openldap-technical April 2021

openldap-technical@openldap.org

30 participants
36 discussions

is there a standard way to store social media handle?
by Zhang 05 Apr '21

05 Apr '21

Hi. I was certain that I could find this in the archives but failed. What's the recommended way to extend inetOrgPerson to include twitter handle, facebook ID and other social media contact points? There doesn't seem to be OID defined for these attributes. Thanks

1 0

OpenLDAP and CBT
by pankovdv＠skbkontur.ru 05 Apr '21

05 Apr '21

Hello everyone! Does openldap support CBT (Channel Binding Tokens)?

1 0

Simulating/inducing server errors to test client application
by varun mittal 05 Apr '21

05 Apr '21

Is there any easy way of mocking errors(network timeout, search time limit exceeded etc.) from OpenLDAP server to test if client exception are being handled properly ?

2 2

OpenLDAP 2.5.3 Beta binary builds for testing
by Quanah Gibson-Mount 02 Apr '21

02 Apr '21

Symas is pleased to provide binary builds of the OpenLDAP 2.5.3 beta for testing purposes only on the following select platforms. Builds install into /opt/openldap25/ with state files stored in /var/opt/openldap25/ so as to be entirely self contained. No init scripts are provided and it is expected that end testers are familiar with OpenLDAP configuration. Please file any software (not packaging) related issues found at https://bugs.openldap.org/ These builds include a number of contrib modules in addition to the stock OpenLDAP offerings. Platforms: Ubuntu 20.04 LTS RHEL8 and binary compatible distributions (note: requires EPEL) Fedora 34 -------------------------------------------------- Ubuntu 20.04 LTS installation instructions: sudo add-apt-repository ppa:symas/openldap25 sudo apt-get update sudo apt install openldap-clients openldap-server -------------------------------------------------- -------------------------------------------------- RHEL8 installation instructions: dnf install 'dnf-command(copr)' dnf install epel-release dnf copr enable symas/openldap25 yum install openldap25-libs openldap25-clients openldap25-server -------------------------------------------------- -------------------------------------------------- Fedora 34 installation instructions: dnf install 'dnf-command(copr)' dnf copr enable symas/openldap25 yum install openldap25-libs openldap25-clients openldap25-server -------------------------------------------------- Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

RE: [EXT]:Re: Openldap client is not populating GID name instead of it just getting GID with empty Group name
by Quanah Gibson-Mount 02 Apr '21

02 Apr '21

--On Friday, April 2, 2021 6:29 PM +0000 "Ballem, Narayanan" <Narayanan.Ballem(a)Staples.com> wrote: > HI Quanah, > > Any help would be appreciated, I am making sure to collecting additional > logs. In case if you get a time to look the issue and help us. Don't spam the list, you already sent this email. I've nothing further to add at this time. I would note that loglevel is not debug (terminology is important). If you had a ulimit issue where you were running out of file descriptors in the slapd process, then that would be clearly logged. I don't suggest making gratuitous changes that are not backed up by documented evidence. --Quanah > We are scheduling the change ticket for this weekend. I just want to make > sure below action items I am going to try. > > 1) enable the debug logs >>> loglevel stats in ldap.conf > 2) would like to increase the ulimit to 16K from 4k to just rule out > limit issue. > > After enabling the debug logs will capture the logs from master and > clients(2-3) to review later. I guess I will see the same issue after the > cutover from old servers to new servers and I will roll back to old > servers . > > Let me know if you have other suggestion to capture more data. > > -Narayanan > > -----Original Message----- > From: Ballem, Narayanan > Sent: Wednesday, March 31, 2021 11:41 AM > To: Quanah Gibson-Mount <quanah(a)symas.com>; > openldap-technical(a)openldap.org Subject: RE: [EXT]:Re: Openldap client is > not populating GID name instead of it just getting GID with empty Group > name > > HI Quanah, > > Hope you are doing good !!! > We are scheduling the change ticket for this weekend. I just want to make > sure below action items I am going to try. > > 1) enable the debug logs >>> loglevel stats > 2) would like to increase the ulimit to 16K from 4k to just rule out > limit issue. > > After enabling the debug logs will capture the logs from master and > clients(2-3) to review later. I guess I will see the same issue after the > cutover from old servers to new servers and I will roll back to old > servers . > > Let me know if you have other suggestion to capture more data. > > Thanks for your valuable time. > > -Narayanan > -----Original Message----- > From: Ballem, Narayanan > Sent: Tuesday, March 23, 2021 2:21 PM > To: 'Quanah Gibson-Mount' <quanah(a)symas.com>; > openldap-technical(a)openldap.org Subject: RE: [EXT]:Re: Openldap client is > not populating GID name instead of it just getting GID with empty Group > name > > Unfortunately I cannot demonstrate right now as my old prod servers live > and I cannot bring new systems into traffic during business hours. I can > schedule the activity on coming on April 3rd/4th where I can collect > additional logging as you mentioned and replicate the issue. > > -Narayanan > > -----Original Message----- > From: Quanah Gibson-Mount <quanah(a)symas.com> > Sent: Tuesday, March 23, 2021 2:13 PM > To: Ballem, Narayanan <Narayanan.Ballem(a)Staples.com>; > openldap-technical(a)openldap.org Subject: RE: [EXT]:Re: Openldap client is > not populating GID name instead of it just getting GID with empty Group > name > > > > --On Tuesday, March 23, 2021 7:05 PM +0000 "Ballem, Narayanan" > <Narayanan.Ballem(a)Staples.com> wrote: > >> Ok I will test this one. >> Unfortunately I cannot test this as I see only during the cutover from >> old to new servers.. >> >> Apart from additional logging do you suggest any tuning to take more >> 5k ldap clients connections ? > > No, you've yet to even demonstrate that OpenLDAP is having any issue. > All you've noted is that you're having some issue somewhere in your stack. > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sym > as.com%2F&data=04%7C01%7CNarayanan.Ballem%40Staples.com%7C59043688533 > a4266ee4108d8ee274ca1%7Cb101f7ab56ac485fb3975279698fdf7d%7C1%7C0%7C637521 > 199838305231%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi > LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FPOxOEnVAaVQGNXLaZUsHSu > asC9LoROX1EQd2biE8FE%3D&reserved=0> -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

openSUSE and SLE packages of OpenLDAP 2.5.3beta available
by Michael Ströder 01 Apr '21

01 Apr '21

On 4/1/21 6:17 AM, project(a)openldap.org wrote: > OpenLDAP 2.5.3beta is now available for experimentation and testing. You can find openSUSE and SLE packages of release 2.5.3beta in this OBS project: https://build.opensuse.org/project/show/home:stroeder:openldap25 Notes: - The packages are experimental and not tested in production. - This is my private work not related to the OpenLDAP project => blame me if something looks wrong with the packaging. - If unsure install openldap-ms, not openldap2, for testing (see below). Safe option: openldap-ms home:stroeder:openldap25/openldap-ms contains packages installed into a separate prefix /opt/openldap-ms. You can safely install these without breaking system-wide libraries and config files. There shouldn't be any conflict with other OS-provided packages. Danger area: openldap2 (You have been warned!) home:stroeder:openldap25/openldap2 is a *replacement* for the OS-provided packages which replaces system-wide client libraries. *This will likely break your system*! If you know what you're doing you can install this into e.g. test VMs, container or similar throw-away deployments. Download repos for various versions: https://download.opensuse.org/repositories/home:/stroeder:/openldap25/ Choose a directory and add the repo like this (example for openSUSE Tumbleweed): zypper addrepo -f https://download.opensuse.org/repositories/home:/stroeder:/openldap25/openS… Refresh your repos: zypper refresh -f Install packages zypper install openldap-ms openldap-ms-contrib Ciao, Michael.

4 4

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical April 2021