LMDB storing generated values
by Simon Majou
Hello,
Is there a way to write a value one part at a time ? For instance a value
which is being generated, or received.
>From the doc I found 2 put methods, but they expect a pointer to the full
value.
--
Best regards,
Simon
8 years, 10 months
Migration process in detail
by Rodrigo Coutinho
Hi,
in a near future I will need to migrate from Oracle OID to Openldap.
Could you please share more details of your migration process, the
approach taken, the problems you faced and how did you resolved them.
Right now I can't see how can I migrate the encripted user passwords. Is
it possible ?
I would appreciate any information you could provide.
Thank you in advance
A transmiss�o de mensagens por e-mail n�o � absolutamente segura ou livre de erros. A mensagem pode ser intercetada, alterada, perdida, destru�da, chegar ao destinat�rio com atraso, ou mesmo com v�rus, n�o obstante o IFAP utilizar software anti-v�rus.
Esta mensagem, incluindo eventuais ficheiros anexos, pode conter informa��o confidencial ou privilegiada e destina-se a uso exclusivo dos seus destinat�rios. Se n�o for o destinat�rio pretendido, informamos que a recebeu por engano, pelo que, qualquer utiliza��o, distribui��o, reencaminhamento ou outra forma de revela��o a terceiros, impress�o ou c�pia s�o expressamente proibidos. Se recebeu esta mensagem por engano, por favor contacte imediatamente o remetente por e-mail, e apague de imediato a mensagem do seu sistema inform�tico.
O IFAP declina qualquer responsabilidade por erros ou omiss�es na presente mensagem e eventuais consequ�ncias, que resultem das situa��es referidas.
8 years, 10 months
Why cannot run slapadd -l backup.ldif which requires deprecated lsapd.conf?
by jupiter
Hi,
I am running openldap version 2.4.23 on CentOS 6.5, there is no
slapd.conf, according to the document it is deprecated. But when I run
slapadd, it got an error.
# slapadd -v -l /root/backup.ldif
could not stat config file "/etc/openldap/slapd.conf": No such file or
directory (2)
slapadd: bad configuration file!
Now I am confused, if the slapd.conf is deprecated why the slapadd
sdepends on it? How can I generate the slapd.conf, or copy a template
of slpad.conf?
Thank you and appreciate your advice
- j
8 years, 10 months
LMDB and writes
by Bill Hastings
Hi All
Just getting my feet wet with LMDB. Is it possible for multiple
threads write into LMDB concurrently? Or should writes be serialized
to LMDB?
Thanks
Bill
8 years, 10 months
Help for encrypted password with Blowfish
by Franck Goirand
Hello,
I have a text file containing users and their password encrypted
blowfish.
This password is in the form
$ 2a $ 08 $
hNbsbhDlbaogpYL/2yeCkuxKPPGKcluKb5rk16R0Nwi/34eGVi8r2
I need to create a script for insert the users in a directory via ldap
ldif file. For the password, I use the userPassword instruction. If I
put the password as contained in the file, it does not work.
My issue are:
- Is it possible to type in a password (encrypted in blowfish) as
such ldap directory?
- What syntax i need to use to tag the userPassword ({crypt}
password ...)?
- Should i perform a specific configuration for the slapd.conf file
for the pam authentication engine (pam-ldap is it sufficient)?
I worked on the crypt library, pam_ldap, slapcat ... without success
Any ideas would be welcome,
Best regards
Franck
ps: before passwords were MD5 and I never encountered any problems.
8 years, 10 months
Updating schema with ldapmodify
by Katherine Faella
I am running openldap on Redhat 6 at 2.4.23. I am using cn=config.
I have a schema called uri was added during the initial setup of this
server a few years ago. In this schema I have an
dn: cn={12}uri,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {12}uri
olcAttributeTypes: {0}( 1.3.6.1.4.1.14092.2.1.1 NAME 'uriid' EQUALITY
caseIgno
reMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {1}( 1.3.6.1.4.1.14092.2.1.2 NAME 'dept' EQUALITY
caseIgnor
eMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{
256} )
....
*olcObjectClasses: {7}( 1.3.6.1.4.1.14092.2.2.8 NAME 'URIEducmanager'
DESC 'URI**
** Educmanager' STRUCTURAL MAY ( uid $ userPassword $ employeeNumber $
cn $ sn $**
** givenname $ telephoneNumber $ dc ) )*
olcObjectClasses: {8}( 1.3.6.1.4.1.14092.2.2.9 NAME 'URIEdusakaiperson'
DESC '
URIEdusakaiperson' STRUCTURAL MUST ( URIEduemplid $ URIEduecampusid $
URIEdus
n $ URIEdustatus $ userPassword ) MAY ( mail $ URIEdugn ) )
I need to update the URIEducmanager objectclass to include the mail
object so it will be:
olcObjectClasses: {7}( 1.3.6.1.4.1.14092.2.2.8 NAME 'URIEducmanager'
DESC 'URI
Educmanager' STRUCTURAL MAY ( uid $ userPassword $ employeeNumber $ cn
$ sn $
givenname $ mail $ telephoneNumber $ dc ) )
I have tried many combinations the last of which is
ldapmodify -D "cn=admin,cn=config" -x -W -f
/root/ldapscripts/updatecmanager.ldif -v -H ldap://locumtenens.uri.edu
where updatecmanager.ldif contains:
dn: cn={12}uri,cn=schema,cn=config
changetype: modify
delete: objectclass
objectclass: ( 1.3.6.1.4.1.14092.2.2.8 NAME 'URIEducmanager'
DESC 'URIEducmanager'
STRUCTURAL MAY ( uid $ userPassword $ employeeNumber $
cn $ sn $givenname $ telephoneNumber $ dc ) )
-
add: objectclass
objectclass: ( 1.3.6.1.4.1.14092.2.2.8 NAME 'URIEducmanager'
DESC 'URIEducmanager' SUP top AUXILIARY
STRUCTURAL MAY ( uid $ userPassword $ employeeNumber $
cn $ sn $givenname $ mail $ telephoneNumber $ dc ) )
My run looks like
ldapmodify -D "cn=admin,cn=config" -x -W -f
/root/ldapscripts/updatecmanager.ldif -v -H ldap://locumtenens.uri.edu
ldap_initialize( ldap://locumtenens.uri.edu:389/??base )
Enter LDAP Password:
delete objectclass:
( 1.3.6.1.4.1.14092.2.2.8 NAME 'URIEducmanager'DESC
'URIEducmanager'STRUCTURAL MAY ( uid $ userPassword $ employeeNumber $cn
$ sn $givenname $ telephoneNumber $ dc ) )
add objectclass:
( 1.3.6.1.4.1.14092.2.2.8 NAME 'URIEducmanager'DESC
'URIEducmanager' SUP top AUXILIARYSTRUCTURAL MAY ( uid $ userPassword $
employeeNumber $cn $ sn $givenname $ mail $ telephoneNumber $ dc ) )
modifying entry "cn={12}uri,cn=schema,cn=config"
ldap_modify: Invalid syntax (21)
additional info: objectclass: value #0 invalid per syntax
I have checked for extra blanks on the line, I have tried it with
replace instead of delete and add. I must be missing some important
facts about how it should be done.
Any help greatly appreciated!
Kathy
--
Katherine Faella tel: (401) 874-4469
Sr. Technical Programmer kmf(a)uri.edu
University of Rhode Island
University Computing Systems(UCS)
210 Flagg Road
Kingston, Rhode Island 02881
8 years, 10 months
Re: RE24 Testing call #3
by Patrick Laimbock
Hi Quanah,
From the OPENLDAP_REL_ENG_2_4 branch I got the snapshot with git rev
140c8b8. On an up-to-date CentOS 6.5 x86_64 VM all tests succeeded.
HTH,
Patrick
8 years, 10 months
ACL for object creation in subtree with specific attributes and object classes
by Simeon Ott
Hello,
I'd like to refine my permission set of my openldap installation.
The tree structure is:
dc=mydomain
- cn=admin (ldap admin)
- ou=domains (customer domains)
- ou=example1.com
- cn=user1
- cn=user2
- cn=postmaster
- ou=example2.com
- cn=user1
- cn=user2
- cn=postmaster
The user postmaster is able to change specific attributes of objects in its own "domain" (one level up).
The current ACLs are defined as:
access to dn.regex="^(.+,)?ou=(.+),ou=domains,dc=mydomain$" attrs=userPassword
by dn.base="cn=admin,dc=mydomain" write
by self write
by dn.base,expand="cn=postmaster,ou=$2,ou=domains,dc=mydomain" write
by anonymous auth
by * none
access to attrs=userPassword
by dn.base="cn=admin,dc=mydomain" write
by self write
by anonymous auth
by * none
access to dn.regex="^(.+,)?ou=(.+),ou=domains,dc=mydomain$" attrs=sn,description,vacationActive,vacationInfo,vacationForward,displayName,givenName,homePhone,homePostalAddress,initials,mobile,postalAddress,postalCode,l,telephoneNumber,title
by self write
by dn.base,expand="cn=postmaster,ou=$2,ou=domains,dc=mydomain" write
by * read
access to dn.regex="^(.+,)?ou=(.+),ou=domains,dc=mydomain$"
by dn.base,expand="cn=postmaster,ou=$2,ou=domains,dc=mydomain" write
by * read
access to *
by dn.base="cn=admin,dc=mydomain" write
by * read
ACL rule 4 allows the postmaster to add objects to it's "domain" without any restrictions. How can i restrict the object creation to specific object classes and attributes? Let's say postmaster should only be able to add objects like the following:
dn: cn=user3,ou=example2.com,ou=domains,dc=mydomain
objectClass: CourierMailAccount
objectClass: inetOrgPerson
objectClass: top
objectClass: Vacation
cn: user3
homeDirectory: user3/example2.com/
mail: user.3(a)exampl2.com
sn: User3
vacationActive: TRUE
gidNumber: 5000
smtpRelayFlag: 1
uidNumber: 5000
userPassword:: <crypted password>
vacationInfo:: <binary data>
I didn't find such an approach in Faq-O-Matic nor the manuals
Thanks in advance for any advice
8 years, 10 months
slapd core dumps on ldap add
by Celalettin KILINÇ
Hi,
I have openldap 2.4.36 installed using mdb backend on Solaris 10. I am using this database for a while and suddenly I started getting core dumps while trying to add any data to database. Disk, memory usages seem fine. Database size is not exceeded, it is almost 1/10 full. What may be the reason for this? Please find the other information about the issue as below:
slapd version:
# ./slapd -VVV
@(#) $OpenLDAP: slapd 2.4.36 (Oct 6 2013 13:56:57) $
myuser@myhost:/some/dir/openldap-2.4.36/servers/slapd
Included static overlays:
syncprov
Included static backends:
config
ldif
mdb
slapd.conf for mdb backend:
database mdb
directory /some/dir/openldap/var/openldap-data
suffix "dc=mycomp,dc=com"
rootdn "cn=Manager,dc=mycomp,dc=com"
rootpw password
index objectClass eq
maxsize 45899345920
dbnosync
checkpoint 0 10
threads 32
listener-threads 16
concurrency 1024
envflags writemap,nometasync
slapd debug log:
53e15b8d conn=1001 op=17 do_add
ber_scanf fmt ({m) ber:
53e15b8d conn=1001 op=17 do_add: dn (BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com)
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt (}) ber:
53e15b8d >>> dnPrettyNormal: <BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com>
=> ldap_bv2dn(BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com,0)
<= ldap_bv2dn(BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com)=0
53e15b8d <<< dnPrettyNormal: <BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com>, <BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com>
53e15b8d ==> mdb_add: BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com
53e15b8d oc_check_required entry (BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com), objectClass "RTEBatchGroup"
53e15b8d oc_check_allowed type "BatchGroupName"
53e15b8d oc_check_allowed type "objectClass"
53e15b8d oc_check_allowed type "structuralObjectClass"
53e15b8d mdb_dn2entry("BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com")
53e15b8d => mdb_dn2id("BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com")
53e15b8d <= mdb_dn2id: get failed: MDB_NOTFOUND: No matching key/data pair found (-30798)
53e15b8d => mdb_entry_decode:
53e15b8d <= mdb_entry_decode
53e15b8d => mdb_dn2id_add 0x1a28eb: "BatchGroupName=test,uid=myuser,OperationType=create,o=cust,dc=mycomp,dc=com"
zsh: bus error (core dumped) ./slapd -d5
gdb backtrace of the generated core file:
# gdb slapd core
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.10"...
(no debugging symbols found)
Reading symbols from /some/dir/lib/libldap_r-2.4.so.2...(no debugging symbols found)...done.
Loaded symbols for /some/dir/lib/libldap_r-2.4.so.2
Reading symbols from /some/dir/lib/liblber-2.4.so.2...(no debugging symbols found)...done.
Loaded symbols for /some/dir/lib/liblber-2.4.so.2
Reading symbols from /usr/lib/sparcv9/libicuuc.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/64/libicuuc.so.3
Reading symbols from /usr/lib/sparcv9/libicudata.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/64/libicudata.so.3
Reading symbols from /some/dir/lib/libsasl2.so.2...
(no debugging symbols found)...done.
Loaded symbols for /some/dir/lib/libsasl2.so.2
Reading symbols from /lib/sparcv9/libdl.so.1...
warning: Lowest section in /lib/sparcv9/libdl.so.1 is .hash at 0000000000000120
(no debugging symbols found)...done.
Loaded symbols for /lib/64/libdl.so.1
Reading symbols from /opt/csw/lib/sparcv9/libssl.so.0.9.8...(no debugging symbols found)...done.
Loaded symbols for /opt/csw/lib/sparcv9/libssl.so.0.9.8
Reading symbols from /opt/csw/lib/sparcv9/libcrypto.so.0.9.8...(no debugging symbols found)...done.
Loaded symbols for /opt/csw/lib/sparcv9/libcrypto.so.0.9.8
Reading symbols from /lib/sparcv9/libresolv.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/64/libresolv.so.2
Reading symbols from /lib/sparcv9/libgen.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/64/libgen.so.1
Reading symbols from /lib/sparcv9/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/64/libnsl.so.1
Reading symbols from /lib/sparcv9/libsocket.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/64/libsocket.so.1
Reading symbols from /lib/sparcv9/librt.so.1...
(no debugging symbols found)...done.
Loaded symbols for /lib/64/librt.so.1
Reading symbols from /lib/sparcv9/libc.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/64/libc.so.1
Reading symbols from /opt/csw/gcc4/lib/sparcv9/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /opt/csw/gcc4/lib/sparcv9/libgcc_s.so.1
Reading symbols from /lib/sparcv9/libpthread.so.1...
warning: Lowest section in /lib/sparcv9/libpthread.so.1 is .dynamic at 00000000000000b0
(no debugging symbols found)...done.
Loaded symbols for /lib/64/libpthread.so.1
Reading symbols from /lib/sparcv9/libm.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/64/libm.so.2
Reading symbols from /usr/lib/sparcv9/libCrun.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/64/libCrun.so.1
Reading symbols from /lib/sparcv9/libaio.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/64/libaio.so.1
Reading symbols from /lib/sparcv9/libmd.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/64/libmd.so.1
Reading symbols from /platform/sun4v/lib/sparcv9/libc_psr.so.1...
(no debugging symbols found)...done.
Loaded symbols for /platform/SUNW,Netra-T2000/lib/sparcv9/libc_psr.so.1
Reading symbols from /lib/sparcv9/ld.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/sparcv9/ld.so.1
Core was generated by `./slapd -d5'.
Program terminated with signal 10, Bus error.
[New process 1335262 ]
[New process 90078 ]
[New process 155614 ]
[New process 221150 ]
[New process 286686 ]
[New process 352222 ]
[New process 417758 ]
[New process 483294 ]
[New process 548830 ]
[New process 614366 ]
[New process 679902 ]
[New process 745438 ]
[New process 810974 ]
[New process 876510 ]
[New process 942046 ]
[New process 1007582 ]
[New process 1073118 ]
[New process 1138654 ]
[New process 1204190 ]
[New process 1269726 ]
#0 0x0000000100159c3c in mdb_page_search_root ()
(gdb) bt
#0 0x0000000100159c3c in mdb_page_search_root ()
#1 0x000000010015a2d0 in mdb_page_search ()
#2 0x000000010015c984 in mdb_cursor_first ()
#3 0x000000010015d93c in mdb_cursor_get ()
#4 0x000000010015204c in mdb_page_alloc ()
#5 0x0000000100152b6c in mdb_page_touch ()
#6 0x000000010015a264 in mdb_page_search ()
#7 0x000000010015dba0 in mdb_cursor_touch ()
#8 0x000000010015e314 in mdb_cursor_put ()
#9 0x000000010018f25c in mdb_dn2id_add ()
#10 0x0000000100184e94 in mdb_add ()
#11 0x0000000100060970 in fe_op_add ()
#12 0x00000001000601fc in do_add ()
#13 0x000000010005128c in connection_operation ()
#14 0x0000000100051a4c in connection_read_thread ()
#15 0xffffffff7f4164bc in ldap_int_thread_pool_wrapper () from /some/dir/lib/libldap_r-2.4.so.2
#16 0xffffffff7ced7374 in _lwp_start () from /lib/64/libc.so.1
#17 0xffffffff7ced7374 in _lwp_start () from /lib/64/libc.so.1
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Thanks
8 years, 10 months