openldap-technical

openldap-technical@openldap.org

7 participants
9864 discussions

auto-growing data size
by mark diener 13 Apr '18

13 Apr '18

Anybody have any idea on how to have the database file grow until you get to the mapsize instead of pre-allocating the entire mapsize (4GB) upon initialization? mdb_env_set_mapsize() ; I don't mind having an upper limit on the map size, but I think it would be helpful to have it grow to the upper limit, not preallocate the space on storage. There are various areas in the documentation where it talks about having the database not grow without bounds. Comments? Marco

3 6

Introduction of openldapjs
by Dieter Klünter 13 Apr '18

13 Apr '18

Hi, due to the fact that some software libraries are lacking full support of Lightweight Directory Access Protocol according to RFC-4510 and that there is a need to implement full ldap support in JavaScript, openLDAP.js, a wrapper of libldap, has been developed. The library has been published under MIT-Licence and is available at https://github.com/6labs/openldapjs -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E

3 2

Compiling LMDB on Windows 8.1
by jeff.esquivel＠gmail.com 09 Apr '18

09 Apr '18

Hi, I'm trying to install node-lmdb[0] on Windows 8.1 (which uses node-gyp to handle LMDB compilation) but it fails with the following error: ..\dependencies\lmdb\libraries\liblmdb\mdb.c(55): error C2059: syntax error: '(' [C:\Users\Foo\Downloads\node-lmdb\node _modules\node-lmdb\build\node-lmdb.vcxproj] (The whole error log is available here[1]). Looking around the git repository, there seems to be a recent change in that part of the code[2], so I manually checked out to the commit just before that change and that seemed to enable successful compilation. Is there anything I'm doing wrong? Is there any documentation I can read about the correct way to compile LMDB in Windows? Thanks, [0] https://github.com/Venemo/node-lmdb [1] https://pastebin.mozilla.org/9082557 [2] http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=e85ae1fe… -- Jeffrey Esquivel S.

2 1

Memory management for client API
by Erez Zilber 05 Apr '18

05 Apr '18

Hi, I'm trying to implement a LDAP client. I see that functions like ldap_search_ext_s() may dynamically allocate memory. Is there a way to supply my own memory allocation functions for open-ldap API? I'm asking because I would like to allocate memory during initialization, not during run time. Else, how can I calculate the max amount of memory that such calls will require? What should happen if not enough memory is available when a function like ldap_search_ext_s() gets called? Is there a special error code that indicates that? Thanks, Erez

1 0

LDAP Tool Box RPM and Debian packages for OpenLDAP 2.4.46
by Clément OUDOT 03 Apr '18

03 Apr '18

Hi, LDAP Tool Box project just released packages for OpenLDAP 2.4.46, that can be downloaded here: https://ltb-project.org/download#openldap You can also use our yum and apt repositories to install them. Changes on packaging can be found here: * https://github.com/ltb-project/openldap-rpm/releases/tag/v2.4.46 * https://github.com/ltb-project/openldap-deb/releases/tag/v2.4.46 Thanks to Michael Ströder for the help and David Coutadeur for Debian packages and improvements on ppm module and init script. Clément.

1 0

Syncrepl replication from multi-master OpenLDAP
by Simon ELBAZ 29 Mar '18

29 Mar '18

Hi, I am trying to setup data and cn=config replication on a syncrepl slave from an OpenLDAP multi-master. The replication is fine (data and config replicate). However, I want to override olcSyncrepl attributes on the syncrepl replica (particularly the provider value to use an IP address reachable from outside the multi-master LAN). I have tried exattrs=olcSyncrepl but as mentionned in (https://www.openldap.org/lists/openldap-technical/201508/msg00124.html), the olcSyncrepl attribute gets wiped: dn: olcDatabase={1}mdb,cn=config ..... olcSyncrepl: {0}rid=006 provider=ldap://<IP address> binddn="******" bindmethod=simple credentials="*****" searchbase="*****" type=refreshAndPersist interval=0 0:00:00:10 retry="5 5 300 5" timeout=1 Is there a way to achieve the overriding of olcSyncrepl attribute on the syncrepl server ? Thanks for your help Simon Elbaz

2 1

Re: openLDAP: LDAP and LDAP over TLS support at same time
by GOKUL G 29 Mar '18

29 Mar '18

Hi Quanah, Thanks for the response. Earlier, we tried to do a normal ldapsearch with a library compiled with HAVE_TLS, but what we got in the wireshark trace was ldap message over SSL without any encryption, instead of plain LDAP. So we thought it was not possible to get plain LDAP with library compiled with HAVE_TLS. As you said, we have missed out on something or probably misunderstood the APIs. I will try your suggestions. Thanks once again for your support. Regards, G Gokul On Thu, Mar 29, 2018 at 2:05 AM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Wednesday, March 28, 2018 10:29 PM +0100 Raf Czlonka < > rczlonka(a)gmail.com> wrote: > ^^^ > >> Hi Quanah, >> >> You obviously meant 636, right[0]? >> > > Heh, yes, 636. ;) > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > >

1 0

openLDAP: LDAP and LDAP over TLS support at same time
by GOKUL G 28 Mar '18

28 Mar '18

Hi Team, We are developing a LDAP client in our application. For this we are using openLDAP software. One of our requirement is to support either LDAP or LDAPS (LDAP/TLS) , based on the end-user input at runtime. So, in our application we should have support for both LDAP & LDAPS APIs and we would be calling LDAPS API (ldap_tls_start_s) based on this runtime configuration or else normal LDAP API would be called. ISSUE: We are able to integrate openLDAP with our application and achieve LDAP or LDAP/TLS requirement separately. Since, the support for TLS in openLDAP is macro controlled (HAVE_TLS), at compile time itself its decided whether LDAP or LDAPs . And we are not able to take this decision at run-time. If we compile openLDAP software with HAVE_TLS and use it for normal ldapsearch, this ldap command is seen in trace as ldap message over SSL without any encryption. But not as normal LDAP message. So, we understand to achieve our requirement, we would either be required to change the macro control of TLS to run-time control in the openLDAP code. (But we are feeling not to do this for maintainability purpose) (or) Try to use 2 openLDAP libraries, one compiled with HAVE_TLS and another without HAVE_TLS. And take care in application side to call the respective API without causing any resolution issue. Can you please suggest whether there is any other approach currently available in openLDAP to support both LDAP and LDAP/TLS at the sametime. Regards, G Gokul

3 4

Re: slapadd not adding some of the roleoccupent entries
by Quanah Gibson-Mount 26 Mar '18

26 Mar '18

--On Monday, March 26, 2018 9:16 AM -0700 rammohan ganapavarapu <rammohanganap(a)gmail.com> wrote: > When i try to import using slapadd -f hdb.ldif, some of the entries in > sysadmin role are not getting import, not sure what should be the reason. > Actually hdb backend to hdb backend import also same behaviour if i > pre-create with above root schema and keep the other server in cluster > is running. If i dont pre-create schema or if i dont keep the other > server running in a cluster i dont see this issue. slapadd by default outputs an error and will not continue (unless -c is specified) when it has a problem adding an entry. You should provide the error encountered. I'd also note that you appear to be adding LDIF that is missing operational attributes. That will not work well if you're running in MMR and expect replication to work. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

OpenLDAP UTF8 values support
by Andre Rodier 24 Mar '18

24 Mar '18

Hello, I have started a small project to build a mail server, and the authentication / users list is based on OpenLDAP. I want to use international characters for the "secondary" email addresses but and OpenLDAP is complaining about it, as invalid syntax. I use the field otherMailBox field. I found a make-shift by storing the email address encoded in base64, but I therefore need to be sure any client will be able to read these base64 encoded email addresses. So far, Dovecot is fine, I am not sure yet about Postfix. Is there any limitation in OpenLDAP that would prevent some fields to be stored in UTF8 directly? I have noticed that the givenName and surname are automatically encoded in base64 when containing accents, so is it a standard practice? Thanks for your advices. https://github.com/progmaticltd/homebox Kind regards, André

4 5

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical