Page Leak?
by Andrew Spott
I apologize if this is the wrong place to ask this, let me know if there is
someplace better.
So, when doing a `mdb_copy -c`, I've run into the error message:
mdb_copy: copying failed, error -30784 (MDB_INCOMPATIBLE: Operation and DB
incompatible, or DB flags changed)
When looking at the mdb_copy man page, it says that mdb_copy with
compaction might fail if the database has a 'page leak'.
Since that appears to be what has happened... can anyone tell me what that
means? Does this mean that the data could be corrupted? How do I fix this?
Thanks!
-Andew
3 years, 10 months
Mailman list?
by Zinski, Steve
We are in the process of migrating from a sendmail/virtuser environment to proofpoint/ldap mail routing. This means we have to add the inetLocalMailRecipient class to all of our users along with mail/mailLocalAddress/mailRoutingAddress attributes.
We also need to create routing records for our mailman mailing list aliases (i.e., list-admin, list-bounces, list-request, list-subscribe, etc.). What is the best way to add these addresses to ldap? I was thinking about adding a “mailman” container (regular users go in “people”) but I don’t know what structural object class to use for each mailman entry. Do I use person (or inetOrgPerson)? I want to do this right, so any best-practice tips would be welcome.
Any help would be appreciated.
Thanks,
Steve
3 years, 10 months
slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.666.5.16
by Jean-Francois Malouin
Hi,
Since I started adding clients to authenticate users through LDAP I'm getting
those messages in the servers log:
slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.666.5.16
Clients use nss-ldapd 0.9.9 with nslcd and nscd for caching. Servers are running
OpenLDAP 2.4.47 on Debian/Stretch 9.11.
A quick search shows those are related to deref control. I don't have that
overlay loaded on the servers, only slapo-memberof, slapo-syncprov,
slapo-refint and slapo-ppolicy
So I wonder if, first, are they harmfull? Or will they get eventually as the
number of clients will start to increase in the very near future?
thanks,
jf
3 years, 10 months
Acl on userPassword on a specfic base
by Marc Roos
I have problems authenticating against this acl[0] with nslcd, if I
use[1] authentication is fine. I have the impression the dn.exact is not
able to access the password attribute, because getent shows the other
attributes. How should I rewrite this so the dn.exact is able to read
the password attributes from dn.subtree?
[0]
olcAccess: {0} to dn.exact="" by * read
olcAccess: {1} to dn.exact="cn=Subschema" by * read
olcAccess: {2} to attrs=userPassword,shadowLastChange by ssf=256 self
read by ssf=256 anonymous auth by * none continue
olcAccess: {3} to
dn.subtree="ou=gggg,ou=ffff,ou=eee,dc=ccc,dc=bbb,dc=aaa" by
dn.exact="cn=system,ou=dddd,dc=ccc,dc=bbb,dc=aaa" ssf=64 read
olcAccess: {4} to * by * none
[1]
olcAccess: {0} to dn.exact="" by * read
olcAccess: {1} to dn.exact="cn=Subschema" by * read
olcAccess: {2} to attrs=userPassword,shadowLastChange by ssf=256 self
read by ssf=256 anonymous auth by * none
olcAccess: {3} to * by ssf=64 users read by * none
3 years, 10 months
It seems that the Tls cipher settings in ldap client and server not work.
by 莫亚男
Hi Friends,
My open-ldap server is
Version: 2.4.46
OS: redhat7
I set the parameter about cipher suite in client(ldap.conf) and server (slapd.conf) and restart the service, the tcp/ip log, find the cipher not changed.
In ldap.conf:
TLS_CIPHER_SUITE ALL:!TLSv1.3
In slapd.conf:
TLSCipherSuite !TLSv1.3
openssl provide those cipher suites:
[root@ ~]# openssl ciphers -v 'TLSv1.3'
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any
Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
when openldap worked as a client, it send 4 cipher suites to server in TLS1.3
client hello.
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
When openldap worked as a server, it used TLS_AES_256_GCM_SHA384 to connect in
TLS server hello.
And when i set one specific cipher in client,
TLS_CIPHER_SUITE TLS_CHACHA20_POLY1305_SHA256
It also send same four suites in client hello.
Could you help me to have a look? thanks.
3 years, 10 months
syncprov overlay and autogroup
by Martin Pittamitz
Good day
I have recently added a syncprov configuration and consumer node to our
OpenLDAP setup. On our master we use the overlays "memberOf" and
"autogroup".
Now a specific error occurs on the consumer node, where "group1" has
objectClass "groupOfURLs":
> Oct 29 16:39:18 user slapd[26309]: autogroup_modify_entry attempted to
> modify group's <cn=group1,ou=groups,dc=example,dc=net> member attribute
> Oct 29 16:39:18 user slapd[26309]: send_ldap_result: conn=-1 op=0 p=3
> Oct 29 16:39:18 user slapd[26309]: send_ldap_result: err=19 matched=""
> text="attempt to modify dynamic group member attribute"
> Oct 29 16:39:18 user slapd[26309]: syncrepl_null_callback : error code
> 0x13
> Oct 29 16:39:18 user slapd[26309]: syncrepl_entry: rid=001 be_modify
> cn=group1,ou=groups,dc=example,dc=net (19)
> Oct 29 16:39:18 user slapd[26309]: syncrepl_entry: rid=001 be_modify
> failed (19)
> Oct 29 16:39:18 user slapd[26309]: do_syncrepl: rid=001 rc 19 quitting
Can anyone point me in the right direction here? Is autogroup simply
incompatible with such a syncprov setup?
Best regards,
Martin
3 years, 11 months
