Problem with "force user to password reset at first login
by Rajagopal Rc
Hi,
I am trying to force users to change their password at first login or
after
password reset by administrator.
Tried following:
1)Password policy 'pwdMustChange TRUE' doesn't seems to be working as non
of the
users get prompt to change their password at first login.
2) used the 'pwdReset TRUE' attribute in users attributes, and it won't
prompt
to change the password and didn't allow to login
i observe below messages in log
"slapd[12684]: connection restricted to password changing only
slapd[12684]: send_ldap_result: err=50 matched="" text="Operations are
restricted to bind/unbind/abandon/StartTLS/modify password"
slapd[12684]: conn=1053 op=1 SEARCH RESULT tag=101 err=50 nentries=0
text=Operations are restricted to bind/unbind/abandon/StartTLS/modify
password"
Please help me configure the option to force all users to change their
password
at first login or after pwd reset by administrator.
Thanks & Regards
Raj
Tata Consultancy Services
Mailto: rajagopal.rc(a)tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
1 month
Q: UNKNOWN attributeDescription "AUDITCONTEXT" inserted.
by Ulrich Windl
Hi!
After systemd tearing down one of our LDAP servers I noticed the following message when the server was restarted:
slapd[10525]: UNKNOWN attributeDescription "AUDITCONTEXT" inserted.
The next line logged was:
slapd[10525]: olcServerID: value #1: SID=0x002 (listener=ldap://...:389)
(the server is that of SLES12 SP4, 2.4.41 from opensuse-buildservice)
The server is one of three MM servers that all have the same configuration and the same version.
The schema knows in olcAttributeTypes (olcSchemaConfig):
( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'DN of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
What I'l like to know: Is there any thing I could fix in the configuration to make the message go away, or is it some software issue in slapd?
Regards,
Ulrich
3 years, 4 months
Re: (ITS#9159) mdb_put failed: MDB_MAP_FULL: Environment mapsize limit reached(-30792)
by Vijay Kumar
I could see some stats from mdb-stat tool as mentioned below,
mdb_stat.exe -rne "C:\openldap\mdb\data.mdb"
Environment Info
Map address: 0000000000000000
Map size: 268435456 (we have set the value as *104,857,600,000,000* in
mdb.c and back_mdb.h files, but it has taken only 256 MB, not sure why?)
Page size: 4096
Max pages: 65536
Number of pages used: 65527
Last transaction ID: 9555
Max readers: 126
Number of readers used: 0
Reader Table Status
(no active readers)
when i try to increase to set the dbMaxSize it fails,
*addDbMaxSize.ldif * has content as mentioned below,
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcDbMaxSize
olcDbMaxSize: 1073741824
olcDbMaxSize: *1073741824 - stops the service in windows*
openldap \bin>ldapmodify -H ldaps://localhost:6565 -D cn=admin,cn=config -w
d -f addDbMaxSize.ldif
modifying entry "olcDatabase={1}mdb,cn=config"
*ldap_modify: Other (e.g., implementation specific) error (80)
additional info: failed to reopen database, rc=87*
olcDbMaxSize: *536870912 - failed as below*
openldap \bin>ldapmodify -H ldaps://localhost:6565 -D cn=admin,cn=config -w
d -f addDbMaxSize.ldif
modifying entry "olcDatabase={1}mdb,cn=config"
*ldap_modify: Invalid syntax (21) additional info: olcDbMaxSize:
value #0 invalid per syntax*
*back-mdb.h - we added as below*
#define DEFAULT_MAPSIZE (10 * 10 * 10 * 10 * 10 * 10 * 10 * 10 * 1048576)
mdb.c - we added as below
#define DEFAULT_MAPSIZE (10 * 10 * 10 * 10 * 10 * 10 * 10 * 10 * 1048576)
if ((i = mdb_env_read_header(env, &meta)) != 0) {
if (i != ENOENT)
return i;
DPUTS("new mdbenv");
newenv = 1;
env->me_psize = env->me_os_psize;
if (env->me_psize > MAX_PAGESIZE)
env->me_psize = MAX_PAGESIZE;
memset(&meta, 0, sizeof(meta));
mdb_env_init_meta0(env, &meta);
meta.mm_mapsize = DEFAULT_MAPSIZE;
} else {
env->me_psize = meta.mm_psize;
}
*1. i am not getting why the size of the map (as per the stats info given
above) - 256 MB (268435456) only ? please provide me a clue once to
understand this.*
*2. Kindly let me know how to get debug logs ? i use DPRINTF, DPUT in mdb.c
but dint get see as logs printed.!*
*We observed this in Windows 2012 R2 and Window10 OS x64 Arch machines.*
Regards,
Vijay Kumar
On Thu, Jan 30, 2020 at 12:46 PM Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
>
>
> --On Thursday, January 30, 2020 6:09 AM +0000
> pasumarthivijaykumar(a)gmail.com wrote:
>
> > --00000000000025b743059d554b79
> > Content-Type: text/plain; charset="UTF-8"
> > Content-Transfer-Encoding: quoted-printable
> >
> > Thanks for your reply I do know that info for windows also is it the
> > same.? I am unable to use stats tool also.
>
> As I already stated, the maxsize parameter specifies the maximum size the
> database can reach.
>
> > As I don=E2=80=99t see any reply from our many mails to
> > openldap-technical(a)openldap.org I have created this case to clarify.
>
>
> The openldap-technical list is only open to subscribers, if you want to
> post to it you must subscribe first.
>
>
> > Why don=E2=80=99t you forward the query to the concerned team instead
> > closi= ng.
>
> Your query would not be forwarded because you failed to read and/or
> understand the documentation. This system is for bug reports only.
>
> > No reply to us.!
>
> I did reply. This is clearly shown in the ITS.
>
> > Please let us know answer to solve a issue.!
>
>
> I already provided you the answer in my earlier response. Set an
> approprate maxsize setting, the default of 10MB is clearly too low.
>
> Regards,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
--
Thanks & Regards,
Vijay Kumar
*+91-94944 44009*
3 years, 10 months
Re: How to fetch LDAP Server version using Java
by Vijay Kumar
Hi Quanah
Thanks a lot for your reply. I tried but dint get any reply
I think we need to add monitor database. Will try to add the same and let
you know.
Regards,
Vijay Kumar
On Thu, Jan 30, 2020 at 10:49 PM Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
>
>
> --On Thursday, January 30, 2020 2:34 PM +0530 Vijay Kumar
> <pasumarthivijaykumar(a)gmail.com> wrote:
>
> In the future, do not cross post to multiple lists. You were already told
> specifically to address your questions to openldap-technical(a)openldap.org.
>
> supportedLDAPVersion tracks the LDAP version (LDAP version 3), it does not
> track the underlying version of OpenLDAP.
>
> However, if you enable the monitor backend (See the man page for
> slapd-monitor(5)), the OpenLDAP version is contained in the monitoredInfo
> attribute:
>
> ldapsearch -x -LLL -H ldap:/// -s base -b cn=monitor monitoredInfo
> dn: cn=Monitor
> monitoredInfo: OpenLDAP: slapd 2.4.48 (Jan 29 2020 19:43:07)
>
> This of course requires that your program have permission to read from
> that
> database.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
--
Thanks & Regards,
Vijay Kumar
*+91-94944 44009*
3 years, 10 months
Re: How to use mdb_stat.c - memory-mapped database status tool
by Vijay Kumar
On Thu, Jan 30, 2020 at 11:29 AM Vijay Kumar <pasumarthivijaykumar(a)gmail.com>
wrote:
> Hi Team,
>
> Can i request to let me know how to use
> mdb_stat.c - memory-mapped database status tool
>
> google and docs of openldap dint help me.!
>
> Thank you.
> --
> Thanks & Regards,
>
> Vijay Kumar
> *+91-94944 44009*
>
--
Thanks & Regards,
Vijay Kumar
*+91-94944 44009*
3 years, 10 months
Re: How to fetch LDAP Server version using Java
by Vijay Kumar
Hi Team,
>From my Java Program i am in need to find the LDAP Server version.
i am able to get supportedLDAPVersion using below search query,
LDAPSearchResults ldapSearchResults = ldapConn.search("",
LDAPConnection.SCOPE_BASE, "(objectclass=*)", new String[]
{"supportedLDAPVersion"}, false);
No results found, when i try to use vendorVersion and vendorName (like that
queried like below)
ldapSearchResults = ldapConn.search("", LDAPConnection.SCOPE_BASE,
"(objectclass=*)", new String[] {"vendorVersion"}, false)
is there any approach that can follow, please let me know.
i am need to get info as below,
root@docker_container:/etc/ldap/slapd.d# ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch (Jul 30 2019 16:24:19) $
Debian OpenLDAP Maintainers <
pkg-openldap-devel(a)lists.alioth.debian.org>
* (LDAP library: OpenLDAP *20448*)*
root@docker_container:/etc/ldap/slapd.d#
Thank you.
--
Thanks & Regards,
Vijay Kumar
*+91-94944 44009*
3 years, 10 months