openldap-technical May 2021

openldap-technical@openldap.org

23 participants
23 discussions

Problem with "force user to password reset at first login
by Rajagopal Rc 30 Oct '23

30 Oct '23

Hi, I am trying to force users to change their password at first login or after password reset by administrator. Tried following: 1)Password policy 'pwdMustChange TRUE' doesn't seems to be working as non of the users get prompt to change their password at first login. 2) used the 'pwdReset TRUE' attribute in users attributes, and it won't prompt to change the password and didn't allow to login i observe below messages in log "slapd[12684]: connection restricted to password changing only slapd[12684]: send_ldap_result: err=50 matched="" text="Operations are restricted to bind/unbind/abandon/StartTLS/modify password" slapd[12684]: conn=1053 op=1 SEARCH RESULT tag=101 err=50 nentries=0 text=Operations are restricted to bind/unbind/abandon/StartTLS/modify password" Please help me configure the option to force all users to change their password at first login or after pwd reset by administrator. Thanks & Regards Raj Tata Consultancy Services Mailto: rajagopal.rc(a)tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

5 9

Index seems to return wrong amount of candidate causing really poor search performance
by chrichardso27＠gmail.com 18 Aug '21

18 Aug '21

Hi, Considering the following assumptions; - OpenLDAP version 2.4.51 - attributes objectClass and abc are indexed based on equality - the EQUALITY of attribute abc is based on distinguishedNameMatch - The database contains roughly 2 million entries - 2 entries have defined the attribute abc with a dn value cn=foo,dc=bar and objectClass=someClass - 2 entries have defined the attribute abc with a dn value cn=bar,dc=baz and objectClass=someClass Now, the issue started with really slow search performance using objectClass=someClass & abc=cn=foo,dc=bar as filter criteria. Debugging a while seems to indicate that the objectClass filter returns roughly 2 million entries as candidates. Now, one would expect that the second filter would return only the 2 potential candidates from the abc index, or a subset of the whole database but this is not the case. The second filter also returns nearly the whole database entries as potential candidates and causes really slow query performance. Interestingly, this only occurs when attribute abc has value cn=foo,dc=bar, but for some reason for the entry having attribute abc with value cn=bar,dc=baz the query returns immediately. In both cases, the actual entries matching the search return immediately but for the problematic search "(&(objectClass=someClass)(abc=cn=foo,dc=bar))", the completion of the search takes a long time (around 15 seconds to be precise). The issue started suddenly and wasn't a degradation of query performance over time. Few things I have tried - Rebuilt the whole database again - Reindex the existing database again - Testing with bdb and mdb as backends - Increased cache sizes for bdb to hold the whole database in cache - For bdb adjust the page size of the indexes according to suggestion by db_tuner - Change the order of the filters None of these made any difference. At the moment, there does not seem to be any good options to try. Any ideas or help would be greatly appreciated!

6 18

unable to add DB DIT , getting value #0 invalid per syntax error in alpine Linux.
by govid 06 Jun '21

06 Jun '21

unable to add DB DIT , getting value #0 invalid per syntax error command used : ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif below is the content of "create_sns_db.ldif" file dn: olcDatabase=mdb,cn=config objectClass: olcMdbConfig olcDatabase: mdb olcDbMaxSize: 1073741824 olcSuffix: dc=smartsan olcDbDirectory: /usr/local/var/openldap-data/sns_db olcRootDN: cn=admin,dc=smartsan olcRootPW: secret2 olcDbIndex: objectClass eq below is the debug output for the ldapadd command used: #ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif -d 255 ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 4 tm: -1 async: 0 attempting to connect: connect success ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7f1aa9d18010 ptr=0x7f1aa9d18010 end=0x7f1aa9d1802d len=29 0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c 0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret ber_scanf fmt ({i) ber: ber_dump: buf=0x7f1aa9d18010 ptr=0x7f1aa9d18015 end=0x7f1aa9d1802d len=24 0000: 60 16 02 01 03 04 09 63 6e 3d 63 6f 6e 66 69 67 `......cn=config 0010: 80 06 73 65 63 72 65 74 ..secret ber_flush2: 29 bytes to sd 4 0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c 0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret ldap_write: want=29, written=29 0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c 0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret ldap_result ld 0x7f1aaa121dc0 msgid 1 wait4msg ld 0x7f1aaa121dc0 msgid 1 (infinite timeout) wait4msg continue ld 0x7f1aaa121dc0 msgid 1 all 1 ** ld 0x7f1aaa121dc0 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Tue May 25 05:42:41 2021 ** ld 0x7f1aaa121dc0 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7f1aaa121dc0 request count 1 (abandoned 0) ** ld 0x7f1aaa121dc0 Response Queue: Empty ld 0x7f1aaa121dc0 response count 0 ldap_chkResponseList ld 0x7f1aaa121dc0 msgid 1 all 1 ldap_chkResponseList returns ld 0x7f1aaa121dc0 NULL ldap_int_select read1msg: ld 0x7f1aaa121dc0 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 61 07 0a 0....a.. ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ...... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b10 end=0x7f1aaa048b1c len=12 0000: 02 01 01 61 07 0a 01 00 04 00 04 00 ...a........ read1msg: ld 0x7f1aaa121dc0 msgid 1 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b13 end=0x7f1aaa048b1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ read1msg: ld 0x7f1aaa121dc0 0 new referrals read1msg: mark request completed, ld 0x7f1aaa121dc0 msgid 1 request done: ld 0x7f1aaa121dc0 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b13 end=0x7f1aaa048b1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ ber_scanf fmt (}) ber: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b1c end=0x7f1aaa048b1c len=0 ldap_msgfree adding new entry "olcDatabase=mdb,cn=config" ldap_add_ext ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7f1aa9d18020 ptr=0x7f1aa9d18020 end=0x7f1aa9d18148 len=296 0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc 0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn= 0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj 0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM 0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD 0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0. 0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1. 0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240... 0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc= 0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD 00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v 00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap- 00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o 00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a 00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan 00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1.. 0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD 0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object 0120: 43 6c 61 73 73 20 65 71 Class eq ber_scanf fmt ({) ber: ber_dump: buf=0x7f1aa9d18020 ptr=0x7f1aa9d18027 end=0x7f1aa9d18148 len=289 0000: 68 82 01 1d 04 19 6f 6c 63 44 61 74 61 62 61 73 h.....olcDatabas 0010: 65 3d 6d 64 62 2c 63 6e 3d 63 6f 6e 66 69 67 30 e=mdb,cn=config0 0020: 81 ff 30 1d 04 0b 6f 62 6a 65 63 74 43 6c 61 73 ..0...objectClas 0030: 73 31 0e 04 0c 6f 6c 63 4d 64 62 43 6f 6e 66 69 s1...olcMdbConfi 0040: 67 30 14 04 0b 6f 6c 63 44 61 74 61 62 61 73 65 g0...olcDatabase 0050: 31 05 04 03 6d 64 62 30 1c 04 0c 6f 6c 63 44 62 1...mdb0...olcDb 0060: 4d 61 78 53 69 7a 65 31 0c 04 0a 31 30 37 33 37 MaxSize1...10737 0070: 34 31 38 32 34 30 1a 04 09 6f 6c 63 53 75 66 66 418240...olcSuff 0080: 69 78 31 0d 04 0b 64 63 3d 73 6d 61 72 74 73 61 ix1...dc=smartsa 0090: 6e 30 31 04 0e 6f 6c 63 44 62 44 69 72 65 63 74 n01..olcDbDirect 00a0: 6f 72 79 31 1f 04 1d 2f 76 61 72 2f 6c 69 62 2f ory1.../var/lib/ 00b0: 6f 70 65 6e 6c 64 61 70 2d 64 61 74 61 2f 73 6e openldap-data/sn 00c0: 73 5f 64 62 30 23 04 09 6f 6c 63 52 6f 6f 74 44 s_db0#..olcRootD 00d0: 4e 31 16 04 14 63 6e 3d 61 64 6d 69 6e 2c 64 63 N1...cn=admin,dc 00e0: 3d 73 6d 61 72 74 73 61 6e 30 16 04 09 6f 6c 63 =smartsan0...olc 00f0: 52 6f 6f 74 50 57 31 09 04 07 73 65 63 72 65 74 RootPW1...secret 0100: 32 30 1e 04 0a 6f 6c 63 44 62 49 6e 64 65 78 31 20...olcDbIndex1 0110: 10 04 0e 6f 62 6a 65 63 74 43 6c 61 73 73 20 65 ...objectClass e 0120: 71 q ber_flush2: 296 bytes to sd 4 0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc 0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn= 0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj 0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM 0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD 0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0. 0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1. 0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240... 0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc= 0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD 00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v 00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap- 00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o 00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a 00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan 00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1.. 0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD 0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object 0120: 43 6c 61 73 73 20 65 71 Class eq ldap_write: want=296, written=296 0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc 0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn= 0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj 0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM 0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD 0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0. 0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1. 0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240... 0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc= 0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD 00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v 00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap- 00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o 00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a 00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan 00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1.. 0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD 0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object 0120: 43 6c 61 73 73 20 65 71 Class eq ldap_result ld 0x7f1aaa121dc0 msgid 2 wait4msg ld 0x7f1aaa121dc0 msgid 2 (timeout 100000 usec) wait4msg continue ld 0x7f1aaa121dc0 msgid 2 all 1 ** ld 0x7f1aaa121dc0 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Tue May 25 05:42:41 2021 ** ld 0x7f1aaa121dc0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x7f1aaa121dc0 request count 1 (abandoned 0) ** ld 0x7f1aaa121dc0 Response Queue: Empty ld 0x7f1aaa121dc0 response count 0 ldap_chkResponseList ld 0x7f1aaa121dc0 msgid 2 all 1 ldap_chkResponseList returns ld 0x7f1aaa121dc0 NULL ldap_int_select read1msg: ld 0x7f1aaa121dc0 msgid 2 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 34 02 01 02 69 2f 0a 04...i/. ldap_read: want=46, got=46 0000: 01 15 04 00 04 28 6f 62 6a 65 63 74 43 6c 61 73 .....(objectClas 0010: 73 3a 20 76 61 6c 75 65 20 23 30 20 69 6e 76 61 s: value #0 inva 0020: 6c 69 64 20 70 65 72 20 73 79 6e 74 61 78 lid per syntax ber_get_next: tag 0x30 len 52 contents: ber_dump: buf=0x565118724fb0 ptr=0x565118724fb0 end=0x565118724fe4 len=52 0000: 02 01 02 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 ...i/......(obje 0010: 63 74 43 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 ctClass: value # 0020: 30 20 69 6e 76 61 6c 69 64 20 70 65 72 20 73 79 0 invalid per sy 0030: 6e 74 61 78 ntax read1msg: ld 0x7f1aaa121dc0 msgid 2 message type add ber_scanf fmt ({eAA) ber: ber_dump: buf=0x565118724fb0 ptr=0x565118724fb3 end=0x565118724fe4 len=49 0000: 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 63 74 43 i/......(objectC 0010: 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 30 20 69 lass: value #0 i 0020: 6e 76 61 6c 69 64 20 70 65 72 20 73 79 6e 74 61 nvalid per synta 0030: 78 x read1msg: ld 0x7f1aaa121dc0 0 new referrals read1msg: mark request completed, ld 0x7f1aaa121dc0 msgid 2 request done: ld 0x7f1aaa121dc0 msgid 2 res_errno: 21, res_error: <objectClass: value #0 invalid per syntax>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x565118724fb0 ptr=0x565118724fb3 end=0x565118724fe4 len=49 0000: 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 63 74 43 i/......(objectC 0010: 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 30 20 69 lass: value #0 i 0020: 6e 76 61 6c 69 64 20 70 65 72 20 73 79 6e 74 61 nvalid per synta 0030: 78 x ber_scanf fmt (}) ber: ber_dump: buf=0x565118724fb0 ptr=0x565118724fe4 end=0x565118724fe4 len=0 ldap_msgfree ldap_err2string ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 4 0000: 30 05 02 01 03 42 00 0....B. ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B. ldap_free_connection: actually freed Note: i have manually typed the contents of the ldif file to make sure no extra characters are there.

2 10

LMDB MAP_LOCK flag on readers to minimize major page faults
by Vitaly Zuevsky 31 May '21

31 May '21

Hi MAP_LOCK flag to mmap() on LMDB readers should populate page cache from the file being mapped and preclude those pages from eviction. I was wondering if that was ever tested, especially with frequent writes to the underlying file. And is there a standard way (a compile option) to include that flag without modifying source code directly? I see quite a few major faults with perf stat, and I am looking if they could be avoided. I am new to LMDB and I guess this discussion may have taken place before, if you could point me out to the right place.. Thank you. Vitaly

4 10

RE24 testing call #1 (OpenLDAP 2.4.59)
by Quanah Gibson-Mount 31 May '21

31 May '21

his is the first testing call for OpenLDAP 2.4.59. Depending on the results, this may be the only testing call. Generally, get the code for RE24: <https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_4/o…> Extract, configure, and build. Execute the test suite (via make test) after it is built. Optionally, cd tests && make its to run through the regression suite. Thanks! OpenLDAP 2.4.59 Engineering Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295) Fixed slapd-mdb cursor init check (ITS#9526) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapo-pcache locking during expiration (ITS#9529) Contrib Fixed slapo-autogroup to not thrash thead context (ITS#9494) Documentation ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

5 7

Configure autoca in slapd.d
by Stefan Kania 31 May '21

31 May '21

Hallo, I try to get autoca running using the configuration via slapd.d. With slapd.conf it'S working with this configuration: ------- overlay autoca caKeybits 4096 userKeybits 4096 serverKeybits 4096 ------- When I try to configure it with the following settings: --------- dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig olcserverKeybits: 4096 olccaKeybits: 4096 olcuserKeybits: 4096 --------- I'll getting: ------------- additional info: olcserverKeybits: attribute type undefined ------------- If I try to configure autoca with the default values, it works. I use OpenLDAP 2.5.4 on a Debian10 Is there any documentation, more then the manpage? Stefan

2 4

Re: RE25 testing call #1 (OpenLDAP 2.5.5)
by Nick Folino 29 May '21

29 May '21

Make test and make its successful on Fedora 34. Nick On Fri, May 28, 2021 at 5:39 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > This is the first testing call for OpenLDAP 2.5.55. Depending on the > results, this may be the only testing call. > > Generally, get the code for RE25: > > < > https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_5/o… > > > > Extract, configure, and build. > > Execute the test suite (via make test) after it is built. Optionally, cd > tests && make its to run through the regression suite. > > Thanks! > > OpenLDAP 2.5.5 Engineering > Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502) > Added lloadd tcp-user-timeout support (ITS#9502) > Added slapd-asyncmeta tcp-user-timeout support (ITS#9502) > Added slapd-ldap tcp-user-timeout support (ITS#9502) > Added slapd-meta tcp-user-timeout support (ITS#9502) > Fixed incorrect control OIDs for AuthZ Identity (ITS#9542) > Fixed libldap typo in util-int.c (ITS#9541) > Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) > Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, > ITS#9546) > Fixed lloadd multiple issues (ITS#8747) > Fixed slapd slap_op_time to avoid duplicates across restarts > (ITS#9537) > Fixed slapd typo in daemon.c (ITS#9541) > Fixed slapd slapi compilation (ITS#9544) > Fixed slapd to handle empty DN in extended filters (ITS#9551) > Fixed slapd syncrepl searches with empty base (ITS#6467) > Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534) > Fixed slapd-asyncmeta quarantine handling (ITS#8721) > Fixed slapd-asyncmeta to have a default operations timeout > (ITS#9555) > Fixed slapd-ldap quarantine handling (ITS#8721) > Fixed slapd-mdb deletion of context entry (ITS#9531) > Fixed slapd-meta quarantine handling (ITS#8721) > Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552) > Fixed slapo-pcache locking during expiration (ITS#9529) > Fixed slappw-argon2 module installation (ITS#9548) > Contrib > Update ldapc++/ldaptcl to use configure.ac (ITS#9554) > Documentation > ldap_first_attribute(3) - Document ldap_get_attribute_ber > (ITS#8820) > ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) > > Regards, > Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

1 0

RE25 testing call #1 (OpenLDAP 2.5.5)
by Quanah Gibson-Mount 29 May '21

29 May '21

This is the first testing call for OpenLDAP 2.5.55. Depending on the results, this may be the only testing call. Generally, get the code for RE25: <https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_5/o…> Extract, configure, and build. Execute the test suite (via make test) after it is built. Optionally, cd tests && make its to run through the regression suite. Thanks! OpenLDAP 2.5.5 Engineering Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502) Added lloadd tcp-user-timeout support (ITS#9502) Added slapd-asyncmeta tcp-user-timeout support (ITS#9502) Added slapd-ldap tcp-user-timeout support (ITS#9502) Added slapd-meta tcp-user-timeout support (ITS#9502) Fixed incorrect control OIDs for AuthZ Identity (ITS#9542) Fixed libldap typo in util-int.c (ITS#9541) Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530) Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, ITS#9546) Fixed lloadd multiple issues (ITS#8747) Fixed slapd slap_op_time to avoid duplicates across restarts (ITS#9537) Fixed slapd typo in daemon.c (ITS#9541) Fixed slapd slapi compilation (ITS#9544) Fixed slapd to handle empty DN in extended filters (ITS#9551) Fixed slapd syncrepl searches with empty base (ITS#6467) Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534) Fixed slapd-asyncmeta quarantine handling (ITS#8721) Fixed slapd-asyncmeta to have a default operations timeout (ITS#9555) Fixed slapd-ldap quarantine handling (ITS#8721) Fixed slapd-mdb deletion of context entry (ITS#9531) Fixed slapd-meta quarantine handling (ITS#8721) Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552) Fixed slapo-pcache locking during expiration (ITS#9529) Fixed slappw-argon2 module installation (ITS#9548) Contrib Update ldapc++/ldaptcl to use configure.ac (ITS#9554) Documentation ldap_first_attribute(3) - Document ldap_get_attribute_ber (ITS#8820) ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559) Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 1

Openldap trying to setup mozillaAbPersonAlpha.schema
by bob＠gunas.co.uk 29 May '21

29 May '21

I don't know if this is the best place to ask for help but I can only try please don't shoot me down. I'm new to openldap and find it hard going so any help would great. Trying to setup an Address book to work with Thunderbird. Trying to Include mozillaAbPersonAlpha.schema in to Ldap 2.4.7 on Ubuntu server 20.04.2 The steps I have taken 1) mkdir /tmp/ldapworkingdir 2) cd /tmp/ldapworkingdir/ 3) touch ldap.conf 4) echo "include /etc/ldap/schema/mozillaAbPersonAlpha.schema" > ldap.conf 5) slaptest -f ldap.conf -F . 6) the error message 60b0fc5f /etc/ldap/schema/mozillaAbPersonAlpha.schema: line 148 objectclass: AttributeType not found: "c" slaptest: bad configuration directory! I have tried look for example of how to setup Thunderbird address book but with no look. I do hope someone can help. Thanks Bob H

2 4

radlib.h: No such file or directory - passwd slapd-module
by rguichardspam＠Gmail.com 28 May '21

28 May '21

Hi, while compile passwd slapd-modules, I've got error on Radius compilation. gcc -DOPENLDAP_FD_SETSIZE=4096 -O2 -g -DSLAP_SCHEMA_EXPOSE -g -O2 -I/usr/kerberos/include -I../../../include -I../../../include -I../../../servers/slapd -c radius.c -fPIC -DPIC -o .libs/radius.o radius.c:27:20: fatal error: radlib.h: No such file or directory #include <radlib.h> I've searched which package could provide the radlib file but I didn't found it. Please confirm which package should be used .. or link to the source.. I'm on CentOS

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical May 2021