openldap-technical

openldap-technical@openldap.org

11 participants
9876 discussions

Start a nNew thread

Re: dynlist and group membership (libnss-ldap, posixGroup, samba)
by Rafal Kaminski 05 Jan '11

05 Jan '11

Hi, I have the same problem. Did you find resolve for this? Thanks for help. BR, Rafal Kaminski

1 0

How does LDAP_OPT_RESTART work?
by Khaled Blah 05 Jan '11

05 Jan '11

Hello, I'd like to know what the meaning of LDAP_OPT_RESTART is and how it works? Is there someone here who could shed some light on this for me? First of all: next to the description in the manual is a "FIXME" and it doesn't say what needs to be fixed exactly. Second of all: I've tried my OpenLDAP based client with this option set to LDAP_OPT_ON when my client was still running and already had done one successfull bind and then stopped (with another bind while the server was stopped) and restarted my LDAP server. However, when the LDAP server was back online the connection was not restarted and the bind did not work. Did I miss something or do I misunderstand the purpose of this option? Thanks in avance to anyone who can tell me more about this. Regards, Khaled

1 0

problem enabling ssl on openldap 2.2.13
by rui 05 Jan '11

05 Jan '11

Hi I am trying to enable tls based session with openldap from a client. I created a self signed certificate based on command from http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.1 My server.pem file is in /etc/openldap directory where slapd.conf is located. Here are further settings in my slapd.conf TLSCACertificateFile server.pem TLSCertificateFile server.pem TLSCertificateKeyFile server.pem TLSVerifyClient never When I restart the ldap, it gives me the following warnings. is not readable by "ldap" [WARNING] is not readable by "ldap" [WARNING] is not readable by "ldap" [WARNING] Checking configuration files for slapd: [ OK ] Starting slapd: [ OK ] I have checked the ps output and it is started as: ldap 6883 1 0 16:18 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldap:/// ldaps:/// AND netstat -anp | grep slapd tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 7850/slapd tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 7850/slapd tcp 0 0 ip:389 ip:43165 ESTABLISHED 7850/slapd tcp 0 0 :::389 :::* LISTEN 7850/slapd tcp 0 0 :::636 :::* LISTEN 7850/slapd unix 2 [ ] DGRAM 302231743 7850/slapd Regards, rui

2 1

a problem of authentication fail in Ubuntu 10.04,slapd 2.4.21
by cn_gd＠126.com 05 Jan '11

05 Jan '11

hi all, I 'm install slapd follow bellow steps in ubuntu 10.04 lucid strictly: 1. apt-get install slapd * slapd -V @(#) $OpenLDAP: slapd 2.4.21 (Aug 10 2010 17:08:36) $ buildd@yellow:/build/buildd/openldap-2.4.21/debian/build/servers/slapd* 2. dpkg-reconfigure slapd 3.edit /etc/ldap/slapd.d/cn\=config.ldif 4. cat /etc/ldap/slapd.d/cn\=config.ldif dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcLogLevel: none olcPidFile: /var/run/slapd/slapd.pid structuralObjectClass: olcGlobal dn: olcDatabase=bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: bdb olcSuffix: "dc=cg,dc=scsio,dc=ac,dc=cn" olcDbDirectory: /home/az/openldap-data olcRootDN: "cn=Manager,dc=cg,dc=scsio,dc=ac,dc=cn" olcRootPW: secret 4. /etc/init.d/slapd restart All step're OK,then I run bellow to test it: 5. ldapsearch -x -D "cn=Manager,dc=cg,dc=scsio,dc=ac,dc=cn" -w "secret" -H ldap://cg.scsio.ac.cn and it show that error: *ldap_bind: Invalid credentials (49) **I try again and again,but it'still the same.( using slappasswd to change it also turn to same problem). I wonder what's go wrong.any help would be greatly appreciated.Thank you in advance! ** *

3 2

MinGW & IPv6?
by Eric Nichols (DirWiz) 04 Jan '11

04 Jan '11

I apologize if I am posting to the wrong group. I am currently trying to configure v2.4.23 with the --enable-ipv6 and I get back the following error: configure: error: IPv6 support requires getaddrinfo() and inet_ntop() I was able to get around the getaddrinfo() by defining _WIN32_WINNT 0x501. This apparently tells mingw that this is being compiled on XP which is the minimum for IPv6 support. This leaves me with inet_ntop() which really doesn't exist in Windows land (bummer). I did find this piece of code with is a bit over my head. Could this be inserted into the OpenLDAP code somewhere as a wrapper? http://www.mail-archive.com/users@ipv6.org/msg02107.html Thanks Eric

1 0

nis vs rfc2307bis
by Mauricio Tavares 04 Jan '11

04 Jan '11

What is the difference between the nis.schema and the rfc2307bis.schema?

1 0

Problem with openldap backup script
by Nick Milas 04 Jan '11

04 Jan '11

Hello, I'm running openldap 2.4.22 using Buchan's CentOS/RHEL 5 RPMs. For some reason, although the backup script seems to be running successfully (either manually or by cron), it produces no results whatsoever: # cd /usr/share/openldap2.4/scripts/ # ls -la total 60 drwxr-xr-x 2 root root 4096 Dec 27 22:14 . drwxr-xr-x 4 root root 4096 Dec 27 22:14 .. -rwxr-xr-x 1 root root 16584 Apr 27 2010 ldap-common -rwxr-xr-x 1 root root 3776 Dec 28 09:14 ldap-hot-db-backup -rwxr-xr-x 1 root root 4979 Apr 27 2010 ldap-reinitialise-slave # ./ldap-hot-db-backup -v 4 Warning: Starting backup Warning: Successfully ran backup to temporary directory Info: We have 0 of 0 locks Info: Starting switch Warning: Switched new backup to good backup successfully Info: successfully removed all lock files Warning: Backup run completed successfully # ls -la /var/lib/ldap2.4/backup total 16 drwxr-xr-x 2 ldap ldap 4096 Jan 3 19:24 . drwxr-x--- 4 ldap ldap 4096 Jan 4 11:06 .. I am trying to go through the script code (in the backup script and in ldap-common) but it's no easy task. Can someone suggest some solution? What may be going wrong? Why everything seems successful although no backup is taken? What are these 0 of 0 locks? Any help will be appreciated. Thanks in advance, Nick

3 3

OpenLDAP 2.4.24?
by Marco Pizzoli 04 Jan '11

04 Jan '11

Hi all, I would like to know if is there a plan to make a new release of OL in the following months. Thanks in advance Marco -- _________________________________________ Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi. Jim Morrison

4 6

Re: Index for objectclass does not work...
by Steeg Carson 03 Jan '11

03 Jan '11

2011/1/4 Quanah Gibson-Mount <quanah(a)zimbra.com>: > --On Tuesday, January 04, 2011 1:43 AM +0100 Steeg Carson > <steeg.carson(a)googlemail.com> wrote: > >> I simulate this on my database just right now: > > I suggest you read: > > <http://www.openldap.org/lists/openldap-technical/201011/msg00146.html> > > to understand how indices and their slots work. > I tried to follow Howard advice with the "empty suffix", but it did'nt work. So I'll work through tomorrow (today) to understand this. Now its about 3:00am and I have to go home ;) in my bed ... Thank you very much for help till now! Kindly regards, Steeg

1 0

Re: Index for objectclass does not work...
by Steeg Carson 03 Jan '11

03 Jan '11

2011/1/4 Quanah Gibson-Mount <quanah(a)zimbra.com>: > --On Tuesday, January 04, 2011 1:08 AM +0100 Steeg Carson > <steeg.carson(a)googlemail.com> wrote: > >>> This does not look like a valid ldapsearch: >>> >>> ldapsearch -x -h localhost -D"uid=admin,ou=root" -b"cn=ou=root>" >>> "(ObjectClass=subEngine)" dn | grep "^dn:" | wc -l) >>> >>> The -b setting in particular looks broken, which is problem why you are >>> getting that message. >> >> Sorry, the base DN in the search should be -b"ou=root", my mistake. I >> tried to shorten it in the message... > > Please provide the exact ldapsearch in its entirety then (minus any > password). > I simulate this on my database just right now: =>set logelevel 33 echo >/var/log/messages # time ldapsearch -x -h localhost -wpassword -D"uid=admin,ou=root" -b"ou=root" "(objectClass=subEngine)" dn | grep "^dn:" | wc -l 104384 real 1m45.518s user 0m1.208s sys 0m1.332s grep "hdb_search:" /var/log/messages | wc -l 366201 => result form messages: ################################################### backend_startup_one: starting "ou=root" hdb_db_open: database "ou=root": dbenv_open(/var/lib/ldap_hdb). hdb_monitor_db_open: monitoring disabled; configure monitor database to enable slapd starting slap_listener_activate(7): >>> slap_listener(ldap:///) connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 op tag 0x60, time 1294100496 conn=1000 op=0 do_bind >>> dnPrettyNormal: <> <<< dnPrettyNormal: <>, <> do_bind: version=3 dn="" method=128 send_ldap_result: conn=1000 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=48 do_bind: v3 anonymous bind connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 ber_get_next on fd 12 failed errno=0 (Success) connection_close: conn=1000 sd=12 slap_listener_activate(7): >>> slap_listener(ldap:///) connection_get(12): got connid=1001 connection_read(12): checking for input on id=1001 op tag 0x60, time 1294100553 conn=1001 op=0 do_bind >>> dnPrettyNormal: <uid=admin,ou=root> <<< dnPrettyNormal: <uid=admin,ou=root>, <cn=root,ou=admins,ou=root> do_bind: version=3 dn="uid=admin,ou=root" method=128 do_bind: v3 bind: "uid=admin,ou=root" to "uid=admin,ou=root" send_ldap_result: conn=1001 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=0 connection_get(12): got connid=1001 connection_read(12): checking for input on id=1001 op tag 0x63, time 1294100553 conn=1001 op=1 do_search >>> dnPrettyNormal: <ou=root> <<< dnPrettyNormal: <ou=root>, <ou=root> begin get_filter EQUALITY end get_filter 0 => hdb_search bdb_dn2entry("ou=root") => hdb_dn2id("ou=root") <= hdb_dn2id: got id=0x1 entry_decode: "" <= entry_decode() search_candidates: base="ou=root" (0x00000001) scope=2 => hdb_dn2idl("ou=root") => bdb_filter_candidates #011AND => bdb_list_candidates 0xa0 => bdb_filter_candidates #011OR => bdb_list_candidates 0xa1 => bdb_filter_candidates #011EQUALITY => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read: failed (-30989) <= bdb_equality_candidates: id=0, first=0, last=0 <= bdb_filter_candidates: id=0 first=0 last=0 => bdb_filter_candidates #011EQUALITY => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read 470601 candidates <= bdb_equality_candidates: id=-1, first=228, last=470828 <= bdb_filter_candidates: id=-1 first=228 last=470828 <= bdb_list_candidates: id=-1 first=228 last=470828 <= bdb_filter_candidates: id=-1 first=228 last=470828 <= bdb_list_candidates: id=-1 first=228 last=470828 <= bdb_filter_candidates: id=-1 first=228 last=470828 bdb_search_candidates: id=-1 first=228 last=470828 entry_decode: "" <= entry_decode() => test_filter EQUALITY <= test_filter 6 entry_decode: "" <= entry_decode() => test_filter EQUALITY <= test_filter 5 hdb_search: 229 does not match filter entry_decode: "" <= entry_decode() => test_filter EQUALITY <= test_filter 5 hdb_search: 230 does not match filter entry_decode: "" <= entry_decode() => test_filter EQUALITY <= test_filter 5 hdb_search: 231 does not match filter entry_decode: "" <= entry_decode() => test_filter EQUALITY , , , and so on Thanks Steeg

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical