openldap-technical October 2019

openldap-technical@openldap.org

18 participants
13 discussions

No version information available
by Leo Führinger 08 Oct '19

08 Oct '19

Hello, I've installed the newest version 2.4.48 of openldap on Ubuntu 18.04: vergrößern ./configure --with-cyrus-sasl --with-tls=openssl --enable-overlays=mod --enable-backends=mod --disable-perl --disable-ndb --enable-crypt --enable-modules --enable-dynamic --enable-syslog --enable-debug --enable-local --enable-spasswd --disable-sql --enable-mdb make depend make #test make test > test_results.txt grep '>>>>>.*failed' test_results.txt #install make install If I run the scritp 'sudo sh updateOpenldap.sh' which includes the command ldapdelete -x -r -D cn=admin,dc=aesettlingen,dc=ddnss,dc=de -w geheim ou=benutzer,dc=schule,dc=ddnss,dc=de >> updateOpenldap.log 2>> updateOpenldap.errorlog everything works fine. If I use a cronjob via crontab */1 * * * * /bin/bash /home/ldap/convertADtoOpenldap/updateOpenldap.sh I get the errors: ldapdelete: /usr/local/lib/liblber-2.4.so.2: no version information available (required by ldapdelete) ldapdelete: /usr/local/lib/libldap-2.4.so.2: no version information available (required by ldapdelete) LDAP vendor version mismatch: library 20448, header 20445 Here the content of /usr/lib/ vergrößern 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 root@ldapserver:/# ls -lah /usr/lib/lib* lrwxrwxrwx 1 root root 21 Mai 14 09:07 /usr/lib/libDeployPkg.so.0 -> libDeployPkg.so.0.0.0 -rw-r--r-- 1 root root 31K Mai 14 09:07 /usr/lib/libDeployPkg.so.0.0.0 lrwxrwxrwx 1 root root 15 Dez 19 2018 /usr/lib/libgjs.so.0 -> libgjs.so.0.0.0 -rw-r--r-- 1 root root 820K Dez 19 2018 /usr/lib/libgjs.so.0.0.0 lrwxrwxrwx 1 root root 20 Mai 14 09:07 /usr/lib/libguestlib.so.0 -> libguestlib.so.0.0.0 -rw-r--r-- 1 root root 23K Mai 14 09:07 /usr/lib/libguestlib.so.0.0.0 lrwxrwxrwx 1 root root 16 Mai 14 09:07 /usr/lib/libhgfs.so.0 -> libhgfs.so.0.0.0 -rw-r--r-- 1 root root 160K Mai 14 09:07 /usr/lib/libhgfs.so.0.0.0 lrwxrwxrwx 1 root root 31 Sep 16 17:37 /usr/lib/libldap-2.4.so.2 -> /usr/local/lib/libldap-2.4.so.2 lrwxrwxrwx 1 root root 17 Sep 4 2018 /usr/lib/libnetpbm.so.10 -> libnetpbm.so.10.0 -rw-r--r-- 1 root root 143K Apr 23 2016 /usr/lib/libnetpbm.so.10.0 lrwxrwxrwx 1 root root 18 Mai 14 09:07 /usr/lib/libvgauth.so.0 -> libvgauth.so.0.0.0 -rw-r--r-- 1 root root 84K Mai 14 09:07 /usr/lib/libvgauth.so.0.0.0 lrwxrwxrwx 1 root root 19 Mai 14 09:07 /usr/lib/libvmtools.so.0 -> libvmtools.so.0.0.0 -rw-r--r-- 1 root root 609K Mai 14 09:07 /usr/lib/libvmtools.so.0.0.0 and /usr/local/lib/ vergrößern 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 root@ldapserver:/# ls -lah /usr/local/lib/lib* lrwxrwxrwx 1 root root 22 Okt 3 18:11 /usr/local/lib/liblber-2.4.so.2 -> liblber-2.4.so.2.10.11 -rw-r--r-- 1 root root 222K Okt 3 18:11 /usr/local/lib/liblber-2.4.so.2.10.11 -rw-r--r-- 1 root root 223K Sep 12 2018 /usr/local/lib/liblber-2.4.so.2.10.8 -rw-r--r-- 1 root root 223K Sep 11 2018 /usr/local/lib/liblber-2.4.so.2.10.9 -rw-r--r-- 1 root root 375K Okt 3 18:11 /usr/local/lib/liblber.a -rw-r--r-- 1 root root 827 Okt 3 18:11 /usr/local/lib/liblber.la lrwxrwxrwx 1 root root 22 Okt 3 18:11 /usr/local/lib/liblber.so -> liblber-2.4.so.2.10.11 lrwxrwxrwx 1 root root 22 Okt 3 18:11 /usr/local/lib/libldap-2.4.so.2 -> libldap-2.4.so.2.10.11 -rw-r--r-- 1 root root 1,4M Okt 3 18:11 /usr/local/lib/libldap-2.4.so.2.10.11 -rw-r--r-- 1 root root 1,4M Sep 12 2018 /usr/local/lib/libldap-2.4.so.2.10.8 -rw-r--r-- 1 root root 1,4M Sep 11 2018 /usr/local/lib/libldap-2.4.so.2.10.9 -rw-r--r-- 1 root root 2,8M Okt 3 18:11 /usr/local/lib/libldap.a -rw-r--r-- 1 root root 876 Okt 3 18:11 /usr/local/lib/libldap.la lrwxrwxrwx 1 root root 24 Okt 3 18:11 /usr/local/lib/libldap_r-2.4.so.2 -> libldap_r-2.4.so.2.10.11 -rw-r--r-- 1 root root 1,6M Okt 3 18:11 /usr/local/lib/libldap_r-2.4.so.2.10.11 -rw-r--r-- 1 root root 1,6M Sep 12 2018 /usr/local/lib/libldap_r-2.4.so.2.10.8 -rw-r--r-- 1 root root 1,6M Sep 11 2018 /usr/local/lib/libldap_r-2.4.so.2.10.9 -rw-r--r-- 1 root root 3,1M Okt 3 18:11 /usr/local/lib/libldap_r.a -rw-r--r-- 1 root root 899 Okt 3 18:11 /usr/local/lib/libldap_r.la lrwxrwxrwx 1 root root 24 Okt 3 18:11 /usr/local/lib/libldap_r.so -> libldap_r-2.4.so.2.10.11 lrwxrwxrwx 1 root root 22 Okt 3 18:11 /usr/local/lib/libldap.so -> libldap-2.4.so.2.10.11 Does somebody has any idea? Thanks a lot! Leo

2 2

not getting ldap proxy to AD working... please help
by Drikus Brits 08 Oct '19

08 Oct '19

Heya experts. I need some guidance. I am having difficulty deploying my requirements. I need to deploy a couple of U18 servers/containers. These servers all needs to authenticate with LDAP accounts that is active and in a certain group on AD, but the IT team doesn't want to allow IPs and ports from servers across the network and so I have to set up a ldap proxy that will speak to AD on behalf of all the other machines eg jumphost. The windows AD cannot be modified to add extra groups eg posixAccount, uidNumber, gidNumber, loginShell, homeDirectory etc. I can successfully run a ldapsearch from the proxy machine to the AD and query a user based on the sAMAccountName and am getting successful results back from AD. However, when the jumphost (proxy set as ldap authhost) tries to authenticate with the proxy, then I see the request coming in from the jumphost to ldap proxy, and see the ldap proxy sending the request to the windows AD, but it forwards the same details as it sent to the local to the remote; eg objectClass=posixAccount, uid=testuser. This doesn't exist on the AD and so returns no result. I've tried to do rewrites and according to the packet captures, saw that the rewrite was working somewhat. I was able to rewrite uid to sAMAccountName, but not sure what to rewrite the posixAccount to.... So ideally what I'd like to see happening is that : 1) user logs onto jumphost with username "testuser" 2) user lookup & authentication goes to ldap_proxy 3) ldap_proxy send request to AD to check if user exists and is active and match against the password 4) upon username=exists, is=active, password=ok return the result to ldap_proxy 5) ldap_proxy returns the necessary to jumphost eg; a) posixAccount b) homeDirectory c) loginShell I've tried following a couple of different options to make it work, but right now I'm not sure which option is the correct one eg; (mdb config + ldap backend) or (meta + ldap backend ) or ( ldap + pcache ) and whether to rewrite or not to rewrite. From my understanding, I am looking for something that sounds like a meta setup that combines the local and remote data...is my understanding correct? I've seen this working at a previous employer but not sure whether their AD was modified and that is why it was working there, or whether the solution is workable without having to force the IT guys' hand and add extra vars.. I've scouted the openldap mailing list as well for answers but there is a plethora of no replies and some replies that somewhat matches what I'm trying to do... Any guidance would be super appreciated

2 2

Lazy quantifiers in regex ACLs??
by Jon C Kidder 02 Oct '19

02 Oct '19

Does the regex engine in OpenLDAP not support lazy quantifiers? Why does the ACL processing in this log show only one capture group as if the lazy quantifier in the first capture group isn't recognized? Every tester I plug this regex into produces 2 capture groups which is what I need. I need to carve off the leading OU as one capture group and capture the remaining chain of OUs as the second group then re-use both in my ACLs. Any suggestions for creating a regex that would produce the desired capture groups for use in my ACLs? 5d94aa15 => dnpat: [18] (ou=.+?,)?(ou=.+,)?ou=Delegated,ou=ApplicationData,dc=global,dc=aep,dc=com$ nsub: 2 5d94aa15 => acl_get: [18] matched 5d94aa15 => acl_get: [18] attr entry 5d94aa15 => match[dn0]: 0 95 ou=testapplication,ou=bolt,ou=concourse,ou=delegated,ou=applicationdata,dc=global,dc=aep,dc=com 5d94aa15 => match[dn1]: 0 40 ou=testapplication,ou=bolt,ou=concourse,

2 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical October 2019