openldap-technical

openldap-technical@openldap.org

11 participants
9876 discussions

[Q] objectClass mapping data of back_sql for RFC2307
by Hiroyuki Sato 12 May '11

12 May '11

Dear lists. Could you please tell me the following. Does anybody tried to create objectClass mapping data of back_sql for RFC2307?? Especially, posixAccount and posixGroup. I would like to use SQL Database to store account informations of LDAP. Sincerely. -- Hiroyuki Sato.

1 0

Xymon syncrepl monitoring
by Johan Karlsson 12 May '11

12 May '11

Hi! While looking for OpenLDAP monitoring solutions, i found Buchan's Xymon/Hobbit script at http://staff.telkomsa.net/~bgmilne/xymon/ol/ I saw some previous discussion about it on this list so I thought I'd give it a shot. I'm wondering how it determines a syncrepl slave, cause when I added the test in Xymon on my syncrepl slave I get "Not a syncrepl slave". The graphs and counters are working though. Regards, Johan

2 2

Search by customized attribute in OpenLdap
by JOSE L MARTINEZ-AVIAL 11 May '11

11 May '11

Hi, I've installed OpenLdap, and defiened the following schema: attributetype ( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) objectclass ( 1.2.840.113556.1.5.6 NAME 'securityPrincipal' SUP top AUXILIARY MUST (sAMAccountName ) MAY (mail)) I've created an entry as follows: dn: cn=John Smith,ou=External Users,dc=xxx,dc=yyy,dc=com cn: John Smith objectClass: person objectClass: securityPrincipal mail: test(a)test.com sn: Smith userPassword: myPassword sAMAccountName: smith Then I try to get the entry looking for (sAMAccountName='smith'), but it doesn't work. If I look for (cn='John Smith') it founds the entry. So what do I need to do in order to be able to search by sAMAccountName? Thanks Jose

1 0

Re: Not able start TLS.
by Meghanand Acharekar 11 May '11

11 May '11

Sorry for the spelling mistake using /usr/local/libexec/slapd -s 256 -h "ldaps:///" And getting the error "daemon: TLS not supported (ldaps:///)" is syslog, I have searched mailing list, the one possible reason mentioned was "openldap is not compiled with TLS support" but I have verified this using ldd. ldd /usr/local/libexec/slapd linux-vdso.so.1 => (0x00007fff1f7ff000) libdb-4.7.so => /usr/lib/libdb-4.7.so (0x00007f80960b4000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007f8095e98000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f8095c7e000) libdl.so.2 => /lib/libdl.so.2 (0x00007f8095a7a000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f8095843000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f809562c000) libwrap.so.0 => /lib/libwrap.so.0 (0x00007f8095423000) libc.so.6 => /lib/libc.so.6 (0x00007f80950c2000) /lib64/ld-linux-x86-64.so.2 (0x00007f8096428000) libnsl.so.1 => /lib/libnsl.so.1 (0x00007f8094ea9000) I'm not sure whether the problem in certificates could be the reason for this. In my slapd.conf I've following lines related to TLS. TLSCACertificateFile /usr/local/etc/openldap/ca-bundle.crt TLSCertificateFile /usr/local/etc/openldap/slapd.pem TLSCertificateKeyFile /usr/local/etc/openldap/slapd.pem Regards, Meghanand N. Acharekar On Tue, May 10, 2011 at 8:50 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > --On Tuesday, May 10, 2011 4:56 PM +0530 Meghanand Acharekar < > vasco.debian(a)gmail.com> wrote: > > using /usr/local/libexec/slapd -s 256 -h "ldap:///" >> daemon: TLS not supported (ldaps:///) >> > > You didn't tell slapd to start with ldaps:///, you told it to start with > ldap:///. What exactly is the question? > > --Quanah > > > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

2 3

Confused about SASL behavoir
by Ski Kacoroski 10 May '11

10 May '11

Hi, I have a black box windows app that I was able to get working with SASL authentication. I am now doing some additional testing so I want to get the SASL auth working from ldapsearch for testing, but am not able to. My details are: Running openldap 2.4.23 on debian. slapd.conf SASL section is: password-hash {CLEARTEXT} sasl-host ldap.nsd.org sasl-realm OL.NSD.ORG authz-regexp uid=(.*),cn=OL.NSD.ORG,cn=digest-md5,cn=auth uid=$1,ou=people,dc=nsd,dc=org authz-regexp uid=(.*),cn=digest-md5,cn=auth uid=$1,ou=people,dc=nsd,dc=org When the windows app connects I get in the logs: 1 slap_sasl_getdn: dn:id converted to uid=ckacoroski,ou=people,dc=nsd,dc=org 2 SASL Canonicalize [conn=1003]: slapAuthcDN="uid=ckacoroski,ou=people,dc=nsd,dc=org" 3 => bdb_search 4 bdb_dn2entry("uid=ckacoroski,ou=people,dc=nsd,dc=org") 5 base_candidates: base: "uid=ckacoroski,ou=people,dc=nsd,dc=org" (0x000000ef) 6 slap_ap_lookup: str2ad(cmusaslsecretDIGEST-MD5): attribute type undefined 7 send_ldap_result: conn=1003 op=2 p=3 8 send_ldap_result: err=0 matched="" text="" 9 SASL Canonicalize [conn=1003]: authzid="ckacoroski" 10 SASL proxy authorize [conn=1003]: authcid="ckacoroski(a)OL.NSD.ORG" authzid="ckacoroski(a)OL.NSD.ORG" 11 conn=1003 op=2 BIND authcid="ckacoroski(a)OL.NSD.ORG" authzid="ckacoroski(a)OL.NSD.ORG" When I connect with ldapsearch -Y DIGEST-MD5 -U ckacoroski -h ldapm '(objectclass=*)' I get in the logs: 12 slap_sasl_getdn: dn:id converted to uid=ckacoroski,ou=people,dc=nsd,dc=org 13 SASL Canonicalize [conn=1000]: slapAuthcDN="uid=ckacoroski,ou=people,dc=nsd,dc=org" 14 => bdb_search 15 bdb_dn2entry("uid=ckacoroski,ou=people,dc=nsd,dc=org") 16 => bdb_dn2id("ou=people,dc=nsd,dc=org") 17 <= bdb_dn2id: got id=0x2 18 => bdb_dn2id("uid=ckacoroski,ou=people,dc=nsd,dc=org") 19 <= bdb_dn2id: got id=0xef 20 entry_decode: "uid=ckacoroski,ou=People,dc=nsd,dc=org" 21 <= entry_decode(uid=ckacoroski,ou=People,dc=nsd,dc=org) 22 base_candidates: base: "uid=ckacoroski,ou=people,dc=nsd,dc=org" (0x000000ef) 23 bdb_search: 239 does not match filter 24 send_ldap_result: conn=1000 op=1 p=3 25 send_ldap_result: err=0 matched="" text="" 26 SASL Canonicalize [conn=1000]: authzid="ckacoroski" 27 SASL [conn=1000] Failure: no secret in database It seems to break at line 23 and 27. I am not sure what is different about how the windows app and ldapsearch use SASL, but something sure is :). So my question is how do I get ldapsearch to work using SASL? Thanks in advance for your help. cheers, ski -- "When we try to pick out anything by itself, we find it connected to the entire universe" John Muir Chris "Ski" Kacoroski, ckacoroski(a)nsd.org, 206-501-9803 or ski98033 on most IM services

1 0

Not able start TLS.
by Meghanand Acharekar 10 May '11

10 May '11

Hi, I have installed openldap from source code on debian squeeze. with following options. ./configure --prefix=/usr/local --enable-slapd --enable-crypt --enable-syslog --enable-wrappers --disable-ipv6 --enable-ppolicy --with-cyrus-sasl --with-threads --with-tls While trying to start LDAPS, using /usr/local/libexec/slapd -s 256 -h "ldap:///" getting following error in the error log. daemon: TLS not supported (ldaps:///) I have installed required certificates, ldd output is as follows. ldd /usr/local/libexec/slapd linux-vdso.so.1 => (0x00007fff1f7ff000) libdb-4.7.so => /usr/lib/libdb-4.7.so (0x00007f80960b4000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007f8095e98000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f8095c7e000) libdl.so.2 => /lib/libdl.so.2 (0x00007f8095a7a000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f8095843000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f809562c000) libwrap.so.0 => /lib/libwrap.so.0 (0x00007f8095423000) libc.so.6 => /lib/libc.so.6 (0x00007f80950c2000) /lib64/ld-linux-x86-64.so.2 (0x00007f8096428000) libnsl.so.1 => /lib/libnsl.so.1 (0x00007f8094ea9000) Thanks in advance. Regards, मेघानंद नं. आचरेकर Meghanand N. Acharekar " A proud Linux User " Reg Linux User #397975 ------------------------------------------ The gates in my computer are AND, OR and NOT; they are not Bill..

2 1

Replication Advise
by Ben Rockwood 10 May '11

10 May '11

Hello, I have a mirror-mode configuration between two nodes in a single data center now. I'd like to expand this to 2 additional data centers. The intent would be to have read-only HA pairs in each of the new data centers that will continue to function even if the data center is cut off from the primary pair. I have some ideas on how to implement this, but I'm looking for any best practice advise people would like to offer before I do. Thanks! benr.

2 1

API in openldap to set the DSCP values
by sachinv1821＠gmail.com 10 May '11

10 May '11

HI All, I need to set the DSCP (QOS ) values how can I do it, I have a wrapper application over openldap server which sends request and receives reply. It would be of great help if u tell me the API to do that. Thanks in advance Regards, Sachin Vastrad

1 0

Auth problem with openldap and nss_ldap
by Johnny PINSON 10 May '11

10 May '11

Hey, I installed an openldap client and nss_ldap on a linux computer running slackware. Then I modified /etc/nsswitch.conf, adding ldap to authentify thanks a ldap server. The commands "getent password" and "id" are working. When I'm root and doing a "su $user", I'm able to su as $user. But, if I try to log in as $user, I get everytime an "invalid password". What can I do please to get i working? Would you need copy of my config files? Thanks a lot, Johnny PINSON

1 0

Password Modify Extended Operation Tool
by Shelley Waltz 09 May '11

09 May '11

I searched and did not find a suitable answer, so I am posting. Somehow I feel there is an answer, but it has eluded me. I have RHEL5 with openldap with the ppolicy module. I wish to have a script or web cgi which I can have the users access to change their password and have them obey the ppolicy restrictions. I have not been able to find a suitable tool which will provide feedback regarding their selection requirements and errors. If there is one, please point me in the right direction. regards Shelley

4 3

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical