rebuilding the DIT
by Timothy Keith
How can I recreate the DIT using the output from slapcat ?
I want to change the suffix when I do this. First, I ran slapcat:
slapcat -v -l slapcat_backup.ldif
Or just point me to the appropriate documentation.
Tim
7 years, 7 months
Authenticating mac users on ldap
by robert k Wild
Hi all,
I want to know or if anyone has done it, i want to be able to login via my
ldap user on a mac
I know it works on linux as i have been able to login via ldap on my centos
machine
Also i have mounted my ldap server, (where all the home shares are) via
autofs
How can i get this to work
Many thanks
Rob
7 years, 7 months
BINDDN in ~/.ldaprc ignored(?)
by Frank Thommen
Hi,
BINDDN in ~/.ldaprc seems to be ignored or I'm doing something wrong.
/etc/openldap/ldap.conf is empty.
~/.ldaprc is:
$ cat ~/.ldaprc
BINDDN <myBindDN>
BASE <myBaseDN>
URI ldaps://<myLDAPServer>
TLS_REQCERT never
$
ldapsearch returns an error if I don't declare the bindDN on the
commandline:
$ ldapsearch -W -v cn=xyz
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified
GSS failure. Minor code may provide more information (No Kerberos
credentials available)
$
Using strace I can see, that ~/.ldaprc is accessed by ldapsearch. So
either BINDDN is ignored or I am doing something wrong.
but works happily with the bindDN on the commandline:
$ ldapsearch -D <myBindDN> -W -v cn=xyz
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
[... ldapsearch results ...]
$
Using strace I can see, that ~/.ldaprc is accessed by ldapsearch. So
either BINDDN is ignored or I am doing something wrong.
This is with openSUSE 13.1 and ldapsearch 2.4.33.
Cheers
Frank
7 years, 7 months
Re: BINDDN in ~/.ldaprc ignored(?)
by Frank Thommen
On 02/09/2016 02:22 PM, Michael Wandel wrote:
> On 09.02.2016 10:28, Frank Thommen wrote:
>> Hi,
>>
>> BINDDN in ~/.ldaprc seems to be ignored or I'm doing something wrong.
>>
>> /etc/openldap/ldap.conf is empty.
>>
>> ~/.ldaprc is:
>>
>> $ cat ~/.ldaprc
>> BINDDN <myBindDN>
>> BASE <myBaseDN>
>> URI ldaps://<myLDAPServer>
>> TLS_REQCERT never
>> $
>>
>>
>> ldapsearch returns an error if I don't declare the bindDN on the
>> commandline:
>>
>> $ ldapsearch -W -v cn=xyz
>> ldap_initialize( <DEFAULT> )
>> Enter LDAP Password:
>> SASL/GSSAPI authentication started
>> ldap_sasl_interactive_bind_s: Local error (-2)
>> additional info: SASL(-1): generic failure: GSSAPI Error:
>> Unspecified GSS failure. Minor code may provide more information (No
>> Kerberos credentials available)
>> $
>>
>
> can you please check if
>
> ldapsearch -x -W -v cn=xyz
>
> is working ?
That works fine
f.
>
> best regards
> michael
>
>> Using strace I can see, that ~/.ldaprc is accessed by ldapsearch. So
>> either BINDDN is ignored or I am doing something wrong.
>>
>> but works happily with the bindDN on the commandline:
>>
>> $ ldapsearch -D <myBindDN> -W -v cn=xyz
>> ldap_initialize( <DEFAULT> )
>> Enter LDAP Password:
>> [... ldapsearch results ...]
>> $
>>
>> Using strace I can see, that ~/.ldaprc is accessed by ldapsearch. So
>> either BINDDN is ignored or I am doing something wrong.
>>
>> This is with openSUSE 13.1 and ldapsearch 2.4.33.
>>
>>
>> Cheers
>> Frank
>>
>
>
--
Frank Thommen | HD-HuB / DKFZ Heidelberg
| f.thommen(a)dkfz-heidelberg.de
| TP3: +49-6221-42-3562 (Mo+Di)
| IPMB: +49-6221-54-5823 (Mi-Do)
7 years, 7 months
make posixGroup auxiliary in 2.4.40
by Chris
Dear All,
I'm moving from OpenLDAP 2.2.x to 2.4.40 and have wasted hours trying to
achieve the following:
mailGroup (Postfix) is used as structural class, posixGroup (NIS) as
auxiliary.
Anyway. I can't add rfc2307bis schema, because NIS is already included.
I've tried different methods to get rid of NIS, but they're not working.
Is there any way to make posixGroup auxiliary?
Thank you in advance.
- Chris
7 years, 7 months
Re: [OpenLDAP][Authentication] SASL
by Timothy Keith
On Mon, Feb 8, 2016 at 6:07 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
> --On Monday, February 08, 2016 6:04 PM -0600 Timothy Keith
> <timothy.g.keith(a)gmail.com> wrote:
>
>> On Sun, Feb 7, 2016 at 6:55 AM, Michael Ströder <michael(a)stroeder.com>
>> wrote:
>>>
>>> Timothy Keith wrote:
>>>>
>>>> How can I know that slapd was built with -enable-spasswd ?
>>>
>>>
>>> By looking at the configure command in the build script, spec file in
>>> source RPM or whatever produced the binary builds you're using.
>>>
>>> Ciao, Michael.
>>>
>>
>> I extracted the files from the yum binary packages. It is 2.4.40-7.
>> I don't think there is a way to determine what the configure options
>> were at build time.
>
>
> You need to download the *source* RPM not the *binary* RPM, as the source
> RPM includes the SPEC file used to build OpenLDAP.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Platform Architect
> Zimbra, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
> A division of Synacor, Inc
This was found in a spec file from the src RPM : ./openldap-2/openldap.spec
%configure \
--enable-rlookups \
\
--with-tls=moznss \
--with-cyrus-sasl \
\
--enable-wrappers \
\
--enable-passwd \
\
--enable-cleartext \
--enable-crypt \
--enable-spasswd \
--disable-lmpasswd \
--enable-modules \
--disable-sql \
\
--libexecdir=%{_libdir} \
$@
Looks okay for pass-through. Thanks, Tim
7 years, 7 months
Re: [OpenLDAP][Authentication] SASL
by Timothy Keith
The first attempt fails :
ldapwhoami -v -ZZ -Y EXTERNAL
ldap_initialize( <DEFAULT> )
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate
This also fails :
ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Tim
On Thu, Jan 21, 2016 at 7:43 PM, Sergio NNX <sfhacker(a)hotmail.com> wrote:
>> My scenario is relatively simple.
> Simple, but it doesn't work, right?
>
> Are you after something similar to the output below?
>
> ldapwhoami -v -ZZ -Y EXTERNAL
>
> SASL/EXTERNAL authentication started
> SASL username: 2.5.4.13=End User Certificate (OpenLDAP
> 2.4.43),2.5.4.5=1234-2015
> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
> Solutions,l=Westminster,st=Lon
> don,c=GB,email=info(a)matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc=EU,cn=A
> dministrator
> SASL SSF: 0
> dn:description=end user certificate (openldap
> 2.4.43),serialNumber=1234-2015-uk,
> title=mr,ou=finance department,o=matear.eu it
> solutions,l=westminster,st=london,
> c=gb,email=info(a)matear.eu,uid=administrator,dc=eu,cn=administrator
> Result: Success (0)
>
>
> ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
>
> SASL/EXTERNAL authentication started
> SASL username: 2.5.4.13=End User Certificate (OpenLDAP
> 2.4.43),2.5.4.5=1234-2015
> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
> Solutions,l=Westminster,st=Lon
> don,c=GB,email=info(a)matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc=EU,cn=A
> dministrator
> SASL SSF: 0
> dn:
> structuralObjectClass: OpenLDAProotDSE
> configContext: cn=config
> monitorContext: cn=Monitor
> namingContexts: dc=my-domain,dc=com
> supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
> supportedControl: 2.16.840.1.113730.3.4.18
> supportedControl: 2.16.840.1.113730.3.4.2
> supportedControl: 1.3.6.1.4.1.4203.1.10.1
> supportedControl: 1.3.6.1.1.22
> supportedControl: 1.2.840.113556.1.4.319
> supportedControl: 1.2.826.0.1.3344810.2.3
> supportedControl: 1.3.6.1.1.13.2
> supportedControl: 1.3.6.1.1.13.1
> supportedControl: 1.3.6.1.1.12
> supportedExtension: 1.3.6.1.4.1.1466.20037
> supportedExtension: 1.3.6.1.4.1.4203.1.11.1
> supportedExtension: 1.3.6.1.4.1.4203.1.11.3
> supportedExtension: 1.3.6.1.1.8
> supportedFeatures: 1.3.6.1.1.14
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
> supportedLDAPVersion: 3
> supportedSASLMechanisms: SRP
> supportedSASLMechanisms: SCRAM-SHA-1
> supportedSASLMechanisms: GSSAPI
> supportedSASLMechanisms: GSS-SPNEGO
> supportedSASLMechanisms: DIGEST-MD5
> supportedSASLMechanisms: EXTERNAL
> supportedSASLMechanisms: OTP
> supportedSASLMechanisms: CRAM-MD5
> supportedSASLMechanisms: NTLM
> supportedSASLMechanisms: LOGIN
> supportedSASLMechanisms: PLAIN
> entryDN:
> subschemaSubentry: cn=Subschema
>
7 years, 7 months
LMDB mmap usage
by Kristoffer Sjögren
Hi
Our application do lots of caching using vmtouch, up to a point where
there isn't a lot of memory left on the machine. We would like to use
LMDB on the same machine to store around 40GiB data of a few hundred
million entries.
How can we best understand the interaction and behavior of the OS
cache and sharing of memory between processes? Is LMDB doing something
to help the OS?
Cheers,
-Kristoffer
7 years, 7 months