openldap-technical May 2014

openldap-technical@openldap.org

68 participants
68 discussions

Advice for repairing lost db log file
by jupiter 22 May '14

22 May '14

Hi, We are running ldap server on CentOS 6.4. We've just found that slapd stopped as the DB log file (log.0000000001) is being removed and lost (someone may delete it inadvertently), now the slapd cannot be started. Although we have a backup days ago, I am not sure if it will work to copy the outdated backup DB log file to the ldap server. Appreciate any advice of repairing it. Thank you. Kind regards, jupiter

1 0

ldapsearch hidden option "-T"
by Auteria W. Winzer Jr. 21 May '14

21 May '14

Is the "-T" option for ldapsearch available in 2.4.39, or has it been permanently removed? Regards, Auteria Winzer Jr.

7 13

RE: pplolicy lockout grace time? - alternatives
by Chris Jacobs 21 May '14

21 May '14

> First of all, password lockout itself is a dumb idea, and we only implement it > because it's part of the original ppolicy spec. The ppolicy spec is pathetically > bad though. What methods aren't dumb ideas that accomplish account unavailability on N password failures? > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.

2 3

Datatype mapping for openldap
by Sankar P 21 May '14

21 May '14

Hi, I saw some example code on MSDN which I tried to compile against openldap on Linux and got some errors. The C code that I tried to compile was: http://msdn.microsoft.com/en-us/library/aa367017(v=vs.85).aspx The errors were related to the undefined nature of types such as: DWORD, PCHAR, BOOL, TRUE, FALSE and functions such as _snprintf_s etc. While I could define these types myself, I wanted to check if there are any standard header files that do these type mappings already. Doing a `rpm -ql openldap2-devel | grep h$ | xargs grep DWORD` did not return anything and so I am feeling that no such standard type-mapping already exists. But I wanted to confirm and to know what is the best practice to follow here. Thanks. -- Sankar P http://psankar.blogspot.com

2 1

pplolicy lockout grace time?
by Emmanuel Dreyfus 21 May '14

21 May '14

Hello We ran into the following problem: someone changes its password, but has a few devices with the old password recorderd. Before the user has time to update stored passwords, an buggy-client hammers servers with requests using the old password, and get the account locked by slapo-ppolicy. Perhaps there could be a setting in pwdPolicy or in slapd.conf so that there is a grace time after a password reset? For instance, the admin could configure that slapo-ppolicy should not lock a user if password has been changed less than X seconds ago. Opinions? -- Emmanuel Dreyfus manu(a)netbsd.org

2 1

DIT for an academic institution
by Shali 9846303531 20 May '14

20 May '14

Dear All, I am new to these LDAP concepts , i have prepared a DIT for our organization with two academic institutions with each institution having different branches of study and also there is staff and students . i have attached the DIT , if am going through a wrong way kindly guide me. -- Thanks & Regards Shali.K.R Server Administrator

4 3

OpenLDAP-2.4.23 on SUSE 11
by Mulligan, Scott 19 May '14

19 May '14

I am running openldap-2.4.23 on SUSE 10 with no problems. After upgrading to SUSE 11, I cannot start slapd. I get an error that it can't find libltdl.so.3. I noticed that libltdl.so.7 is in /usr/lib64. My question is: Will openldap-2.4.23 work with libltdl.so.7 or do I need to upgrade openldap to run on SUSE 11? Can I install a version of libltdl.so.3 on SUSE 11 and get it to work? Are there any other options? Thanks for any suggestions. I haven't been able to find anything about this for days.

2 1

Host Based OpenLDAP Authentication On Mac OS X Mountain Lion
by Amit More 19 May '14

19 May '14

Hello All, I'm sorry if this is the wrong group to post such a question. I have openldap (slapd version 2.4.31-1+nmu2ubuntu8) running on Ubuntu Server 14.04. The 'hostObject' objectClass is added in the OpenLDAP directory. The 'host' attribute is added under all ldap users, which allows users to access just those particular hosts. Apple schema has been added as well. I have a ubuntu client that authenticates users against the ldap server. The ubuntu client is configured to perform host-based authentication via pam modules. Only users that have access to the Ubuntu client can login, and others are denied access. I also have a Mac OS X Mountain Lion (10.8.5) client that authenticates users against the same openldap server. All network users can login through the login window. I would like to restrict access to the Mountain Lion client based on hosts, as I've it on the Ubuntu client. I tried to search for documentation on this, but didn't find any good one. Most of the documentation suggest that network user access be controlled on the Mountain Lion client. I'd really like to have that control on ldap server and not on client. Also, restricting network user access using 'Users & Groups' settings in System Preferences fails. All ldap users are blocked from login. I have successfully tested host-based authentication on a Ubuntu Server 10.04 client that is connected to the same ldap server. So, I know host based authentication works. I would really appreciate if anyone could shed some light on this, or point me to a document that talks about host-based authentication on Mac OS X Mountain Lion client. Thanks, Amit

1 0

virtual lists
by Laurent Schweizer 19 May '14

19 May '14

Hello, I have a ldap client requesting virtual lists and I get an error with openldap (critical extension is not recognized) , ldap exchange are bellow. Any idea how to enable virtual list ? BR Laurent REQUEST Lightweight Directory Access Protocol LDAPMessage searchRequest(2) "dc=peoplefone, dc=com" wholeSubtree messageID: 2 protocolOp: searchRequest (3) searchRequest [Response In: 1785] controls: 2 items Control controlType: 1.2.840.113556.1.4.473 (sortKeyList) criticality: True SortKeyList: 1 item SortKeyList item attributeType: cn Control controlType: 2.16.840.1.113730.3.4.9 (LDAP_CONTROL_VLVREQUEST VLV) criticality: True controlValue: 300e020100020100a006020101020100 REPONSE Lightweight Directory Access Protocol LDAPMessage searchResDone(2) unavailableCriticalExtension (critical extension is not recognized) [0 results] messageID: 2 protocolOp: searchResDone (5) searchResDone

2 2

Close sometime takes a long time
by Venkat Murty 19 May '14

19 May '14

Why does close sometime take a long time? mdb_env_close (in sync7320902242508427276.so) + 69 [0x112e37d35] mdb_env_close0 (in sync7320902242508427276.so) + 248 [0x112e37948] close (in libsystem_kernel.dylib) + 10 [0x7fff8bf900c2] Usually, happens when I have killed the process the last time. System: Mac OS X Thanks, Venkat Murty

3 8

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical May 2014