openldap-technical

openldap-technical@openldap.org

9897 discussions

Ldap Replication Query
by Hanumanth Rao 05 Jul '12

05 Jul '12

Hello LDAP Brains, I have setup a Samba PDC (192.168.1.2) and a Samba BDC (192.168.4.2) both are on different subnets, there are two issues for me as below *PDC - SUSE Linux Enterprise Server 11 (x86_64), VERSION = 11, PATCHLEVEL = 2, samba-3.6.3-0.18.3, openldap2-2.4.26-0.12.1 BDC - SUSE Linux Enterprise Server 10 (i586) , VERSION = 10, samba-3.0.22-13.16, openldap2-2.3.19-18.7* 1. On the BDC if I give the command below I get Unable to find a suitable server BDC2:~ # net rpc info Unable to find a suitable server 2. I am not able to sync ldap database, BDC with the PDC I have enclosed my slapd.conf of PDC and BDC, can anybody let me know where I have gone wrong. Your help is highly appreciated, thanks in advance. Hanumanth Rao

2 1

SASL passthrough - multiple domains
by Liam Gretton 05 Jul '12

05 Jul '12

I have a working configuration with pass-through auth to an AD domain using saslauthd. However now there is a requirement to be able to handle another domain too, and I cannot work out how to do this. It seems that saslauthd cannot deal with multiple Kerberos realms, no matter what hoops one jumps through it eventually boils down to only using whatever 'default_realm' is set to in the krb5.conf file. Using multiple saslauthd daemons isn't possible either as there's no way (that I can work out) of getting OpenLDAP to use anything other than the single socket specified in /etc/sasl2/slapd.conf. My final idea was to run an LDAP instance per realm, each talking to the separate saslauthd daemons, and have another outward facing LDAP service with these as the backends but that's a non starter too because there's no way of specifying the sasl slapd.conf file, it seems sasl always looks in /etc/sasl2 for a file derived from the process name (a chroot environment for each LDAP server is therefore the next thing to look at). But this seems like a lot of work just to be able to authenticate users against multiple domains. I appreciate this is a SASL issue rather than a problem with OpenLDAP, but I'm hoping that someone here has cracked this already. Googling hasn't thrown up an solution that I can find. -- Liam Gretton liam.gretton(a)le.ac.uk HPC Architect http://www.le.ac.uk/its IT Services Tel: +44 (0)116 2522254 University of Leicester, University Road Leicestershire LE1 7RH, United Kingdom

8 10

Docs To Do list and other ideas. Please contribute
by Gavin Henry 05 Jul '12

05 Jul '12

On 4 July 2012 22:34, xsun <matheus.morais(a)gmail.com> wrote: > Hello guys, > > I can help on documentation in my spare time. I tryed to submit a patch for > ITS#6339 in the past but I don't know why it was not accepted and I did not > received any feedback about it. There is some TODO list for documentation? > There is a TODO list which, I can't believe, I started in 2008 and haven't made much progress: OpenLDAP Test suite Go through Samba stuff again OpenLDAP contrib scripts for generating LDIF etc. OpenLDAP Admin Guide - Intro Tighten "LDAP vs RDBMS" Check "What is slapd and what can it do?" "Replicated Directory Service" - add MultiMaster picture. "Configuring slapd" - check DIT layout is right "The slapd Configuration File" - check backends are correct and in above "Access Control" - Finish "Converting from slapd.conf(5) to a cn=config directory format" Backends section to finish Overlays section to finish Maintenance section to finish Monitoring section to finish Tuning section to finish More in Troubleshooting section More in Upgrading from 2.3.x section Check "Recommended OpenLDAP Software Dependency Versions" section Do some "Real World OpenLDAP Deployments and Examples" "OpenLDAP Software Contributions" to complete "Configuration File Examples" to complete Some are done and I'd rather build a build farm RESTful API now so we can have a central build farm. We did get a server from Google for that with 32GB Ram but last I heard it was down. Kurt? I'll check out your ITS and also we talked about a new wiki at some point?

3 2

Cannot remove LDAP entry ...
by Frank Bonnet 03 Jul '12

03 Jul '12

Hello I have a problem removing ONE ( and only ONE !!! ) entry in my directory server ldapdelete fails like the following ldap_delete: Other (e.g., implementation specific) error (80) additional info: entry index delete failed I've checked online openldap documentation and this error refers to a access rights problem, but it is not the case for my server , all db files belong to ldap:ldap which is the identity the slapd deamon runs on. the server runs 2.4.23 version on a FreeBSD 8.1-RELEASE-p5 compiled and installed from ports. ldap# /usr/local/libexec/slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Oct 15 2010 16:35:06) $ root@ldap3.esiee.fr:/usr/ports/net/openldap24-server/work/openldap-2.4.23/servers/slapd Any help welcome thank you

2 1

bug in unique overlay
by Anton Yuzhaninov 03 Jul '12

03 Jul '12

According to slapo-unique(5) it is possible to specify several URLs in one domain (in single unique_uri dircetive). I have in my slapd.conf settings like: unique_uri ldap:///ou=lists,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias) ldap:///ou=aliases,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias) But in OpenLDAP 2.4.31 all URLs except first one is silently ignored. Debug logs show: 4ff309e3 line 208 (unique_uri ldap:///ou=lists,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias) ldap:///ou=aliases,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias)) 4ff309e3 ==> unique_new_domain <ldap:///ou=lists,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias)> ldap_url_parse_ext(ldap:///ou=lists,dc=example.ru,ou=mail,o=foo?cn?sub?(objectClass=nisMailAlias)) 4ff309e3 >>> dnPrettyNormal: <ou=lists,dc=example.ru,ou=mail,o=foo> 4ff309e3 <<< dnPrettyNormal: <ou=lists,dc=example.ru,ou=mail,o=foo>, <ou=lists,dc=example.ru,ou=mail,o=foo> Prblem is around this code in servers/slapd/overlays/unique.c: if ( c->line ) rc = unique_new_domain ( &domain, c->line, c ); else rc = unique_new_domain ( &domain, c->argv[1], c ); c->line is empty by some reason. c->argv[1] contains only first URL. Is anybody know how to fix this bug? Is it normal, that c->line is empty? -- Anton Yuzhaninov

3 3

overlay nssov and pass-though authentication
by Uwe Werler 02 Jul '12

02 Jul '12

Hello list, sis there a way to use pass-through authentication with saslauthd and the new nssov overlay? The only thing I got working at the moment was to use overlay pbind. But then I have to split my database 'cause I need local passwords stored in the database too. Thanks in aadvance! Uwe

1 0

overlay nssov and pass-through authentication
by Uwe Werler 02 Jul '12

02 Jul '12

1 0

New release of LinID OpenLDAP Manager
by Clément OUDOT 29 Jun '12

29 Jun '12

Hi all, I wanted to inform you that we just released a new version (0.7) of our OpenLDAP configuration web console. You can know more about this version here: https://redmine.linid.org/news/16 LinID OpenLDAP Manager is free software (AGPLv3), I hope it might be useful for some of you. Regards, Clément OUDOT.

2 2

chaining and returning errors
by Frank Van Damme 29 Jun '12

29 Jun '12

List, I'm setting up chaining. And I want to get errors, no referrals :) my olcDatabase looks like this: olcDatabase={0}ldap,olcOverlay={1}chain,olcDatabase={1}hdb,cn=config objectClass: olcChainDatabase (auxiliary) objectClass: olcConfig (abstract) objectClass: olcDatabaseConfig (structural) objectClass: olcLDAPConfig (structural) objectClass: top (abstract) olcDatabase: {0}ldap olcDbIDAssertBind: bindmethod="simple" binddn="uid=lalalala" credentials="foo" mode="self" olcDbURI: ldap://example.com here is this object's parent: olcOverlay={1}chain,olcDatabase={1}hdb,cn=config objectClass: olcConfig (abstract) objectClass: olcOverlayConfig (structural) objectClass: top (abstract) olcOverlay: {1}chain The problem is that I can't insert an olcChainReturnError attribute into it. The schema doesn't allow it. I tried to add the olcChainConfig objectClass to the olcDatabase={1} object, which requires me to fill in an extra attribute "olcOverlay" - I tried {1}chain and "chain" and "{0}ldap" but either give me an error 65 "invalid structural object class chain". -- Frank Van Damme No part of this copyright message may be reproduced, read or seen, dead or alive or by any means, including but not limited to telepathy without the benevolence of the author.

2 2

Re: Memberof overlay with posixGroup
by Marcio Merlone 29 Jun '12

29 Jun '12

Em 28-06-2012 12:39, Julien Soula escreveu: > On Thu, Jun 28, 2012 at 10:34:48AM -0300, Marcio Merlone wrote: >> I am trying to implement memberof overlay on Ubuntu 10.04.4 LTS and >> OpenLDAP 2.4.21-0ubuntu5.7 over posixGroup, not groupOfNames. I >> created the following ldif: >> >> .../... >> >> adding new entry "olcOverlay={2}memberof,olcDatabase={1}hdb,cn=config" >> ldap_add: Other (e.g., implementation specific) error (80) >> additional info: member attribute="memberUid" must either >> have DN (1.3.6.1.4.1.1466.115.121.1.12) or nameUID >> (1.3.6.1.4.1.1466.115.121.1.34) syntax > overlay memberof only supports DN as membership attribute (as DN and > nameUID type). I don't know any workaround for your case. Sorry for the noise, I SWEAR, I was so sure posixGroup use DN as membership, overlooked that. Thanks and best regards. -- *Marcio Merlone*

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical