Virtual list view problem
by Venish Khant
Hi all
I am using cpan Net::LDAP module to access LDAP entries. I want to
search LDAP entries using Net::LDAP search method. When I do search, I
want some limited number of entries from search result, for
this(searching) process I am using Net::LDAP::Control::VLV module. But
I get error on VLV response control. Please, any one have idea about
this error.
*
Error:* Died at vlv.pl line 50,
This is my example. I changed the font style of line 50
#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::VLV;
use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE );
use Net::LDAP::Control::Sort;
sub procentry {
my ( $mesg, $entry) = @_;
# Return if there is no entry to process
if ( !defined($entry) ) {
return;
}
print "dn: " . $entry->dn() . "\n";
@attrs = $entry->attributes();
foreach $attr (@attrs) {
#printf("\t%s: %s\n", $attr, $entry->get_value($attr));
$attrvalue = $entry->get_value($attr,asref=>1);
#print $attr.":". $entry->get_value($attr)."\n";
foreach $value(@$attrvalue) {
print "$attr: $value\n";
}
}
$mesg->pop_entry;
print "\n";
}
$ldap = Net::LDAP->new( "localhost" );
# Get the first 20 entries
$vlv = Net::LDAP::Control::VLV->new(
before => 0, # No entries from before target entry
after => 19, # 19 entries after target entry
content => 0, # List size unknown
offset => 1, # Target entry is the first
);
my $sort = Net::LDAP::Control::Sort->new( order => 'cn' );
@args = ( base => "dc=example,dc=co,dc=in",
scope => "subtree",
filter => "(objectClass=inetOrgPerson)",
callback => \&procentry, # Call this sub for each entry
control => [ $sort, $vlv ],
);
$mesg = $ldap->search( @args );
# Get VLV response control
*($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;*
$vlv->response( $resp );
# Set the control to get the last 20 entries
$vlv->end;
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die;
$vlv->response( $resp );
# Now get the previous page
$vlv->scroll_page( -1 );
$mesg = $ldap->search( @args );
# Get VLV response control
($resp) = $mes
# Now page with first entry starting with "B" in the middle
$vlv->before(9); # Change page to show 9 before
$vlv->after(10); # Change page to show 10 after
$vlv->assert("B"); # assert "B"
$mesg = $ldap->search( @args );g->control( LDAP_CONTROL_VLVRESPONSE ) or
die;
$vlv->response( $resp );
--
Venish Khant
www.deeproot.co.in
7 years, 4 months
Problems with openLDAP + GSSAPI + JAVA
by Andreas Laesser
Hi @all
I have a (maybe) a problem with my openldap server authenticating over a
JAVA tool (Apache Directory Studio LDAP Browser V2.0.0.v20130628,
jXplorer) via GSSAPI.
When I do a ldapsearch from command line via GSSAPI it works fine...
~ % klist
Ticket cache: FILE:/tmp/krb5cc_1086_lR4Nxxxxrs
Default principal: admin(a)SPSC.TUGRAZ.AT
Valid starting Expires Service principal
30/06/2015 10:54 02/07/2015 10:54 krbtgt/SPSC.TUGRAZ.AT(a)SPSC.TUGRAZ.AT
renew until 10/07/2015 10:54
30/06/2015 10:54 02/07/2015 10:54 ldap/ldap1.spsc.tugraz.at(a)SPSC.TUGRAZ.AT
renew until 10/07/2015 10:54
~ % ldapsearch -H ldaps://ldap1.spsc.tugraz.at -b "dc=SPSC,dc=TUGRAZ,dc=AT"
This works well....
but if I try the same from one of the two tools mentioned above it
simply not bind or connects....
Does anybody had the same problems, or knows a solution?
Thanks for help
regards Andreas
--
=========================================================================
_____________
/ ___________/ Andreas Laesser
/ //_// /____/ Signal Proc.& Speech Communication Lab.
__/ /___/ / __ Graz University of Technology
/___//____//___/ Inffeldgasse 16c/EG | A-8010 Graz | Austria
http://www.spsc.tugraz.at Tel: +43 (0)316 873 -4443 Fax: DW 104439
=========================================================================
8 years, 3 months
OpenLDAP and dynalogin (two-factor auth with HOTP)
by Daniel Pocock
Some time ago I created the dynalogin ( http://www.dynalogin.org )
solution for two-factor authentication.
I'm just contemplating how to make it easier to integrate, and making it
convenient to use with OpenLDAP seems like a good strategy: can anyone
comment on that?
The initial thoughts that I have about the subject:
- SASL based solution (dynalogin has digest capability already, so it
could be adapted for SASL PLAIN or DIGEST-MD5)
- should not prevent password logins (user should be able to use either
password or HOTP code)
- should enable people to use it indirectly (e.g. if someone already has
pam_ldap working, they should be able to add dynalogin to their OpenLDAP
server and get immediate benefit)
- use cases: UNIX login, high-security webmail login, VPN and OpenID
provider backed by OpenLDAP
I know that SASL already supports OTP, but that is not HOTP, it is OPIE
(or S/Key) RFC 2289:
http://tools.ietf.org/html/rfc2289
whereas HOTP is RFC 4226:
http://www.ietf.org/rfc/rfc4226.txt
HOTP is considered more secure and more widely implemented.
8 years, 3 months
slapo-sock
by Lalot Dominique
Hello,
I am trying to understand how the sock overlay works. I'am partly
successfull in getting the entries, so the unix socket is working.
What I want to do, is acting as a trigger each time an entry is added
I receive the data, but I don't know how to say; "that's OK add it" to mdm
backend
I just answer "RESULT\n";
So the ldapadd is considered successfull, but in fact no entry is added.
Is there a way to do that? I have some difficulties to understand the way
it works
Thanks
Dom
8 years, 3 months
db_stat find high cpu usage
by Fabián M Sales
Hello list.
I have a server not performing well - openldap shows high cpu usage and
iowait of server is high
db_stat -h /var/lib/ldap -c
555 Last allocated locker ID
0x7fffffff Current maximum unused locker ID
9 Number of lock modes
1000 Maximum number of locks possible
1000 Maximum number of lockers possible
1000 Maximum number of lock objects possible
40 Number of lock object partitions
10 Number of current locks
645 Maximum number of locks at any one time
18 Maximum number of locks in any one bucket
0 Maximum number of locks stolen by for an empty partition
0 Maximum number of locks stolen for any one partition
141 Number of current lockers
152 Maximum number of lockers at any one time
10 Number of current lock objects
623 Maximum number of lock objects at any one time
6 Maximum number of lock objects in any one bucket
0 Maximum number of objects stolen by for an empty partition
0 Maximum number of objects stolen for any one partition
1237M Total number of locks requested (1237918767)
1237M Total number of locks released (1237917421)
0 Total number of locks upgraded
103 Total number of locks downgraded
492M Lock requests not available due to conflicts, for which we
waited (492996269)
1336 Lock requests not available due to conflicts, for which we did
not wait
0 Number of deadlocks
0 Lock timeout value
0 Number of locks that have timed out
0 Transaction timeout value
0 Number of transactions that have timed out
736KB The size of the lock region
3685M The number of partition locks that required waiting (135%)
3665M The maximum number of times any partition lock was waited for (108%)
19810 The number of object queue operations that required waiting (0%)
2443M The number of locker allocations that required waiting (58%)
0 The number of region locks that required waiting (0%)
6 Maximum hash bucket length
Are the lines in red really correct or just side effects ? How do I go
about it ? I can have anything else? Increase cache? How?
db_stat -h /var/lib/ldap -m
12MB 514KB 24B Total cache size
1 Number of caches
1 Maximum number of caches
12MB 520KB Pool individual cache size
0 Maximum memory-mapped file size
0 Maximum open file descriptors
0 Maximum sequential buffer writes
0 Sleep after writing maximum sequential buffers
0 Requested pages mapped into the process' address space
788M Requested pages found in the cache (21%)
2867M Requested pages not found in the cache (2867396236)
740 Pages created in the cache
2863M Pages read into the cache (2863007508)
228732 Pages written from the cache to the backing file
2865M Clean pages forced from the cache (2865409816)
206860 Dirty pages forced from the cache
0 Dirty pages written by trickle-sync thread
681 Current total page count
681 Current clean page count
0 Current dirty page count
2053 Number of hash buckets used for page location
1567M Total number of times hash chains searched for a page (1567726752)
6 The longest hash chain searched for a page
597M Total number of hash chain entries checked for page (597110368)
2479M The number of hash bucket locks that required waiting (61%)
2211M The maximum number of times any hash bucket lock was waited for
(771%)
73M The number of region locks that required waiting (4%)
0 The number of buffers frozen
0 The number of buffers thawed
0 The number of frozen buffers freed
2867M The number of page allocations (2867487657)
2436M The number of hash buckets examined during allocations (2436374360)
4110 The maximum number of hash buckets examined for an allocation
2867M The number of pages examined during allocations (2867478740)
17 The max number of pages examined for an allocation
76217 Threads waited on page I/O
Thanks very Much.
--
Firma Institucional
*Fabián* *M. Sales
*Soporte Técnico & I.T.I Linux
*DonWeb *
La Actitud Es Todo
www.DonWeb.com
------------------------------------------------------------------------
Nota de confidencialidad: Este mensaje y archivos adjuntos al mismo son
confidenciales, de uso exclusivo para el destinatario del mismo. La
divulgación y/o uso del mismo sin autorización por parte de DonWeb.com
queda prohibida.
DonWeb.com no se hace responsable del mensaje por la falsificación y/o
alteración del mismo.
De no ser Ud el destinatario del mismo y lo ha recibido por error, por
favor, notifique al remitente y elim?elo de su sistema.
Confidentiality Note: This message and any attachments (the message) are
confidential and intended solely for the addressees. Any unauthorised
use or dissemination is prohibited by DonWeb.com.
DonWeb.com shall not be liable for the message if altered or falsified.
If you are not the intended addressee of this message, please cancel it
immediately and inform the sender
Nota de Confidencialidade: Esta mensagem e seus eventuais anexos podem
conter dados confidenciais ou privilegiados.
Se você os recebeu por engano ou não é um dos destinatários aos quais
ela foi endereçada, por favor destrua-a e a todos os seus eventuais
anexos ou copias realizadas, imediatamente.
É proibida a retenção, distribuição, divulgação ou utilização de
quaisquer informações aqui contidas.
Por favor, informenos sobre o recebimento indevido desta mensagem,
retornando-a para o autor.
8 years, 3 months
authenticate LDAP to email server
by robert k Wild
sorry im posting again as my first post i wasnt subscribed to this mailing
list but now i am
hi all,
i have installed dovecot+ postfix email server and a
LDAP server, if i create users on the LDAP server can dovecot pick up
the usernames and create a mailbox for the individual users
as atm
if i want to create an email address for users i add the user to the
email server and make a directory for the users mailbox and have to
chmod and chown
also just another question, can i set up mail groups on dovecot?
cheers
rob
--
Regards,
Robert K Wild.
8 years, 3 months
Overlay for applying business logic filters to LDAP modifies/deletes
by Bannister, Mark
Hi,
I'm setting up a new OpenLDAP infrastructure on Solaris, where the directory will be critical and we need to keep a tight control on the changes made to it. The changes will come from an external feed, and as an extra safety measure to protect against software bugs that could otherwise cripple our infrastructure, we would like to put an overlay into the directory server that will make sure that the changes being made to the directory do not break some basic business rules we are defining.
The rules will be along these lines:
- Do not allow more than 10% of entries underneath a given DIT to be modified in less than a 24 hour period
- Entries underneath a given DIT must have a specified list of object classes and attributes defined
- Do not permit modrdn under a given DIT
- Attribute values match a particular defined set of REs (I can do this with the constraint overlay)
- Some critical entries cannot be modified or removed (I can do this with access control lists)
- Some attributes not used in the DN must be unique (I can do this with the unique overlay)
So I'm ok with the last three, but any suggestions for the first three? Has anyone else implemented similar overlays already?
Thanks & regards,
Mark Bannister.
________________________________
NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies; do not disclose, use or act upon the information; and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers If you cannot access these links, please notify us by reply message and we will send the contents to you. By messaging with Morgan Stanley you consent to the foregoing.
8 years, 3 months
Waiting for initial replication to complete
by Bannister, Mark
Hi,
When I first set-up a new OpenLDAP consumer (syncrepl) it can take 5-10 minutes to sync the data from the master server. The script I've written that configures the replica needs to know when the initial full replication is complete. At the moment I'm testing to see if all the top-level containers are in place, and then waiting a little longer, but this seems pretty fragile to me. Is there a more accurate way of determining once the initial syncrepl is complete?
Thanks,
Mark.
________________________________
NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies; do not disclose, use or act upon the information; and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers If you cannot access these links, please notify us by reply message and we will send the contents to you. By messaging with Morgan Stanley you consent to the foregoing.
8 years, 3 months
Remove bdb log files automatically
by PRATIK SINGAL
Hello
Can any one suggest me the configuration to remove the old log files
automatically . And also if we will need to set a checkpoint variable in
slapd.conf
8 years, 3 months
Replacement for ldap_sort_entries
by Côme BERNIGAUD
Hello,
I’m trying to get rid of the -DLDAP_DEPRECATED=1 option when building the php-ldap module.
For other functions it went fine but the php function ldap_sort is using ldap_sort_entries which is deprecated with no replacement.
As I can’t remove ldap_sort from PHP API, I need to find a way to replace this function call if I want to get rid of deprecated calls.
I tried copy/pasting the function code to see if I could built it myself but then it complains about incomplete type for LDAPMessage, which seems internal to libldap.
Any idea about a replacement for this function?
Côme
8 years, 3 months