Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years, 4 months
OpenLDAP and dynalogin (two-factor auth with HOTP)
by Daniel Pocock
Some time ago I created the dynalogin ( http://www.dynalogin.org )
solution for two-factor authentication.
I'm just contemplating how to make it easier to integrate, and making it
convenient to use with OpenLDAP seems like a good strategy: can anyone
comment on that?
The initial thoughts that I have about the subject:
- SASL based solution (dynalogin has digest capability already, so it
could be adapted for SASL PLAIN or DIGEST-MD5)
- should not prevent password logins (user should be able to use either
password or HOTP code)
- should enable people to use it indirectly (e.g. if someone already has
pam_ldap working, they should be able to add dynalogin to their OpenLDAP
server and get immediate benefit)
- use cases: UNIX login, high-security webmail login, VPN and OpenID
provider backed by OpenLDAP
I know that SASL already supports OTP, but that is not HOTP, it is OPIE
(or S/Key) RFC 2289:
http://tools.ietf.org/html/rfc2289
whereas HOTP is RFC 4226:
http://www.ietf.org/rfc/rfc4226.txt
HOTP is considered more secure and more widely implemented.
8 years, 3 months
LMDB and HP-UX Itanium
by Kristian Amlie
I'm wondering if the LMDB database has been tested on HP-UX with the
Itanium processor? We are trying to use the database there and are
seeing strange errors that don't occur on other platforms. Examples are
assertions when trying to do cross process access and values not making
it into the database correctly.
I can provide more details, but I thought I would ask about the current
status first.
--
Kristian
8 years, 5 months
Multiple programs not able to read LMDB concurrently
by Sravan Kumar Reddy Javaji
Hello Everyone,
I am trying to access same LMDB source using multiple programs at the same
time. I set max_readers to 2 at the time of creating environment by the
first program, but still second program is not able to read the LMDB. Could
some one please let me know how could I implement this feature?
-
Thanks and Regards,
Sravan
8 years, 6 months
nssov not working after upgrading nss-pam-ldapd
by btb@bitrate.net
i use the nss and pam stub libraries from nss-pam-ldapd [no nslcd] with nssov. i've just upgraded nss-pam-ldapd from 0.8.13 to 0.9.4. at the moment, i'm using openldap version 2.4.31. after upgrading nss-pam-ldapd, nss and pam stopped working with ldap, and i see this in slapd's debug log:
54acaf72 daemon: activity on 1 descriptor
54acaf72 daemon: activity on:54acaf72 13r54acaf72
54acaf72 daemon: read active on 13
54acaf72 daemon: epoll: listen=7 active_threads=0 tvp=NULL
54acaf72 daemon: epoll: listen=8 active_threads=0 tvp=NULL
54acaf72 connection_get(13)
54acaf72 connection_get(13): got connid=0
54acaf72 daemon: activity on 1 descriptor
54acaf72 daemon: activity on:54acaf72
54acaf72 daemon: epoll: listen=7 active_threads=0 tvp=NULL
54acaf72 daemon: epoll: listen=8 active_threads=0 tvp=NULL
54acaf72 nssov: connection from uid=0 gid=0
54acaf72 nssov: wrong nslcd version id (33554432)
how can i find out what nslcd version id is required, and what version is present in each of the components?
thanks
-ben
8 years, 6 months
RE24 testing call (2.4.41)
by Quanah Gibson-Mount
If you know how to build OpenLDAP manually, and would like to participate
in testing the next set of code for the 2.4.41 release, please do so.
Generally, get the code for RE24:
<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...>
Configure & build.
Execute the test suite (via make test) after it is built.
Thanks!
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
8 years, 7 months
Case Sensitive Binds
by Bram Cymet
Hi,
I am using openldap 2.4.26. My system ignores case when doing binds:
Feb 27 16:08:08 devauth slapd[2437]: conn=2723 op=1 BIND
dn="uid=Bcymet(a)cbnco.com,ou=test_websales_users,dc=ls,dc=cbn" method=128
Feb 27 16:08:08 devauth slapd[2437]: => bdb_entry_get: found entry:
"uid=bcymet(a)cbnco.com,ou=test_websales_users,dc=ls,dc=cbn"
So this happily binds with bcymet(a)cbnco.com or Bcymet(a)cbnco.com and
returns the same entry.
Is this a configuration error on my part? Is it possible to have case
sensitive binds and if so what do I have to change?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
613-608-9752
8 years, 7 months
main: TLS init def ctx failed: -1
by jeevan kc
Hi all,I followed the TLS directives and was able to generate cacert, servercert and server key and also sign it. I also did the configuration o to
/usr/local/etc/openldap/slapd.d/cn=config.ldif:
§ olcTLSCACertificateFile:
/usr/local/etc/openldap/cacert.pem
§ olcTLSCertificateFile:
/usr/local/etc/openldap/servercrt.pem
§ olcTLSCertificateKeyFile:
/usr/local/etc/openldap/serverkey.pem Everything was working fine but when I shut down slapd, it doesn't start and gives me this error daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)Feb 26 15:28:56 lap00551 slapd[14775]: main: TLS init def ctx failed: -1
Can Someone please tell me what the error is and how I fix the issue?
Thanks
Jeevan
8 years, 7 months
openldap 2.4.23 password reset sync issue
by Rakesh Rajasekharan
Hi There,
I am using openldap 2.4.23 and trying to set up mirror mode replciation
with 2 masters
I have been able to set this up and the sync initially appeared to work
fine . However, i noticed that the password resets are not getting synced .
I am able to login to one of the master server
on which I did the change but not on the other and any of the clients.
Heres my slapd.conf
serverID 1
database bdb
suffix "dc=ldap,dc=qa,dc=test,dc=com"
checkpoint 1024 15
rootdn "cn=ldapadmin,dc=ldap,dc=qa,dc=test,dc=com"
loglevel 256
sizelimit 500
rootpw secret
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=ldap,dc=qa,dc=test,dc=com"
ppolicy_use_lockout
ppolicy_hash_cleartext
directory /mnt1/ldapdata
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index entryCSN,entryUUID eq
syncrepl rid=001
provider="ldaps://ldap1-test"
binddn="uid=syncrepl,ou=People,dc=ldap,dc=qa,dc=test,dc=com"
bindmethod=simple
credentials="secret"
searchbase="dc=ldap,dc=qa,dc=test,dc=com"
type=refreshAndPersist
interval=00:00:00:10
retry="5 10 60 +"
timeout=1
schemachecking=off
scope=sub
tls_cacert=/etc/openldap/sslcerts/Standby.pem
mirrormode true
overlay syncprov
syncprov-checkpoint 50 10
syncprov-sessionlog 100
any inputs on how can i get through this issue.
Thanks,
Rakesh
8 years, 7 months
ldapsearch gives partial results
by Emmanuel Dreyfus
Hello
I have a problem with ldapsearch sometimes returning partial results.
The result code is still 0 (success), but the list of object is limited
to 63 or 127 (it seems there is a 2^n-1 pattern) items instead of expected
136. It will happen after 10 to 15 requests that return the complete result.
The filter is below. It can happen even if only DN are requested (no
attributes):
(&(|(ou=example1)(ou=example2))(objectClass=netExamplePerson)
(!(netExampleHidden=TRUE))(netExempleActive=TRUE))
This is OpenLDAP 2.4.40, BDB 4.8.30. All attributes in the filter are
indexed, and it happens after the openldap-data directory has been
cleared and everything has been reconstructed from scratch.
--
Emmanuel Dreyfus
manu(a)netbsd.org
8 years, 7 months
