openldap-technical August 2021

openldap-technical@openldap.org

26 participants
49 discussions

Problem with "force user to password reset at first login
by Rajagopal Rc 30 Oct '23

30 Oct '23

Hi, I am trying to force users to change their password at first login or after password reset by administrator. Tried following: 1)Password policy 'pwdMustChange TRUE' doesn't seems to be working as non of the users get prompt to change their password at first login. 2) used the 'pwdReset TRUE' attribute in users attributes, and it won't prompt to change the password and didn't allow to login i observe below messages in log "slapd[12684]: connection restricted to password changing only slapd[12684]: send_ldap_result: err=50 matched="" text="Operations are restricted to bind/unbind/abandon/StartTLS/modify password" slapd[12684]: conn=1053 op=1 SEARCH RESULT tag=101 err=50 nentries=0 text=Operations are restricted to bind/unbind/abandon/StartTLS/modify password" Please help me configure the option to force all users to change their password at first login or after pwd reset by administrator. Thanks & Regards Raj Tata Consultancy Services Mailto: rajagopal.rc(a)tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

5 9

migrate from slapo-memberof to slapo-dynlist
by Michael Ströder 31 Aug '21

31 Aug '21

HI! It's easy to change the config of OpenLDAP 2.5 from "overlay memberof" to "overlay dynlist" and it just works. Nice. :-) But the existing database then still contains the 'memberOf' attribute values. Ideally one should reload the database. But if anything fails: Does it do any harm if 'memberOf' attribute values are still present in the database but slapo-dynlist is supposed to compute 'memberOf' attribute values based on recently changed group membership? At the end I will instruct the admins to reload databases especially to also save space. But it would be less operational stress if I could decouple the config change from the database re-load. Ciao, Michael.

2 3

Re: 2.5.7 - adding memberof module Duplicate attributeType
by Saša-Stjepan Bakša 30 Aug '21

30 Aug '21

On Mon, 30 Aug 2021 at 19:33, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > > @Dave Macias Can you share the structure of your groups? > > member/memberOf depend on LDAP groups, not unix groups, which are based on > DNs. > > Example groups objectClasses are: > > groupOfNames (core schema) > groupOfUniqueNames (core schema) > groupOfMembers (rfc2307bis schema) > > > Of these three, I would recommend either groupOfNames or groupOfMembers > > Thank you Quanah! I will try them as you suggested. br Saša

1 0

Re: 2.5.7 - adding memberof module Duplicate attributeType
by Quanah Gibson-Mount 30 Aug '21

30 Aug '21

--On Monday, August 30, 2021 8:26 PM +0200 Saša-Stjepan Bakša <ssbaksa(a)gmail.com> wrote: > --On Monday, August 30, 2021 11:14 AM +0200 Saša-Stjepan Bakša > <ssbaksa(a)gmail.com> wrote: > >> I have similar situation and also a replicated environment. I am using >> posixGroup only and never had any need for a memberOf attribute. >> But now, my devs have a software which insists on that attribute so I >> should provide it for them. > > posixGroup is not a valid objectClass to use with providing memberOf > information. > > --Quanah > > > > > > Ouch! I have 51 different posixGroup groups which have been in use for > more than 10 years and now because of one > piece of software I must change the way I manage them all. Not happy at > all. > > > What is your suggestion Quanah? Can I just add an object? It would be a > problem if I must change all services. > Or maybe just add a few new groups of different types for that software. > That will be great if it is appropriate. > > > > @Dave Macias Can you share the structure of your groups? member/memberOf depend on LDAP groups, not unix groups, which are based on DNs. Example groups objectClasses are: groupOfNames (core schema) groupOfUniqueNames (core schema) groupOfMembers (rfc2307bis schema) Of these three, I would recommend either groupOfNames or groupOfMembers Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: OpenLDAP 2.5.7 dies
by kevin martin 30 Aug '21

30 Aug '21

https://bugs.openldap.org/show_bug.cgi?id=9656 --- Regards, Kevin Martin On Mon, Aug 30, 2021 at 10:01 AM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Monday, August 30, 2021 10:41 AM -0500 kevin martin <ktmdms(a)gmail.com> > > wrote: > > > > > > > issue handled. missing pwdCheckModuleArg in the password policy > > (apparently not using ppm.conf anymore). once added to the schema the > > password change works. > > This still should not cause slapd to crash. Please file a bug at > https://bugs.openldap.org with the reproduction steps. Thanks! > > Regards, > Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

1 0

Re: 2.5.7 - adding memberof module Duplicate attributeType
by Dave Macias 30 Aug '21

30 Aug '21

Thank you for the input! Ive been researching it a bit. As far as I understand, dynlist “allows for expansion of dynamic groups and more” (from the man). Also, I'm assuming that dynlist also works well with MMR syncrepl, yes? (Since memberof didnt) I only have static groups. Googling around showed that you can also use it against static groups…if I understood it correctly. Would this overlay config help me for expanding against static groups using rfc2307bis schema? dn: olcOverlay=dynlist,olcDatabase=mdb,cn=config objectClass: olcOverlayConfig objectClass: olcDynListConfig olcOverlay: dynlist olcDynListAttrSet: member Thank you! On Aug 27, 2021, 8:39 PM -0400, Quanah Gibson-Mount <quanah(a)symas.com>, wrote: --On Friday, August 27, 2021 8:10 PM -0400 Dave Macias <davama(a)gmail.com> wrote: So i rebuild but without memberof module/overlay From the slapo-memberof(5) man page for OpenLDAP 2.5: Note that this overlay is deprecated and support will be dropped in future OpenLDAP releases. Installations should use the dynlist overlay instead. Using this overlay in a replicated environment is especially discouraged. The point was you should be using dynlist rather than memberOf. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

3 4

Re: OpenLDAP 2.5.7 dies
by kevin martin 30 Aug '21

30 Aug '21

issue handled. missing pwdCheckModuleArg in the password policy (apparently not using ppm.conf anymore). once added to the schema the password change works. --- Regards, Kevin Martin On Fri, Aug 27, 2021 at 7:42 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Friday, August 27, 2021 5:47 PM -0500 kevin martin <ktmdms(a)gmail.com> > > wrote: > > > > > > > Howard, I DID use ppm in 2.4 and there's a compile warning with ppm in > > that: > > If you are using OpenLDAP 2.5, then you should be compiling the version of > the ppm module that ships with it in contrib/slapd-modules/ppm. Or to be > more clear, all modules you're using should be the 2.5 versions of the > modules and not the 2.4 versions. I.e., same deal with the ppolicy > overlay. > > Please provide your ppolicy configuration (for the ppolicy overlay), both > the configuration from slapd.conf/cn=config AND the LDIF entry for > whatever > you have defined the default policy to be or whatever policy it is that > applies to the entries you are modifying. > > Regards, > Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

2 1

Re: OpenLDAP 2.5.7 dies
by kevin martin 27 Aug '21

27 Aug '21

Howard, I DID use ppm in 2.4 and there's a compile warning with ppm in that: ppm]# make gcc -g -O2 -fpic -DDEBUG -DCRACKLIB -c -I../../../include -I../../../include -I../../../servers/slapd ppm.c In function ‘strcpy_safe.part.1’, inlined from ‘strcpy_safe’ at ppm.c:57:1: ppm.c:68:9: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(dest, src, n); ^~~~~~~~~~~~~~~~~~~~~ ppm.c: In function ‘strcpy_safe’: ppm.c:65:26: note: length computed here int length_src = strlen(src); ^~~~~~~~~~~ gcc -I../../../include -I../../../include -I../../../servers/slapd -shared -o ppm.so ppm.o -lcrack gcc -g -O2 -fpic -I../../../include -I../../../include -I../../../servers/slapd -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs -lldap -llber -Wl,-rpath=. -o ppm_test ppm_test.c ppm.so -L../../../libraries/liblber/.libs -L../../../libraries/libldap/.libs -lldap -llber -lcrack as for the entire thread dump, here it is with a different password than the one I was trying to change it to but that still caused the crash: Thread 3 "slapd" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ff8cff03700 (LWP 132587)] check_password (pPasswd=0x7ff8c011bb81 "0penLD@p!1s@paiN!nth3@aSs!", ppErrStr=0x7ff8cff01fd0, e=0x7ff8c0001c68, pArg=0x0) at ppm.c:444 444 ppm_log(LOG_NOTICE, "ppm: RAW configuration: %s", (gdb) thr apply all bt full Thread 3 (Thread 0x7ff8cff03700 (LWP 132587)): #0 check_password (pPasswd=0x7ff8c011bb81 "0penLD@p!1s@paiN!nth3@aSs!", ppErrStr=0x7ff8cff01fd0, e=0x7ff8c0001c68, pArg=0x0) at ppm.c:444 pEntry = 0x7ff8c0001c68 pwdCheckModuleArg = 0x0 szErrStr = 0x7ff8c0103220 "" mem_len = <optimized out> numParam = 32760 useCracklib = <optimized out> cracklibDict = '\000' <repeats 32 times>, "\002\000\000\000\000\000\000\000Hcq\024\371\177\000\000\020\000\000\000\000\000\000\000h\000\000\000\000\000\000\000\000rq\024\371\177\000\000\060\245\021\300\370\177\000\000\060\245\021\300\370\177\000\000\020\000\000\000\000\000\000\000Y\324\020\300\370\177\000\000Ф\021\300\370\177\000\000\220\323\020\300\370\177\000\000У\021\300\370\177\000" cracklibDictFiles = {'\000' <repeats 132 times>, '\000' <repeats 132 times>, '\000' <repeats 132 times>} cracklibExt = {0x7ff914a433a0 <aesni_256_gcm> "\205\003", 0x7ff8cfeef700 "K", 0x4b <error: Cannot access memory at address 0x4b>} fd = <optimized out> res = <optimized out> minQuality = <optimized out> checkRDN = <optimized out> forbiddenChars = "\020\201\021\300\370\177\000\000\212dq\024\371\177\000\000Ф\021\300\370\177\000\000\311\000\000\000\000\000\000\000\220\323\020\300\370\177\000\000N_n\024\371\177\000\000\000\000\000\000\000\000\000\000H\201\021\300\370\177\000\000\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\020\201\021\300\370\177\000\000@ \032\020\300\370\177\000\000h\370\356\317\370\177\000\000D\003\357\317\370\177\000\000m\372\356\317\370\177\000\000\356a\251\024\371\177\000" nForbiddenChars = <optimized out> nQuality = <optimized out> maxConsecutivePerClass = <optimized out> nbInClass = {1, 0, -806421907, 32760, 0, 16, 1, 0, -806419728, 32760, -806421489, 32760, -1072680416, 32760, -1072680416, 32760, 346305440, 32761, -806422432, 32760, 225, 0, 5326608, 0, -806422064, 32760, 5326651, 0, -1072675392, 32760, 1630100038, 0, 334573636, 32761, 333440017, 32761, -72515583, 32761, 16281596, 0, 16281596, 0, 16281595, 0, 16281595, 0, 16281595, 0, 16281595, 0} i = <optimized out> j = <optimized out> fileConf = {{param = "\374o\370\000\000\000\000\000\020\000\000\000\060\000\000\000\060\377\356\317\370\177\000\000p\376\356\317\370\177\000", iType = typeInt, value = {iVal = 419430400, sVal = "\000\000\000\031\027\003\003\000;\000\000\000 \371\356π\000\000\000\350\375\356\317\370\177\000\000\000\000\000\000\370\177\000\000l\030\026\024\371\177\000\000\000\000\000\000\000\000\000\000P\000\000\000\000\000\000\000P9\020\300\370\177\000\000\020\020\000\300\370\177\000\000P\000\000\000\000\000\000\000\065:\361\024\371\177\000\000\377\377\377\377\370\177\000\000\340\376\356\317\370\177\000\000 \000\357\317\370\177\000\000\200t\024\024\371\177\000\000\000\000\000"}, min = 0, minForPoint = -806422080}, { param = "\370\177\000\000\360\372\356\317\370\177\000\000\246\241\344\023\371\177\000\000\300E\020\300\370\177\000\000\002\000\000", iType = typeInt, value = {iVal = -806421488, sVal = "\020\374\356\317\370\177\000\000\000\261W;z\226ӕ\000\372\356\317\370\177\000\000\000\372\356\317\370\177\000\000\060\373\356\317\370\177\000\000\373o\370\000\000\000\000\000\300E\020\300\370\177\000\000FZ)a\000\000\000\000D0\361\023\371\177\000\000P\000\000\000\000\000\000\000\020\020\000\300\370\177\000\000\203\323\020\300\370\177\000\000\220\372\356\317\370\177\000\000@\032\020\300\370\177\000\000\000\000\000\000\000\000\000\000C/\025\025\371\177\000"}, min = -806421872, minForPoint = 32760}, { param = "\203\323\020\300\370\177\000\000P\000\000\000\000\000\000\000\036(c\024\371\177\000\000\020\020\000\300\370\177\000", iType = (typeStr | unknown: 342038594), value = {iVal = 32761, sVal = "\371\177\000\000\000\000\000\000\000\000\000\030\310\"\020\300\370\177\000\000\310\"\020\300\370\177\000\000\200\066\360\317\370\177\000\000H\f\357\317\370\177\000\000\347\034c\024\371\177\000\000P\000\000\000\000\000\000\000\000\261W;z\226ӕ\230\001\357\317\370\177\000\000O&\251\024\371\177\000\000\027\000\000\000\000\000\000\000P\000\000\000\000\000\000\000\200\373\356\317\370\177\000\000@\032\020\300\370\177\000\000\350\001\357\317\370\177\000\000\300\373\356", <incomplete sequence \317>}, min = 32760, minForPoint = 23}, { param = "\000\000\000\000\001\000\000\000\000\000\000\000\200\373\356\317\370\177\000\000\241\065\251\024\371\177\000\000\001\000\000", iType = (unknown: 32760), value = {iVal = 2, sVal = "\002\000\000\000\027\000\000\000\001\000\000\000\000\000\000\000\350\"\000\300\370\177\000\000\063\000\000\000\000\000\000\000\210\373\356\317\370\177\000\000\001", '\000' <repeats 15 times>, "H\f\357\317\370\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\200\373\356\317\370\177\000\000\220\001\357\317\370\177\000\000\210\373\356\317\370\177\000\000\000\000\000\000\000\000\000\000K\000\000\000\000\000\000\000;\000\000\000\000\000\000"}, min = 353709891, minForPoint = 32761}, { param = "\000\000\000\000\000\000\000\000\200\323\020\300\370\177\000\000S\000\000\000\000\000\000\000S\000\000\000\000\000\000", iType = (unknown: 16560), value = {iVal = 0, sVal = '\000' <repeats 16 times>, "\065\070\000\000\310\"\020\300\370\177\000\000\310\"\020\300\370\177\000\000\200\066\360\317\370\177\000\000\250\r\357\317\370\177\000\000\347\034c\024\371\177\000\000\346\000\000\000\000\000\000\000\000\261W;z\226ӕ\370\002\357\317\370\177\000\000O&\251\024\371\177\000\000\027\000\000\000\000\000\000\000\346\000\000\000\000\000\000\000\340\374\356\317\370\177\000\000@\032\020\300\370\177\000\000H\003\357", <incomplete sequence \317>}, min = 32760, minForPoint = -806421216}, { param = "\370\177\000\000\027\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\340\374\356\317\370\177\000\000\241\065\251\024", iType = (typeStr | unknown: 32760), value = {iVal = 1, sVal = "\001\000\000\000\370\177\000\000@\375\356\317\027\000\000\000\001\000\000\000\000\000\000\000\270*\000\300\370\177\000\000\311\000\000\000\000\000\000\000\350\374\356\317\370\177\000\000\001", '\000' <repeats 15 times>, "\250\r\357\317\370\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\340\374\356\317\370\177\000\000\360\002\357\317\370\177\000\000\350\374\356\317\370\177\000\000\000\000\000\000\000\000\000\000\341\000\000\000\000\000\000"}, min = 209, minForPoint = 0}, { param = "\300E\020\300\370\177\000\000\000\000\000\000\000\000\000\000\200\323\020\300\370\177\000\000\351\000\000\000\000\000\000", iType = (typeStr | unknown: 232), value = {iVal = 0, sVal = "\000\000\000\000\260@", '\000' <repeats 22 times>, "\300E\020\300\370\177\000\000P\376\356\317\370\177\000\000\271\037\350\023\371\177\000\000\a\000\000\000y\000\000\000\020GQ", '\000' <repeats 13 times>, "FZ)a\000\000\000\000\340\t\022\300\370\177\000\000`\000\000\000\000\000\000\000:\000\000\000!\000\000\000\025\000\000\000\033\000\000\000\a\000\000\000y\000\000\000\005\000\000"}, min = 238, minForPoint = 0}, {param = "\370\177\000\000\000\000\000\000\000\000\000\000p_\370\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000", iType = typeInt, value = { iVal = -1073734768, sVal = "\220\033\000\300\370\177\000\000\200\376\356\317\370\177\000\000\300~E\000\000\000\000\000\250\"\000\300\370\177\000\000u>Q\000\001\000\000\000\200\376\356\317\370\177\000\000\340J\017\001\000\000\000\000?\020\000\000\000\000\000\000\240\232\373", '\000' <repeats 14 times>, "\261W;z\226ӕ\004\000\000\000\004\000\000\000u>Q\000\000\000\000\000\001\000\000\000\000\000\000\000`\n\357\317\370\177\000\000@\022\357\317\370\177\000"}, min = 17780656, minForPoint = 0}, { param = "\003\000\000\000\000\000\000\000\020#\350\023\371\177\000\000(\000\000\000\060\000\000\000\060\377\356\317\370\177\000", iType = (unknown: 3488546416), value = {iVal = 32760, sVal = "\370\177\000\000\000\261W;z\226ӕ\020 \000\000\000\000\000\000\000\261W;z\226ӕ\345`P\000\000\000\000\000u>Q\000\000\000\000\000`\n\357\317\370\177\000\000\a\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\377\377\377\377\000\000\000\000 \022\000\300\370\177\000\000=\244E\000\000\000\000\000\240\377\356\317\370\177\000\000\001\000\000\000\000\000\000\000\001", '\000' <repeats 15 times>, "\240\377\356", <incomplete sequence \317>}, min = 32760, minForPoint = 16423072}, { param = "\000\000\000\000 \022\000\300\370\177\000\000=\244E\000\000\000\000\000@\022\357\317\370\177\000\000\001\000\000", iType = typeInt, value = {iVal = 1, sVal = "\001\000\000\000\000\000\000\000\360)\000\300\370\177\000\000@ \022\357\317\370\177\000\000\300~E\000\000\000\000\000\250\"\000\300\370\177\000\000~@Q\000\001\000\000\000@\022\357\317\370\177\000\000\340J\017\001\000\000\000\000?\020\000\000\000\000\000\000\240\230\372", '\000' <repeats 13 times>, "\002\000\000\000\000\000\000\000\005\000\000\000\005\000\000\000\377dP\000\000\000\000\000?\020\000\000\000\000\000\000\366bQ\000\000\000\000"}, min = 16453344, minForPoint = 0}, {param = "d\n\357\317\370\177", '\000' <repeats 25 times>, iType = typeInt, value = {iVal = 0, sVal = "\000\000\000\000read(=rscxd)", '\000' <repeats 12 times>, "\002", '\000' <repeats 39 times>, "\001\000\000\000\000\000\000\000\377\377\377\377\000\000\000\000\003\000\000\000\000\000\000\000\020#\350\023\371\177\000\000(\000\000\000\060\000\000\000\000\001\357\317\370\177\000\000read(=rscxd)"}, min = -1781295616, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = "\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\377\377\377\377", '\000' <repeats 60 times>, "`w\373\000\000\000\000\000 \022\000\300\370\177\000\000=\244E\000\000\000\000\000\260\001\357\317\370\177\000\000\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000"}, min = 0, minForPoint = 0}, {param = "\260\001\357\317\370\177\000\000\300~E\000\000\000\000\000\260\036\000\300\370\177\000\000\000\000\000\000\001\000\000", iType = (unknown: 3488547248), value = {iVal = 32760, sVal = "\370\177\000\000\340J\017\001\000\000\000\000?\020\000\000\000\000\000\000`w\373", '\000' <repeats 13 times>, "\002\000\000\000\000\000\000\000\004\000\000\000\004\000\000\000~@Q\000\000\000\000\000?\020\000\000\000\000\000\000\366bQ\000\000\000\000\000\000u\373\000\000\000\000\000\064\f\357\317\370\177", '\000' <repeats 34 times>, "\003\003\000"}, min = 23, minForPoint = 80}, {param = '\000' <repeats 20 times>, "\210\323\020\300\370\177\000\000\210\323\020\300", iType = (unknown: 32760), value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, { param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, { param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, { param = '\000' <repeats 16 times>, "h\006\357\317\370\177\000\000\000\000\005\000\000\000\000", iType = (typeStr | unknown: 4294967294), value = {iVal = -1, sVal = "\377\377\377\377", '\000' <repeats 16 times>, "P\f\357\317\370\177\000\000\001\000\000\000\000\000\000\000`\f\357\317\370\177\000\000\001\000\000\000\000\000\000\000\377\377\377\377\000\000\000\000\224\246\336\023\371\177", '\000' <repeats 34 times>, ")6\361\023\371\177\000\000\000\000\000\000\000\000\000\000\220\r\357\317\370\177\000\000\000\000\000"}, min = 0, minForPoint = 0}, {param = '\000' <repeats 28 times>, "\001\000\000", iType = typeInt, value = {iVal = 0, sVal = "\000\000\000\000\000\000\000\000\240v\024\024\371\177", '\000' <repeats 26 times>, "\340\a\357\317\370\177", '\000' <repeats 22 times>, "\001\000\000\000\340\264\024\024\371\177\000\000\377\377\377\377\000\000\000\000u", '\000' <repeats 15 times>, "\200\377\377\377\377\377\377\377", '\000' <repeats 15 times>}, min = 0, minForPoint = 0}, {param = "\000\000\000\000\060\000\000\000p\016\357\317\370\177\000\000J0\361\023\371\177\000\000\001\b\357\317\370\177\000", iType = (unknown: 336997088), value = {iVal = 32761, sVal = "\371\177\000\000`\f\357\317\370\177", '\000' <repeats 42 times>, " \000\000\000\060\000\000\000p\016\357\317\370\177\000\000\260\r\357\317\370\177", '\000' <repeats 53 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 21 times>, "\b\357\317\370\177\000\000\000\f\357\317\370\177\000\000\000\b\357\317\370\177\000\000\000\004\000\000\000\000\000\000\060", '\000' <repeats 74 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = { iVal = 0, sVal = '\000' <repeats 120 times>, "\001\000\000\000\000\000\000"}, min = 0, minForPoint = 0}, {param = "\000\000\000\000\000\000\000\000\300E\020\300\370\177\000\000\260\016\357\317\370\177\000\000\a\000\000\000\000\000\000", iType = (unknown: 3488550592), value = { iVal = 32760, sVal = "\370\177\000\000\070\067\361\023\371\177\000\000\000p\024\024\371\177\000\000\252\266\335\023\371\177", '\000' <repeats 18 times>, "\350\005\002", '\000' <repeats 25 times>, "\371\177\000\000\220\n\357\317\370\177\000\000\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000\001", '\000' <repeats 15 times>, "\n\000\000\000\371\177\000\000 \000\000"}, min = 0, minForPoint = -806416776}, {param = "\370\177\000\000\006\000\000\000\000\000\000\000\006", '\000' <repeats 15 times>, "X\226\340\023", iType = (typeStr | unknown: 32760), value = {iVal = 1, sVal = "\001\000\000\000\000\000\000\000\066\067\361\023\371\177\000\000\000\000\000\000\000\000\000\000\300E\020\300\370\177\000\000\220\017\357\317\370\177\000\000Y\000\000\000\000\000\000\000\260\020\357\317\370\177\000\000F\026Q\000\000\000\000\000\000p\024\024\371\177\000\000\252\266\335\023\371\177\000\000\301\357", '\000' <repeats 14 times>, "\004", '\000' <repeats 27 times>, "\377\377\377\377"}, min = -806417552, minForPoint = 32760}, {param = "\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000\006", '\000' <repeats 11 times>, "\370\177\000", iType = (unknown: 5268038), value = {iVal = 0, sVal = '\000' <repeats 13 times>, "bP", '\000' <repeats 29 times>, "\200h\024\024\371\177\000\000h\r\000\000\000\000\000\000\020\026Q", '\000' <repeats 13 times>, "\020\026Q", '\000' <repeats 13 times>, "G\026Q", '\000' <repeats 32 times>}, min = 0, minForPoint = 0}, { param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 16 times>, "\020\000\000\000\060\000\000\000\240\021\357\317\370\177\000\000\020\000\000\000\060\000\000\000\220\021\357\317\370\177\000\000\320\020\357\317\370\177", '\000' <repeats 50 times>, "\374o\370\000\000\000\000\000\000\261W;z\226ӕ\000\000\000\000\000\000\000"}, min = -806417296, minForPoint = 32760}, {param = "3", '\000' <repeats 16 times>, "@\000\000\000\000\000\000\027\000\000\000\000\000\000", iType = (unknown: 3222280768), value = {iVal = 32760, sVal = "\370\177\000\000\066\070\251\024\371\177\000\000H\f\357\317\370\177\000\000&7\251\024\371\177\000\000\377\377\377\377\377\377\377\377\350\"\000\300\370\177\000\000H\f\357\317\370\177\000\000\001\000\000\000\000\000\000\000\000@\000\000\000\000\000\000\000\261W;z\226ӕ`\f\357\317\370\177\000\000`\f\357\317\370\177\000\000\220\r\357\317\370\177\000\000\373o\370\000\000\000\000\000\300E\020\300\370\177\000\000FZ)a\000\000\000\000D0\361\023"}, min = 32761, minForPoint = 333440017}, { param = "\371\177\000\000\001\200\255\373\370\177\000\000\374o\370\000\000\000\000\000\374o\370\000\000\000\000\000\373", <incomplete sequence \370>, iType = typeInt, value = {iVal = 16281595, sVal = "\373o\370\000\000\000\000\000\373o\370\000\000\000\000\000\373o\370\000\000\000\000\000\373o\370\000\000\000\000\000\374o\370", '\000' <repeats 49 times>, "\200", '\000' <repeats 13 times>, "\370\000\200", '\000' <repeats 13 times>, "\357\317\370\177\000\000\000\000\000\000\000\000\000"}, min = -1, minForPoint = -1}, {param = "\000\000\000\000\000\000\000\000\377\377\377\377\065\070\377\377\000\261W;z\226ӕ\377\377\377\377\000\000\000", iType = (typeStr | unknown: 333505162), value = {iVal = 32761, sVal = "\371\177\000\000\354\t\022\300\370\177\000\000\200t\024\024\371\177\000\000\000\000\000\000\000\000\000\000\017\000\000\000\001\000\000\000\354\t\022\300\370\177\000\000\246\241\344\023\371\177\000\000\202\r132584\002\000\000\000\000\000\000\000\320\017\357\317\370\177\000\000`|\024\024\371\177\000\000\207\017\357\317\370\177\000\000p_\370\000\000\000\000\000\356\037\000\000\000\000\000\000p\016\357\317\370\177\000\000\260\r\357\317\t\000\000\000\002\000\000"}, min = -1781295494, minForPoint = 51}, { param = "\000\000\000\000\060\016\357\317\370\177\000\000\216\016\357\317\370\177\000\000\224\016\357\317\370\177\000\000\220\016\357", <incomplete sequence \317>, iType = (unknown: 32760), value = {iVal = -806416748, --Type <RET> for more, q to quit, c to continue without paging--c sVal = "\224\016\357\317\370\177\000\000\000\000\000\000\000\000\000\000`\000\000\000\000\000\000\000\020 \000\000\000\000\000\000\000\261W;z\226ӕ\240\071\020\300\370\177\000\000\320\071\020\300\370\177\000\000\063\000\000\000\000\000\000\000\350\"\000\300\370\177\000\000\200\020\357\317\065\070\000\000\000\261W;z\226ӕ\000\000\000\000\000\000\000\000\213\342\340\023\371\177\000\000\354\t\022\300\370\177\000\000\373\037\000\000\000\000\000\000@\231\024\024\371\177\000"}, min = 15, minForPoint = 1}, {param = "\354\t\022\300\370\177\000\000\252\237\344\023\371\177\000\000\222\016\061\063\062\065\070\064\000\261W;z\226ӕ", iType = (unknown: 3488550864), value = {iVal = 32760, sVal = "\370\177\000\000\020 \000\000\000\000\000\000\320\t\022\300\370\177\000\000\220\000\000\000\000\000\000\000 \000\000\300\370\177\000\000\340)\022\300\370\177\000\000\004\000\000\000\000\000\000\000\177\004\341\023\371\177\000\000\030\000\000\000\060\000\000\000\240\017\357\317\370\177\000\000\340\016\357\317\370\177\000\000\340\t\022\300\370\177\000\000\177\000\000\000\000\000\000\000\320\t\022\300\370\177\000\000\000\000\000\000\000\000\000\000\220\000\000\000\000\000\000\000\020 \000"}, min = 0, minForPoint = 333518475}, {param = "\371\177\000\000FZ)a\000\000\000\000\213\342\340\023\371\177\000\000\005\000\000\000\000\000\000\000\300E\020\300", iType = (unknown: 32760), value = {iVal = -806416448, sVal = "\300\017\357\317\370\177\000\000\000\261W;", '\000' <repeats 12 times>, "\300E\020\300\370\177", '\000' <repeats 11 times>, "\261W;z\226ӕ\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\377\377\377\377\000\000\000\000\025", '\000' <repeats 15 times>, "\300E\020\300\370\177\000\000\260\020\357\317\370\177\000\000\271\037\350\023\371\177\000\000\340\021\357\317\370\177\000\000\020\026Q\000\000\000\000"}, min = -806415904, minForPoint = 32760}, {param = "FZ)a\000\000\000\000\340\t\022\300\370\177\000\000~\000\000\000\000\000\000\000:\000\000\000!\000\000", iType = (typeStr | unknown: 20), value = {iVal = 27, sVal = "\033\000\000\000\a\000\000\000y\000\000\000\005\000\000\000\356", '\000' <repeats 19 times>, "p_\370\000\000\000\000\000\020\000\000\000\370\177\000\000\000\000\357\317\370\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000\320\"\000\300\370\177\000\000 \022\000\300\370\177\000\000\377\377\377\377\370\177\000\000\340)\360", <incomplete sequence \317>}, min = 32760, minForPoint = -1073737184}, {param = "\370\177\000\000\000\261W;z\226ӕ\000\000\000\000\000\000\000\000\340)\360\317\370\177\000\000\340)\360", <incomplete sequence \317>, iType = (unknown: 32760), value = {iVal = 0, sVal = "\000\000\000\000\000\000\000\000 \022\000\300\370\177\000\000\000\000\000\000\000\000\000\000 \022\000\300\370\177\000\000\020#\350\023\371\177\000\000\060\000\000\000\060\000\000\000\240\021\357\317\370\177\000\000\320\020\357\317\370\177\000\000\000\261W;z\226ӕ\340\020\357\317\370\177\000\000\000\261W;z\226ӕ\350\023\000\300\370\177\000\000e", '\000' <repeats 15 times>, "\340\021\357\317\370\177\000\000\000\000\000\000\000\000\000"}, min = 61377, minForPoint = 0}, {param = "\334\017\000\000\000\000\000\000\260\377\377\377\377\377\377\377", '\000' <repeats 15 times>, iType = (unknown: 3221230112), value = {iVal = 32760, sVal = "\370\177\000\000\202\f\341\023\371\177\000\000\220\022\357\317\370\177\000\000\320\021\357\317\370\177\000\000\000\000\000\000\000\000\000\000 \022\000\300\370\177\000\000\220\021\357\317\370\177\000\000|\310x@\375\177\000\000\067N\361\024\371\177\000\000\000\000\000\000\000\000\000\000\340)\360\317\370\177\000\000\065[D\000\000\000\000\000\004\000\000\000\000\000\000\000FbP\000\000\000\000\000\000\022\357\317\370\177\000\000\000\000\000\000\000\000\000\000\377\377\377\377"}, min = -1, minForPoint = 32445072}, {param = "\000\000\000\000\240R\361\024\371\177\000\000\213\342\340\023\371\177\000\000\000\000\000\000\000\000\000\000\301\357\000", iType = typeInt, value = {iVal = 1835627633, sVal = "qtime=0.0000\000\000\000\000time=0.061377\000\000\000\340)\360\317\370\177\000\000\000\261W;z\226ӕp\022\357\317\370\177\000\000\220\022\357\317\370\177\000\000\340)\360\317\370\177\000\000\000\000\000\000\000\000\000\000`\025\021\300\370\177\000\000\000\026\357\317\370\177\000\000 \022\000\300\370\177\000\000|\025\361\024\371\177\000\000 \022\000\300\370\177\000\000;\327K\000\000\000\000"}, min = 1, minForPoint = 0}, {param = "\000\000\000\000\000\000\000\000\250\"\000\300\370\177", '\000' <repeats 17 times>, iType = (unknown: 5268038), value = {iVal = 0, sVal = "\000\000\000\000\000\000\001\000\000\000\000\000\377\377\377\377\377\377\377\377", '\000' <repeats 24 times>, "\067P\020\300\370\177\000\000\f`\020\300\370\177", '\000' <repeats 26 times>, " \022\000\300\370\177\000\000\000\026\357\317\370\177\000\000 \022\000\300\370\177\000\000\066-E\000\000\000\000\000\b\000\000\000\000\000\000\000\360S", <incomplete sequence \320>}, min = 32760, minForPoint = -806415576}, {param = "\370\177\000\000\000\000\000\000\000\000\000\000p\025\357\317\370\177\000\000\260\025\357\317\370\177\000\000`\025\021\300", iType = (unknown: 32760), value = {iVal = -806414848, sVal = "\000\026\357\317\370\177\000\000 \022\000\300\370\177\000\000\031\371J\000\000\000\000\000V\000\000\000\000\000\000\000\062\000\000\000\001\000\000\000\242\211q\320\370\177\000\000\260\036\000\300\370\177\000\000 \022\000\300\370\177\000\000\260\025\357\317\370\177\000\000`\025\021\300\370\177\000\000\335jM\000\000\000\000\000`\025\021\300\370\177\000\000\340)\360\317\370\177\000\000\340)\360\317\370\177\000\000/\333K", '\000' <repeats 12 times>}, min = -836759528, minForPoint = 32760}, {param = "\020 @\317\370\177\000\000\377\377\377\377\377\377\377\377\030\020 \316\370\177\000\000\000\000\000\000\000\000\000", iType = (unknown: 3459256344), value = {iVal = 32760, sVal = "\370\177\000\000\004\000\000\000\000\000\000\000\220*\000\300\370\177\000\000\000\000\000\000\000\000\000\000 \022\000\300\370\177\000\000FZ)a\000\000\000\000\000\000\000\000\020\016\000\000\000\000\000\000\000\000\000\000\340)\360\317\370\177\000\000\000\026\357\317\370\177", '\000' <repeats 53 times>}, min = 4, minForPoint = 4}, {param = "\000\000\000\000c", '\000' <repeats 15 times>, "\260\036\000\300\370\177\000\000\000\000\000", iType = typeInt, value = {iVal = 4159, sVal = "?\020\000\000\000\000\000\000\220\066\021\300\370\177\000\000\340.\021\300\370\177\000\000\260\025\357\317\370\177", '\000' <repeats 34 times>, "\243\000\000\000\000\000\000\000P\025\357\317\370\177\000\000\030\034\000\300\370\177\000\000\000\000\000\000\000\000\000\000\241\000\000\000\000\000\000\000\320\024\357\317\370\177", '\000' <repeats 17 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 20 times>, "\005\000\000\000\000\000\000\000\b\000\000\000\000\000\000\000\334\312R", '\000' <repeats 13 times>, "x\004\000\000\000\000\000\000\200\063{\320\370\177", '\000' <repeats 18 times>, "\034\000\000\000\000\000\000\000\210\036\000\300\370\177", '\000' <repeats 26 times>, "P\035\003\001"}, min = 0, minForPoint = -1072622240}, {param = "\370\177\000\000\001\000\000\000\001\000\000\000X\036\000\300\370\177", '\000' <repeats 13 times>, iType = typeInt, value = {iVal = 0, sVal = "\000\000\000\000\000\000\000\000\220\321K", '\000' <repeats 21 times>, "\200\"\000\300\370\177", '\000' <repeats 34 times>, "`\025\021\300\370\177", '\000' <repeats 38 times>, "\004\000\000\000`\025\021\300\370\177\000"}, min = -1072615712, minForPoint = 32760}, {param = "c\000\000\000\000\000\000\000\020 @\317\370\177\000\000\030\020\070\316\370\177\000\000\002\000\000\000\001\000\000", iType = (unknown: 2), value = {iVal = 0, sVal = "\000\000\000\000\023\000\000\000\000\000\000\000\030\211q\320\370\177\000\000\023\000\000\000\000\000\000\000\270\211q\320\370\177", '\000' <repeats 93 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}, {param = '\000' <repeats 31 times>, iType = typeInt, value = {iVal = 0, sVal = '\000' <repeats 127 times>}, min = 0, minForPoint = 0}} #1 0x00000000004e6691 in ?? () No symbol table info available. #2 0x00000000004e8490 in ?? () No symbol table info available. #3 0x000000000049e912 in overlay_op_walk () No symbol table info available. #4 0x000000000049ea8b in ?? () No symbol table info available. #5 0x0000000000466112 in passwd_extop () No symbol table info available. #6 0x0000000000464996 in fe_extended () No symbol table info available. #7 0x0000000000464672 in do_extended () No symbol table info available. #8 0x0000000000435813 in ?? () No symbol table info available. #9 0x00000000004362eb in ?? () No symbol table info available. #10 0x00007ff91515afce in ldap_int_thread_pool_wrapper (xpool=0xfbcc00) at tpool.c:1053 pq = 0xfbcc00 pool = 0xfbcb00 task = 0x7ff8c8000eb0 work_list = <optimized out> ctx = {ltu_pq = 0xfbcc00, ltu_id = 140706617243392, ltu_key = {{ltk_key = 0x4338e0, ltk_data = 0x7ff8c00016a0, ltk_free = 0x4339a0}, {ltk_key = 0x485b00 <slap_sl_mem_init>, ltk_data = 0x7ff8c0001090, ltk_free = 0x4859c0 <slap_sl_mem_destroy>}, {ltk_key = 0x448200 <slap_op_free>, ltk_data = 0x0, ltk_free = 0x4481c0}, {ltk_key = 0x1205800, ltk_data = 0x7ff8c0111560, ltk_free = 0x4d5c80}, {ltk_key = 0x4bd260, ltk_data = 0x7ff8ce201010, ltk_free = 0x4bd370}, {ltk_key = 0x4bd1b0, ltk_data = 0x7ff8cf402010, ltk_free = 0x4bd230}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0x0} <repeats 26 times>}} kctx = <optimized out> i = <optimized out> keyslot = <optimized out> hash = <optimized out> pool_lock = 0 freeme = 0 __PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper" #11 0x00007ff91415815a in start_thread (arg=<optimized out>) at pthread_create.c:479 ret = <optimized out> pd = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140706617243392, 3733113568574194545, 140706625625230, 140706625625231, 140706625625360, 140706617241536, -3729208213329001615, -3729957785484639375}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #12 0x00007ff913e87dd3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 No locals. Thread 2 (Thread 0x7ff8d0704700 (LWP 132586)): #0 0x00007ff913e88107 in epoll_wait (epfd=6, events=0xf8a270, maxevents=1024, timeout=42960000) at ../sysdeps/unix/sysv/linux/epoll_wait.c:30 resultvar = 18446744073709551612 sc_cancel_oldtype = 0 sc_ret = <optimized out> #1 0x000000000043083c in ?? () No symbol table info available. #2 0x00007ff91415815a in start_thread (arg=<optimized out>) at pthread_create.c:479 ret = <optimized out> pd = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140706625636096, 3733113568574194545, 140725685024126, 140725685024127, 140725685024256, 140706625634240, -3729244496675847311, -3729957785484639375}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #3 0x00007ff913e87dd3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 No locals. Thread 1 (Thread 0x7ff91558c740 (LWP 132584)): #0 0x00007ff91415964d in __GI___pthread_timedjoin_ex (threadid=140706625636096, thread_return=0x0, abstime=0x0, block=<optimized out>) at pthread_join_common.c:89 __tid = 132586 _buffer = {__routine = 0x7ff9141594a0 <cleanup>, __arg = 0x7ff8d0704d28, __canceltype = 0, __prev = 0x0} oldtype = 0 pd = 0x7ff8d0704700 self = <optimized out> result = 0 #1 0x0000000000432fea in slapd_daemon () No symbol table info available. #2 0x0000000000418ea9 in main () No symbol table info available. --- Regards, Kevin Martin On Fri, Aug 27, 2021 at 1:00 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Friday, August 27, 2021 7:51 PM +0100 Howard Chu <hyc(a)symas.com> > wrote: > > > kevin martin wrote: > >> I'll try that. I have narrowed it down to the ppm.so from > >> slapd-modules/ppm. I removed ppm.so from /usr/local/libexec/openldap, > >> restarted slapd, ran the command that killed it prior and it didn't die, > >> stopped slapd, recompiled ppm and installed the new ppm.so in > >> libexec/openldap, restarted slapd and reran the password change and > >> boom, down went Frazier! > > > > If this module was built for and working with OpenLDAP 2.4, then it needs > > to be modified to work with 2.5. If you compiled it against a 2.5 source > > tree, without any other modifications, you should have gotten a compile > > error. > > > It didn't exist in the contrib directory in OpenLDAP 2.4, and he > specifically noted he built it out of contrib with 2.5. > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

3 2

Re: 2.5.7 - adding memberof module Duplicate attributeType
by Dave Macias 27 Aug '21

27 Aug '21

Im attempting to move from rfc2307 to rfc2307bis Ive had no issue doing this. I scripted it :) Before, when i did not add the memberof module/overlay, i attempted to do an ldapsearch uid=bla memberof but would return nothing. So i thought i missed something… So i was going to add the module and then the overlay. But looks like im misunderstanding something altogether by your response… :) Maybe my ldapsearch was wrong to begin with… What could i be missing? On Aug 27, 2021, 5:47 PM -0400, Quanah Gibson-Mount <quanah(a)symas.com>, wrote: > > > --On Friday, August 27, 2021 6:09 PM -0400 Dave Macias <davama(a)gmail.com> > wrote: > > > > > Hello again... > > > > On a clean rocky linux install i cannot seem to be able to add the > > memberof.la module. Get below output: > > First question is, why are you installing memberOf module at all? :) > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com>

2 2

2.5.7 - adding memberof module Duplicate attributeType
by Dave Macias 27 Aug '21

27 Aug '21

Hello again... On a clean rocky linux install i cannot seem to be able to add the memberof.la module. Get below output: 61295355.3b7373e7 0x7ff631852940 @(#) $OpenLDAP: slapd 2.5.7 (Aug 19 2021 17:48:53) $ mockbuild@3b6af787015541c89363999d4338d587 :/builddir/build/BUILD/openldap-2.5.7/servers/slapd 61295356.01d90296 0x7ff631852940 config error processing cn={4}msuser,cn=schema,cn=config: olcAttributeTypes: Duplicate attributeType: "P�e�;V" 61295356.0203a145 0x7ff631852940 slapd stopped. 61295356.0204a690 0x7ff631852940 connections_destroy: nothing to destroy. Here are all my steps I do: wget -q https://repo.symas.com/configs/SOLDAP/rhel8/release25.repo -O /etc/yum.repos.d/soldap-release25.repo dnf install -y symas-openldap-clients symas-openldap-servers # enable default configs cd /opt/symas/etc/openldap/ cp ldap.conf.default ldap.conf cp slapd.conf.default slapd.conf cp slapd.ldif.default slapd.ldif # use secret as cn=config password sed -i 's/^# rootpw/rootpw/g' slapd.conf # make some dirs mkdir /opt/symas/etc/openldap/slapd.d mkdir /var/log/slapd/ # enable/start systemctl enable --now slapd source /etc/profile.d/50-soldap.sh # the slapd.d dir will be empty so create the slapd-conf structure slaptest -f /opt/symas/etc/openldap/slapd.conf -F /opt/symas/etc/openldap/slapd.d systemctl restart slapd cd # change the cn=config secret cat >config-secret.ldif <<EOF dn: olcDatabase={0}config,cn=config changetype: modify replace: olcRootPW olcRootPW: {SSHA}blablabalblabla/ EOF ldapadd -D cn=config -w secret -H ldapi:/// -f config-secret.ldif # add a few schemas # had to remove tha last 7 lines tac /opt/symas/etc/openldap/schema/rfc2307bis.ldif | sed '1,7 d' | tac > /opt/symas/etc/openldap/schema/rfc2307bis-new.ldif for def in cosine.ldif rfc2307bis-new.ldif inetorgperson.ldif msuser.ldif; do ldapadd -D cn=config -w $config_pass -H ldapi:/// -f /opt/symas/etc/openldap/schema/$def done # add memberof module cat >memberof-module.ldif <<EOF dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /opt/symas/lib/openldap/ olcModuleLoad: memberof.la EOF ldapadd -D cn=config -w $config_pass -H ldapi:/// -f memberof-module.ldif systemctl restart slapd at this point i get the error from above.... I've looked around to see where the "Duplicate attribute" is... but cannot find it.. Any input is much appreciated! Thank you very much for the awesome support!!!! -Dave

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical August 2021