iNetOrgPerson doesn't exist?
by Luca Stancapiano
Hi all, I'm triing to create a user with openldap 2.4
dn: uid=rrrrrr,ou=users,dc=my-domain,dc=com
objectClass: iNetOrgPerson
uid: iiiiii
but it doesn't seem recognize the objectClass producing this error:
adding new entry "uid=rrrrrr,ou=users,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
Using other object classes is ok. What's the problem?
2 weeks, 1 day
Re: OpenSSL1.1.1 support after its EOL
by Anil 1. Tadikamalla (EXT-NSB)
Hi Team,
Can you please help to address below queries ASAP from OpenLDAP point of view:
1. Please do let us know if OpenLDAP can provide extended support of OpenSSL1.1.1 beyond the EOL(End of life cycle) i.e after september 2023?
2. Does OpenLDAP depend on RHEL for OpenSSL support or Does it package OpenSSL on its own? If it depends on RHEL and RHEL introduces OpenSSL3.0 support, how would this be handled by OpenLDAP?
Regards,
Anil Kumar
________________________________
From: Anil 1. Tadikamalla (EXT-NSB)
Sent: Friday, December 9, 2022 9:54:28 AM
To: openldap-technical(a)openldap.org
Cc: Seenivasan 1. Alagarsamy (EXT-NSB)
Subject: Re: OpenSSL1.1.1 support after its EOL
Hi Team,
GENTLE REMINDER....
Can you please help to address below query to from OpenLDAP Point of View ASAP.
Does OpenLDAP depend on RHEL for OpenSSL support or Does it package OpenSSL on its own? If it depends on RHEL and RHEL introduces OpenSSL3.0 support, how would this be handled by OpenLDAP?
Regards,
Anil Kumar
________________________________
From: Anil 1. Tadikamalla (EXT-NSB)
Sent: Friday, December 9, 2022 12:53 AM
To: openldap-technical(a)openldap.org
Cc: Seenivasan 1. Alagarsamy (EXT-NSB)
Subject: OpenSSL1.1.1 support after its EOL
Hi Team,
Please do let us know if OpenLDAP can provide extended support of OpenSSL1.1.1 beyond the EOL(End of life cycle) i.e after september 2023?
Regards,
Anil Kumar
3 months, 1 week
about slapo totp
by Bastian Tweddell
Dear all,
I am investigating if it is possible to use the TOTP overlay in the
following concept:
Many thanks for any
- nis related data of users are in ldap
- user ssh access to the system is pubkey only
- after successful authentication also request TOTP via PAM call to
slapd (only TOTP, no password)
Does this make sense and can this be achieved?
Thanks in advance,
--
Bastian Tweddell Juelich Supercomputing Centre
phone: +49 (2461) 61-6586 HPC in Neuroscience, HPS
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens,
Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
3 months, 3 weeks
RE26 testing call (2.6.4) #3
by Quanah Gibson-Mount
This is the third testing call for OpenLDAP 2.6.4. Depending on the
results, this may be the final testing call.
Generally, get the code for RE26:
<https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_6...>
Extract, configure, and build.
Execute the test suite (via make test) after it is built. Optionally, cd
tests && make its to run through the regression suite.
Thanks!
OpenLDAP 2.6.4 Engineering
Fixed client tools to remove 'h' and 'p' options (ITS#9917,ITS#8618)
Fixed ldapsearch memory leak with paged results (ITS#9860)
Fixed libldap ldif_open_urlto check for failure (ITS#9904)
Fixed libldap ldap_url_parsehosts check for failure (ITS#9904)
Fixed liblunicode UTF8bvnormalize buffer size (ITS#9955)
Fixed lloadd memory leaks (ITS#9907)
Fixed lloadd shutdown code to protect memory correctly (ITS#9913)
Fixed lloadd race in epoch.c (ITS#9947)
Fixed lloadd potential deadlock with cn=monitor (ITS#9951)
Fixed lloadd to keep listener base around when not active (ITS#9984)
Fixed lloadd object reclamation sequencing (ITS#9983)
Fixed slapd memory leak with olcAuthIDRewrite (ITS#6035)
Fixed slapd free of redundant cmdline option (ITS#9912)
Fixed slapd transactions extended operations cleanup after write
(ITS#9892)
Fixed slapd deadlock with replicated cn=config (ITS#9930,ITS#8102)
Fixed slapd connection close logic (ITS#9991)
Fixed slapd bconfig locking of cn=config entries (ITS#9045)
Fixed slapd-mdb max number of index databases to 256 (ITS#9895)
Fixed slapd-mdb to always release entries from ADD operations (ITS#9942)
Fixed slapd-mdb to fully init empty DN in tool_entry_get (ITS#9940)
Fixed slapd-monitor memory leaks with lloadd (ITS#9906)
Fixed slapd-monitor to free remembered cookies (ITS#9339)
Fixed slapo-accesslog reqStart ordering matching rule (ITS#9880)
Fixed slapo-deref memory leak (ITS#9924)
Fixed slapo-dynlist to ignore irrelevant objectClasses (ITS#9897)
Fixed slapo-dynlist to avoid unnecessary searches (ITS#9929)
Fixed slapo-dynlist to mark internal searches as such (ITS#9960)
Fixed slapo-pcache crash in consistency_check (ITS#9966)
Fixed slapo-remoteauth memory leaks (ITS#9438)
Fixed slapo-rwm memory leaks (ITS#9817)
Build Environment
Fixed ancient DOS related ifdef checks (ITS#9925)
Fixed build process to not use gmake specific features (ITS#9894)
Fixed source tree to remove symlinks (ITS#9926)
Fixed slapo-otp testdir creation (ITS#9437)
Fixed slapd-tester memory leak (ITS#9908)
Fixed usage of non-standard C syntax (ITS#9898, ITS#9899, ITS#9901)
Fixed usage of bashism (ITS#9900)
Fixed test suite portability (ITS#9931)
Documentation
Fixed ldap_bind(3) to document ber_bvfree in ldap_sasl_bind
(ITS#9976)
Fixed slapo-asyncmeta(5) to clarify scheduling for target
connections (ITS#9941)
Fixed slapo-dynlist(5) to clarify configuration settings (ITS#9957)
Fixed slapo-unique(5) to clarify when quoting should be used
(ITS#9915)
Minor cleanup
ITS#9935
ITS#9336
ITS#9337
ITS#9985
Regards,
Quanah
4 months
RE25 testing call (2.5.14) #3
by Quanah Gibson-Mount
This is the third testing call for OpenLDAP 2.5.14. Depending on the
results, this may be the final testing call.
Generally, get the code for RE25:
<https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_5...>
Extract, configure, and build.
Execute the test suite (via make test) after it is built. Optionally, cd
tests && make its to run through the regression suite.
Thanks!
OpenLDAP 2.5.14 Engineering
Fixed client tools to remove 'h' and 'p' options (ITS#9917,ITS#8618)
Fixed ldapsearch memory leak with paged results (ITS#9860)
Fixed libldap ldif_open_urlto check for failure (ITS#9904)
Fixed libldap ldap_url_parsehosts check for failure (ITS#9904)
Fixed liblunicode UTF8bvnormalize buffer size (ITS#9955)
Fixed lloadd race in epoch.c (ITS#9947)
Fixed lloadd to keep listener base around when not active (ITS#9984)
Fixed lloadd object reclamation sequencing (ITS#9983)
Fixed slapd memory leak with olcAuthIDRewrite (ITS#6035)
Fixed slapd transactions extended operations cleanup after write
(ITS#9892)
Fixed slapd deadlock with replicated cn=config (ITS#9930,ITS#8102)
Fixed slapd connection close logic (ITS#9991)
Fixed slapd bconfig locking of cn=config entries (ITS#9045)
Fixed slapd-mdb max number of index databases to 256 (ITS#9895)
Fixed slapd-mdb to always release entries from ADD operations (ITS#9942)
Fixed slapd-mdb to fully init empty DN in tool_entry_get (ITS#9940)
Fixed slapd-monitor to free remembered cookies (ITS#9339)
Fixed slapo-accesslog reqStart ordering matching rule (ITS#9880)
Fixed slapo-deref memory leak (ITS#9924)
Fixed slapo-dynlist to ignore irrelevant objectClasses (ITS#9897)
Fixed slapo-dynlist to avoid unnecessary searches (ITS#9929)
Fixed slapo-dynlist to mark internal searches as such (ITS#9960)
Fixed slapo-pcache crash in consistency_check (ITS#9966)
Fixed slapo-remoteauth memory leaks (ITS#9438)
Build Environment
Fixed ancient DOS related ifdef checks (ITS#9925)
Fixed build process to not use gmake specific features (ITS#9894)
Fixed source tree to remove symlinks (ITS#9926)
Fixed slapo-otp testdir creation (ITS#9437)
Fixed slapd-tester memory leak (ITS#9908)
Fixed usage of non-standard C syntax (ITS#9898, ITS#9899, ITS#9901)
Fixed usage of bashism (ITS#9900)
Fixed test suite portability (ITS#9931)
Documentation
Fixed ldap_bind(3) to document ber_bvfree in ldap_sasl_bind
(ITS#9976)
Fixed slapo-asyncmeta(5) to clarify scheduling for target
connections (ITS#9941)
Fixed slapo-dynlist(5) to clarify configuration settings (ITS#9957)
Fixed slapo-unique(5) to clarify when quoting should be used
(ITS#9915)
Minor cleanup
ITS#9935
ITS#9336
ITS#9337
ITS#9985
Regards,
Quanah
4 months
How to retrieve invalid CA certificate error upon ldap over TLS connection using openldap PAI
by tishamol@gmail.com
Hi,
How can i get an error specific to invalid CA certificate for an ldaps connection(LDAP over TLS)?
Our flow is like this
1:ldap_initialize()
2:ldap_sasl_bind_s()
But even if i import an invalid CA certificate on ldap client to verify the server certificate , i don't get any error specific to TLS handshake fail. ldap_sasl_bind_s()() always return -1.
Can you suggest someway to fetch this error from openldap?
Thanks,
Smitha
4 months
VRF support in openldap
by tishamol@gmail.com
Hi,
I would like to know is there any support for passing vrf-id to openldap
library ?
Thanks,
Smitha
4 months
Any chance to include ITS#9990 fix in 2.5.14?
by Kartik Subbarao
I ran into a passwd exop overlay problem this week when upgrading from
2.4.57 to 2.5.13 and was able to track it down (ITS#9990). Fortunately
the fix is very simple, just revert the changes to passwd.c made in
ITS#8698. I noticed the testing call for 2.5.14 and wanted to ask if it
might be possible to include this fix in that release.
Totally understood if you guys need to get this out the door as soon as
possible. just figured I'd ask to see if we can get this fix included :-)
Thanks,
-Kartik
4 months
RE25 testing call (2.5.14) #2
by Quanah Gibson-Mount
This is the second testing call for OpenLDAP 2.5.14. Depending on the
results, this may be the final testing call.
Generally, get the code for RE25:
<https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_5...>
Extract, configure, and build.
Execute the test suite (via make test) after it is built. Optionally, cd
tests && make its to run through the regression suite.
Thanks!
OpenLDAP 2.5.14 Engineering
Fixed client tools to remove 'h' and 'p' options (ITS#9917,ITS#8618)
Fixed ldapsearch memory leak with paged results (ITS#9860)
Fixed libldap ldif_open_urlto check for failure (ITS#9904)
Fixed libldap ldap_url_parsehosts check for failure (ITS#9904)
Fixed liblunicode UTF8bvnormalize buffer size (ITS#9955)
Fixed lloadd race in epoch.c (ITS#9947)
Fixed lloadd to keep listener base around when not active (ITS#9984)
Fixed lloadd object reclamation sequencing (ITS#9983)
Fixed slapd memory leak with olcAuthIDRewrite (ITS#6035)
Fixed slapd transactions extended operations cleanup after write
(ITS#9892)
Fixed slapd deadlock with replicated cn=config (ITS#9930)
Fixed slapd-mdb max number of index databases to 256 (ITS#9895)
Fixed slapd-mdb to always release entries from ADD operations (ITS#9942)
Fixed slapd-mdb to fully init empty DN in tool_entry_get (ITS#9940)
Fixed slapd-monitor to free remembered cookies (ITS#9339)
Fixed slapo-accesslog reqStart ordering matching rule (ITS#9880)
Fixed slapo-deref memory leak (ITS#9924)
Fixed slapo-dynlist to ignore irrelevant objectClasses (ITS#9897)
Fixed slapo-dynlist to avoid unnecessary searches (ITS#9929)
Fixed slapo-dynlist to mark internal searches as such (ITS#9960)
Fixed slapo-pcache crash in consistency_check (ITS#9966)
Fixed slapo-remoteauth memory leaks (ITS#9438)
Build Environment
Fixed ancient DOS related ifdef checks (ITS#9925)
Fixed build process to not use gmake specific features (ITS#9894)
Fixed source tree to remove symlinks (ITS#9926)
Fixed slapo-otp testdir creation (ITS#9437)
Fixed slapd-tester memory leak (ITS#9908)
Fixed usage of non-standard C syntax (ITS#9898, ITS#9899, ITS#9901)
Fixed usage of bashism (ITS#9900)
Fixed test suite portability (ITS#9931)
Documentation
Fixed ldap_bind(3) to document ber_bvfree in ldap_sasl_bind
(ITS#9976)
Fixed slapo-asyncmeta(5) to clarify scheduling for target
connections (ITS#9941)
Fixed slapo-dynlist(5) to clarify configuration settings (ITS#9957)
Fixed slapo-unique(5) to clarify when quoting should be used
(ITS#9915)
Minor cleanup
ITS#9935
ITS#9336
ITS#9337
Regards,
Quanah
4 months
"container" structural class
by Timothy Stonis
Hi All,
I’ve searched the internet, but can’t find any info, so sorry in advance if this is a basic question… I’m trying to setup a “standard” DIT in an OpenLDAP 2.6.3 deployment. I checked out my existing Active Directory deployment and also an old macOS Server implementation, and they both make heavy use of the “container” structural class. For example, users are in cn=users,dc=…,dc=… which is objectClass container. I see this class is defined in the msuser schema, but in 2.6.3 it’s definition is commented out in the msuser.schema file.
Can anyone help shed some light on why this is the case and maybe a pointer to what a modern best practices DIT might look like?
Thanks in advance
Tim
4 months
