OpenLDAP and CBT
by pankovdv@skbkontur.ru
Hello everyone!
Does openldap support CBT (Channel Binding Tokens)?
2 years, 2 months
OpenLDAP 2.5.3 Beta binary builds for testing
by Quanah Gibson-Mount
Symas is pleased to provide binary builds of the OpenLDAP 2.5.3 beta for
testing purposes only on the following select platforms. Builds install
into /opt/openldap25/ with state files stored in /var/opt/openldap25/ so as
to be entirely self contained. No init scripts are provided and it is
expected that end testers are familiar with OpenLDAP configuration. Please
file any software (not packaging) related issues found at
https://bugs.openldap.org/
These builds include a number of contrib modules in addition to the stock
OpenLDAP offerings.
Platforms:
Ubuntu 20.04 LTS
RHEL8 and binary compatible distributions (note: requires EPEL)
Fedora 34
--------------------------------------------------
Ubuntu 20.04 LTS installation instructions:
sudo add-apt-repository ppa:symas/openldap25
sudo apt-get update
sudo apt install openldap-clients openldap-server
--------------------------------------------------
--------------------------------------------------
RHEL8 installation instructions:
dnf install 'dnf-command(copr)'
dnf install epel-release
dnf copr enable symas/openldap25
yum install openldap25-libs openldap25-clients openldap25-server
--------------------------------------------------
--------------------------------------------------
Fedora 34 installation instructions:
dnf install 'dnf-command(copr)'
dnf copr enable symas/openldap25
yum install openldap25-libs openldap25-clients openldap25-server
--------------------------------------------------
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
2 years, 2 months
RE: [EXT]:Re: Openldap client is not populating GID name instead of it just getting GID with empty Group name
by Quanah Gibson-Mount
--On Friday, April 2, 2021 6:29 PM +0000 "Ballem, Narayanan"
<Narayanan.Ballem(a)Staples.com> wrote:
> HI Quanah,
>
> Any help would be appreciated, I am making sure to collecting additional
> logs. In case if you get a time to look the issue and help us.
Don't spam the list, you already sent this email. I've nothing further to
add at this time. I would note that loglevel is not debug (terminology is
important). If you had a ulimit issue where you were running out of file
descriptors in the slapd process, then that would be clearly logged. I
don't suggest making gratuitous changes that are not backed up by
documented evidence.
--Quanah
> We are scheduling the change ticket for this weekend. I just want to make
> sure below action items I am going to try.
>
> 1) enable the debug logs
>>> loglevel stats in ldap.conf
> 2) would like to increase the ulimit to 16K from 4k to just rule out
> limit issue.
>
> After enabling the debug logs will capture the logs from master and
> clients(2-3) to review later. I guess I will see the same issue after the
> cutover from old servers to new servers and I will roll back to old
> servers .
>
> Let me know if you have other suggestion to capture more data.
>
> -Narayanan
>
> -----Original Message-----
> From: Ballem, Narayanan
> Sent: Wednesday, March 31, 2021 11:41 AM
> To: Quanah Gibson-Mount <quanah(a)symas.com>;
> openldap-technical(a)openldap.org Subject: RE: [EXT]:Re: Openldap client is
> not populating GID name instead of it just getting GID with empty Group
> name
>
> HI Quanah,
>
> Hope you are doing good !!!
> We are scheduling the change ticket for this weekend. I just want to make
> sure below action items I am going to try.
>
> 1) enable the debug logs
>>> loglevel stats
> 2) would like to increase the ulimit to 16K from 4k to just rule out
> limit issue.
>
> After enabling the debug logs will capture the logs from master and
> clients(2-3) to review later. I guess I will see the same issue after the
> cutover from old servers to new servers and I will roll back to old
> servers .
>
> Let me know if you have other suggestion to capture more data.
>
> Thanks for your valuable time.
>
> -Narayanan
> -----Original Message-----
> From: Ballem, Narayanan
> Sent: Tuesday, March 23, 2021 2:21 PM
> To: 'Quanah Gibson-Mount' <quanah(a)symas.com>;
> openldap-technical(a)openldap.org Subject: RE: [EXT]:Re: Openldap client is
> not populating GID name instead of it just getting GID with empty Group
> name
>
> Unfortunately I cannot demonstrate right now as my old prod servers live
> and I cannot bring new systems into traffic during business hours. I can
> schedule the activity on coming on April 3rd/4th where I can collect
> additional logging as you mentioned and replicate the issue.
>
> -Narayanan
>
> -----Original Message-----
> From: Quanah Gibson-Mount <quanah(a)symas.com>
> Sent: Tuesday, March 23, 2021 2:13 PM
> To: Ballem, Narayanan <Narayanan.Ballem(a)Staples.com>;
> openldap-technical(a)openldap.org Subject: RE: [EXT]:Re: Openldap client is
> not populating GID name instead of it just getting GID with empty Group
> name
>
>
>
> --On Tuesday, March 23, 2021 7:05 PM +0000 "Ballem, Narayanan"
> <Narayanan.Ballem(a)Staples.com> wrote:
>
>> Ok I will test this one.
>> Unfortunately I cannot test this as I see only during the cutover from
>> old to new servers..
>>
>> Apart from additional logging do you suggest any tuning to take more
>> 5k ldap clients connections ?
>
> No, you've yet to even demonstrate that OpenLDAP is having any issue.
> All you've noted is that you're having some issue somewhere in your stack.
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sym
> as.com%2F&data=04%7C01%7CNarayanan.Ballem%40Staples.com%7C59043688533
> a4266ee4108d8ee274ca1%7Cb101f7ab56ac485fb3975279698fdf7d%7C1%7C0%7C637521
> 199838305231%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
> LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FPOxOEnVAaVQGNXLaZUsHSu
> asC9LoROX1EQd2biE8FE%3D&reserved=0>
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
2 years, 2 months
openSUSE and SLE packages of OpenLDAP 2.5.3beta available
by Michael Ströder
On 4/1/21 6:17 AM, project(a)openldap.org wrote:
> OpenLDAP 2.5.3beta is now available for experimentation and testing.
You can find openSUSE and SLE packages of release 2.5.3beta in this OBS
project:
https://build.opensuse.org/project/show/home:stroeder:openldap25
Notes:
- The packages are experimental and not tested in production.
- This is my private work not related to the OpenLDAP project => blame
me if something looks wrong with the packaging.
- If unsure install openldap-ms, not openldap2, for testing (see below).
Safe option: openldap-ms
home:stroeder:openldap25/openldap-ms contains packages installed into a
separate prefix /opt/openldap-ms. You can safely install these without
breaking system-wide libraries and config files. There shouldn't be any
conflict with other OS-provided packages.
Danger area: openldap2 (You have been warned!)
home:stroeder:openldap25/openldap2 is a *replacement* for the
OS-provided packages which replaces system-wide client libraries.
*This will likely break your system*!
If you know what you're doing you can install this into e.g. test VMs,
container or similar throw-away deployments.
Download repos for various versions:
https://download.opensuse.org/repositories/home:/stroeder:/openldap25/
Choose a directory and add the repo like this (example for openSUSE
Tumbleweed):
zypper addrepo -f
https://download.opensuse.org/repositories/home:/stroeder:/openldap25/ope...
Refresh your repos:
zypper refresh -f
Install packages
zypper install openldap-ms openldap-ms-contrib
Ciao, Michael.
2 years, 2 months
