February 2016 - openldap-technical

by Timothy Keith

How can I recreate the DIT using the output from slapcat ? I want to change the suffix when I do this. First, I ran slapcat: slapcat -v -l slapcat_backup.ldif Or just point me to the appropriate documentation. Tim

7 years, 7 months

3
2
0 / 0

Authenticating mac users on ldap

by robert k Wild

Hi all, I want to know or if anyone has done it, i want to be able to login via my ldap user on a mac I know it works on linux as i have been able to login via ldap on my centos machine Also i have mounted my ldap server, (where all the home shares are) via autofs How can i get this to work Many thanks Rob

7 years, 7 months

1
0
0 / 0

BINDDN in ~/.ldaprc ignored(?)

by Frank Thommen

Hi, BINDDN in ~/.ldaprc seems to be ignored or I'm doing something wrong. /etc/openldap/ldap.conf is empty. ~/.ldaprc is: $ cat ~/.ldaprc BINDDN <myBindDN> BASE <myBaseDN> URI ldaps://<myLDAPServer> TLS_REQCERT never $ ldapsearch returns an error if I don't declare the bindDN on the commandline: $ ldapsearch -W -v cn=xyz ldap_initialize( <DEFAULT> ) Enter LDAP Password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available) $ Using strace I can see, that ~/.ldaprc is accessed by ldapsearch. So either BINDDN is ignored or I am doing something wrong. but works happily with the bindDN on the commandline: $ ldapsearch -D <myBindDN> -W -v cn=xyz ldap_initialize( <DEFAULT> ) Enter LDAP Password: [... ldapsearch results ...] $ Using strace I can see, that ~/.ldaprc is accessed by ldapsearch. So either BINDDN is ignored or I am doing something wrong. This is with openSUSE 13.1 and ldapsearch 2.4.33. Cheers Frank

7 years, 7 months

3
3
0 / 0

Re: BINDDN in ~/.ldaprc ignored(?)

by Frank Thommen

On 02/09/2016 02:22 PM, Michael Wandel wrote: > On 09.02.2016 10:28, Frank Thommen wrote: >> Hi, >> >> BINDDN in ~/.ldaprc seems to be ignored or I'm doing something wrong. >> >> /etc/openldap/ldap.conf is empty. >> >> ~/.ldaprc is: >> >> $ cat ~/.ldaprc >> BINDDN <myBindDN> >> BASE <myBaseDN> >> URI ldaps://<myLDAPServer> >> TLS_REQCERT never >> $ >> >> >> ldapsearch returns an error if I don't declare the bindDN on the >> commandline: >> >> $ ldapsearch -W -v cn=xyz >> ldap_initialize( <DEFAULT> ) >> Enter LDAP Password: >> SASL/GSSAPI authentication started >> ldap_sasl_interactive_bind_s: Local error (-2) >> additional info: SASL(-1): generic failure: GSSAPI Error: >> Unspecified GSS failure. Minor code may provide more information (No >> Kerberos credentials available) >> $ >> > > can you please check if > > ldapsearch -x -W -v cn=xyz > > is working ? That works fine f. > > best regards > michael > >> Using strace I can see, that ~/.ldaprc is accessed by ldapsearch. So >> either BINDDN is ignored or I am doing something wrong. >> >> but works happily with the bindDN on the commandline: >> >> $ ldapsearch -D <myBindDN> -W -v cn=xyz >> ldap_initialize( <DEFAULT> ) >> Enter LDAP Password: >> [... ldapsearch results ...] >> $ >> >> Using strace I can see, that ~/.ldaprc is accessed by ldapsearch. So >> either BINDDN is ignored or I am doing something wrong. >> >> This is with openSUSE 13.1 and ldapsearch 2.4.33. >> >> >> Cheers >> Frank >> > > -- Frank Thommen | HD-HuB / DKFZ Heidelberg | f.thommen(a)dkfz-heidelberg.de | TP3: +49-6221-42-3562 (Mo+Di) | IPMB: +49-6221-54-5823 (Mi-Do)

7 years, 7 months

1
0
0 / 0

make posixGroup auxiliary in 2.4.40

by Chris

Dear All, I'm moving from OpenLDAP 2.2.x to 2.4.40 and have wasted hours trying to achieve the following: mailGroup (Postfix) is used as structural class, posixGroup (NIS) as auxiliary. Anyway. I can't add rfc2307bis schema, because NIS is already included. I've tried different methods to get rid of NIS, but they're not working. Is there any way to make posixGroup auxiliary? Thank you in advance. - Chris

7 years, 7 months

2
1
0 / 0

Re: [OpenLDAP][Authentication] SASL

by Timothy Keith

On Mon, Feb 8, 2016 at 6:07 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > --On Monday, February 08, 2016 6:04 PM -0600 Timothy Keith > <timothy.g.keith(a)gmail.com> wrote: > >> On Sun, Feb 7, 2016 at 6:55 AM, Michael Ströder <michael(a)stroeder.com> >> wrote: >>> >>> Timothy Keith wrote: >>>> >>>> How can I know that slapd was built with -enable-spasswd ? >>> >>> >>> By looking at the configure command in the build script, spec file in >>> source RPM or whatever produced the binary builds you're using. >>> >>> Ciao, Michael. >>> >> >> I extracted the files from the yum binary packages. It is 2.4.40-7. >> I don't think there is a way to determine what the configure options >> were at build time. > > > You need to download the *source* RPM not the *binary* RPM, as the source > RPM includes the SPEC file used to build OpenLDAP. > > --Quanah > > -- > > Quanah Gibson-Mount > Platform Architect > Zimbra, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > A division of Synacor, Inc This was found in a spec file from the src RPM : ./openldap-2/openldap.spec %configure \ --enable-rlookups \ \ --with-tls=moznss \ --with-cyrus-sasl \ \ --enable-wrappers \ \ --enable-passwd \ \ --enable-cleartext \ --enable-crypt \ --enable-spasswd \ --disable-lmpasswd \ --enable-modules \ --disable-sql \ \ --libexecdir=%{_libdir} \ $@ Looks okay for pass-through. Thanks, Tim

7 years, 7 months

1
0
0 / 0

Re: [OpenLDAP][Authentication] SASL

by Timothy Keith

The first attempt fails : ldapwhoami -v -ZZ -Y EXTERNAL ldap_initialize( <DEFAULT> ) ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate This also fails : ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base + ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Tim On Thu, Jan 21, 2016 at 7:43 PM, Sergio NNX <sfhacker(a)hotmail.com> wrote: >> My scenario is relatively simple. > Simple, but it doesn't work, right? > > Are you after something similar to the output below? > > ldapwhoami -v -ZZ -Y EXTERNAL > > SASL/EXTERNAL authentication started > SASL username: 2.5.4.13=End User Certificate (OpenLDAP > 2.4.43),2.5.4.5=1234-2015 > -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT > Solutions,l=Westminster,st=Lon > don,c=GB,email=info(a)matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc=EU,cn=A > dministrator > SASL SSF: 0 > dn:description=end user certificate (openldap > 2.4.43),serialNumber=1234-2015-uk, > title=mr,ou=finance department,o=matear.eu it > solutions,l=westminster,st=london, > c=gb,email=info(a)matear.eu,uid=administrator,dc=eu,cn=administrator > Result: Success (0) > > > ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base + > > SASL/EXTERNAL authentication started > SASL username: 2.5.4.13=End User Certificate (OpenLDAP > 2.4.43),2.5.4.5=1234-2015 > -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT > Solutions,l=Westminster,st=Lon > don,c=GB,email=info(a)matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc=EU,cn=A > dministrator > SASL SSF: 0 > dn: > structuralObjectClass: OpenLDAProotDSE > configContext: cn=config > monitorContext: cn=Monitor > namingContexts: dc=my-domain,dc=com > supportedControl: 1.3.6.1.4.1.4203.1.9.1.1 > supportedControl: 2.16.840.1.113730.3.4.18 > supportedControl: 2.16.840.1.113730.3.4.2 > supportedControl: 1.3.6.1.4.1.4203.1.10.1 > supportedControl: 1.3.6.1.1.22 > supportedControl: 1.2.840.113556.1.4.319 > supportedControl: 1.2.826.0.1.3344810.2.3 > supportedControl: 1.3.6.1.1.13.2 > supportedControl: 1.3.6.1.1.13.1 > supportedControl: 1.3.6.1.1.12 > supportedExtension: 1.3.6.1.4.1.1466.20037 > supportedExtension: 1.3.6.1.4.1.4203.1.11.1 > supportedExtension: 1.3.6.1.4.1.4203.1.11.3 > supportedExtension: 1.3.6.1.1.8 > supportedFeatures: 1.3.6.1.1.14 > supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 > supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 > supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 > supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 > supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 > supportedLDAPVersion: 3 > supportedSASLMechanisms: SRP > supportedSASLMechanisms: SCRAM-SHA-1 > supportedSASLMechanisms: GSSAPI > supportedSASLMechanisms: GSS-SPNEGO > supportedSASLMechanisms: DIGEST-MD5 > supportedSASLMechanisms: EXTERNAL > supportedSASLMechanisms: OTP > supportedSASLMechanisms: CRAM-MD5 > supportedSASLMechanisms: NTLM > supportedSASLMechanisms: LOGIN > supportedSASLMechanisms: PLAIN > entryDN: > subschemaSubentry: cn=Subschema >

7 years, 7 months

5
10
0 / 0

OpenLDAP 2.4.44 RPM packages available on LTB project

by Clément OUDOT

Hi, LTB RPM packages for OpenLDAP 2.4.44 are available: http://ltb-project.org/wiki/download#packages_for_red_hatcentos Debian packages should follow soon. -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux

7 years, 7 months

1
0
0 / 0

LMDB mmap usage

by Kristoffer Sjögren

Hi Our application do lots of caching using vmtouch, up to a point where there isn't a lot of memory left on the machine. We would like to use LMDB on the same machine to store around 40GiB data of a few hundred million entries. How can we best understand the interaction and behavior of the OS cache and sharing of memory between processes? Is LMDB doing something to help the OS? Cheers, -Kristoffer

7 years, 7 months

3
7
0 / 0

openSUSE packages (was: OpenLDAP 2.4.44 available)

by Michael Ströder

OpenLDAP Project wrote: > OpenLDAP 2.4.44 is now available for download For the impatient the updated openSUSE packages for OpenLDAP 2.4.44 are available in my build service home project: https://build.opensuse.org/package/show/home:stroeder:branches:network:ld... The download repos for various versions: http://download.opensuse.org/repositories/home:/stroeder:/branches:/netwo... Ciao, Michael.

7 years, 7 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical February 2016