Advice for repairing lost db log file
by jupiter
Hi,
We are running ldap server on CentOS 6.4. We've just found that slapd
stopped as the DB log file (log.0000000001) is being removed and lost
(someone may delete it inadvertently), now the slapd cannot be
started. Although we have a backup days ago, I am not sure if it will
work to copy the outdated backup DB log file to the ldap server.
Appreciate any advice of repairing it.
Thank you.
Kind regards,
jupiter
9 years
ldapsearch hidden option "-T"
by Auteria W. Winzer Jr.
Is the "-T" option for ldapsearch available in 2.4.39, or has it been permanently removed?
Regards,
Auteria Winzer Jr.
9 years
RE: pplolicy lockout grace time? - alternatives
by Chris Jacobs
> First of all, password lockout itself is a dumb idea, and we only implement it
> because it's part of the original ppolicy spec. The ppolicy spec is pathetically
> bad though.
What methods aren't dumb ideas that accomplish account unavailability on N password failures?
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
9 years
Datatype mapping for openldap
by Sankar P
Hi,
I saw some example code on MSDN which I tried to compile against
openldap on Linux and got some errors.
The C code that I tried to compile was:
http://msdn.microsoft.com/en-us/library/aa367017(v=vs.85).aspx
The errors were related to the undefined nature of types such as:
DWORD, PCHAR, BOOL, TRUE, FALSE and functions such as _snprintf_s etc.
While I could define these types myself, I wanted to check if there
are any standard header files that do these type mappings already.
Doing a `rpm -ql openldap2-devel | grep h$ | xargs grep DWORD` did not
return anything and so I am feeling that no such standard type-mapping
already exists. But I wanted to confirm and to know what is the best
practice to follow here.
Thanks.
--
Sankar P
http://psankar.blogspot.com
9 years
pplolicy lockout grace time?
by Emmanuel Dreyfus
Hello
We ran into the following problem: someone changes its password, but
has a few devices with the old password recorderd. Before the user
has time to update stored passwords, an buggy-client hammers servers
with requests using the old password, and get the account locked by
slapo-ppolicy.
Perhaps there could be a setting in pwdPolicy or in slapd.conf
so that there is a grace time after a password reset? For instance,
the admin could configure that slapo-ppolicy should not lock a user
if password has been changed less than X seconds ago.
Opinions?
--
Emmanuel Dreyfus
manu(a)netbsd.org
9 years
DIT for an academic institution
by Shali 9846303531
Dear All,
I am new to these LDAP concepts , i have prepared a DIT for our
organization with two academic institutions with each institution having
different branches of study and also there is staff and students . i have
attached the DIT , if am going through a wrong way kindly guide me.
--
Thanks & Regards
Shali.K.R
Server Administrator
9 years
OpenLDAP-2.4.23 on SUSE 11
by Mulligan, Scott
I am running openldap-2.4.23 on SUSE 10 with no problems. After upgrading to SUSE 11, I cannot start slapd. I get an error that it can't find libltdl.so.3. I noticed that libltdl.so.7 is in /usr/lib64.
My question is: Will openldap-2.4.23 work with libltdl.so.7 or do I need to upgrade openldap to run on SUSE 11?
Can I install a version of libltdl.so.3 on SUSE 11 and get it to work?
Are there any other options?
Thanks for any suggestions. I haven't been able to find anything about this for days.
9 years
Host Based OpenLDAP Authentication On Mac OS X Mountain Lion
by Amit More
Hello All,
I'm sorry if this is the wrong group to post such a question.
I have openldap (slapd version 2.4.31-1+nmu2ubuntu8) running on Ubuntu Server 14.04. The 'hostObject' objectClass is added in the OpenLDAP directory. The 'host' attribute is added under all ldap users, which allows users to access just those particular hosts. Apple schema has been added as well.
I have a ubuntu client that authenticates users against the ldap server. The ubuntu client is configured to perform host-based authentication via pam modules. Only users that have access to the Ubuntu client can login, and others are denied access. I also have a Mac OS X Mountain Lion (10.8.5) client that authenticates users against the same openldap server. All network users can login through the login window. I would like to restrict access to the Mountain Lion client based on hosts, as I've it on the Ubuntu client.
I tried to search for documentation on this, but didn't find any good one. Most of the documentation suggest that network user access be controlled on the Mountain Lion client. I'd really like to have that control on ldap server and not on client. Also, restricting network user access using 'Users & Groups' settings in System Preferences fails. All ldap users are blocked from login.
I have successfully tested host-based authentication on a Ubuntu Server 10.04 client that is connected to the same ldap server. So, I know host based authentication works. I would really appreciate if anyone could shed some light on this, or point me to a document that talks about host-based authentication on Mac OS X Mountain Lion client.
Thanks,
Amit
9 years
virtual lists
by Laurent Schweizer
Hello,
I have a ldap client requesting virtual lists and I get an error with openldap (critical extension is not recognized) , ldap exchange are bellow.
Any idea how to enable virtual list ?
BR
Laurent
REQUEST
Lightweight Directory Access Protocol
LDAPMessage searchRequest(2) "dc=peoplefone, dc=com" wholeSubtree
messageID: 2
protocolOp: searchRequest (3)
searchRequest
[Response In: 1785]
controls: 2 items
Control
controlType: 1.2.840.113556.1.4.473 (sortKeyList)
criticality: True
SortKeyList: 1 item
SortKeyList item
attributeType: cn
Control
controlType: 2.16.840.1.113730.3.4.9 (LDAP_CONTROL_VLVREQUEST VLV)
criticality: True
controlValue: 300e020100020100a006020101020100
REPONSE
Lightweight Directory Access Protocol
LDAPMessage searchResDone(2) unavailableCriticalExtension (critical extension is not recognized) [0 results]
messageID: 2
protocolOp: searchResDone (5)
searchResDone
9 years
Close sometime takes a long time
by Venkat Murty
Why does close sometime take a long time?
mdb_env_close (in sync7320902242508427276.so) + 69 [0x112e37d35]
mdb_env_close0 (in sync7320902242508427276.so) + 248 [0x112e37948]
close (in libsystem_kernel.dylib) + 10 [0x7fff8bf900c2]
Usually, happens when I have killed the process the last time.
System: Mac OS X
Thanks,
Venkat Murty
9 years
