openldap-technical October 2024

openldap-technical@openldap.org

16 participants
12 discussions

ldapsearch by aliased objectClass
by Joril 11 Oct '24

11 Oct '24

Hello, I've created an alias by following the FAQ at https://www.openldap.org/faq/data/cache/1111.html dn: uid=alias,ou=People,dc=example,dc=net objectclass: alias objectclass: extensibleObject uid: alias aliasedobjectname: uid=target,ou=Retired People,dc=example,dc=com The problem I'm facing is that this needs to be queried by an application (out of my control) that queries LDAP looking for a particular objectClass, like this: (&(objectClass=person)(uid=alias)) This query misses the alias, I guess because the alias object has just "alias" and "extensibleObject" as classes... Is this expected? Is there a way to work around this, server-side? I mean, to tell the LDAP server to look for "aliased" properties? Many thanks for your time!

3 3

An interesting note on using ldappasswd in OpenLDAP 2.4
by Windl, Ulrich 09 Oct '24

09 Oct '24

Hi! In the past I was using some LDAP administrator account to reset a user's password (using "ldappasswd -H $server -x -ZZ -D $admin -W "$DN""), and the system output the new password. But after having created a special account that ist to be used to reset passwords only, the same command failed with Result: Constraint violation (19) Additional info: Password fails quality checking policy So it seems the admin account circumvents the password policy restrictions, while the special account does not. But the main reason I'm writing this is that the passwords generated by ldappasswd do not seem to fulfill today's requirements (too short, basically). However 2.4 is very old, and it seems the current ldappasswd does no longer create automatic passwords (reading https://git.openldap.org/openldap/openldap/-/blob/master/clients/tools/ldap…). Regards, Ulrich

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical October 2024