010 R2
by Darouichi, Aziz
Hello everyone,
The management asked me to looking into Forefront Identity Management (FIM) to synch Passwords between our Microsoft AD and OpenLDAP. Openldap is used for SSO hosted by the vendor. Is this something worth exploring for 2 way password synch? Will this need custom APIs to make it work? Or would it work out of the box?
Thank you for your input and happy new year all...!!
Aziz Darouichi
8 years, 9 months
help with back-sql setup
by thelastknowngod
Hey guys,
I'm getting an "operation not permitted within namingContext" error when
trying to add an entry into a test environment using back-sql. I created
the database using the
backsql_create.sql,testdb_create.sql,testdb_data.sql, and
testdb_metadata.sql files in the OpenLDAP source. I've also tried just
using one of the entries in the testdb as a template. Still didn't work.
Not sure where the issue is. If you guys can help point me in the right
direction that would be awesome.
Thanks!
I'm building using version 2.4.40 on Linux Mint 17. More relevant info:
/etc/odbc.ini:
[openldap]
Description = Example for OpenLDAP's back-sql
Driver = MySQL
Trace = No
Database = openldap
Servername = localhost
UserName = openldap
Password = thisisatest
ReadOnly = No
RowVersioning = No
ShowSystemTables = No
ShowOidColumn = No
FakeOidIndex = No
ConnSettings =
SOCKET = /var/run/mysqld/mysqld.sock
/etc/odbcinst.ini:
[MySQL]
Description = ODBC for MySQL
Driver = /usr/lib/odbc/libmyodbc.so
FileUsage = 1
/usr/local/openldap/slapd.conf:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
database sql
suffix "dc=example,dc=com"
rootdn "cn=root,dc=example,dc=com"
rootpw thisisatest
dbname openldap
dbuser openldap
dbpasswd thisisatest
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval)
VALUES (?,?,?,?)"
has_ldapinfo_dn_ru no
File permissions:
srwxrwxrwx 1 mysql mysql 0 Dec 8 12:22 /var/run/mysqld/mysqld.sock
lrwxrwxrwx 1 root root 43 Dec 8 16:25 /usr/lib/odbc/libmyodbc.so ->
/usr/lib/x86_64-linux-gnu/odbc/libmyodbc.so
-r--r--r-- 1 root root 20499 Dec 15 11:52
/usr/local/etc/openldap/schema/core.schema
-r--r--r-- 1 root root 73994 Dec 15 11:52
/usr/local/etc/openldap/schema/cosine.schema
-r--r--r-- 1 root root 6267 Dec 15 11:52
/usr/local/etc/openldap/schema/inetorgperson.schema
-rw-r--r-- 1 openldap openldap 29 Dec 15 12:00
/usr/local/var/run/slapd.args
-rw-r--r-- 1 openldap openldap 6 Dec 15 12:00
/usr/local/var/run/slapd.pid
8 years, 9 months
