openldap-technical March 2014

openldap-technical@openldap.org

89 participants
101 discussions

User-Managed Groups
by Tim Gustafson 08 Mar '14

08 Mar '14

Hi, I've had OpenLDAP set up for a while now such that users can create groups and manage the groups that they've created. I've achieved this by creating a new objectClass (called "managedGroup") which adds the "manager" attribute, and then I've set up ACLs like this: olcAccess: {14}to dn.base="ou=Groups,dc=whatever" attrs=children by users add by * break olcAccess: {15}to dn.subtree="ou=Groups,dc=whatever" filter="(&(objectClass=posixGroup)(objectClass=managedGroup)(gidNumber>=1000))" attrs=entry by users add by * break olcAccess: {16}to dn.subtree="ou=Groups,dc=whatever" attrs=cn,manager,memberUid,description by set.exact="this/manager & user" write by * break I also have the "unique" overlay installed to prevent multiple groups from having the same "cn" or "gidNumber". I've got a request from users to be able to re-name their groups now too. I tried changing "by users add" to "by users write" in clause 14, and added the "entry" attribute to "attrs=" in clause 16, but the server is still not letting users re-name their groups. The output of the log file looks like this: slapd[44745]: => acl_get: [16] attr entry slapd[44745]: => acl_mask: access to entry "cn=test-1234,ou=Groups,dc=whatever", attr "entry" requested slapd[44745]: => acl_mask: to all values by "uid=g-guest,ou=people,dc=whatever", (=0) slapd[44745]: <= check a_dn_pat: users slapd[44745]: <= acl_mask: [1] applying add(=arscxd) (stop) slapd[44745]: <= acl_mask: [1] mask: add(=arscxd) slapd[44745]: => slap_access_allowed: write access denied by add(=arscxd) slapd[44745]: => access_allowed: no more rules What am I missing? -- Tim Gustafson tjg(a)ucsc.edu 831-459-5354 Baskin Engineering, Room 313A

3 2

Help with trying to setup RE: Issues with setting up multiple master
by Alex Samad - Yieldbroker 07 Mar '14

07 Mar '14

Hi Any one got any hints at what I can look at to fix this ? Alex > -----Original Message----- > From: Alex Samad - Yieldbroker > Sent: Wednesday, 5 March 2014 4:11 PM > To: 'openldap-technical(a)openldap.org' > Subject: Issues with setting up multiple master > > Hi > > So I am setting up multi master following the steps here > http://www.openldap.org/doc/admin24/replication.html 18.3.3 > > I have 2 nodes and not 3. > > I did this on the master > dn: cn=config > objectClass: olcGlobal > cn: config > olcServerID: 1 > > dn: olcDatabase={0}config,cn=config > objectClass: olcDatabaseConfig > olcDatabase: {0}config > olcRootPW: secret > > and on the 2nd > > dn: cn=config > objectClass: olcGlobal > cn: config > olcServerID: 2 > > dn: olcDatabase={0}config,cn=config > objectClass: olcDatabaseConfig > olcDatabase: {0}config > olcRootPW: secret > > > > I used a different password on each site . changed it to the same password > no > > > I did this > > dn: cn=config > changetype: modify > replace: olcServerID > olcServerID: 1 $URI1 > olcServerID: 2 $URI2 > > dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config > changetype: add > objectClass: olcOverlayConfig > objectClass: olcSyncProvConfig > olcOverlay: syncprov > > dn: olcDatabase={0}config,cn=config > changetype: modify > add: olcSyncRepl > olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" > bindmethod=simple > credentials=secret searchbase="cn=config" type=refreshAndPersist > retry="5 5 300 5" timeout=1 > olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" > bindmethod=simple > credentials=secret searchbase="cn=config" type=refreshAndPersist > retry="5 5 300 5" timeout=1 > - > add: olcMirrorMode > olcMirrorMode: TRUE > > > I am wondering why I did > dn: cn=config > objectClass: olcGlobal > cn: config > olcServerID: 2 > > if I am just going to do this > > dn: cn=config > changetype: modify > replace: olcServerID > olcServerID: 1 $URI1 > olcServerID: 2 $URI2 > > This is what I get on the second node > Mar 5 16:08:09 alcldap1 slapd[21296]: do_syncrep2: rid=001 got empty > syncUUID with LDAP_SYNC_ADD > Mar 5 16:08:09 alcldap1 slapd[21296]: do_syncrepl: rid=001 rc -1 retrying (4 > retries left) > Mar 5 16:08:14 alcldap1 slapd[21296]: do_syncrep2: rid=001 got empty > syncUUID with LDAP_SYNC_ADD > Mar 5 16:08:14 alcldap1 slapd[21296]: do_syncrepl: rid=001 rc -1 retrying (4 > retries left) > Mar 5 16:08:19 alcldap1 slapd[21296]: do_syncrep2: rid=001 got empty > syncUUID with LDAP_SYNC_ADD > > > And on the first node > Mar 5 16:09:27 gsldap1 slapd[11028]: do_syncrep2: rid=002 got empty > syncUUID with LDAP_SYNC_ADD > x > Mar 5 16:09:27 gsldap1 slapd[11028]: do_syncrepl: rid=002 rc -1 retrying (4 > retries left) x > > I have done manual ldapsearch from both boxes to the other boxes with the > credentials and it works > > > So now I am stuff. Had a quick google, but could find anything relevant. > > Help :) > > Oh I started with info in the db's already. Just a rsync ... > > Alex > > >

1 1

Slapd TLS issue
by Eric Falbe 07 Mar '14

07 Mar '14

Hi, When I try to start slapd I get this error message: Checking configuration files for slapd: [WARNING] PROXIED attributeDescription "DC" inserted. config file testing succeeded Starting slapd: @(#) $OpenLDAP: slapd 2.4.23 (Feb 3 2014 19:11:35) $ mockbuild(a)c6b10.bsys.dev.centos.org: /builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd PROXIED attributeDescription "DC" inserted. bdb_db_open: database "dc=cassens,dc=com": unclean shutdown detected; attempting recovery. bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. slapd starting TLS: error: the certificate '/etc/pki/tls/certs/ldap.cassens.com.pem' could not be found in the database - error -12285:Unable to find the certificate or key necessary for authentication.. TLS: certificate '/etc/pki/tls/certs/ldap.cassens.com.pem' successfully loaded from PEM file. TLS: no unlocked certificate for certificate 'CN=ldap.cassens.com,OU=Ldap Server,O=Cassens Transport Company,C=US'. ppolicy_bind: Setting warning for password expiry for cn=replication,dc=cassens,dc=com = 0 seconds ^Cdaemon: shutdown requested and initiated. slapd shutdown: waiting for 0 operations/tasks to finish slapd stopped. This server was working last night, I had to promote our secondary ldap server this morning. I have attempted to rebuild the database backend (with slapcat and slapadd), but am still getting this same error. I have my ssl (self-signed) certificates located in /etc/pki/tls/certs/ldap.cassens.com.pem /etc/pki/tls/tls/certa/ca.pem /etc/pki/tls/private/ldap.cassens.comKey.pem These certificates worked fine up untill today, does anyone have any insight on where to look to being troubleshooting this issue? Thanks, Eric Falbe

5 6

Documentation required on openldap 2.4.39
by saurabh ohri 07 Mar '14

07 Mar '14

Hi, Does anyone installed openldap 2.4.39 or later. Please help me with self created document as i am getting stuck at various point. I have installed and configured but not able to : 1) Change the ldap to work for ldap(389) to ldaps(636) with openssl certs. 2) Not able to convert the slapd.conf to config. 3) Implementing password policies. 4) 2 node Replication Master-Master Please help as it is been 2 weeks and am dead stuck. Project completion data is near so quick help will be highly appreciated. Thanks again Regards Sam

2 1

LDAP Passwordless SSH Problem
by Kamran Khan 06 Mar '14

06 Mar '14

Hi all, I have a cluster, running RHEL6.5, which I have installed and configured LDAP w/ TLS support. The systems are all authenticating using LDAP properly, and I have added a test user to make sure this works. I can 'su' into the new user, and SSH across all systems. However, it requires a password upon every SSH. Please see verbose SSH below: =================================================== [root@usdtwclus01 ~]# su - jramey [jramey@usdtwclus01 ~]$ ssh -vvvvv n001 OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to n001 [172.16.36.1] port 22. debug1: Connection established. debug3: Not a RSA1 key file /home/jramey/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/jramey/.ssh/id_rsa type 1 debug1: identity file /home/jramey/.ssh/id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug2: fd 5 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 960 bytes for a total of 981 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc(a)lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc(a)lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib(a)openssh.com,zlib debug2: kex_parse_kexinit: none,zlib(a)openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc(a)lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc(a)lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib(a)openssh.com debug2: kex_parse_kexinit: none,zlib(a)openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug3: Wrote 24 bytes for a total of 1005 debug2: dh_gen_key: priv key bits set: 120/256 debug2: bits set: 522/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: Wrote 144 bytes for a total of 1149 debug3: check_host_in_hostfile: host n001 filename /home/jramey/.ssh/known_hosts debug3: check_host_in_hostfile: host n001 filename /home/jramey/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: host 172.16.36.1 filename /home/jramey/.ssh/known_hosts debug3: check_host_in_hostfile: host 172.16.36.1 filename /home/jramey/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'n001' is known and matches the RSA host key. debug1: Found key in /home/jramey/.ssh/known_hosts:1 debug2: bits set: 504/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: Wrote 16 bytes for a total of 1165 debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug3: Wrote 48 bytes for a total of 1213 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/jramey/.ssh/id_rsa (0x7f0a9fb7a6a0) debug3: Wrote 64 bytes for a total of 1277 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-keyex debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-keyex debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug2: we did not send a packet, disable method debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug3: Trying to reverse map address 172.16.36.1. debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_15000' not found debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_15000' not found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_15000' not found debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/jramey/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug3: Wrote 368 bytes for a total of 1645 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password jramey@n001's password: =================================================== Any ideas on how to accomplish passwordless SSH with LDAP users? Please let me know. Thanks. -- Kamran Khan PSSC Labs HPC Software Technical Engineer

3 3

openldap search filter attribut equal to another
by Lanfeust troy 05 Mar '14

05 Mar '14

hi list, is it possible to write a filter like: (&(objectClass=inetOrgPerson)(mail=cn)) to retrieve all entry that attribute mail equal to attribute cn. thanks

4 3

mirror mode & sasl question
by Eileen(=^ω^=) 05 Mar '14

05 Mar '14

Hi all， This is Eileen from China SINAP. I am a beginner for openldap soft. I encountered a problem in my study on two LDAP services replication. I have 2 LDAP services, one name LDPA1, the other is LDAP2 . I want to make them synchronously in mirror mode. But when I set LDAP services rootpw both in hash, the 2 LDAP serivces can’t be synchronous. My question is 1. if I set my rootpw in hash, my bindmethod must be SASL? If I must use sasl method, can I put the sasl service in the same ldap service? If bindmethod=sasl then what is the saslmech should be? 2. If I change to sasl method, do I need change my database record? My slapd.conf file set as below, could you pls advice which place I should fix? moduleload syncprov.la database bdb suffix "dc=xxx,dc=xxx" checkpoint 1024 15 rootdn "cn=xxx,dc=xxx,dc=xxx" rootpw {SSHA}cXUVsI2kuKNK9kjCagWtvraossyAKuhX directory /var/lib/ldap/xxx access to * by self write by * read # Indices to maintain for this database index objectClass,entryCSN,entryUUID eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub serverID 1 (ldap2 service is 2) syncrepl rid=111 provider=ldap://other side ip bindmethod=sasl saslmech=ssha authcid=? Authzid=? Realm=? binddn="cn=xxx,dc=xxx,dc=xxx" credentials={SSHA}cXUVsI2kuKNK9kjCagWtvraossyAKuhX searchbase="dc=xxx,dc=xxx" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 My database record just like below: dn: cn=tiangexuan,ou=users,dc=xxx,dc=xxx cn: tiangexuan objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson sn: tiangexuan uid: tiangexuan uidNumber: 10001 gidNumber: 90001 homeDirectory: /home/tiangexuan loginShell: /bin/bash userPassword: calvin Best wishes & regrads Eileen

3 2

Restricting access based on IP Address
by kevin sullivan 05 Mar '14

05 Mar '14

Hi, I am running an OpenLDAP server version 2.4.23 and I would like to restrict a user from connecting unless they are connecting via an ldapi connection or localhost. Specifically, I would like to only let the rootdn manage things from localhost or from an ldapi connection, which ensures that they are on localhost. I do not want to prevent other users from connecting to my LDAP server via an ldaps connection from anywhere on the network. Is this possible? I have read a good bit about access control directives, but I haven't seen what I am looking for. I am guessing that what I am looking for probably deals with 'sockname' or 'sockurl', but I don't know how to use those statements to properly configure slapd. Thanks, Kevin

5 4

Issues with setting up multiple master
by Alex Samad - Yieldbroker 05 Mar '14

05 Mar '14

Hi So I am setting up multi master following the steps here http://www.openldap.org/doc/admin24/replication.html 18.3.3 I have 2 nodes and not 3. I did this on the master dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret and on the 2nd dn: cn=config objectClass: olcGlobal cn: config olcServerID: 2 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret I used a different password on each site . changed it to the same password no I did this dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE I am wondering why I did dn: cn=config objectClass: olcGlobal cn: config olcServerID: 2 if I am just going to do this dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 This is what I get on the second node Mar 5 16:08:09 alcldap1 slapd[21296]: do_syncrep2: rid=001 got empty syncUUID with LDAP_SYNC_ADD Mar 5 16:08:09 alcldap1 slapd[21296]: do_syncrepl: rid=001 rc -1 retrying (4 retries left) Mar 5 16:08:14 alcldap1 slapd[21296]: do_syncrep2: rid=001 got empty syncUUID with LDAP_SYNC_ADD Mar 5 16:08:14 alcldap1 slapd[21296]: do_syncrepl: rid=001 rc -1 retrying (4 retries left) Mar 5 16:08:19 alcldap1 slapd[21296]: do_syncrep2: rid=001 got empty syncUUID with LDAP_SYNC_ADD And on the first node Mar 5 16:09:27 gsldap1 slapd[11028]: do_syncrep2: rid=002 got empty syncUUID with LDAP_SYNC_ADD x Mar 5 16:09:27 gsldap1 slapd[11028]: do_syncrepl: rid=002 rc -1 retrying (4 retries left) x I have done manual ldapsearch from both boxes to the other boxes with the credentials and it works So now I am stuff. Had a quick google, but could find anything relevant. Help :) Oh I started with info in the db's already. Just a rsync ... Alex

1 0

ppolicy not working in 2.4.23 !!
by saurabh ohri 05 Mar '14

05 Mar '14

Hi All, tried implementing the ppolicy on 2.4.23 version but it is not working. So i tried installing the upgraded version i.e 2.4.39 from source.but getting following error: Mar 4 12:36:06 juc-dom1-prd slapd[5513]: @(#) $OpenLDAP: slapd 2.4.39 (Mar 4 2014 11:05:59) $#012#011root@juc-dom1-prd.j.cinglevue.com:/tmp/openldap-2.4.39/servers/slapd Mar 4 12:36:06 juc-dom1-prd slapd[5513]: daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol) Mar 4 12:36:06 juc-dom1-prd slapd[5513]: lt_dlopenext failed: (back_bdb.la) file not found Mar 4 12:36:06 juc-dom1-prd slapd[5513]: slapd stopped. Mar 4 12:36:06 juc-dom1-prd slapd[5513]: connections_destroy: nothing to destroy. Previously was getting error: Unrecognized database type (bdb) in openldap 2.4.39 In order to fix this i added below line in slapd.conf file: moduleload back_bdb.la Please help as implementing open ldap is getting crazy now. regards Sam

2 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical March 2014