openldap-technical June 2014

openldap-technical@openldap.org

38 participants
30 discussions

Re: slapd dead. pls advise how I can restart it
by Mauricio Tavares 24 Jun '14

24 Jun '14

On Tue, Jun 24, 2014 at 11:31 AM, Alessandro Avagliano <alessandro(a)avagliano.berlin> wrote: > > On 24/06/14 16:10, Mauricio Tavares wrote: >> >> I does sound like the database is corrupted somehow. slapcat >> needs slapd to be running, right? >> > > Hello Mauricio, > Hello and thanks for the reply. I will save it in my notes. That said, the original poster was Eileen, not me. I do hope she'll try your suggestions and get the data back. > (If you don't have a backup... ) > ...depending on your operating system and OpenLDAP version installed, > you should have on your system a tool called db<version>_recover > > e.g.: db5.1_recover, db4.8_recover and so on. > > (from the man page:) > "db5.1_recover - Restore the database to a consistent state > > The db5.1_recover utility must be run after an unexpected application, > Berkeley DB, or system failure to > restore the database to a consistent state. All committed transactions > are guaranteed to appear after > db5.1_recover has run, and all uncommitted transactions will be > completely undone." > > > Be sure to make a backup copy of your db before running it, and that the > version of the db utilities that you are running matches your BDB > version (I haven't tried to recover it using different utilities/db > version). > > If you manage to restore your db, make sure you perform regular backups > and that you have at least 1 slapd replica running.... they can both > help you to restore the system in such situations > > I hope this helps, > > > Kind Regards, > Alessandro > >

1 0

ldap_set_option() performs blocking name resolution during initalization
by Jan Synacek 24 Jun '14

24 Jun '14

Is it intentional? If yes, could you please explain why, or point me to a documentation where I can find the answer? A backtrace and a snippet of code follow: #0 0x00007fda39c80a70 in __poll_nocancel () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007fda38d17e0d in send_dg (resplen2=0x0, anssizp2=0x0, ansp2=0x0, anscp=0x7fff2548cb30, gotsomewhere=<synthetic pointer>, v_circuit=<synthetic pointer>, ns=0, terrno=0x7fff2548bab0, anssizp=0x7fff2548bbf0, ansp=0x7fff2548baa8, buflen2=0, buf2=0x0, buflen=36, buf=0x7fff2548bc20 "\tg\001", statp=0x7fda39f533e0 <_res(a)GLIBC_2.2.5>) at res_send.c:1059 #2 __libc_res_nsend (statp=statp@entry=0x7fda39f533e0 <_res(a)GLIBC_2.2.5>, buf=buf@entry=0x7fff2548bc20 "\tg\001", buflen=<optimized out>, buf2=buf2@entry=0x0, buflen2=buflen2@entry=0, ans=ans@entry=0x7fff2548c700 "", anssiz=anssiz@entry=1024, ansp=ansp@entry=0x7fff2548cb30, ansp2=ansp2@entry=0x0, nansp2=nansp2@entry=0x0, resplen2=resplen2@entry=0x0) at res_send.c:556 #3 0x00007fda38d15d47 in __GI___libc_res_nquery ( statp=statp@entry=0x7fda39f533e0 <_res(a)GLIBC_2.2.5>, name=0x7fff2548d140 "client.example.com", class=class@entry=1, type=type@entry=1, answer=answer@entry=0x7fff2548c700 "", anslen=anslen@entry=1024, answerp=answerp@entry=0x7fff2548cb30, answerp2=answerp2@entry=0x0, nanswerp2=nanswerp2@entry=0x0, resplen2=resplen2@entry=0x0) at res_query.c:226 #4 0x00007fda38d16963 in __libc_res_nquerydomain (domain=0x0, resplen2=0x0, nanswerp2=0x0, answerp2=0x0, answerp=0x7fff2548cb30, anslen=1024, answer=0x7fff2548c700 "", type=1, class=1, name=0x7fff2548d140 "client.example.com", statp=0x7fda39f533e0 <_res(a)GLIBC_2.2.5>) at res_query.c:582 #5 __GI___libc_res_nsearch (statp=0x7fda39f533e0 <_res(a)GLIBC_2.2.5>, name=name@entry=0x7fff2548d140 "client.example.com", class=class@entry=1, type=type@entry=1, answer=answer@entry=0x7fff2548c700 "", anslen=anslen@entry=1024, answerp=0x7fff2548cb30, answerp2=answerp2@entry=0x0, nanswerp2=nanswerp2@entry=0x0, resplen2=resplen2@entry=0x0) at res_query.c:378 #6 0x00007fda2f2777e4 in __GI__nss_dns_gethostbyname3_r ( name=name@entry=0x7fff2548d140 "client.example.com", af=af@entry=2, result=result@entry=0x7fff2548d120, buffer=buffer@entry=0x1f33590 "\177", buflen=buflen@entry=992, errnop=errnop@entry=0x7fda3d8966a0, h_errnop=h_errnop@entry=0x7fff2548d10c, ttlp=ttlp@entry=0x0, canonp=canonp@entry=0x0) at nss_dns/dns-host.c:192 #7 0x00007fda2f277af0 in _nss_dns_gethostbyname_r ( name=0x7fff2548d140 "client.example.com", result=0x7fff2548d120, buffer=0x1f33590 "\177", buflen=992, errnop=0x7fda3d8966a0, h_errnop=0x7fff2548d10c) at nss_dns/dns-host.c:273 #8 0x00007fda39c9e163 in __gethostbyname_r ( name=name@entry=0x7fff2548d140 "client.example.com", resbuf=resbuf@entry=0x7fff2548d120, buffer=0x1f33590 "\177", buflen=buflen@entry=992, result=result@entry=0x7fff2548d118, h_errnop=h_errnop@entry=0x7fff2548d10c) at ../nss/getXXbyYY_r.c:266 #9 0x00007fda3bb1b3de in ldap_pvt_gethostbyname_a ( name=name@entry=0x7fff2548d140 "client.example.com", resbuf=resbuf@entry=0x7fff2548d120, buf=buf@entry=0x7fff2548d110, result=result@entry=0x7fff2548d118, herrno_ptr=herrno_ptr@entry=0x7fff2548d10c) at util-int.c:350 #10 0x00007fda3bb1b5d0 in ldap_pvt_get_fqdn (name=0x7fff2548d140 "client.example.com", name@entry=0x0) at util-int.c:748 #11 0x00007fda3bb19b47 in ldap_int_initialize ( gopts=gopts@entry=0x7fda3bd40000 <ldap_int_global_options>, dbglvl=dbglvl@entry=0x0) at init.c:645 #12 0x00007fda3bb1a627 in ldap_set_option (ld=0x0, option=24582, invalue=0x7fff2548d2b0) at options.c:446 #13 0x00007fda30951cf6 in setup_tls_config (basic_opts=0x1f30450) at src/providers/ldap/sdap.c:533 #14 0x00007fda308214b3 in ldap_id_init_internal (bectx=0x1f12b40, ops=0x1f12cb0, pvt_data=0x7fff2548d5e8) at src/providers/ldap/ldap_init.c:146 #15 0x00007fda30821ba0 in sssm_ldap_id_init (bectx=0x1f12b40, ops=0x1f12cb0, pvt_data=0x1f12cb8) at src/providers/ldap/ldap_init.c:199 #16 0x000000000041b227 in load_backend_module (ctx=0x1f12b40, bet_type=BET_ID, bet_info=0x1f12ca8, default_mod_name=0x0) at src/providers/data_provider_be.c:2346 #17 0x000000000041ce4c in be_process_init (mem_ctx=0x1f0ba80, be_domain=0x1f093f0 "localipaldap", ev=0x1f0a630, cdb=0x1f0bb90) at src/providers/data_provider_be.c:2520 #18 0x000000000041fde6 in main (argc=3, argv=0x7fff2548e008) at src/providers/data_provider_be.c:2743 735 /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option, 736 * because the SSL/TLS context is initialized from this value. */ 737 ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, 738 &ldap_opt_x_tls_require_cert); 739 if (ret != LDAP_OPT_SUCCESS) { 740 DEBUG(SSSDBG_CRIT_FAILURE, 741 "ldap_set_option failed: %s\n",sss_ldap_err2string(ret)); 742 return EIO; 743 } Thanks, -- Jan Synacek Software Engineer, Red Hat

5 7

[LMDB] Single writer question
by Alain 18 Jun '14

18 Jun '14

If my memory serves me well, at some point Howard mentioned that LMDB was looking at moving from a single environment writer to a single writer per database. Am I just dreaming or did I see that? And if I'm not dreaming then what is the status of this, as my experiment seem to show that there is no performance gain to be have by splitting your data in more than one db. Thanks Alain

2 2

back-sql on Debian testing
by Chad E. Berg 17 Jun '14

17 Jun '14

I am trying to get OpenLDAP 2.4.39 working with MySQL using back-sql to query the database for a specific application. I have spent weeks on this and I feel like I am very close. The database is for vpopmail, I realize that there is an ldap auth module for vpopmail, however it is not very well supported so I hesitate to jump to that in a production system. I have it 90% working I would say, just missing a few minor things I believe. I was able to get the OpenLDAP example includes in the docs working so I know it's something with my configuration specifically that is not correct. I would greatly appreciate if anyone could see something wrong with my setup. I have included all relevant configuration files as well as the MySQL vpopmail database information. This is the slapd.conf file: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args idletimeout 30 threads 32 loglevel 0xFFFF modulepath /usr/lib/ldap moduleload back_sql.la database sql suffix "dc=example,dc=com" rootdn "cn=root,dc=example,dc=com" rootpw {CRYPT}rootpassword dbname vpopmail dbuser vpopmail dbpasswd somepassword subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)" has_ldapinfo_dn_ru no There is an /etc/odbc.ini file and /etc/odbcinst.ini file, but the issue is not the connection, so that should be irrelevant. When running in debug mode here is the relevant part of the console log when executing: ldapsearch -x -s sub -b "UID=ADWORDS(a)EXAMPLE.COM,DC=EXAMPLE,DC=COM" "(objectClass=*)" 5383972d slapd startup: initiated. 5383972d backend_startup_one: starting "cn=config" 5383972d config_back_db_open 5383972d config_build_entry: "cn=config" 5383972d config_build_entry: "cn=module{0}" 5383972d config_build_entry: "cn=schema" 5383972d >>> dnNormalize: <cn={0}core> 5383972d <<< dnNormalize: <cn={0}core> 5383972d config_build_entry: "cn={0}core" 5383972d >>> dnNormalize: <cn={1}cosine> 5383972d <<< dnNormalize: <cn={1}cosine> 5383972d config_build_entry: "cn={1}cosine" 5383972d >>> dnNormalize: <cn={2}inetorgperson> 5383972d <<< dnNormalize: <cn={2}inetorgperson> 5383972d config_build_entry: "cn={2}inetorgperson" 5383972d config_build_entry: "olcDatabase={-1}frontend" 5383972d config_build_entry: "olcDatabase={0}config" 5383972d config_build_entry: "olcDatabase={1}sql" 5383972d backend_startup_one: starting "dc=example,dc=com" 5383972d ==>backsql_db_open(): testing RDBMS connection 5383972d backsql_db_open(): concat func not specified (use "concat_pattern" directive in slapd.conf) 5383972d backsql_db_open(): children search SQL condition not specified (use "children_cond" directive in slapd.conf); preparing default 5383972d backsql_db_open(): setting "ldap_entries.dn LIKE CONCAT('%,',?)" as default "children_cond" 5383972d backsql_db_open(): DN match search SQL condition not specified (use "dn_match_cond" directive in slapd.conf); preparing default 5383972d backsql_db_open(): setting "ldap_entries.dn=?" as default "dn_match_cond" 5383972d backsql_db_open(): objectclass mapping SQL statement not specified (use "oc_query" directive in slapd.conf) 5383972d backsql_db_open(): setting "SELECT id,name,keytbl,keycol,create_proc,delete_proc,expect_return FROM ldap_oc_mappings" by default 5383972d backsql_db_open(): attribute mapping SQL statement not specified (use "at_query" directive in slapd.conf) 5383972d backsql_db_open(): setting "SELECT name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_r eturn,sel_expr_u FROM ldap_attr_mappings WHERE oc_map_id=?" by default 5383972d backsql_db_open(): entry insertion SQL statement not specified (use "insentry_stmt" directive in slapd.conf) 5383972d backsql_db_open(): setting "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)" by default 5383972d backsql_db_open(): entry deletion SQL statement not specified (use "delentry_stmt" directive in slapd.conf) 5383972d backsql_db_open(): setting "DELETE FROM ldap_entries WHERE id=?" by default 5383972d backsql_db_open(): entry deletion SQL statement not specified (use "renentry_stmt" directive in slapd.conf) 5383972d backsql_db_open(): setting "UPDATE ldap_entries SET dn=?,parent=?,keyval=? WHERE id=?" by default 5383972d backsql_db_open(): objclasses deletion SQL statement not specified (use "delobjclasses_stmt" directive in slapd.conf) 5383972d backsql_db_open(): setting "DELETE FROM ldap_entry_objclasses WHERE entry_id=?" by default 5383972d ==>backsql_get_db_conn() 5383972d ==>backsql_open_db_handle() 5383972d <==backsql_open_db_handle() 5383972d <==backsql_get_db_conn() 5383972d ==>backsql_load_schema_map() 5383972d backsql_load_schema_map(): oc_query "SELECT id,name,keytbl,keycol,create_proc,delete_proc,expect_return FROM ldap_oc_mappings" 5383972d objectClass: id="1" name="inetOrgPerson" keytbl="vpopmail" keycol="id" create_proc="" create_keyval="" delete_proc="" expect_return="0"create_hint="" 5383972d backsql_load_schema_map(): objectClass "inetOrgPerson": keytbl="vpopmail" keycol="id" 5383972d expect_return: add=0, del=0; attributes: 5383972d objectClass: id="2" name="groupOfUniqueNames" keytbl="vpopmail" keycol="id" create_proc="" create_keyval="" delete_proc="" expect_return="0"create_hint="" 5383972d backsql_load_schema_map(): objectClass "groupOfUniqueNames": keytbl="vpopmail" keycol="id" 5383972d expect_return: add=0, del=0; attributes: 5383972d backsql_load_schema_map(): at_query "SELECT name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_r eturn,sel_expr_u FROM ldap_attr_mappings WHERE oc_map_id=?" 5383972d backsql_oc_get_attr_mapping(): executing at_query "SELECT name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_r eturn,sel_expr_u FROM ldap_attr_mappings WHERE oc_map_id=?" for objectClass "inetOrgPerson" with param oc_id=1 5383972d attributeType: name="cn" sel_expr="pw_gecos" from="vpopmail" join_where="" add_proc="" delete_proc="" sel_expr_u="" 5383972d backsql_oc_get_attr_mapping(): preconstructed query "SELECT pw_gecos AS cn FROM vpopmail WHERE vpopmail.id=? ORDER BY cn" 5383972d attributeType: name="givenName" sel_expr="SUBSTRING_INDEX(`pw_gecos`, ' ', 1)" from="vpopmail" join_where="" add_proc="" delete_proc="" sel_expr_u="" 5383972d backsql_oc_get_attr_mapping(): preconstructed query "SELECT SUBSTRING_INDEX(`pw_gecos`, ' ', 1) AS givenName FROM vpopmail WHERE vpopmail.id=? ORDER BY givenName" 5383972d attributeType: name="sn" sel_expr="SUBSTRING_INDEX(`pw_gecos`, ' ', -1)" from="vpopmail" join_where="" add_proc="" delete_proc="" sel_expr_u="" 5383972d backsql_oc_get_attr_mapping(): preconstructed query "SELECT SUBSTRING_INDEX(`pw_gecos`, ' ', -1) AS sn FROM vpopmail WHERE vpopmail.id=? ORDER BY sn" 5383972d attributeType: name="userPassword" sel_expr="pw_passwd" from="vpopmail" join_where="" add_proc="" delete_proc="" sel_expr_u="" 5383972d backsql_oc_get_attr_mapping(): preconstructed query "SELECT pw_passwd AS userPassword FROM vpopmail WHERE vpopmail.id=? ORDER BY userPassword" 5383972d attributeType: name="uid" sel_expr="CONCAT(pw_name,'@',pw_domain)" from="vpopmail" join_where="" add_proc="" delete_proc="" sel_expr_u="" 5383972d backsql_oc_get_attr_mapping(): preconstructed query "SELECT CONCAT(pw_name,'@',pw_domain) AS uid FROM vpopmail WHERE vpopmail.id=? ORDER BY uid" 5383972d backsql_load_schema_map("inetOrgPerson"): autoadding 'objectClass' and 'ref' mappings 5383972d backsql_oc_get_attr_mapping(): executing at_query "SELECT name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_r eturn,sel_expr_u FROM ldap_attr_mappings WHERE oc_map_id=?" for objectClass "groupOfUniqueNames" with param oc_id=2 5383972d attributeType: name="cn" sel_expr="UNIQUE(pw_domain)" from="vpopmail" join_where="" add_proc="" delete_proc="" sel_expr_u="" 5383972d backsql_oc_get_attr_mapping(): preconstructed query "SELECT UNIQUE(pw_domain) AS cn FROM vpopmail WHERE vpopmail.id=? ORDER BY cn" 5383972d backsql_load_schema_map("groupOfUniqueNames"): autoadding 'objectClass' and 'ref' mappings 5383972d <==backsql_load_schema_map() 5383972d ==>backsql_free_db_conn() 5383972d ==>backsql_close_db_handle(0x7f9f7427da70) 5383972d <==backsql_close_db_handle(0x7f9f7427da70) 5383972d <==backsql_free_db_conn() 5383972d <==backsql_db_open(): test succeeded, schema map loaded 5383972d slapd starting 53839731 slap_listener_activate(8): 53839731 >>> slap_listener(ldap:///) 53839731 connection_get(10) 53839731 connection_get(10): got connid=1000 53839731 connection_read(10): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 12 contents: 53839731 op tag 0x60, time 1401132849 ber_get_next 53839731 conn=1000 op=0 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: 53839731 >>> dnPrettyNormal: <> 53839731 <<< dnPrettyNormal: <>, <> 53839731 do_bind: version=3 dn="" method=128 53839731 send_ldap_result: conn=1000 op=0 p=3 53839731 send_ldap_result: err=0 matched="" text="" 53839731 send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 10 53839731 do_bind: v3 anonymous bind 53839731 connection_get(10) 53839731 connection_get(10): got connid=1000 53839731 connection_read(10): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 76 contents: 53839731 op tag 0x63, time 1401132849 ber_get_next 53839731 conn=1000 op=1 do_search ber_scanf fmt ({miiiib) ber: 53839731 >>> dnPrettyNormal: <UID=ADWORDS(a)EXAMPLE.COM,DC=EXAMPLE,DC=COM> => ldap_bv2dn(UID=ADWORDS(a)EXAMPLE.COM,DC=EXAMPLE,DC=COM,0) <= ldap_bv2dn(UID=ADWORDS(a)EXAMPLE.COM,DC=EXAMPLE,DC=COM)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=ADWORDS(a)EXAMPLE.COM,dc=EXAMPLE,dc=COM)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=adwords(a)example.com,dc=example,dc=com)=0 53839731 <<< dnPrettyNormal: <uid=ADWORDS(a)EXAMPLE.COM,dc=EXAMPLE,dc=COM>, <uid=adwords(a)example.com,dc=example,dc=com> 53839731 SRCH "UID=ADWORDS(a)EXAMPLE.COM,DC=EXAMPLE,DC=COM" 2 053839731 0 0 0 ber_scanf fmt (m) ber: 53839731 filter: (objectClass=*) ber_scanf fmt ({M}}) ber: 53839731 attrs:53839731 53839731 ==> limits_get: conn=1000 op=1 self="[anonymous]" this="uid=adwords(a)example.com,dc=example,dc=com" 53839731 ==>backsql_search(): base="uid=adwords(a)example.com,dc=example,dc=com", filter="(objectClass=*)", scope=2,53839731 deref=0, attrsonly=0, attributes to load: all 53839731 ==>backsql_get_db_conn() 53839731 ==>backsql_open_db_handle() 53839731 <==backsql_open_db_handle() 53839731 <==backsql_get_db_conn() 53839731 ==>backsql_dn2id("uid=adwords(a)example.com,dc=example,dc=com") matched expected 53839731 backsql_dn2id("uid=adwords(a)example.com,dc=example,dc=com"): id_query "SELECT id,keyval,oc_map_id,dn FROM ldap_entries WHERE dn=?" 53839731 backsql_dn2id("uid=adwords(a)example.com,dc=example,dc=com"): id=adwords(a)example.com keyval=adwords(a)example.com oc_id=1 dn=UID=ADWORDS(a)EXAMPLE.COM,DC=EXAMPLE,DC=COM 53839731 <==backsql_dn2id("uid=adwords(a)example.com,dc=example,dc=com"): err=80 53839731 send_ldap_result: conn=1000 op=1 p=3 53839731 send_ldap_result: err=80 matched="" text="" 53839731 send_ldap_response: msgid=2 tag=101 err=80 ber_flush2: 14 bytes to sd 10 53839731 <==backsql_search() 53839731 connection_get(10) 53839731 connection_get(10): got connid=1000 53839731 connection_read(10): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 5 contents: 53839731 op tag 0x42, time 1401132849 ber_get_next 53839731 ber_get_next on fd 10 failed errno=0 (Success) 53839731 conn=1000 op=2 do_unbind 53839731 connection_close: conn=1000 sd=10\ Here is the vpopmail database structure without any LDAP tables added: -- -- Table structure for table `dir_control` -- CREATE TABLE IF NOT EXISTS `dir_control` ( `domain` char(64) NOT NULL DEFAULT '', `cur_users` int(11) DEFAULT NULL, `level_cur` int(11) DEFAULT NULL, `level_max` int(11) DEFAULT NULL, `level_start0` int(11) DEFAULT NULL, `level_start1` int(11) DEFAULT NULL, `level_start2` int(11) DEFAULT NULL, `level_end0` int(11) DEFAULT NULL, `level_end1` int(11) DEFAULT NULL, `level_end2` int(11) DEFAULT NULL, `level_mod0` int(11) DEFAULT NULL, `level_mod1` int(11) DEFAULT NULL, `level_mod2` int(11) DEFAULT NULL, `level_index0` int(11) DEFAULT NULL, `level_index1` int(11) DEFAULT NULL, `level_index2` int(11) DEFAULT NULL, `the_dir` char(160) DEFAULT NULL, PRIMARY KEY (`domain`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -------------------------------------------------------- -- -- Table structure for table `lastauth` -- CREATE TABLE IF NOT EXISTS `lastauth` ( `user` char(32) NOT NULL DEFAULT '', `domain` char(64) NOT NULL DEFAULT '', `remote_ip` char(18) NOT NULL DEFAULT '', `timestamp` bigint(20) NOT NULL DEFAULT '0', PRIMARY KEY (`user`,`domain`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -------------------------------------------------------- -- -- Table structure for table `relay` -- CREATE TABLE IF NOT EXISTS `relay` ( `ip_addr` char(18) NOT NULL DEFAULT '', `timestamp` char(12) DEFAULT NULL, PRIMARY KEY (`ip_addr`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -------------------------------------------------------- -- -- Table structure for table `valias` -- CREATE TABLE IF NOT EXISTS `valias` ( `alias` varchar(32) NOT NULL DEFAULT '', `domain` varchar(64) NOT NULL DEFAULT '', `valias_line` text NOT NULL, KEY `alias` (`alias`,`domain`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -------------------------------------------------------- -- -- Table structure for table `vlog` -- CREATE TABLE IF NOT EXISTS `vlog` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `user` varchar(32) DEFAULT NULL, `passwd` varchar(32) DEFAULT NULL, `domain` varchar(64) DEFAULT NULL, `logon` varchar(200) DEFAULT NULL, `remoteip` varchar(18) DEFAULT NULL, `message` varchar(255) DEFAULT NULL, `timestamp` bigint(20) NOT NULL DEFAULT '0', `error` int(11) DEFAULT NULL, PRIMARY KEY (`id`), KEY `user_idx` (`user`), KEY `domain_idx` (`domain`), KEY `remoteip_idx` (`remoteip`), KEY `error_idx` (`error`), KEY `message_idx` (`message`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=21403 ; -- -------------------------------------------------------- -- -- Table structure for table `vpopmail` -- CREATE TABLE IF NOT EXISTS `vpopmail` ( `pw_name` char(32) NOT NULL, `pw_domain` char(96) NOT NULL, `pw_passwd` char(40) DEFAULT NULL, `pw_uid` int(11) DEFAULT NULL, `pw_gid` int(11) DEFAULT NULL, `pw_gecos` char(48) DEFAULT NULL, `pw_dir` char(160) DEFAULT NULL, `pw_shell` char(20) DEFAULT NULL, `pw_clear_passwd` char(16) DEFAULT NULL, PRIMARY KEY (`pw_name`,`pw_domain`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; Here are the tables added to the vpopmail database with their info: -- -- Table structure for table `ldap_attr_mappings` -- CREATE TABLE IF NOT EXISTS `ldap_attr_mappings` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `oc_map_id` int(10) unsigned NOT NULL, `name` varchar(255) NOT NULL, `sel_expr` varchar(255) NOT NULL, `sel_expr_u` varchar(255) DEFAULT NULL, `from_tbls` varchar(255) NOT NULL, `join_where` varchar(255) DEFAULT NULL, `add_proc` varchar(255) DEFAULT NULL, `delete_proc` varchar(255) DEFAULT NULL, `param_order` tinyint(4) NOT NULL, `expect_return` tinyint(4) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ; -- -------------------------------------------------------- -- -- Table structure for table `ldap_attr_mappings` -- CREATE TABLE IF NOT EXISTS `ldap_attr_mappings` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `oc_map_id` int(10) unsigned NOT NULL, `name` varchar(255) NOT NULL, `sel_expr` varchar(255) NOT NULL, `sel_expr_u` varchar(255) DEFAULT NULL, `from_tbls` varchar(255) NOT NULL, `join_where` varchar(255) DEFAULT NULL, `add_proc` varchar(255) DEFAULT NULL, `delete_proc` varchar(255) DEFAULT NULL, `param_order` tinyint(4) NOT NULL, `expect_return` tinyint(4) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ; -- -- Dumping data for table `ldap_attr_mappings` -- INSERT INTO `ldap_attr_mappings` (`id`, `oc_map_id`, `name`, `sel_expr`, `sel_expr_u`, `from_tbls`, `join_where`, `add_proc`, `delete_proc`, `param_order`, `expect_return`) VALUES (1, 1, 'cn', 'pw_gecos', NULL, 'vpopmail', NULL, NULL, NULL, 3, 0), (2, 1, 'givenName', 'SUBSTRING_INDEX(`pw_gecos`, '' '', 1)', NULL, 'vpopmail', NULL, NULL, NULL, 3, 0), (3, 1, 'sn', 'SUBSTRING_INDEX(`pw_gecos`, '' '', -1)', NULL, 'vpopmail', NULL, NULL, NULL, 3, 0), (4, 1, 'userPassword', 'pw_passwd', NULL, 'vpopmail', NULL, NULL, NULL, 3, 0), (5, 1, 'uid', 'CONCAT(pw_name,''@'',pw_domain)', NULL, 'vpopmail', NULL, NULL, NULL, 3, 0), (7, 2, 'cn', 'UNIQUE(pw_domain)', NULL, 'vpopmail', NULL, NULL, NULL, 3, 0); -- -------------------------------------------------------- -- -- Table structure for table `ldap_entry_objclasses` -- CREATE TABLE IF NOT EXISTS `ldap_entry_objclasses` ( `entry_id` int(11) NOT NULL, `oc_name` varchar(64) DEFAULT NULL, PRIMARY KEY (`entry_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Dumping data for table `ldap_entry_objclasses` -- INSERT INTO `ldap_entry_objclasses` (`entry_id`, `oc_name`) VALUES (1, 'inetOrgPerson'), (2, 'groupOfUniqueNames'); -- -------------------------------------------------------- -- -- Table structure for table `ldap_oc_mappings` -- CREATE TABLE IF NOT EXISTS `ldap_oc_mappings` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(64) NOT NULL, `keytbl` varchar(64) NOT NULL, `keycol` varchar(64) NOT NULL, `create_proc` varchar(255) DEFAULT NULL, `delete_proc` varchar(255) DEFAULT NULL, `expect_return` tinyint(4) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ; -- -- Dumping data for table `ldap_oc_mappings` -- INSERT INTO `ldap_oc_mappings` (`id`, `name`, `keytbl`, `keycol`, `create_proc`, `delete_proc`, `expect_return`) VALUES (1, 'inetOrgPerson', 'vpopmail', 'id', NULL, NULL, 0), (2, 'groupOfUniqueNames', 'vpopmail', 'id', NULL, NULL, 0); This is the code used to create the ldap_entries view: CREATE VIEW ldap_entries AS SELECT CONCAT(vpopmail.pw_name,'@',vpopmail.pw_domain) AS id, UCASE(CONCAT('uid=', vpopmail.pw_name,'@',vpopmail.pw_domain, ',DC=example,DC=com')) AS dn, 1 AS oc_map_id, 0 AS parent, CONCAT(vpopmail.pw_name,'@',vpopmail.pw_domain) AS keyval FROM vpopmail UNION SELECT vpopmail.pw_domain AS id, UCASE(CONCAT( 'cn=', vpopmail.pw_domain, ',DC=example,DC=com')) AS dn, 2 AS oc_map_id, 3 AS parent, vpopmail.pw_domain AS id FROM vpopmail

2 1

bug with smbldap ldap
by rodrigo tavares 17 Jun '14

17 Jun '14

Hello people, I'm try install samba e ldap. #the site that I below is a tutorial http://www.unixmen.com/setup-samba-domain-controller-with-openldap-backend-…. My OS is ubuntu, I have some troubles smbldap CRASH. How mean this log ? Sorry, command-not-found has crashed! Please file a bug report at: https://bugs.launchpad.net/command-not-found/+filebug Please include the following information with the report: command-not-found version: 0.3 Python version: 3.3.1 final 0 Distributor ID: Ubuntu Description: Ubuntu 13.04 Release: 13.04 Codename: raring Exception information: unsupported locale setting Traceback (most recent call last): File "/usr/lib/python3/dist-packages/CommandNotFound/util.py", line 24, in crash_guard callback() File "/usr/lib/command-not-found", line 69, in main enable_i18n() File "/usr/lib/command-not-found", line 40, in enable_i18n locale.setlocale(locale.LC_ALL, '') File "/usr/lib/python3.3/locale.py", line 541, in setlocale return _setlocale(category, locale) locale.Error: unsupported locale setting

3 2

ITS #7161, ppolicy pwdFailureTime resolution should be better than 1 second
by Paul B. Henson 16 Jun '14

16 Jun '14

I realize that development discussion is supposed to go to openldap-devel, but despite having subscribed to that a month ago, none of my postings have gone through. I hear they are having some technical difficulties with that list, so for the sake of this submission not being indefinitely delayed, here it is. Attached is a proposed patch to fix ITS #7161. It uses the same method as the accesslog module to generate a subsecond generalized time, appending the o_tincr value from the operation structure as fractional seconds. The only other code that looks at the value of that attribute calls parse_time to pull seconds out of it (ignoring the fractional second part), so other than modifying the format the attribute is stored in I don't believe there are any other changes required with this.

4 24

issue with bad data ? In MMR setup
by Daniel Jung 14 Jun '14

14 Jun '14

Hi, Ldap daemon was being restarted every so many minutes. All the consumers were out of sync and had to be re-synced. This specific master in question in MMR setup was restored from other master and the issue went away. running 2.4.37 on centos6 with hdb backend on the masters and lmdb on the consumers. Searching thru the list shows a lot of hits with "too old", AFAIK ntp is kept quite closely. serverid "000" no longer exists as it was decomissioned since last year, hence contextcsn is really old. Not sure if that played a role in this havoc or not. Could you tell me what "srs" and "log" means in the context below? Following is what I found in the log, and there were a lot of these which probably contributed to restart of the daemon: Jun 14 00:05:21 name of the server slapd[16745]: srs csn 20131226183611.000000Z#000000#000#000000 Jun 14 00:05:21 name of the server slapd[16745]: log csn 20131206192447.000000Z#000000#000#000000 Jun 14 00:05:21 name of the server slapd[16745]: cmp -2, too old Jun 14 00:05:21 name of the server slapd[16745]: log csn 20131206193513.000000Z#000000#000#000000 Jun 14 00:05:21 name of the server slapd[16745]: cmp -2, too old </snip> Jun 14 00:05:59 name of the server slapd[16745]: do_syncrep2: rid=0 01 (-1) Can't contact LDAP server </snip> Jun 14 00:06:15 name of the server slapd[16745]: log csn 20131229125124.532456Z#000000#001#000000 Jun 14 00:06:15 name of the server slapd[16745]: cmp -256, too old Jun 14 00:06:15 name of the server slapd[16745]: log csn 20131229125143.680121Z#000000#001#000000 Jun 14 00:06:15 name of the server slapd[16745]: cmp -256, too old Jun 14 00:06:15 name of the server slapd[16745]: log csn 2013122913 </snip> Jun 14 00:06:59 name of the server slapd[31392]: do_syncrep2: rid=000 LDAP_RES_INTERMEDIATE - SYNC_ID_SET Jun 14 00:06:59 name of the server slapd[31392]: do_syncrep2: rid=000 cookie=rid=000,sid=002,csn=20140613220035.981531Z#000000#001#000000 Jun 14 00:06:59 name of the server slapd[31392]: do_syncrep2: rid=000 LDAP_RES_INTERMEDIATE - REFRESH_DELETE </snip> thank you

1 0

test050-syncrepl-multimaster fails on 2.4.39/mdb
by Jean Gillaux 13 Jun '14

13 Jun '14

Hello, When running test suite for openldap 2.4.39, I see test050-syncrepl-multimaster failing with mdb. Software is build with ./configure --enable-overlays Env is: lxc container 0.9.0.alpha3 running debian wheezy, gcc version 4.7.2 (Debian 4.7.2-5) Same test with hdb is ok. Here is test output: Cleaning up test run directory leftover from previous run. Running ./scripts/test050-syncrepl-multimaster for mdb... running defines.sh Initializing server configurations... Starting server 1 on TCP/IP port 9011... Using ldapsearch to check that server 1 is running... Inserting syncprov overlay on server 1... Starting server 2 on TCP/IP port 9012... Using ldapsearch to check that server 2 is running... Configuring syncrepl on server 2... Starting server 3 on TCP/IP port 9013... Using ldapsearch to check that server 3 is running... Configuring syncrepl on server 3... Starting server 4 on TCP/IP port 9014... Using ldapsearch to check that server 4 is running... Configuring syncrepl on server 4... Adding schema and databases on server 1... Using ldapadd to populate server 1... Waiting 15 seconds for syncrepl to receive changes... Using ldapsearch to read config from server 1... Using ldapsearch to read config from server 2... Using ldapsearch to read config from server 3... Using ldapsearch to read config from server 4... Comparing retrieved configs from server 1 and server 2... Comparing retrieved configs from server 1 and server 3... Comparing retrieved configs from server 1 and server 4... Using ldapsearch to read all the entries from server 1... Using ldapsearch to read all the entries from server 2... Using ldapsearch to read all the entries from server 3... Using ldapsearch to read all the entries from server 4... Comparing retrieved entries from server 1 and server 2... test failed - server 1 and server 2 databases differ The diff between 1 and 2 is: 363,388d362 < dn: cn=Manager,dc=example,dc=com < objectClass: person < cn: Manager < cn: Directory Manager < cn: Dir Man < sn: Manager < description: Manager of the directory < userPassword:: c2VjcmV0 < < dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com < objectClass: OpenLDAPperson < cn: Mark Elliot < cn: Mark A Elliot < sn: Elliot < uid: melliot < postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109 < seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com < homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198 < homePhone: +1 313 555 0388 < drink: Gasoline < title: Director, UM Alumni Association < mail: melliot(a)mail.alumni.example.com < pager: +1 313 555 7671 < facsimileTelephoneNumber: +1 313 555 7762 < telephoneNumber: +1 313 555 4177 < 395,409d368 < < dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com < objectClass: OpenLDAPperson < cn: Ursula Hampster < sn: Hampster < uid: uham < title: Secretary, UM Alumni Association < postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109 < seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com < homePostalAddress: 123 Anystreet $ Anytown, MI 48104 < mail: uham(a)mail.alumni.example.com < homePhone: +1 313 555 8421 < pager: +1 313 555 2844 < facsimileTelephoneNumber: +1 313 555 9700 < telephoneNumber: +1 313 555 5331 Do you have any suggestion regarding this? Thanks -- Jean

2 5

Re: AD pass through to Openladp?
by Justin Stanczak 12 Jun '14

12 Jun '14

This is probably better posted on the Kerberos list, but can Kerberos server work with AD? Meaning set up a Kerberos server (not MS) to authenticate users, and AD accepts tickets from that? On Tue, Jun 10, 2014 at 9:36 AM, Stewart Walters <stewart.walters(a)gmail.com> wrote: > Hi Justin, > > My emails don't seem to arrive to the openldap-technical list. > > But, (and please note, I've never actually done this before) you could use > a virtual LDAP directory front-end to combine portions of both AD and > OpenLDAP to provide clients with a single unified view. In theory the > client can't tell the difference between data from one or the other (though > I imagine that the theory and the practice of this is completely different, > which is why I've never attempted this). > > Such products that provide this are MyVD (http://myvd.sourceforge.net/) > and some commercial ones like RadiantOne VDS, Virtual Identity Server, > Virtual LDAP Server EE > > However all of that complicates what should be a relatively simple thing - > storing and retrieving an identity held within a directory. I wouldn't > recommend looking at virtual directories as a way forward, you're likely to > run in to bigger problems by over engineering the solution. > > I find its best to keep things simple. Either keep the OpenLDAP and AD > identities separate between the two directories, or if you have to, look > towards suggestions made by others (such as using Kerberos V5 Trusted > Realm+OpenLDAP; or Samba+OpenLDAP). > > Best of luck, > > Stewart > > >

2 1

chaining a subordinate database only?
by Marc Patermann 12 Jun '14

12 Jun '14

Hello, http://www.openldap.org/doc/admin24/overlays.html#Chaining says: "On each replica, add this near the top of the slapd.conf(5) file (global), before any database definitions" - so chaining works as a global directive for all databases in the example. I get it to work this way. But I want chaining only for a single subordinate db, not for all. I do not get this working. It behaves like there is not chaining. Is this even possible? The basic layout is like this: database mdb suffix ou=system,ou=foo subordinate database mdb suffix ou=linux,ou=foo subordinate overlay chaining overlay ppolicy database mdb suffix ou=foo ppolicy must only work for ou=linux. That is why, it is a database of its own. (Is there another way?). The ppolicy attributes should be replicated to all the slaves. As far as I understood it, I have to chain the database to the master to replicate the attributes. (Right?) Marc

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical June 2014