Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years, 4 months
OpenLDAP and dynalogin (two-factor auth with HOTP)
by Daniel Pocock
Some time ago I created the dynalogin ( http://www.dynalogin.org )
solution for two-factor authentication.
I'm just contemplating how to make it easier to integrate, and making it
convenient to use with OpenLDAP seems like a good strategy: can anyone
comment on that?
The initial thoughts that I have about the subject:
- SASL based solution (dynalogin has digest capability already, so it
could be adapted for SASL PLAIN or DIGEST-MD5)
- should not prevent password logins (user should be able to use either
password or HOTP code)
- should enable people to use it indirectly (e.g. if someone already has
pam_ldap working, they should be able to add dynalogin to their OpenLDAP
server and get immediate benefit)
- use cases: UNIX login, high-security webmail login, VPN and OpenID
provider backed by OpenLDAP
I know that SASL already supports OTP, but that is not HOTP, it is OPIE
(or S/Key) RFC 2289:
http://tools.ietf.org/html/rfc2289
whereas HOTP is RFC 4226:
http://www.ietf.org/rfc/rfc4226.txt
HOTP is considered more secure and more widely implemented.
8 years, 3 months
nss_ldap: failed to bind to LDAP ser
by Gokan Atmaca
I installed OpenLDAP. "ldapsearch -x" comes with everything. However,
I get an error when I try to connect to the client as follows:
Ldapcliet: (/var/log/auth.log)
02:49:58 debian8 nscd: nss_ldap: reconnecting to LDAP server (sleeping
1 seconds)...
May 31 02:49:59 debian8 nscd: nss_ldap: could not connect to any LDAP
server as (null) - Can't contact LDAP server
May 31 02:49:59 debian8 nscd: nss_ldap: failed to bind to LDAP server
ldapi://ldap01.gokan.local: Can't contact LDAP server
May 31 02:49:59 debian8 nscd: nss_ldap: could not search LDAP server -
Server is unavailable
======================
Ldapserver;
# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <dc=gokan,dc=local> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# gokan.local
dn: dc=gokan,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: gokan
dc: gokan
# admin, gokan.local
dn: cn=admin,dc=gokan,dc=local
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# IT, gokan.local
dn: ou=IT,dc=gokan,dc=local
objectClass: organizationalUnit
objectClass: top
ou: IT
# Genel, IT, gokan.local
dn: cn=Genel,ou=IT,dc=gokan,dc=local
gidNumber: 500
cn: Genel
objectClass: posixGroup
objectClass: top
# Gokhan Atmaca, Genel, IT, gokan.local
dn: cn=Gokhan Atmaca,cn=Genel,ou=IT,dc=gokan,dc=local
cn: Gokhan Atmaca
givenName: Gokhan
gidNumber: 500
homeDirectory: /home/users/gokhana
sn: Atmaca
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uidNumber: 1000
uid: gokhana
# search result
search: 2
result: 0 Success
# numResponses: 7
# numEntries: 6
======================
Listening to the socket.
tcp 0 0 0.0.0.0:389 0.0.0.0:*
LISTEN 4409/slapd
tcp6 0 0 :::389 :::*
LISTEN 4409/slapd
What could be the problem?
8 years, 4 months
filling up, flushing and inserting again sometimes fails
by Dominik Taborsky
Hello,
I'm playing around with LMDB and I'd like to know more about how it deletes items and reclaims space. I've been having some problems with this lately.
For simplicity I'm testing smaller 20MiB DBs with data values of sizes from 40B to 4000B. The test checks all kinds of stuff, but mainly tries to do a few fillups and flushes in short sequence. The first cycle slowly increases the size of the data until the DB is full, then it flushes. Then 10 cycles of fillup-flush of static-sized data follow. For flushing I've been doing both mdb_drop and removing batches of stored data. I've tried batches of sizes between 2 and 100 items. The results differ very much, depending on all these parameters: (only the 10 equal cycles counted):
batch:2, data size: 40B
first three runs pass, 7 fail
batch:50, data size: 40B
first three runs pass, 7 fail
batch:100, data size: 40B
first three runs pass, 7 fail
mdb_drop, data size: 40B
first run only passes, all other 9 fail
batch:20, data size: 400B
all runs pass
batch:100, data size: 400B
all runs pass
mdb_drop, data size: 400B
all runs pass
batch:2, data size: 4000B
all runs pass
batch:50, data size: 4000B
first run only passes, all other 9 fail
batch:100, data size: 4000B
first run only passes, all other 9 fail
mdb_drop, data size: 4000B
all odd runs pass, all even runs fail
Note: I've implemented a simple protection from hitting MDB_MAP_FULL by some arithmetic over fields in MDB_stat and MDB_envinfo structures. The protection reserves at least 32 pages - every insert checks whether it would violate this reservation and if so returns with an error.
I've read through a previous thread[1] which was similar in its nature. From that I gathered I need 3 cleanup commits to reclaim all that space. This would explain why the 4000-byte runs succeeded only when flushing using batches of 2 (about 40 4KB-sized items fit into the DB). But it doesn't explain the 40-byte runs which should all succeed apart from the mdb_drop version. And I have no idea why mdb_drop works well in the 400-byte-sized case.
Can anybody shed some light into this for me, please? What can I do about it? I need to provide some guarantee the DB will stay functional after fillup.
Thanks,
Dominik
[1] http://www.openldap.org/lists/openldap-technical/201306/msg00116.html
8 years, 4 months
H350
by Charles Hindmarsh
Good afternoon
I'm new to the Open LDAP software, but I have configured it on a windows server and all looks good. I now need to add a h350 schema to the installation and wondered if anyone had come across or developed a h350 schema file.
I did try and follow some instructions found here : http://www.manualslib.com/manual/666642/Tandberg-Vcs.html?page=182 however the process failed under the first instruction :
dn: commUniqueld=LeedsMeetingroom1, ou=h350, dc=TTGROUP, dc=com
I am able to add other user objects etc, so the LDAP service is working. I am guessing that the dn "commUniqueld" value is misunderstood by openLdap and therefore fails.
Any help would be greatly appreciated.
Charles Hindmarsh
Turner & Townsend
Turner & Townsend plc
Queen’s Award for Enterprise: International Trade 2014
Construction Consultant of the Year | Building Awards 2014, 2013
Global Consultant of the Year | NCE/ACE Consultants of the Year 2013
Outstanding International Business | British Expertise International Awards 2013
For further information and registration details visit our website http://www.turnerandtownsend.com
This email and any attachments (“the email”) is confidential and may also be privileged, is subject to copyright and may be read, copied and used only by the intended recipient. The recipient is responsible for virus checking this email. If you are not the intended recipient please immediately notify us, delete and do not use, disclose, distribute, copy, print or rely on this email or any part of it. Turner & Townsend does not accept any liability for any loss or damage from your receipt or use of this email.
Please consider the environment before printing this email.
8 years, 4 months
hiding a naming context
by Craig White
Back with a further clarification and trying to solve a problem for our programmers.
ldapsearch -x -H ldapi:/// -s base -b '' namingContext "*" + -D $ROOTDN -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContext * +
#
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: cn=accesslog
namingContexts: dc=example,dc=com
monitorContext: cn=Monitor
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.1.8
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: EXTERNAL
entryDN:
subschemaSubentry: cn=Subschema
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
So our programmers want me to filter out 'namingContexts: cn=accesslog' for them (please don't ask).
# cat naming_context.ldif
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to dn.exact=""
attrs=namingContext
val/distinguishedNameMatch="cn=accesslog transitional"
by * none
ldapmodify -H ldapi:/// -Y EXTERNAL -f naming_context.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={-1}frontend,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: <olcAccess> handler exited with 1
Anyone want to hit me with a clue stick so I can hide the 'cn=accesslog' database from my programmers so they don't have to rewrite code?
8 years, 4 months
How to check the login history of users on openldap
by Peng Yu
Hi, I setup ubuntu servers to use an openldap for login
authentication. I want to check who have logged in all the servers. A
logic place to check is at the central openldap server. But I am not
sure how to do. Could any of you let me know?
--
Regards,
Peng
8 years, 4 months
How to add a user with root permission?
by Peng Yu
Hi, I using openldap to manage users of a number of ubnutu servers.
But I don't find a way to give users root permission on these servers?
Could anybody show me how to do this with openldap? Thanks.
--
Regards,
Peng
8 years, 4 months
rfc2252 big integer
by Raffael Sahli
Hi
Which syntax should I use if 1.3.6.1.4.1.1466.115.121.1.27 is not big
enough?
1.3.6.1.4.1.1466.115.121.1.36? (I don't see a kind of big integer)
Thanks
--
Raffael Sahli
8 years, 4 months
openldap: 3+ multi datacentre replication
by hab
Could you share any experience setting-up/expanding (large) ldap
server to multi data centres(DC)?
What strategy do you use - mesh or ring topology?
Looking for examples where 3+ DCs
with failover(master/master or master/slave) ldap setup in each DC.
Is ring topology better than mesh as ldap has to only deal with less
connections? Would be nice if you can mention any scaling issues?
8 years, 4 months