openldap-technical January 2020

openldap-technical@openldap.org

35 participants
45 discussions

Problem with "force user to password reset at first login
by Rajagopal Rc 30 Oct '23

30 Oct '23

Hi, I am trying to force users to change their password at first login or after password reset by administrator. Tried following: 1)Password policy 'pwdMustChange TRUE' doesn't seems to be working as non of the users get prompt to change their password at first login. 2) used the 'pwdReset TRUE' attribute in users attributes, and it won't prompt to change the password and didn't allow to login i observe below messages in log "slapd[12684]: connection restricted to password changing only slapd[12684]: send_ldap_result: err=50 matched="" text="Operations are restricted to bind/unbind/abandon/StartTLS/modify password" slapd[12684]: conn=1053 op=1 SEARCH RESULT tag=101 err=50 nentries=0 text=Operations are restricted to bind/unbind/abandon/StartTLS/modify password" Please help me configure the option to force all users to change their password at first login or after pwd reset by administrator. Thanks & Regards Raj Tata Consultancy Services Mailto: rajagopal.rc(a)tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

5 9

Q: UNKNOWN attributeDescription "AUDITCONTEXT" inserted.
by Ulrich Windl 23 Jul '20

23 Jul '20

Hi! After systemd tearing down one of our LDAP servers I noticed the following message when the server was restarted: slapd[10525]: UNKNOWN attributeDescription "AUDITCONTEXT" inserted. The next line logged was: slapd[10525]: olcServerID: value #1: SID=0x002 (listener=ldap://...:389) (the server is that of SLES12 SP4, 2.4.41 from opensuse-buildservice) The server is one of three MM servers that all have the same configuration and the same version. The schema knows in olcAttributeTypes (olcSchemaConfig): ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'DN of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) What I'l like to know: Is there any thing I could fix in the configuration to make the message go away, or is it some software issue in slapd? Regards, Ulrich

4 10

MultiMaster replication password
by Клеусов Владимир Сергеевич 03 Feb '20

03 Feb '20

Hi Can I write this question here ? I did at https://linuxlasse.net/linux/howtos/OpenLDAP_N-Way_MultiMaster_Replication Everything works. But passwords are not replicated. How to configure password replication?

3 7

termux liblmdb package available (0.9.24)
by Craig Comstock 03 Feb '20

03 Feb '20

Hello, liblmdb is available as a package for the Android app/environment Termux. You can install it with `pkg install liblmdb`. The package script and patch are here: https://github.com/termux/termux-packages/tree/master/packages/liblmdb If you wish to review them and/or improve on them. Thanks, Craig Comstock CFEngineer/digger for Northern.tech

2 1

openSUSE/SLE builds (was: OpenLDAP 2.4.49 available, LMDB 0.9.25 available)
by Michael Ströder 31 Jan '20

31 Jan '20

On 1/30/20 7:17 PM, OpenLDAP project wrote: > OpenLDAP 2.4.49 is now available for download as detailed on our > download page: For those who are impatient to get drop-in builds for openSUSE and SLE: https://build.opensuse.org/package/show/network:ldap/openldap2 These builds replace the system-wide libldap which might break version-pinning in your local installation. So you have to know what you're doing! Also I maintain builds installing in separate prefix /opt/openldap-ms and with reduced feature set (e.g. no back-bdb and no back-hdb): https://build.opensuse.org/package/show/home:stroeder:openldap/openldap-ms Please test. Feedback welcome! BTW: In OBS you can also simply branch the above packages to your own OBS home project and adjust the .spec to your own needs. Ciao, Michael.

1 0

Re: (ITS#9159) mdb_put failed: MDB_MAP_FULL: Environment mapsize limit reached(-30792)
by Vijay Kumar 31 Jan '20

31 Jan '20

I could see some stats from mdb-stat tool as mentioned below, mdb_stat.exe -rne "C:\openldap\mdb\data.mdb" Environment Info Map address: 0000000000000000 Map size: 268435456 (we have set the value as *‭104,857,600,000,000‬* in mdb.c and back_mdb.h files, but it has taken only 256 MB, not sure why?) Page size: 4096 Max pages: 65536 Number of pages used: 65527 Last transaction ID: 9555 Max readers: 126 Number of readers used: 0 Reader Table Status (no active readers) when i try to increase to set the dbMaxSize it fails, *addDbMaxSize.ldif * has content as mentioned below, dn: olcDatabase={1}mdb,cn=config changetype: modify add: olcDbMaxSize olcDbMaxSize: 1073741824 olcDbMaxSize: *1073741824 - stops the service in windows* openldap \bin>ldapmodify -H ldaps://localhost:6565 -D cn=admin,cn=config -w d -f addDbMaxSize.ldif modifying entry "olcDatabase={1}mdb,cn=config" *ldap_modify: Other (e.g., implementation specific) error (80) additional info: failed to reopen database, rc=87* olcDbMaxSize: ‭*536870912‬ - failed as below* openldap \bin>ldapmodify -H ldaps://localhost:6565 -D cn=admin,cn=config -w d -f addDbMaxSize.ldif modifying entry "olcDatabase={1}mdb,cn=config" *ldap_modify: Invalid syntax (21) additional info: olcDbMaxSize: value #0 invalid per syntax* *back-mdb.h - we added as below* #define DEFAULT_MAPSIZE (10 * 10 * 10 * 10 * 10 * 10 * 10 * 10 * 1048576) mdb.c - we added as below #define DEFAULT_MAPSIZE (10 * 10 * 10 * 10 * 10 * 10 * 10 * 10 * 1048576) if ((i = mdb_env_read_header(env, &meta)) != 0) { if (i != ENOENT) return i; DPUTS("new mdbenv"); newenv = 1; env->me_psize = env->me_os_psize; if (env->me_psize > MAX_PAGESIZE) env->me_psize = MAX_PAGESIZE; memset(&meta, 0, sizeof(meta)); mdb_env_init_meta0(env, &meta); meta.mm_mapsize = DEFAULT_MAPSIZE; } else { env->me_psize = meta.mm_psize; } *1. i am not getting why the size of the map (as per the stats info given above) - 256 MB (268435456) only ? please provide me a clue once to understand this.* *2. Kindly let me know how to get debug logs ? i use DPRINTF, DPUT in mdb.c but dint get see as logs printed.!* *We observed this in Windows 2012 R2 and Window10 OS x64 Arch machines.* Regards, Vijay Kumar On Thu, Jan 30, 2020 at 12:46 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Thursday, January 30, 2020 6:09 AM +0000 > pasumarthivijaykumar(a)gmail.com wrote: > > > --00000000000025b743059d554b79 > > Content-Type: text/plain; charset="UTF-8" > > Content-Transfer-Encoding: quoted-printable > > > > Thanks for your reply I do know that info for windows also is it the > > same.? I am unable to use stats tool also. > > As I already stated, the maxsize parameter specifies the maximum size the > database can reach. > > > As I don=E2=80=99t see any reply from our many mails to > > openldap-technical(a)openldap.org I have created this case to clarify. > > > The openldap-technical list is only open to subscribers, if you want to > post to it you must subscribe first. > > > > Why don=E2=80=99t you forward the query to the concerned team instead > > closi= ng. > > Your query would not be forwarded because you failed to read and/or > understand the documentation. This system is for bug reports only. > > > No reply to us.! > > I did reply. This is clearly shown in the ITS. > > > Please let us know answer to solve a issue.! > > > I already provided you the answer in my earlier response. Set an > approprate maxsize setting, the default of 10MB is clearly too low. > > Regards, > Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > -- Thanks & Regards, Vijay Kumar *+91-94944 44009*

2 1

Re: How to fetch LDAP Server version using Java
by Vijay Kumar 31 Jan '20

31 Jan '20

Hi Quanah Thanks a lot for your reply. I tried but dint get any reply I think we need to add monitor database. Will try to add the same and let you know. Regards, Vijay Kumar On Thu, Jan 30, 2020 at 10:49 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Thursday, January 30, 2020 2:34 PM +0530 Vijay Kumar > <pasumarthivijaykumar(a)gmail.com> wrote: > > In the future, do not cross post to multiple lists. You were already told > specifically to address your questions to openldap-technical(a)openldap.org. > > supportedLDAPVersion tracks the LDAP version (LDAP version 3), it does not > track the underlying version of OpenLDAP. > > However, if you enable the monitor backend (See the man page for > slapd-monitor(5)), the OpenLDAP version is contained in the monitoredInfo > attribute: > > ldapsearch -x -LLL -H ldap:/// -s base -b cn=monitor monitoredInfo > dn: cn=Monitor > monitoredInfo: OpenLDAP: slapd 2.4.48 (Jan 29 2020 19:43:07) > > This of course requires that your program have permission to read from > that > database. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > -- Thanks & Regards, Vijay Kumar *+91-94944 44009*

1 0

Re: How to use mdb_stat.c - memory-mapped database status tool
by Vijay Kumar 30 Jan '20

30 Jan '20

On Thu, Jan 30, 2020 at 11:29 AM Vijay Kumar <pasumarthivijaykumar(a)gmail.com> wrote: > Hi Team, > > Can i request to let me know how to use > mdb_stat.c - memory-mapped database status tool > > google and docs of openldap dint help me.! > > Thank you. > -- > Thanks & Regards, > > Vijay Kumar > *+91-94944 44009* > -- Thanks & Regards, Vijay Kumar *+91-94944 44009*

2 1

Re: How to fetch LDAP Server version using Java
by Vijay Kumar 30 Jan '20

30 Jan '20

Hi Team, >From my Java Program i am in need to find the LDAP Server version. i am able to get supportedLDAPVersion using below search query, LDAPSearchResults ldapSearchResults = ldapConn.search("", LDAPConnection.SCOPE_BASE, "(objectclass=*)", new String[] {"supportedLDAPVersion"}, false); No results found, when i try to use vendorVersion and vendorName (like that queried like below) ldapSearchResults = ldapConn.search("", LDAPConnection.SCOPE_BASE, "(objectclass=*)", new String[] {"vendorVersion"}, false) is there any approach that can follow, please let me know. i am need to get info as below, root@docker_container:/etc/ldap/slapd.d# ldapsearch -VV ldapsearch: @(#) $OpenLDAP: ldapsearch (Jul 30 2019 16:24:19) $ Debian OpenLDAP Maintainers < pkg-openldap-devel(a)lists.alioth.debian.org> * (LDAP library: OpenLDAP *20448*)* root@docker_container:/etc/ldap/slapd.d# Thank you. -- Thanks & Regards, Vijay Kumar *+91-94944 44009*

2 1

Re: CentOS drops OpenLDAP servers package starting with 8.1
by Dave Macias 30 Jan '20

30 Jan '20

> > The CentOS project has now also elected to drop support for the OpenLDAP > server package starting with 8.1: > > <https://bugs.centos.org/view.php?id=16959> > > I will note that Symas continues to offer free packages for Centos8/RHEL8 > users based off of the Centos8.0 package. We will likely move this to > mirror > the Fedora package (which is what the CentOS package was based on). > > <https://symas.com/linuxopenldap/> > That was expected! Testing CentOS8 distro is my next project since 7 will eventually reach EOL....gotta get ready Thank you for the continued support!!

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical January 2020