openldap-technical February 2020

openldap-technical@openldap.org

26 participants
36 discussions

proxy ldap (back_ldap) with group ACL?
by brent s. 13 Feb '20

13 Feb '20

Hey, all! First, a BIG thank you to both JoBbZ and tarpman in #openldap, they've got me this far (p.s. JoBbZ- switched over to the symas packages for my test env, replacement was more or less seamless. need to schedule some downtime for prod, but thanks for passing that along!) However, I'm not at a standstill. I'm using the OLC config (...I guess that's like saying "PIN number"). I have two servers, foo.domain.tld and bar.domain.tld. foo.domain.tld has DSA of dc=domain,dc=com and bar.domain.tld has a DSA of dc=domain,dc=net. I can successfully auth as e.g. cn=username,dc=domain,dc=net to foo.domain.tld using the following configuration (at olcDatabase={3}ldap,cn=config): dn: olcDatabase={3}ldap,cn=config objectClass: olcLDAPConfig objectClass: olcDatabaseConfig olcDatabase: {3}ldap olcDbIDAssertAuthzFrom: {0}"dn:*" olcDbIDAssertBind: mode=self olcDbRebindAsUser: TRUE olcDbSessionTrackingRequest: TRUE olcDbStartTLS: start olcDbURI: ldap://bar.domain.tld olcReadOnly: TRUE olcSuffix: dc=domain,dc=net However, when I attempt to e.g. implement the following ACL on foo.domain.tld: {2}to dn.exact="ou=groupname,dc=domain,dc=com" attrs=children (...) by group.exact="cn=GroupAdmins,dc=domain,dc=net" manage by * none I get the error: Feb 08 00:32:19 foo slapd[17600]: => acl_mask: access to entry "ou=groupname,dc=domain,dc=com", attr "entry" requested Feb 08 00:32:19 foo slapd[17600]: => acl_mask: to all values by "cn=username,dc=domain,dc=net", (=0) Feb 08 00:32:19 foo slapd[17600]: <= check a_group_pat: cn=groupadmins,ou=groups,dc=domain,dc=net Feb 08 00:32:19 foo slapd[17600]: =>ldap_back_getconn: conn 0x7f7700009ef0 fetched refcnt=1. Feb 08 00:32:19 foo slapd[17600]: Error: ldap_back_is_proxy_authz returned 0, misconfigured URI? (it is a given that cn=username,dc=domain,dc=net is indeed a member ("member" attribute) of the groupOfNames object cn=GroupAdmins,dc=domain,dc=net and additionally, the cn=username,dc=domain,dc=net object has the "memberOf" attribute "cn=GroupAdmins,dc=domain,dc=net") I'm fairly certain this is PEBKAC, but I'm unclear what's going on. Do I need to reference the group in the ACL explicitly with the LDAP URI prefixed or something? -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info

1 2

Antw: [EXT] Re: Q: "5e43b796 PROXIED attributeDescription "DC" inserted."
by Ulrich Windl 12 Feb '20

12 Feb '20

>>> Quanah Gibson-Mount <quanah(a)symas.com> schrieb am 12.02.2020 um 23:53 in Nachricht <28602_1581548017_5E4481F1_28602_870_1_DDCC864DABD8E91E4DE841F1(a)[192.168.1.144]> > > ‑‑On Wednesday, February 12, 2020 9:33 AM +0100 Ulrich Windl > <Ulrich.Windl(a)rz.xn--uniregensburg-dm6g.de> wrote: > >> Hi! >> >> While trying to slapadd a dumped config database in "‑u" mode, I see this: >> 5e43b796 PROXIED attributeDescription "DC" inserted. >> >> What does it mean? There is no "DC" in the LDIF file being imported. > > It has to do with attributes existing in cn=config (such as modifiersName > or creatorsName usually) where the DN that modified the entry has a "dc" > component. You can safely ignore it. This is one of the reasons I'm not > fond of the default way in which Debian/Ubuntu/RH (mis)configured their > default access setup for cn=config. Thanks a lot! First I only had been searching it in upper case, but it's there in lower case at various places: olcAccess, olcLimits, olcSuffix, olcRootDN, olcPPolicyDefault. Also as database #0 was the first one to import, those dc= names were missing at that point in time. That would explain the message. However the message by itself is of little usefulness: The only context is 5e43b796, and it's hard to relate that to some object or line in LDIF... Regards, Ulrich > > Regards, > Quanah > > > > ‑‑ > > Quanah Gibson‑Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com>

1 0

Q: "5e43b796 PROXIED attributeDescription "DC" inserted."
by Ulrich Windl 12 Feb '20

12 Feb '20

Hi! While trying to slapadd a dumped config database in "-u" mode, I see this: 5e43b796 PROXIED attributeDescription "DC" inserted. What does it mean? There is no "DC" in the LDIF file being imported. Regards, Ulrich

2 1

compilation error on 2.4.49
by nicolas renault 11 Feb '20

11 Feb '20

Hello, on openSUSE leap 42.2 from source ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.49.tgz ./configure --enable-ipv6=no --enable-dynamic=yes --enable-debug=no --enable-modules=yes --enable-slapd --enable-modules --enable-overlays=mod --enable-mdb=yes --enable-meta=yes --enable-monitor=yes --enable-ldap=yes --enable-hdb=no --enable-bdb=no => no error make depend => no error make => lot of line and during actions these line : -------------------------- ...cd overlays; make -w static make[3]: Entering directory '/root/openldap_compilation/openldap-2.4.49/servers/slapd/overlays' cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -c -o statover.o statover.c cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -c -o overlays.o overlays.c rm -f version.c ../../../build/mkversion -v "2.4.49" ../liboverlays.a > version.c /bin/sh ../../../libtool --tag=disable-static --mode=compile cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -DSLAPD_IMPORT -c version.c mkdir .libs cc -g -O2 -I../../../include -I../../../include -I.. -I./.. -DSLAPD_IMPORT -c version.c -fPIC -DPIC -o .libs/version.o ar rs ../liboverlays.a statover.o overlays.o ar: creating ../liboverlays.a make[3]: Leaving directory '/root/openldap_compilation/openldap-2.4.49/servers/slapd/overlays' ../../build/mkversion -v "2.4.49" -s -n Versionstr slapd > version.c cc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o main.o main.c cc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o globals.o globals.c cc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o bconfig.o bconfig.c bconfig.c: In function ‘config_rename_one’:bconfig.c:4496:2: warning: passing argument 3 of ‘ldap_bv2rdn’ from incompatible pointer type [enabled by default] rc = ldap_bv2rdn( &e->e_name, &rDN, &text, LDAP_DN_FORMAT_LDAP ); ^ In file included from slap.h:51:0, from bconfig.c:30: ../../include/ldap.h:1709:1: note: expected ‘char **’ but argument is of type ‘const char **’ ldap_bv2rdn LDAP_P(( ^ bconfig.c: In function ‘config_build_entry’: bconfig.c:6514:2: warning: passing argument 3 of ‘ldap_bv2rdn’ from incompatible pointer type [enabled by default] rc = ldap_bv2rdn( rdn, &rDN, &text, LDAP_DN_FORMAT_LDAP ); ^ In file included from slap.h:51:0, from bconfig.c:30: ../../include/ldap.h:1709:1: note: expected ‘char **’ but argument is of type ‘const char **’ ldap_bv2rdn LDAP_P(( ^ cc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o config.o config.ccc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o daemon.o daemon.c cc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o connection.o connection.c cc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o search.o search.c cc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o filter.o filter.c cc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o add.o add.c cc -g -O2 -I../../include -I. -I./slapi -I. -I../../include -c -o cr.o cr.c....-------------------------- ad also on compilation/building of autogroup -------------------------- openldap-2.4.49/contrib/slapd-modules/autogroup # make ../../../libtool --mode=compile gcc -g -O2 -Wall -I../../../include -I../../../include -I../../../servers/slapd -c autogroup.cmkdir .libs gcc -g -O2 -Wall -I../../../include -I../../../include -I../../../servers/slapd -c autogroup.c -fPIC -DPIC -o .libs/autogroup.o autogroup.c: In function ‘autogroup_delete_entry’: autogroup.c:963:27: warning: variable ‘age_prev’ set but not used [-Wunused-but-set-variable] autogroup_entry_t *age, *age_prev, *age_next; ^ autogroup.c: In function ‘ag_cfgen’: autogroup.c:1940:5: warning: too many arguments for format [-Wformat-extra-args] c->argv[ 2 ] ); ^ autogroup.c:1940:5: warning: too many arguments for format [-Wformat-extra-args] gcc -g -O2 -Wall -I../../../include -I../../../include -I../../../servers/slapd -c autogroup.c -o autogroup.o >/dev/null 2>&1 ../../../libtool --mode=link gcc -g -O2 -Wall -version-info 0:0:0 \ -rpath /usr/local/libexec/openldap -module -o autogroup.la autogroup.lo ../../../libraries/libldap_r/libldap_r.la ../../../libraries/liblber/liblber.la cc -shared .libs/autogroup.o -Wl,--rpath -Wl,/root/openldap_compilation/openldap-2.4.49/libraries/libldap_r/.libs -Wl,--rpath -Wl,/root/openldap_compilation/openldap-2.4.49/libraries/liblber/.libs -L/root/openldap_compilation/openldap-2.4.49/libraries/liblber/.libs ../../../libraries/libldap_r/.libs/libldap_r.so ../../../libraries/liblber/.libs/liblber.so -Wl,-soname -Wl,autogroup.so.0 -o .libs/autogroup.so.0.0.0 (cd .libs && rm -f autogroup.so.0 && ln -s autogroup.so.0.0.0 autogroup.so.0) (cd .libs && rm -f autogroup.so && ln -s autogroup.so.0.0.0 autogroup.so) ar cru .libs/autogroup.a autogroup.o ranlib .libs/autogroup.a creating autogroup.la (cd .libs && rm -f autogroup.la && ln -s ../autogroup.la autogroup.la) -------------------------- How can I solve these errors ? does I make something wrong in my process ? thanks in advance for your reply . Nicolas

2 2

Re: Openldap support SHA-256 or SHA-3.
by Quanah Gibson-Mount 10 Feb '20

10 Feb '20

--On Monday, February 10, 2020 3:39 PM -0800 rammohan ganapavarapu <rammohanganap(a)gmail.com> wrote: > > When will 2.5 release will be out? When it's ready. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

ldapuri vs. ldaphost
by Dieter Klünter 09 Feb '20

09 Feb '20

Hi, The manual pages ldapsearch(1) et.al. describe ldapuri abbriviation as -H and ldaphost abbriviation -h. Both, ldapuri and ldpaphost description might be of host name or host ip. If ldapuri is a ipv6 address, an error occurs: Could not parse LDAP URI(s)=2001:16b8:c115:9f00:44ff:f15b:11d1:e620 (3 ldapsearch -YGSSAPI -H 2001:16b8:c115:9f00:44ff:f15b:11d1:e620 -b "" -s base +. Just for verification one may use ipv6 address ::1 The question is: must ldapuri contain a hostname, or would a hostaddress be sufficient. While ldaphost accepts hostname and hostaddress? -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E

3 4

saslauthd permission denied
by Joshua Schaeffer 08 Feb '20

08 Feb '20

I'm having a difficult time setting up pass-through authentication. I've set it up before but can't seem to get it to work this time. I've done the following: - Created the slapd.conf for SASL. - Started and ensured saslauthd is running. - Added the openldap user to the sasl group. - Verified with testsaslauthd that SASL is working - Restarted slapd and the server just to make sure all settings/permissions are updated properly However I always get a permission denied error message when slapd tries to contact saslauthd: Feb 5 12:13:56 bllldap01 slapd[477]: SASL [conn=2866] Failure: cannot connect to saslauthd server: Permission denied I've even temporarily enabled the shell on the openldap user and tested testsaslauthd which returned a successful result. I feel like I'm missing something obvious and maybe a fresh set of eyes can point that out. Below is all the relevant details of my system: ######################## # SASL & LDAP SETTINGS # ######################## jschaeffer@bllldap01:~$ ls -l /etc/ldap/sasl2/slapd.conf -rw-r--r-- 1 root root 65 Feb 5 12:45 /etc/ldap/sasl2/slapd.conf jschaeffer@bllldap01:~$ cat /etc/ldap/sasl2/slapd.conf pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux jschaeffer@bllldap01:~$ groups openldap openldap : openldap sasl ssl-cert jschaeffer@bllldap01:~$ ls -ld /var/run/saslauthd/ drwx--x--- 2 root sasl 140 Feb 5 12:16 /var/run/saslauthd/ jschaeffer@bllldap01:~$ sudo ls -l /var/run/saslauthd/ total 968 -rw------- 1 root root 0 Feb 5 12:16 cache.flock -rw------- 1 root root 986112 Feb 5 12:16 cache.mmap srwxrwxrwx 1 root root 0 Feb 5 12:16 mux -rw------- 1 root root 0 Feb 5 12:16 mux.accept -rw------- 1 root root 4 Feb 5 12:16 saslauthd.pid jschaeffer@bllldap01:~$ cat /etc/default/saslauthd | grep -E -v '(#|^$)' START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="kerberos5" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/run/saslauthd" export KRB5_KTNAME=/etc/krb5.keytab jschaeffer@bllldap01:~$ ps aux | grep [s]asl root 472 0.0 0.0 100980 2956 ? Ss 12:16 0:00 /usr/sbin/saslauthd -a kerberos5 -c -m /var/run/saslauthd -n 5 root 473 0.0 0.0 109392 6516 ? S 12:16 0:00 /usr/sbin/saslauthd -a kerberos5 -c -m /var/run/saslauthd -n 5 root 474 0.0 0.0 100980 1056 ? S 12:16 0:00 /usr/sbin/saslauthd -a kerberos5 -c -m /var/run/saslauthd -n 5 root 475 0.0 0.0 100980 1056 ? S 12:16 0:00 /usr/sbin/saslauthd -a kerberos5 -c -m /var/run/saslauthd -n 5 root 476 0.0 0.0 100980 1056 ? S 12:16 0:00 /usr/sbin/saslauthd -a kerberos5 -c -m /var/run/saslauthd -n 5 jschaeffer@bllldap01:~$ ps aux | grep [s]lapd openldap 1236 0.0 4.7 2344672 737116 ? Ssl 13:19 0:00 /usr/sbin/slapd -h ldap:/// ldaps:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d jschaeffer@bllldap01:~$ sudo testsaslauthd -u jschaeffer(a)HARMONYWAVE.CLOUD -p ************ 0: OK "Success." jschaeffer@bllldap01:~$ cat /etc/passwd | grep 'openldap' openldap:x:111:115:OpenLDAP Server Account,,,:/var/lib/ldap:/bin/bash jschaeffer@bllldap01:~$ sudo su - openldap openldap@bllldap01:~$ testsaslauthd -u jschaeffer(a)HARMONYWAVE.CLOUD -p ************ 0: OK "Success." ################ # DEBUG OUTPUT # ################ Feb 5 12:13:53 bllldap01 slapd[477]: conn=2866 fd=40 ACCEPT from IP=[fd83:172:16:44::1000]:44920 (IP=[::]:389) Feb 5 12:13:53 bllldap01 slapd[477]: conn=2866 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Feb 5 12:13:53 bllldap01 slapd[477]: conn=2866 op=0 STARTTLS Feb 5 12:13:53 bllldap01 slapd[477]: conn=2866 op=0 RESULT oid= err=0 text= Feb 5 12:13:53 bllldap01 slapd[477]: conn=2866 fd=40 TLS established tls_ssf=256 ssf=256 Feb 5 12:13:55 bllldap01 slapd[477]: conn=2846 op=69 SRCH base="ou=People,dc=harmonywave,dc=cloud" scope=2 deref=0 filter="(&(uid=radiomail)(objectClass$ Feb 5 12:13:55 bllldap01 slapd[477]: conn=2846 op=69 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrinci$ Feb 5 12:13:55 bllldap01 slapd[477]: conn=2846 op=69 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 5 12:13:55 bllldap01 slapd[477]: conn=2787 op=637 SRCH base="cn=HARMONYWAVE.CLOUD,cn=krbContainer,dc=harmonywave,dc=cloud" scope=2 deref=0 filter="($ Feb 5 12:13:55 bllldap01 slapd[477]: conn=2787 op=637 SRCH attr=krbprincipalname krbcanonicalname objectclass krbprincipalkey krbmaxrenewableage krbmaxt$ Feb 5 12:13:55 bllldap01 slapd[477]: conn=2787 op=637 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 5 12:13:55 bllldap01 slapd[477]: conn=2846 op=70 SRCH base="ou=People,dc=harmonywave,dc=cloud" scope=2 deref=0 filter="(&(uid=radiomail)(objectClass$ Feb 5 12:13:55 bllldap01 slapd[477]: conn=2846 op=70 SRCH attr=objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrinci$ Feb 5 12:13:55 bllldap01 slapd[477]: conn=2846 op=70 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 5 12:13:56 bllldap01 slapd[477]: conn=2866 op=1 BIND dn="uid=jschaeffer,ou=End Users,ou=People,dc=harmonywave,dc=cloud" method=128 Feb 5 12:13:56 bllldap01 slapd[477]: SASL [conn=2866] Failure: cannot connect to saslauthd server: Permission denied Feb 5 12:13:56 bllldap01 slapd[477]: conn=2866 op=1 RESULT tag=97 err=49 text= Feb 5 12:13:56 bllldap01 slapd[477]: conn=2866 op=2 UNBIND Feb 5 12:13:56 bllldap01 slapd[477]: conn=2866 fd=40 closed jschaeffer@bllldap01:~$ sudo strace -f -p 1236 ... [{EPOLLIN, {u32=1975476364, u64=140507535597708}}], 1048576, 1409000) = 1 [pid 1237] epoll_ctl(7, EPOLL_CTL_MOD, 31, {0, {u32=1975476364, u64=140507535597708}}) = 0 [pid 1237] futex(0x5567c5bf4978, FUTEX_WAKE_PRIVATE, 1) = 1 [pid 1237] epoll_wait(7, <unfinished ...> [pid 1265] <... futex resumed> ) = 0 [pid 1265] futex(0x5567c5bf4928, FUTEX_WAKE_PRIVATE, 1) = 0 [pid 1265] read(31, "\27\3\3\0m", 5) = 5 [pid 1265] read(31, "\0\0\0\0\0\0\0\1*\215C]\226R#c(\250!j\255\254r\226'|\226y\0365\334\231"..., 109) = 109 [pid 1265] read(31, 0x7fc9f015e053, 5) = -1 EAGAIN (Resource temporarily unavailable) [pid 1265] epoll_ctl(7, EPOLL_CTL_MOD, 31, {EPOLLIN, {u32=1975476364, u64=140507535597708}}) = 0 [pid 1265] write(6, "0", 1) = 1 [pid 1237] <... epoll_wait resumed> [{EPOLLIN, {u32=1975476260, u64=140507535597604}}], 1048576, 1402000) = 1 [pid 1265] getpid( <unfinished ...> [pid 1237] read(5, <unfinished ...> [pid 1265] <... getpid resumed> ) = 1236 [pid 1237] <... read resumed> "0", 8192) = 1 [pid 1265] sendto(4, "<167>Feb 5 13:26:30 slapd[1236]"..., 132, MSG_NOSIGNAL, NULL, 0 <unfinished ...> [pid 1237] epoll_wait(7, <unfinished ...> [pid 1265] <... sendto resumed> ) = 132 [pid 1265] socket(AF_UNIX, SOCK_STREAM, 0) = 32 [pid 1265] connect(32, {sa_family=AF_UNIX, sun_path="/var/run/saslauthd/mux"}, 110) = -1 EACCES (Permission denied) [pid 1265] close(32) = 0 [pid 1265] getpid() = 1236 [pid 1265] sendto(4, "<167>Feb 5 13:26:30 slapd[1236]"..., 114, MSG_NOSIGNAL, NULL, 0) = 114 [pid 1265] write(31, "\27\3\3\0&\0\0\0\0\0\0\0\1\270\22\25\347\316\323\6\3721\375\200{\300\350\337E\371\221\206"..., 43) = 43 [pid 1265] getpid() = 1236 [pid 1265] sendto(4, "<167>Feb 5 13:26:30 slapd[1236]"..., 76, MSG_NOSIGNAL, NULL, 0) = 76 [pid 1265] futex(0x5567c5bf497c, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...> [pid 1237] <... epoll_wait resumed> [{EPOLLIN, {u32=1975476364, u64=140507535597708}}], 1048576, 1402000) = 1 [pid 1237] epoll_ctl(7, EPOLL_CTL_MOD, 31, {0, {u32=1975476364, u64=140507535597708}}) = 0 [pid 1237] futex(0x5567c5bf4978, FUTEX_WAKE_PRIVATE, 1) = 1 [pid 1237] epoll_wait(7, <unfinished ...> [pid 1238] <... futex resumed> ) = 0 [pid 1238] futex(0x5567c5bf4928, FUTEX_WAKE_PRIVATE, 1) = 0 [pid 1238] read(31, "\27\3\3\0\37", 5) = 5 [pid 1238] read(31, "\0\0\0\0\0\0\0\2L6Z\337[:\364z\331\361\277\350\31\33\354\316\20IP\375EI\0", 31) = 31 [pid 1238] read(31, "\25\3\3\0\32", 5) = 5 [pid 1238] read(31, "\0\0\0\0\0\0\0\3z\277}k\22\1775dS)BR\377\344\277\271\323\221", 26) = 26 [pid 1238] write(6, "0", 1) = 1 [pid 1237] <... epoll_wait resumed> [{EPOLLIN, {u32=1975476260, u64=140507535597604}}], 1048576, 1402000) = 1 [pid 1238] getpid( <unfinished ...> [pid 1237] read(5, <unfinished ...> [pid 1238] <... getpid resumed> ) = 1236 [pid 1237] <... read resumed> "0", 8192) = 1 [pid 1238] sendto(4, "<167>Feb 5 13:26:30 slapd[1236]"..., 56, MSG_NOSIGNAL, NULL, 0 <unfinished ...> [pid 1237] epoll_wait(7, <unfinished ...> [pid 1238] <... sendto resumed> ) = 56 [pid 1238] epoll_ctl(7, EPOLL_CTL_DEL, 31, 0x7fca743f60f4) = 0 [pid 1238] write(31, "\25\3\3\0\32\0\0\0\0\0\0\0\2\2431\246\345i\2013\31\0\f\t2\367: \270)\202", 31) = 31 [pid 1238] shutdown(31, SHUT_RDWR) = 0 [pid 1238] close(31) = 0 [pid 1238] getpid() = 1236 [pid 1238] sendto(4, "<167>Feb 5 13:26:30 slapd[1236]"..., 57, MSG_NOSIGNAL, NULL, 0) = 57 [pid 1238] futex(0x5567c5bf497c, FUTEX_WAIT_PRIVATE, 0, NULL^Cstrace: Process 1236 detached 5e3b2a11 connection_get(19): got connid=1003 5e3b2a11 connection_read(19): checking for input on id=1003 ber_get_next ber_get_next: tag 0x30 len 29 contents: 5e3b2a11 op tag 0x77, time 1580935697 ber_get_next 5e3b2a11 conn=1003 op=0 do_extended ber_scanf fmt ({m) ber: 5e3b2a11 send_ldap_extended: err=0 oid= len=0 5e3b2a11 send_ldap_response: msgid=1 tag=120 err=0 ber_flush2: 14 bytes to sd 19 5e3b2a11 connection_get(19): got connid=1003 5e3b2a11 connection_read(19): checking for input on id=1003 5e3b2a11 connection_read(19): unable to get TLS client DN, error=49 id=1003 5e3b2a19 connection_get(19): got connid=1003 5e3b2a19 connection_read(19): checking for input on id=1003 ber_get_next ber_get_next: tag 0x30 len 83 contents: 5e3b2a19 op tag 0x60, time 1580935705 ber_get_next 5e3b2a19 conn=1003 op=1 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: 5e3b2a19 >>> dnPrettyNormal: <uid=jschaeffer,ou=End Users,ou=People,dc=harmonywave,dc=cloud> 5e3b2a19 <<< dnPrettyNormal: <uid=jschaeffer,ou=End Users,ou=People,dc=harmonywave,dc=cloud>, <uid=jschaeffer,ou=end users,ou=people,dc=harmonywave,dc=cloud> 5e3b2a19 do_bind: version=3 dn="uid=jschaeffer,ou=End Users,ou=People,dc=harmonywave,dc=cloud" method=128 5e3b2a19 mdb_dn2entry("uid=jschaeffer,ou=end users,ou=people,dc=harmonywave,dc=cloud") 5e3b2a19 => mdb_dn2id("uid=jschaeffer,ou=end users,ou=people,dc=harmonywave,dc=cloud") 5e3b2a19 <= mdb_dn2id: got id=0x26 5e3b2a19 => mdb_entry_decode: 5e3b2a19 <= mdb_entry_decode 5e3b2a19 SASL [conn=1003] Failure: cannot connect to saslauthd server: Permission denied 5e3b2a19 send_ldap_result: conn=1003 op=1 p=3 5e3b2a19 send_ldap_response: msgid=2 tag=97 err=49 ber_flush2: 14 bytes to sd 19 5e3b2a19 connection_get(19): got connid=1003 5e3b2a19 connection_read(19): checking for input on id=1003 ber_get_next ber_get_next: tag 0x30 len 5 contents: 5e3b2a19 op tag 0x42, time 1580935705 ber_get_next 5e3b2a19 ber_get_next on fd 19 failed errno=0 (Success) 5e3b2a19 conn=1003 op=2 do_unbind 5e3b2a19 connection_close: conn=1003 sd=19 ########### # OS INFO # ########### jschaeffer@bllldap01:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.3 LTS Release: 18.04 Codename: bionic -- Thanks, Joshua Schaeffer

3 4

Migrating from Active Directory to OpenLDAP
by Клеусов Владимир Сергеевич 07 Feb '20

07 Feb '20

Hi, How do I migrate from Active Directory to OpenLDAP ? That is, I need to migrate users with passwords and user groups

2 1

LTB Debian and CentOS builds (was: OpenLDAP 2.4.49 available, LMDB 0.9.25 available)
by Clément OUDOT 07 Feb '20

07 Feb '20

Le jeu. 30 janv. 2020 à 19:27, OpenLDAP project <project(a)openldap.org> a écrit : > > OpenLDAP 2.4.49 is now available for download as detailed on our download > page: Hello, LDAP Tool Box packages for Debian and CentOS are now available: https://ltb-project.org/download#openldap Clément.

1 0

Re: Unable to build mdb stat tool for linux
by Vijay Kumar 05 Feb '20

05 Feb '20

Thanks for the details Quanah, I did use C/C++ almost 13 years ago, used to build using turboc++ with a specific approach no headers installations followed as remembered. I am trying to get MignW. Openldap officially which compiler it supports ? please let me know details. Thank you. Regards, Vijay Kumar On Wed, Feb 5, 2020 at 12:11 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Wednesday, February 5, 2020 11:38 AM +0530 Vijay Kumar > <pasumarthivijaykumar(a)gmail.com> wrote: > > > #define DEFAULT_MAPSIZE (10 * 10 * 10 * 10 * 10 * 10 * 10 * 10 * > > 1048576) > > You've clearly screwed with the code. Do not make any changes to the > code, > I've already told you this. > > > mdb_stat.c:17:23: fatal error: ac\unistd.h: No such file or directory > > #include <ac\unistd.h> > > Install the headers that provide this header file. > > You haven't said at all what environment you're building under. I > personally use MSYS2. > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > -- Thanks & Regards, Vijay Kumar *+91-94944 44009*

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical February 2020