Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years, 4 months
OpenLDAP and dynalogin (two-factor auth with HOTP)
by Daniel Pocock
Some time ago I created the dynalogin ( http://www.dynalogin.org )
solution for two-factor authentication.
I'm just contemplating how to make it easier to integrate, and making it
convenient to use with OpenLDAP seems like a good strategy: can anyone
comment on that?
The initial thoughts that I have about the subject:
- SASL based solution (dynalogin has digest capability already, so it
could be adapted for SASL PLAIN or DIGEST-MD5)
- should not prevent password logins (user should be able to use either
password or HOTP code)
- should enable people to use it indirectly (e.g. if someone already has
pam_ldap working, they should be able to add dynalogin to their OpenLDAP
server and get immediate benefit)
- use cases: UNIX login, high-security webmail login, VPN and OpenID
provider backed by OpenLDAP
I know that SASL already supports OTP, but that is not HOTP, it is OPIE
(or S/Key) RFC 2289:
http://tools.ietf.org/html/rfc2289
whereas HOTP is RFC 4226:
http://www.ietf.org/rfc/rfc4226.txt
HOTP is considered more secure and more widely implemented.
8 years, 3 months
translucent overlay add an attribute to all users in a OU and subtree
by Nicolas RENAULT
Hi,
(sorry for poor english)
I already ask here for meta and it's working (only have the date format
conversion problem but we are about to find alternative)
So the ldap proxy can search for a user and provide attributes from an
AD, Edir and openldap.
but now I want to add attributes to the edir and openldap users search
result to have as much as from a AD user
(example homeDrive)
I plan to use translucent to add these attributes, find that translucent
cannot be used with meta so create new slapd instance.
I have add base and OU into this instance
I read carefully http://www.openldap.org/doc/admin24/overlays.html , and
man slapo-translucent
I understand that they explain how to add attributes to only one group
here my questions
how can I add attributes to the translucent instance to all users in an
OU (and sub) ?
is there another way to do what I want to do ?
thanks all for responses
--
Nicolas
8 years, 11 months
Problem: LDAP installation without internet
by Patrick Pat
Hi,
I would like all LDAP installation procedure without internet in linux
(ubuntu (9.10 or other), Debian, ...), but by its compressed file
namely:
openldap-2.4.8.tgz or openldap-2.4.7.tgz or openldap-2.4.9.tgz or
openldap-2.0-beta.tgz ...
And any configuration environment variables.
best regards !
9 years
RE24 testing call (2.4.40)
by Quanah Gibson-Mount
If you know how to build OpenLDAP manually, and would like to participate
in testing the next set of code for the 2.4.39 release, please do so.
Generally, get the code for RE24:
<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...>
Configure & build.
Execute the test suite (via make test) after it is built.
Thanks!
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
9 years
LDAP gateway to RADIUS serverf
by David R
Dear All,
I have setup 2 factor authentication on a RADIUS server (OTP).The user has to authenticate using:login: adusernamepassword: ADpasswordGENERATEDPIN
My issue is that some applications like VMWare supports only LDAP authentication.
So i was wondering how i could use RADIUS server for authentication inside LDAP.
I have found some elements like pw-radius.so, but this is clearly not fully documented.
So I was wondering if one of you has ever implemented this kind of solution and how...
Kind reagrds,
David
9 years
LMDB write/read simultaneously over different threads
by Vasilis Lasdas
Hi all,
I am a new user to LMDB. Please forgive me for my ignorance or mistakes you
might encounter.
However, I have spent quite some time trying to resolve my issues but
without a success.
That's why I am writing to you asking for your help to shade some light.
To the point:
1) I am having a database where there is only one writer and a few
readers(e.g. 4 readers).
2) The database-writer lives on different thread than the
database-reader(s).
3) The writer-thread keeps on running/writing all the time to the database.
4) At random intervals readers from different threads will request to
extract data from the database.
The problem that occurs is the following: If the writer is active( during
writing), If I try to fetch any data
from the db using the reader, it fails, with error MDB_NOTFOUND. As a
remark here, I make sure that the
reader-thread is launched AFTER the writer thread to ensure that the data
exist in the db.
In order to simulate this kind of behaviour(write-read) over different
threads, I have written a small test application,
that tries to depict my case/usecase.
In main() I simply launch two threads/functions, the writer-thread and
after some time, the reader thread.
The common enviroment is constructed() in main and passed as parameter to
the auxilliary functions.
If the reader starts reading while writing is not finished, then the
application crashes or returns MDB_NOTFOUND.
This contradicts with the capabilities of the library, that is, parallel
write/read from different threads.
If the writer has finished, then the reader works properly.
Some general questions.
i) How many times do i need to open the database? Currently I open the
(unique) database twice: one in the writer and one in the reader.
The doc mentions that it has to be opened only one time. Even in that case,
my app does not work.
ii) What is the practical usage of mdb_txn_reset() and mdb_txn_renew()?
Does it need to be used in my case?
iii) Since I am only ADDING data in the db and only READING them, what kind
of optimizations can be applied?
iv) Regarding for-loops, what is a proper way of using the trasnactions and
commit/abort/reset/etc of transactions?
Please any helpfull information is highly apprecited or if someone can
add some examples with different threads that would be awesome.
#include <iostream>
#include <thread>
#include <assert.h>
#include <string>
#include "lmdb.h"
#include <unistd.h>
using namespace std;
void writeLMDB( MDB_env * env, size_t nrElems )
{
cout << "BEGIN WRITING." << endl;
MDB_txn *txn;
MDB_dbi dbi;
MDB_stat status;
// create transaction
assert( MDB_SUCCESS == mdb_txn_begin( env, NULL, 0, &txn ) );
// open db
assert( MDB_SUCCESS == mdb_open( txn, NULL, MDB_DUPSORT , &dbi ) );
// this commit-transaction is needed since we are creating the db for
the first time
assert( MDB_SUCCESS == mdb_txn_commit( txn ) );
MDB_val key, data;
// begin (again a new transaction)
assert( MDB_SUCCESS == mdb_txn_begin( env, NULL, 0, &txn ) );
// keep on writing elements in the db
for( size_t i = 0; i < nrElems ; ++i )
{
key.mv_size = sizeof( size_t );
key.mv_data = &i;
string value = "test";
data.mv_size = value.size();
data.mv_data = (void*)value.data();
cout << "WRITER-KEY:" << *(size_t*)key.mv_data << " VALUE:" ;
cout.write( (char*)data.mv_data, data.mv_size ); cout << endl;
assert( MDB_SUCCESS == mdb_put( txn, dbi, &key, &data, 0 ) );
}
assert( MDB_SUCCESS == mdb_txn_commit( txn ) );
assert( MDB_SUCCESS == mdb_env_stat( env, &status ) );
mdb_close( env, dbi );
cout << "FINISHED WRITING." << endl;
}
void readLMDB( MDB_env * _env, size_t start, size_t end )
{
cout << "BEGIN READING.." << endl;
MDB_dbi dbi;
MDB_txn *txn = NULL;
// lmdb operations
assert( MDB_SUCCESS == mdb_txn_begin( _env, NULL, MDB_RDONLY, &txn ) );
assert( MDB_SUCCESS == mdb_open( txn, NULL, 0, &dbi ) );
// key+data
MDB_val key, data;
for ( size_t i = start; i <= end ; i++ )
{
key.mv_size = sizeof( size_t );
key.mv_data = &i;
int res = mdb_get( txn, dbi , &key, &data );
//cout << "READER-KEY:" << *(size_t*)key.mv_data << " VALUE:" ;
cout.write( (char*)data.mv_data, data.mv_size ); cout << endl;
if( res != 0 ) cout << "error fetching data" << endl;
}
// close db
mdb_close( _env, dbi );
cout << "FINISHED READING.." << endl;
}
int main(int argc, char *argv[] )
{
// db location(folder must exist)
string dbLocation = "/work/vasilis/databases/lmdbtest/";
size_t maxdbSize = 10485760;
system( "rm -rf /work/vasilis/databases/lmdbtest/*" );
//create enviroment:ONE enviroment only for one process
MDB_env * _env;
assert( MDB_SUCCESS == ( mdb_env_create( &_env ) ) );
//set the size of the database
assert( MDB_SUCCESS == mdb_env_set_mapsize( _env, maxdbSize ) );
// open the enviroment: ready to be used by everyone else
assert( MDB_SUCCESS == mdb_env_open( _env, dbLocation.c_str(), 0 , 0664
) );
// writer-thread: write 1000 elements in the database
thread writethread( writeLMDB, _env, 1000 );
usleep( 1000 * 100 );
// read from - to
thread readthread( readLMDB, _env, 0, 20 );
// wait for threads to finish
writethread.join();
readthread.join();
cout << "THREADS COMPLETED " << endl;
// close the enviroment
mdb_env_close( _env );
return 0;
}
regards,
Vasilis
9 years, 1 month
Passwords, Hashing, and Binds
by Bram Cymet
Hi,
I am storing users passwords in a userPassword attribute. When the
passwords are hashed with MD5 I can bind as the user just fine. If I
hash the password with sha-256 I get invalid credentials.
Is there something I have to change in my client?
Is there something I have to change on the server?
Is binding a user with a password stored with sha-256 (or at least
something better then md5) even possible?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
613-608-9752
9 years, 1 month
keepalive parameter setting in openldap for consumer doesnot work
by pramod kulkarni
Hi,
I unplugged network cable of provider,added new users but it never
synchronizes.
with the consumer.Consumer never sends the keepalive signals
I am using 2.4.39 version of Openldap on windows machine
this is my consumer setting
olcSyncrepl: {0}rid=002 provider=ldap://ipaddress:389 bindmethod=sasl timeou
t=0 network-timeout=0 saslmech=external keepalive=1:1:10 starttls=critical
tl
s_cert="CN=Consumer3, O=CRAP" tls_cacert="CN=TestCA, O=CRAP"
tls_reqcert=demand
tls_cipher_suite=HIGH:MEDIUM:-SSLv2 filter="(objectclass=*)"
searchbase="dc=
crap,dc=com" scope=sub attrs="*,+" schemachecking=off
type=refreshAndPersis
t retry="60 +"
if I make fresh setup of consumer & provider,it works & everything gets
replicated properly.
In the earlier version of openldap it was based on system setting like I
used to get keepalive every 2 hours.
What is the minimum value to be set for keepalive parameter in syncrepl?
Can you please tell me do I need to make any changes on consumer side or
provider ?
9 years, 1 month
3rd try : Bug ? ldap_start_tls_s successful even after removing ca certificate from ca cert dir
by SOMA SEKHAR
On Sat, Aug 23, 2014 at 1:08 PM, SOMA SEKHAR <somasekhar44(a)gmail.com> wrote:
> link to question on stackoverflow
> <http://stackoverflow.com/questions/25457034/starttls-succesful-even-after...>
>
>
> I'm having trouble verifying the correct behavior of my software. Here are
> the steps I am performing to verify correct operation:
>
> 1. I have sample code that uses openldap library and doing a start tls
> to a ldap server.
> 2. I have set the global option for ca cert directory and tlx context
> for the first time.
> 3. After that I did ldap init and ldap start tls to a server. This is
> succesful as expected.
> 4. I did an ldap_unbind_s
> 5. I deleted the CA cert that signed the ldap server's certificate
> from the ca cert directory of the client.
> 6. Again did ldap_init and ldap_start_tls_s .
> 7. I expected this call to fail , as I have removed the ca cert. But
> what I observe is that , server sends the certificate but start_tls is
> returning success.
>
> I am using openldap 2.4 with libssl.0.9.8
>
> LDAP *ld;int desired_version=3;
> if ((ld = ldap_init(<hostname>, <server_port>)) == NULL ) {
> printf("ldap_init failed\n");
> exit(0);}
>
> ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version);
> ldap_set_option(NULL, LDAP_OPT_X_TLS_CTX, NULL);
> ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR,"<ca dir>");
> if(ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS){
> printf("start tls failed.\n");
> exit(0);}
> ...... <do bind and search>...
>
> ldap_unbind_s(ld); ...
> // DELETE the CA certificate from the ca dir. // Try to do start tls again
> if ((ld = ldap_init(hostname, server_port)) == NULL ) {
> printf("ldap_init failed , after deleting CA\n");
> exit(0);}
> // This goes fine even after deleting the CAif (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS){
> printf("start tls failed after deleting CA.\n");
> exit(0);}
>
>
> --
> Thanks&Regards,
> SomaSekhar.
>
>
--
Thanks&Regards,
SomaSekhar.
9 years, 1 month
