openldap-technical August 2015

openldap-technical@openldap.org

55 participants
62 discussions

Re: Slapd is coming down
by Édnei Rodrigues 25 Aug '15

25 Aug '15

I have two process because I am replicating the production three to this environment ( dev, port 1389) and I have a translucent service to overlap a few attributes (port 389 ). Thanks. Em 20/08/2015 15:43, "Quanah Gibson-Mount" <quanah(a)zimbra.com> escreveu: > --On Thursday, August 20, 2015 4:00 PM -0300 Édnei Rodrigues < > ednei.felipe.rodrigues(a)gmail.com> wrote: > > >> Hello quanah! >> Yes, I know, my SO killed the slapd because it was configured. >> But I don't have any other service in the server, only the openldap. >> > > Why do you have two slapd processes on the server? Your setup seems > somewhat odd. > > --Quanah > > -- > > Quanah Gibson-Mount > Platform Architect > Zimbra, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

1 1

How to create multiple schema at the same level in openldap
by PRATIK SINGAL 25 Aug '15

25 Aug '15

Hello all, Can any one help me on how the schema files will be created where multiple schema can be present at the same level.Below is the diagram where Schema C And Schema D are two Schema which needs to be present at the same third level under Schema B. Schema A | Schema B | | Schema C Schema D Regards, Pratik

2 1

Centos 7/openldap/samba
by Alex Moen 25 Aug '15

25 Aug '15

Setting up a new openldap server on Centos 7. I am trying to add the samba.schema that comes with samba. I got the schema file from the newest distribution of Samba, copied it to /etc/openldap/schema, and ran "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/samba.schema". This command worked perfectly with the cosine and inetorgperson schema files, but I got an 'invalid format (line 1) entry: ""' response. I grepped the internet for this response, and found that some people have needed to change all "attryibutetype" entries to "attributetype:". So, I did that. It got me to line 2, where the leading descriptor is "DESC". I changed all the "DESC" to "DESC:", which was also helpful and moved me on to line 3, and so on. So, now I have gotten to line 236, which is an objectclass statement, so I am lost. None of the other files that worked with this exact same command syntax has any of the colons on the descriptors (IDK what they are really called), so I wonder if I'm not barking up the wrong tree. I also can't find anything on the net that speaks to this issue, so I am guessing that I probably have some other problem with the server. Any suggestions??? TIA! Alex -- Alex Moen NSTII North Dakota Telephone Company 701-662-6481

3 2

Group of groups wiith posfix
by Jose Legido 25 Aug '15

25 Aug '15

Hello I have debian machine configured sudo with ldap group. The ldap group is objectclass posixGroup and the users memberUid. I want to put groups instead of users. It's possible? Thank you

1 0

LDAP proxy issue
by jason cafarelli 24 Aug '15

24 Aug '15

note: Apologize if this dupes; think i sent original out before i was approved on mailing list. A bit stuck; bear with me; somewhat of a LDAP nubbie; sure i am missing something simple, Trying to get a local server to AUTH locally to its own openldap-server and then proxy to corporate LDAP if user is not found locally. 1. Local users work 2. AUTH to local LDAP server works 3. AUTH to corporate LDAP does NOT work 4. LDAP search to corporate works when using local server (ack!?!) user = corporate LDAP account internal ldap = users - internal.com corporate ldap = people - datacenter.corporate.com note: anonymous bind is enabled on corporate. oot@ sssd]# ldapsearch -h 127.0.0.1 -x -b "uid=user,ou=people,dc=datacenter,dc=corporate,dc=com" # extended LDIF # # LDAPv3 # base <uid=user,ou=people,dc=datacenter,dc=corporate,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # user, People, datacenter.corporate.com dn: uid=user,ou=People,dc=datacenter,dc=corporate,dc=com uid: user cn: objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowMax: shadowWarning: loginShell: /bin/bash uidNumber: gidNumber: homeDirectory: /home/users/user gecos: user shadowLastChange: 16461 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Setup slap.d; ####################################################################### # database definitions ####################################################################### database bdb suffix "dc=internal,dc=com" checkpoint 1024 15 rootdn "cn=adm,dc=internal,dc=com" rootpw {SSHA}aaaaa directory /var/lib/ldap # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub # Replicas of this database #replogfile /var/lib/ldap/openldap-master-replog #replica host=ldap-1.example.com:389 starttls=critical # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com(a)EXAMPLE.COM #proxy ldap database ldap suffix "ou=People,dc=datacenter,dc=corp,dc=com" uri "ldap://1.1.1.1:389/" idassert-bind bindmethod=none ldap.conf URI ldap://127.0.0.1 BASE dc=internal,dc=com

1 0

OpenLDAP 2.4.42 RPMs for Red Hat / CentOS
by Clément OUDOT 24 Aug '15

24 Aug '15

Hi, OpenLDAP 2.4.42 RPMs for Red Hat / CentOS are available on LDAP Tool Box project : http://ltb-project.org/wiki/download#packages_for_red_hatcentos You can see packages description here: http://ltb-project.org/wiki/documentation/openldap-rpm -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 87, rue de Turbigo - 75003 PARIS

1 0

Re: How to let users change passwords
by robert k Wild 24 Aug '15

24 Aug '15

i feel such a donut! it was because i had a space inbetween the lines of "modify time stamp" and the first "olcaccess", i deleted the space restarted slapd and on the client when i run the command passwd i can successfully change the user password

1 0

How to let users change passwords
by robert k Wild 24 Aug '15

24 Aug '15

Hi all, I have an openldap server (centos 6.6) and created a user account and given the user a generic password eg "password123" when my end user logs in there client (centos 6.6) How can i give them an option if they want to, to change their own password or for them to change their password when they login Many thanks Rob -- Regards, Robert K Wild.

1 0

How can I Modify OpenLdap database?
by Jason Long 22 Aug '15

22 Aug '15

Hello. I added some entries to OpenLdap but I want edit them. How can I do it? my "slapcat" output is : # slapcat 55d45334 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif" 55d45334 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif" 55d45334 The first database does not allow slapcat; using the first available one (2) 55d45334 hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2). Expect poor performance for suffix "dc=linux,dc=dj". dn: dc=linux-d,dc=j objectClass: dcObject objectClass: organization dc: linux-d o: linux-d structuralObjectClass: organization entryUUID: 1c4fa7b0-da8c-1034-91a3-f90dc6355c19 creatorsName: cn=Manager,dc=linux-d,dc=j createTimestamp: 20150819070316Z entryCSN: 20150819070316.921292Z#000000#000#000000 modifiersName: cn=Manager,dc=linux-d,dc=j modifyTimestamp: 20150819070316Z dn: ou=Users,dc=linux-d,dc=j objectClass: organizationalUnit ou: Users structuralObjectClass: organizationalUnit entryUUID: c3dbe28c-da8c-1034-91a4-f90dc6355c19 creatorsName: cn=Manager,dc=linux-d,dc=j createTimestamp: 20150819070758Z entryCSN: 20150819070758.019816Z#000000#000#000000 modifiersName: cn=Manager,dc=linux-d,dc=j modifyTimestamp: 20150819070758Z I want to change "linux-d" to "linux". I edited "/tmp/users.ldif" file and used "ldapmodify -a -D cn=Manager,dc=linux,dc=dj -w hack3rcon -f /tmp/users.ldif" but "slapcat" output still is : slapcat 55d4568e ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif" 55d4568e ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif" 55d4568e The first database does not allow slapcat; using the first available one (2) 55d4568e hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2). Expect poor performance for suffix "dc=linux,dc=dj". dn: dc=linux-d,dc=j objectClass: dcObject objectClass: organization dc: linux-d o: linux-d structuralObjectClass: organization entryUUID: 1c4fa7b0-da8c-1034-91a3-f90dc6355c19 creatorsName: cn=Manager,dc=linux-d,dc=j createTimestamp: 20150819070316Z entryCSN: 20150819070316.921292Z#000000#000#000000 modifiersName: cn=Manager,dc=linux-d,dc=j modifyTimestamp: 20150819070316Z dn: ou=Users,dc=linux-d,dc=j objectClass: organizationalUnit ou: Users structuralObjectClass: organizationalUnit entryUUID: c3dbe28c-da8c-1034-91a4-f90dc6355c19 creatorsName: cn=Manager,dc=linux-d,dc=j createTimestamp: 20150819070758Z entryCSN: 20150819070758.019816Z#000000#000#000000 modifiersName: cn=Manager,dc=linux-d,dc=j modifyTimestamp: 20150819070758Z dn: dc=linux,dc=dj objectClass: dcObject objectClass: organization dc: linux o: linux structuralObjectClass: organization entryUUID: e1968706-daa4-1034-82a7-470596994b9c creatorsName: cn=Manager,dc=linux,dc=dj createTimestamp: 20150819100035Z entryCSN: 20150819100035.818429Z#000000#000#000000 modifiersName: cn=Manager,dc=linux,dc=dj modifyTimestamp: 20150819100035Z dn: ou=Users,dc=linux,dc=dj objectClass: organizationalUnit ou: Users structuralObjectClass: organizationalUnit entryUUID: 2a1a366c-daa5-1034-82a8-470596994b9c creatorsName: cn=Manager,dc=linux,dc=dj createTimestamp: 20150819100237Z entryCSN: 20150819100237.477397Z#000000#000#000000 modifiersName: cn=Manager,dc=linux,dc=dj modifyTimestamp: 20150819100237Z As you see, I have "linux-d" . How can I solve it?

2 5

OLC ppolicy
by Jeremy Trammell - DLA 22 Aug '15

22 Aug '15

Greetings, I'm trying to set up a very simple LDAP server using OpenLDAP (via OLC) and it seems hopeless. The sticking point is ppolicy. I have followed several online guides (http://www.ryanfrantz.com/posts/openldap-implementing-the-password-policy-o…, https://www.oostergo.net/node/85, to name a few), all of which seem to essentially detail the same procedure, and have met with no success. Whilst following those instructions, I receive no error messages. All commands complete successfully and do not indicate failures of any kind. Looking at the cn=config and target DITs, all data seems to have been imported as expected. Despite that fact, passwd follows a "mystery policy" which bears no resemblance to the policy that I have specified, and ldappasswd follows "no policy at all you can do whatever you want". Is there some way for me to empirically determine what these commands are doing, and why my policy does nothing? Thanks in advance... cn=module{0},cn=config > objectClass: olcModuleList > cn: module{0} > olcModuleLoad: {0}ppolicy.la > olcModuleLoad: {1}back_hdb > olcModuleLoad: {2}ppolicy > olcModulePath: /usr/lib/ldap olcDatabase={1}hdb,cn=config > objectClass: olcDatabaseConfig > objectClass: olcHdbConfig > olcDatabase: {1}hdb > olcDbDirectory: /var/lib/ldap > olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by > anonymous auth by dn="cn=admin,dc=dla" write by * none > olcAccess: {1}to dn.base="" by * read > olcAccess: {2}to * by self write by dn="cn=admin,dc=dla" write by * read > olcDbCheckpoint: 512 30 > olcDbConfig: {0}set_cachesize 0 2097152 0 > olcDbConfig: {1}set_lk_max_objects 1500 > olcDbConfig: {2}set_lk_max_locks 1500 > olcDbConfig: {3}set_lk_max_lockers 1500 > olcDbIndex: objectClass eq > olcLastMod: TRUE > olcSuffix: dc=dla olcOverlay={0}ppolicy,olcDatabase={1}hdb,cn=config > objectClass: olcOverlayConfig > objectClass: olcPPolicyConfig > olcOverlay: {0}ppolicy > olcPPolicyDefault: cn=passwordDefault,ou=policies,dc=dla > olcPPolicyForwardUpdates: FALSE > olcPPolicyHashCleartext: TRUE > olcPPolicyUseLockout: FALSE cn=passwordDefault,ou=policies,dc=dla > objectClass: person > objectClass: pwdPolicy > objectClass: pwdPolicyChecker > objectClass: top > cn: passwordDefault > pwdAttribute: 2.5.4.35 > sn: passwordDefault > pwdMinLength: 12

3 5

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical August 2015