Re: Slapd is coming down
by Édnei Rodrigues
I have two process because I am replicating the production three to this
environment ( dev, port 1389) and I have a translucent service to overlap a
few attributes (port 389 ).
Thanks.
Em 20/08/2015 15:43, "Quanah Gibson-Mount" <quanah(a)zimbra.com> escreveu:
> --On Thursday, August 20, 2015 4:00 PM -0300 Édnei Rodrigues <
> ednei.felipe.rodrigues(a)gmail.com> wrote:
>
>
>> Hello quanah!
>> Yes, I know, my SO killed the slapd because it was configured.
>> But I don't have any other service in the server, only the openldap.
>>
>
> Why do you have two slapd processes on the server? Your setup seems
> somewhat odd.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Platform Architect
> Zimbra, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
7 years, 9 months
How to create multiple schema at the same level in openldap
by PRATIK SINGAL
Hello all,
Can any one help me on how the schema files will be created where multiple
schema can be present at the same level.Below is the diagram where Schema
C And Schema D are two Schema which needs to be present at the same third
level under Schema B.
Schema A
|
Schema B
| |
Schema C Schema D
Regards,
Pratik
7 years, 9 months
Centos 7/openldap/samba
by Alex Moen
Setting up a new openldap server on Centos 7. I am trying to add the
samba.schema that comes with samba. I got the schema file from the
newest distribution of Samba, copied it to /etc/openldap/schema, and ran
"ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/samba.schema".
This command worked perfectly with the cosine and inetorgperson schema
files, but I got an 'invalid format (line 1) entry: ""' response.
I grepped the internet for this response, and found that some people
have needed to change all "attryibutetype" entries to "attributetype:".
So, I did that. It got me to line 2, where the leading descriptor is
"DESC". I changed all the "DESC" to "DESC:", which was also helpful and
moved me on to line 3, and so on. So, now I have gotten to line 236,
which is an objectclass statement, so I am lost.
None of the other files that worked with this exact same command syntax
has any of the colons on the descriptors (IDK what they are really
called), so I wonder if I'm not barking up the wrong tree.
I also can't find anything on the net that speaks to this issue, so I am
guessing that I probably have some other problem with the server.
Any suggestions???
TIA!
Alex
--
Alex Moen
NSTII
North Dakota Telephone Company
701-662-6481
7 years, 9 months
Group of groups wiith posfix
by Jose Legido
Hello
I have debian machine configured sudo with ldap group.
The ldap group is objectclass posixGroup and the users memberUid.
I want to put groups instead of users. It's possible?
Thank you
7 years, 9 months
LDAP proxy issue
by jason cafarelli
note: Apologize if this dupes; think i sent original out before i was
approved on mailing list.
A bit stuck; bear with me; somewhat of a LDAP nubbie; sure i am missing
something simple,
Trying to get a local server to AUTH locally to its own openldap-server and
then proxy to corporate LDAP if user is not found locally.
1. Local users work
2. AUTH to local LDAP server works
3. AUTH to corporate LDAP does NOT work
4. LDAP search to corporate works when using local server (ack!?!)
user = corporate LDAP account
internal ldap = users - internal.com
corporate ldap = people - datacenter.corporate.com
note: anonymous bind is enabled on corporate.
oot@ sssd]# ldapsearch -h 127.0.0.1 -x -b
"uid=user,ou=people,dc=datacenter,dc=corporate,dc=com"
# extended LDIF
#
# LDAPv3
# base <uid=user,ou=people,dc=datacenter,dc=corporate,dc=com> with scope
subtree
# filter: (objectclass=*)
# requesting: ALL
#
# user, People, datacenter.corporate.com
dn: uid=user,ou=People,dc=datacenter,dc=corporate,dc=com
uid: user
cn:
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax:
shadowWarning:
loginShell: /bin/bash
uidNumber:
gidNumber:
homeDirectory: /home/users/user
gecos: user
shadowLastChange: 16461
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Setup slap.d;
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=internal,dc=com"
checkpoint 1024 15
rootdn "cn=adm,dc=internal,dc=com"
rootpw {SSHA}aaaaa
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com(a)EXAMPLE.COM
#proxy ldap
database ldap
suffix "ou=People,dc=datacenter,dc=corp,dc=com"
uri "ldap://1.1.1.1:389/"
idassert-bind bindmethod=none
ldap.conf
URI ldap://127.0.0.1
BASE dc=internal,dc=com
7 years, 9 months
Re: How to let users change passwords
by robert k Wild
i feel such a donut!
it was because i had a space inbetween the lines of "modify time stamp" and
the first "olcaccess", i deleted the space restarted slapd and on the
client when i run the command passwd i can successfully change the user
password
7 years, 9 months
How to let users change passwords
by robert k Wild
Hi all,
I have an openldap server (centos 6.6) and created a user account and given
the user a generic password eg "password123"
when my end user logs in there client (centos 6.6) How can i give them an
option if they want to, to change their own password or for them to change
their password when they login
Many thanks
Rob
--
Regards,
Robert K Wild.
7 years, 9 months
How can I Modify OpenLdap database?
by Jason Long
Hello.
I added some entries to OpenLdap but I want edit them. How can I do it?
my "slapcat" output is :
# slapcat
55d45334 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
55d45334 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"
55d45334 The first database does not allow slapcat; using the first available one (2)
55d45334 hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).
Expect poor performance for suffix "dc=linux,dc=dj".
dn: dc=linux-d,dc=j
objectClass: dcObject
objectClass: organization
dc: linux-d
o: linux-d
structuralObjectClass: organization
entryUUID: 1c4fa7b0-da8c-1034-91a3-f90dc6355c19
creatorsName: cn=Manager,dc=linux-d,dc=j
createTimestamp: 20150819070316Z
entryCSN: 20150819070316.921292Z#000000#000#000000
modifiersName: cn=Manager,dc=linux-d,dc=j
modifyTimestamp: 20150819070316Z
dn: ou=Users,dc=linux-d,dc=j
objectClass: organizationalUnit
ou: Users
structuralObjectClass: organizationalUnit
entryUUID: c3dbe28c-da8c-1034-91a4-f90dc6355c19
creatorsName: cn=Manager,dc=linux-d,dc=j
createTimestamp: 20150819070758Z
entryCSN: 20150819070758.019816Z#000000#000#000000
modifiersName: cn=Manager,dc=linux-d,dc=j
modifyTimestamp: 20150819070758Z
I want to change "linux-d" to "linux".
I edited "/tmp/users.ldif" file and used "ldapmodify -a -D cn=Manager,dc=linux,dc=dj -w hack3rcon -f /tmp/users.ldif" but "slapcat" output still is :
slapcat
55d4568e ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
55d4568e ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"
55d4568e The first database does not allow slapcat; using the first available one (2)
55d4568e hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2).
Expect poor performance for suffix "dc=linux,dc=dj".
dn: dc=linux-d,dc=j
objectClass: dcObject
objectClass: organization
dc: linux-d
o: linux-d
structuralObjectClass: organization
entryUUID: 1c4fa7b0-da8c-1034-91a3-f90dc6355c19
creatorsName: cn=Manager,dc=linux-d,dc=j
createTimestamp: 20150819070316Z
entryCSN: 20150819070316.921292Z#000000#000#000000
modifiersName: cn=Manager,dc=linux-d,dc=j
modifyTimestamp: 20150819070316Z
dn: ou=Users,dc=linux-d,dc=j
objectClass: organizationalUnit
ou: Users
structuralObjectClass: organizationalUnit
entryUUID: c3dbe28c-da8c-1034-91a4-f90dc6355c19
creatorsName: cn=Manager,dc=linux-d,dc=j
createTimestamp: 20150819070758Z
entryCSN: 20150819070758.019816Z#000000#000#000000
modifiersName: cn=Manager,dc=linux-d,dc=j
modifyTimestamp: 20150819070758Z
dn: dc=linux,dc=dj
objectClass: dcObject
objectClass: organization
dc: linux
o: linux
structuralObjectClass: organization
entryUUID: e1968706-daa4-1034-82a7-470596994b9c
creatorsName: cn=Manager,dc=linux,dc=dj
createTimestamp: 20150819100035Z
entryCSN: 20150819100035.818429Z#000000#000#000000
modifiersName: cn=Manager,dc=linux,dc=dj
modifyTimestamp: 20150819100035Z
dn: ou=Users,dc=linux,dc=dj
objectClass: organizationalUnit
ou: Users
structuralObjectClass: organizationalUnit
entryUUID: 2a1a366c-daa5-1034-82a8-470596994b9c
creatorsName: cn=Manager,dc=linux,dc=dj
createTimestamp: 20150819100237Z
entryCSN: 20150819100237.477397Z#000000#000#000000
modifiersName: cn=Manager,dc=linux,dc=dj
modifyTimestamp: 20150819100237Z
As you see, I have "linux-d" .
How can I solve it?
7 years, 9 months
OLC ppolicy
by Jeremy Trammell - DLA
Greetings,
I'm trying to set up a very simple LDAP server using OpenLDAP (via OLC)
and it seems hopeless. The sticking point is ppolicy. I have followed
several online guides
(http://www.ryanfrantz.com/posts/openldap-implementing-the-password-policy...,
https://www.oostergo.net/node/85, to name a few), all of which seem to
essentially detail the same procedure, and have met with no success.
Whilst following those instructions, I receive no error messages. All
commands complete successfully and do not indicate failures of any
kind. Looking at the cn=config and target DITs, all data seems to have
been imported as expected. Despite that fact, passwd follows a "mystery
policy" which bears no resemblance to the policy that I have specified,
and ldappasswd follows "no policy at all you can do whatever you want".
Is there some way for me to empirically determine what these commands
are doing, and why my policy does nothing? Thanks in advance...
cn=module{0},cn=config
> objectClass: olcModuleList
> cn: module{0}
> olcModuleLoad: {0}ppolicy.la
> olcModuleLoad: {1}back_hdb
> olcModuleLoad: {2}ppolicy
> olcModulePath: /usr/lib/ldap
olcDatabase={1}hdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcHdbConfig
> olcDatabase: {1}hdb
> olcDbDirectory: /var/lib/ldap
> olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by
> anonymous auth by dn="cn=admin,dc=dla" write by * none
> olcAccess: {1}to dn.base="" by * read
> olcAccess: {2}to * by self write by dn="cn=admin,dc=dla" write by * read
> olcDbCheckpoint: 512 30
> olcDbConfig: {0}set_cachesize 0 2097152 0
> olcDbConfig: {1}set_lk_max_objects 1500
> olcDbConfig: {2}set_lk_max_locks 1500
> olcDbConfig: {3}set_lk_max_lockers 1500
> olcDbIndex: objectClass eq
> olcLastMod: TRUE
> olcSuffix: dc=dla
olcOverlay={0}ppolicy,olcDatabase={1}hdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcPPolicyConfig
> olcOverlay: {0}ppolicy
> olcPPolicyDefault: cn=passwordDefault,ou=policies,dc=dla
> olcPPolicyForwardUpdates: FALSE
> olcPPolicyHashCleartext: TRUE
> olcPPolicyUseLockout: FALSE
cn=passwordDefault,ou=policies,dc=dla
> objectClass: person
> objectClass: pwdPolicy
> objectClass: pwdPolicyChecker
> objectClass: top
> cn: passwordDefault
> pwdAttribute: 2.5.4.35
> sn: passwordDefault
> pwdMinLength: 12
7 years, 9 months
