openldap-technical

openldap-technical@openldap.org

2 participants
9852 discussions

totp1andpw
by Stefan Kania 28 Jun '21

28 Jun '21

Hi to all, I'm still testing TOPT with OpenLDAP 2.5. I got TOTP1 running. So a user with an OTP can use the six-digit number from googleauthenticator (or freeOTP+) to authenticate while using ldapsearch. Then I switch to TOTP1ANDPW I generate a secretkey for the TOTP-part of userPassword. Then I create a password with "slappasswd" and put both TOTP1|password together in userPassword after decoding base64 I saw what I expected: ------------ dn: cn=u1,ou=users,dc=example,dc=net objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: autoCAuser loginShell: /bin/bash homeDirectory: /home/u1 uid: u1 uidNumber: 10010 gidNumber: 10000 sn: u givenName: 1 cn: u1 userPassword:: e1RPVFAxQU5EUFd9TUpBVk1UM0tNUlVXSVNDUEtKWEhJWVNaR1kzRE80Q0x8e1N TSEF9RWlCcVIwUGR4SUluMSswZTNqRSs1MXlwb1p6dTFKVUc= ------------------ echo "e1RPVFAxQU5EUFd9TUpBVk1UM0tNUlVXSVNDUEtKWEhJWVNaR1kzRE80Q0x8e1NTSEF9RWlCcVIwUGR4SUluMSswZTNqRSs1MXlwb1p6dTFKVUc=" | base64 -d {TOTP1ANDPW}MJAVMT3KMRUWISCPKJXHIYSZGY3DO4CL|{SSHA}EiBqR0PdxIIn1+0e3jE+51ypoZzu1JUG I then try to authenticate using ldapsearch with: 123456secret where 123456 is the six-digit key from googleauthenticator and "secret" is the password. But I always got an error 49 :-( I read this to set up the password: https://git.openldap.org/ondra/openldap/-/tree/dfe1f6494d69a885477e854944a6… Any hint? Anyone who got this running? I wrote a little bash-script to generate the shared-key, the password and write it into the users object: THIS SCRIPT IS FOR TESTING PURPOSE ONLY! ----------------------------- #!/bin/bash ########################################## # This script requires an OpenLDAP 2.5.x # # with the overlay pw-totp and autoca # # active and configured! # ########################################## # This script generats a TOTP1ANDPW password for a user # the script needs the full DN of the user # and an email address for the user. # The script will NOT check if the email address is valide # Ther will be a random string generated for the user # the user do not need the string. The string is only # to generate the sharedkey for the user. # At the end you will see the sharedkey, the user can enter # in an authenticator app like googleauthentiicator or freeOTP # and a png-file will be created with the QR-code for the sharedkey # # The script can be used via network or local only via the ldapi-socket if [ $# -ne 2 ] then echo "User-DN and User-Mail is needed" echo "usage: $0 userdn user@mail" exit 1 fi USER_DN=$1 USER_MAIL=$2 LDAP_SERVER=ldap://ldap25-p01.example.net USE_LDAPI=1 # set to "0" if userlogin is prefered USE_TLS=1 # if TLS should not be used set to "0" #LDAP_ADMIN="uid=ldap-admin,ou=users,dc=example,dc=net" LDAP_ADMIN="cn=admin,dc=example,dc=net" LDAP_ADMIN_PW="secret" TOPT_ISSUER=stka USER_PW_TOTP_BASE64="" USER_NAME="" USER_SHARED_KEY="" QR_TEXT="" USER_PASSWORD="" # Setting the varaible to use TLS if selected if [ "$USE_TLS" -eq 1 ] then ACTIVATE_TLS="-ZZ" else ACTIVATE_TLS="" fi if [ ! -f "/usr/bin/qrencode" ] then echo "qrencode is not installed!" exit 2 fi #First part of DN is USER_MANE USER_NAME=$(echo "$USER_DN" | cut -d "," -f 1) # Let's get shure that there is exactly one user present in database if [ $USE_LDAPI -eq 1 ] then USER_DN_IN_DB=$(ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// $USER_NAME dn 2>/dev/null | cut -d " " -f 2) else USER_DN_IN_DB=$(ldapsearch -xLLL "$ACTIVATE_TLS" -D "$LDAP_ADMIN" -w "$LDAP_ADMIN_PW" -H "$LDAP_SERVER" "$USER_NAME" dn 2>/dev/null | cut -d " " -f 2) fi if [ "${USER_DN,,}" != "${USER_DN_IN_DB,,}" ] then echo "User $USER_DN not found in database" exit 3 fi #Create random 20 byte string: 160 bit is recommended (min 128 bit) USER_PW=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 20 ; echo '') #Create the password for 2fa USER_PASSWORD=$(slappasswd) #Set user password if [ $USE_LDAPI -eq 1 ] then ldappasswd -Q -Y EXTERNAL -H ldapi:/// -s "${USER_PW}|${USER_PASSWORD}" "$USER_DN" else ldappasswd -x "$ACTIVATE_TLS" -D "$LDAP_ADMIN" -w "$LDAP_ADMIN_PW" -s "${USER_PW}|${USER_PASSWORD}" "$USER_DN" fi #Read user password from LDAP in TOTP1-format if [ $USE_LDAPI -eq 1 ] then PW_STEP_1=$(ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// "$USER_NAME" userpassword | grep -A1 userPassword) USER_PW_TOTP_BASE64=$(echo $PW_STEP_1 | awk '{print $2 $3}') else USER_PW_TOTP_BASE64=$(ldapsearch -x "$ACTIVATE_TLS" -D "$LDAP_ADMIN" -w "$LDAP_ADMIN_PW" -LLL -H "$LDAP_SERVER" "$USER_NAME" userpassword | grep userPassword | cut -d " " -f 2 | cut -d '|' -f 1) fi #Create user shared key USER_SHARED_KEY=$(echo $USER_PW_TOTP_BASE64 | base64 -d) #cut the password hash type from shared key USER_SHARED_KEY=$(echo $USER_SHARED_KEY | cut -d "|" -f 1 | cut -d "}" -f 2) #Create the QR-text for the user QR_TEXT="otpauth://totp/$LDAP_SERVER:$USER_MAIL?secret=${USER_SHARED_KEY}a&issuer=${TOTP_ISSUER}&period=30&digits=6&algorithm=SHA1" #Generate the QR-code echo $QR_TEXT | qrencode -s9 -o ${USER_MAIL}.png echo "Shared key for User $USER_DN is $USER_SHARED_KEY" echo "You find the QR-code in file ${USER_MAIL}.png" -----------------------------

6 7

slapd does not start after upgrade
by BÖSCH Christian 22 Jun '21

22 Jun '21

Hi, I've upgraded openldap 2.4.57 to 2.4.59 on FreeBSD 12.2 using portmaster, what has always worked over the last few years. After upgrade the config seems to be bad which hasn't changed…? root@openldap2:/usr/local/etc/openldap # /usr/local/libexec/slapd -Tt -u 60d0a1cd PROXIED attributeDescription "O" inserted. 60d0a1cd UNKNOWN attributeDescription "OLCRWMTFSUPPORT" inserted. 60d0a1cd UNKNOWN attributeDescription "OLCRWMNORMALIZEMAPPED" inserted. 60d0a1cd UNKNOWN attributeDescription "OLCRWMREWRITE" inserted. 60d0a1cd config error processing olcOverlay={0}rwm,olcDatabase={-1}frontend,cn=config: slaptest: bad configuration file! dn: olcOverlay={0}rwm objectClass: olcOverlayConfig objectClass: olcRwmConfig olcOverlay: {0}rwm olcRwmTFSupport: false olcRwmNormalizeMapped: FALSE structuralObjectClass: olcRwmConfig olcRwmRewrite: {0}rwm-rewriteEngine "on" olcRwmRewrite: {1}rwm-rewriteMap "ldap" "attr2dn" "ldap://localhost/o=abc.org?dn?sub" olcRwmRewrite: {2}rwm-rewriteContext "bindDN" olcRwmRewrite: {3}rwm-rewriteRule "^eduPersonPrincipalName=[^,]+@[^,]+$" "${ attr2dn($0)}" ":@I" Does anyone have a hint what's going wrong? Thanks, Christian

3 2

avoid modifying /etc/sasl2/slapd.conf
by Michael Ströder 17 Jun '21

17 Jun '21

HI! Some automated tests of my Python module check SASL bind with various mechs. For this to work I normally have to add those SASL mechs to /etc/sasl2/slapd.conf. But this fails in the openSUSE build system with "permission denied". Is there a possibility to override SASL mechs used by slapd with an env var or similar? Ciao, Michael.

3 4

pw-totp
by Stefan Kania 07 Jun '21

07 Jun '21

Hello, I try to set up TOTP1 and TOTP1ANDPW as passworthash. I use Debian 10 with Kernel 5.9 from the backports. As OpenLDAP I use 2.5.5. I set up everything via Ansible. My configure-options are: ------------- ./configure --with-cyrus-sasl --with-tls=openssl --enable-overlays=mod --enable-backends=mod --disable-perl --disable-ndb --enable-crypt --enable-modules --enable-dynamic --enable-syslog --enable-debug --enable-local --enable-spasswd --disable-sq l --prefix=/opt/openldap-current ------------- In addition I build: ------------ /opt/openldap-current/contrib/slapd-modules/passwd/sha2 /opt/openldap-current/contrib/slapd-modules/passwd/pbkdf2 /opt/openldap-current/contrib/slapd-modules/passwd/totp/ ------------ "make test" is runnning without any error. The setup is running without any error, here my cn=config: ------------ dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /opt/openldap-current/var/run/slapd.args olcLogLevel: sync olcLogLevel: stats olcLogLevel: stats olcPidFile: /opt/openldap-current/var/run/slapd.pid olcToolThreads: 1 olcTLSCertificateFile: /opt/openldap-current/etc/my_certificates/ldap25-p01-ce rt.pem olcTLSCertificateKeyFile: /opt/openldap-current/etc/my_certificates/ldap25-p01 -key.pem olcTLSCACertificateFile: /opt/openldap-current/etc/my_certificates/cacert.pem olcPasswordHash: {TOTP1} dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /opt/openldap-current/libexec/openldap:/usr/local/libexec/openl dap olcModuleLoad: {0}back_mdb olcModuleLoad: {1}back_monitor olcModuleLoad: {2}pw-totp.la olcModuleLoad: {3}autoca.la ... schema.... dn: olcBackend={0}mdb,cn=config objectClass: olcBackendConfig olcBackend: {0}mdb dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=externa l,cn=auth manage by dn.exact=gidNumber=1111+uidNumber=1111,cn=peercred,cn=ex ternal,cn=auth manage by * break olcAccess: {1}to dn="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read olcSizeLimit: 500 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=externa l,cn=auth manage by dn.exact=gidNumber=1111+uidNumber=1111,cn=peercred,cn=ex ternal,cn=auth manage by dn.exact=uid=ldap-admin,ou=users,dc=example,dc=net write by * break olcRootDN: cn=admin,cn=config olcRootPW: dn: olcDatabase={1}monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to dn.subtree="cn=monitor" by dn.exact=cn=admin,cn=config read by dn.exact=cn=admin,dc=example,dc=net read dn: olcDatabase={2}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcmdbConfig olcDatabase: {2}mdb olcDbDirectory: /opt/openldap-current/var/lib/ldap olcSuffix: dc=example,dc=net olcAccess: {0} to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth manage by dn.exact=gidNumber=1111+uidNumber=1111,cn=peercred,cn=e xternal,cn=auth manage by dn.exact=uid=ldap-admin,ou=users,dc=example,dc=net write by dn.exact=uid=repl-user,ou=users,dc=example,dc=net read by * break olcAccess: {1}to dn.exact="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read olcAccess: {3} to attrs=userPassword by anonymous auth by self write by * non e olcLimits: {0} dn.exact="uid=repl-user,ou=users,dc=example,dc=net" time=unl imited size=unlimited olcLimits: {1} dn.exact="uid=ldap-admin,ou=users,dc=example,dc=net" time=unlim ited size=unlimited olcRootDN: cn=admin,dc=example,dc=net olcRootPW: {SSHA}D6GKFhWChzpTnTmsxLVqJqTnFm+8fr3K olcSizeLimit: unlimited olcTimeLimit: unlimited olcDbCheckpoint: 512 30 olcDbIndex: default eq olcDbIndex: objectClass olcDbIndex: entryUUID olcDbIndex: entryCSN olcDbIndex: cn pres,eq,sub olcDbIndex: uid pres,eq,sub olcDbIndex: mail pres,eq,sub olcDbIndex: sn pres,eq,sub olcDbIndex: description pres,eq,sub olcDbIndex: title pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbMaxSize: 85899345920 dn: olcOverlay={0}totp,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig olcOverlay: {0}totp dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcAutoCAConfig olcOverlay: {1}autoca olcAutoCAuserKeybits: 4096 olcAutoCAserverKeybits: 4096 olcAutoCAKeybits: 4096 ------------ After a few minutes or if I restart slapd I get the following error-message: --------------------- Jun 05 15:24:52 ldap25-p01 slapd[16210]: @(#) $OpenLDAP: slapd 2.5.5 (Jun 5 2021 14:07:21) $ root@ldap25-p01:/opt/openldap-2.5.5/servers/slapd Jun 05 15:24:52 ldap25-p01 slapd[16210]: olcPasswordHash: value #0: <olcPasswordHash> scheme not available ({TOTP1}) Jun 05 15:24:52 ldap25-p01 slapd[16210]: olcPasswordHash: value #0: <olcPasswordHash> no valid hashes found Jun 05 15:24:52 ldap25-p01 slapd[16210]: config error processing cn=config: <olcPasswordHash> no valid hashes found --------------------- I used the documentation from symas for configuring TOTP. What's wrong and why is slapd starting after configuration but chrashes when I restart slapd? Stefan

4 17

2.57 to 2.58 update no structural objectClass in configuration table
by Lists Nethead 07 Jun '21

07 Jun '21

Hi all, After 2.57 to 2.58 update, slapd refuses to start. OS is FreeBSD 12, slapd built from ports. No clue what is missing, the system ran for two years without a clitch during updates. Thanks! 60bde84c ldif_read_file: read entry file: "/usr/local/etc/openldap/slapd.d/cn=config/olcDatabase={1}mdb/olcOverlay={0}syncprov.ldif" 60bde84c => str2entry: "# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 97cb42e9 dn: olcOverlay={0}syncprov objectClass: top objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpCheckpoint: 100 10 structuralObjectClass: olcSyncProvConfig entryUUID: 8ed9549c-5ee4-1036-9903-fd364e50deb0 creatorsName: cn=config createTimestamp: 20161225115355Z entryCSN: 20161225115355.953738Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20161225115355Z " 60bde84c >>> dnPrettyNormal: <olcOverlay={0}syncprov> => ldap_bv2dn(olcOverlay={0}syncprov,0) <= ldap_bv2dn(olcOverlay={0}syncprov)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcOverlay={0}syncprov)=0 => ldap_dn2bv(272) <= ldap_dn2bv(olcOverlay={0}syncprov)=0 60bde84c <<< dnPrettyNormal: <olcOverlay={0}syncprov>, <olcOverlay={0}syncprov> 60bde84c <= str2entry: str2ad(olcSpCheckpoint): attribute type undefined 60bde84c UNKNOWN attributeDescription "OLCSPCHECKPOINT" inserted. 60bde84c >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 60bde84c <<< dnNormalize: <cn=config> 60bde84c >>> dnNormalize: <cn=config> => ldap_bv2dn(cn=config,0) <= ldap_bv2dn(cn=config)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=config)=0 60bde84c <<< dnNormalize: <cn=config> 60bde84c <= str2entry(olcOverlay={0}syncprov) -> 0x8013a5e48 60bde84c => test_filter 60bde84c PRESENT 60bde84c => access_allowed: search access to "olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config" "objectClass" requested 60bde84c <= root access granted 60bde84c => access_allowed: search access granted by manage(=mwrscxd) 60bde84c <= test_filter 6 60bde84c : config_add_internal: DN="olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config" no structural objectClass in configuration table 60bde84c config error processing olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config: 60bde84c send_ldap_result: conn=-1 op=0 p=0 60bde84c send_ldap_result: err=65 matched="" text="" 60bde84c slapd destroy: freeing system resources. 60bde84c syncinfo_free: rid=131 60bde84c slapd stopped.

2 2

unable to add DB DIT , getting value #0 invalid per syntax error in alpine Linux.
by govid 06 Jun '21

06 Jun '21

unable to add DB DIT , getting value #0 invalid per syntax error command used : ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif below is the content of "create_sns_db.ldif" file dn: olcDatabase=mdb,cn=config objectClass: olcMdbConfig olcDatabase: mdb olcDbMaxSize: 1073741824 olcSuffix: dc=smartsan olcDbDirectory: /usr/local/var/openldap-data/sns_db olcRootDN: cn=admin,dc=smartsan olcRootPW: secret2 olcDbIndex: objectClass eq below is the debug output for the ldapadd command used: #ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif -d 255 ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 4 tm: -1 async: 0 attempting to connect: connect success ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7f1aa9d18010 ptr=0x7f1aa9d18010 end=0x7f1aa9d1802d len=29 0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c 0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret ber_scanf fmt ({i) ber: ber_dump: buf=0x7f1aa9d18010 ptr=0x7f1aa9d18015 end=0x7f1aa9d1802d len=24 0000: 60 16 02 01 03 04 09 63 6e 3d 63 6f 6e 66 69 67 `......cn=config 0010: 80 06 73 65 63 72 65 74 ..secret ber_flush2: 29 bytes to sd 4 0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c 0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret ldap_write: want=29, written=29 0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c 0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret ldap_result ld 0x7f1aaa121dc0 msgid 1 wait4msg ld 0x7f1aaa121dc0 msgid 1 (infinite timeout) wait4msg continue ld 0x7f1aaa121dc0 msgid 1 all 1 ** ld 0x7f1aaa121dc0 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Tue May 25 05:42:41 2021 ** ld 0x7f1aaa121dc0 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7f1aaa121dc0 request count 1 (abandoned 0) ** ld 0x7f1aaa121dc0 Response Queue: Empty ld 0x7f1aaa121dc0 response count 0 ldap_chkResponseList ld 0x7f1aaa121dc0 msgid 1 all 1 ldap_chkResponseList returns ld 0x7f1aaa121dc0 NULL ldap_int_select read1msg: ld 0x7f1aaa121dc0 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 61 07 0a 0....a.. ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ...... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b10 end=0x7f1aaa048b1c len=12 0000: 02 01 01 61 07 0a 01 00 04 00 04 00 ...a........ read1msg: ld 0x7f1aaa121dc0 msgid 1 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b13 end=0x7f1aaa048b1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ read1msg: ld 0x7f1aaa121dc0 0 new referrals read1msg: mark request completed, ld 0x7f1aaa121dc0 msgid 1 request done: ld 0x7f1aaa121dc0 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b13 end=0x7f1aaa048b1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ ber_scanf fmt (}) ber: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b1c end=0x7f1aaa048b1c len=0 ldap_msgfree adding new entry "olcDatabase=mdb,cn=config" ldap_add_ext ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7f1aa9d18020 ptr=0x7f1aa9d18020 end=0x7f1aa9d18148 len=296 0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc 0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn= 0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj 0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM 0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD 0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0. 0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1. 0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240... 0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc= 0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD 00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v 00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap- 00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o 00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a 00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan 00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1.. 0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD 0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object 0120: 43 6c 61 73 73 20 65 71 Class eq ber_scanf fmt ({) ber: ber_dump: buf=0x7f1aa9d18020 ptr=0x7f1aa9d18027 end=0x7f1aa9d18148 len=289 0000: 68 82 01 1d 04 19 6f 6c 63 44 61 74 61 62 61 73 h.....olcDatabas 0010: 65 3d 6d 64 62 2c 63 6e 3d 63 6f 6e 66 69 67 30 e=mdb,cn=config0 0020: 81 ff 30 1d 04 0b 6f 62 6a 65 63 74 43 6c 61 73 ..0...objectClas 0030: 73 31 0e 04 0c 6f 6c 63 4d 64 62 43 6f 6e 66 69 s1...olcMdbConfi 0040: 67 30 14 04 0b 6f 6c 63 44 61 74 61 62 61 73 65 g0...olcDatabase 0050: 31 05 04 03 6d 64 62 30 1c 04 0c 6f 6c 63 44 62 1...mdb0...olcDb 0060: 4d 61 78 53 69 7a 65 31 0c 04 0a 31 30 37 33 37 MaxSize1...10737 0070: 34 31 38 32 34 30 1a 04 09 6f 6c 63 53 75 66 66 418240...olcSuff 0080: 69 78 31 0d 04 0b 64 63 3d 73 6d 61 72 74 73 61 ix1...dc=smartsa 0090: 6e 30 31 04 0e 6f 6c 63 44 62 44 69 72 65 63 74 n01..olcDbDirect 00a0: 6f 72 79 31 1f 04 1d 2f 76 61 72 2f 6c 69 62 2f ory1.../var/lib/ 00b0: 6f 70 65 6e 6c 64 61 70 2d 64 61 74 61 2f 73 6e openldap-data/sn 00c0: 73 5f 64 62 30 23 04 09 6f 6c 63 52 6f 6f 74 44 s_db0#..olcRootD 00d0: 4e 31 16 04 14 63 6e 3d 61 64 6d 69 6e 2c 64 63 N1...cn=admin,dc 00e0: 3d 73 6d 61 72 74 73 61 6e 30 16 04 09 6f 6c 63 =smartsan0...olc 00f0: 52 6f 6f 74 50 57 31 09 04 07 73 65 63 72 65 74 RootPW1...secret 0100: 32 30 1e 04 0a 6f 6c 63 44 62 49 6e 64 65 78 31 20...olcDbIndex1 0110: 10 04 0e 6f 62 6a 65 63 74 43 6c 61 73 73 20 65 ...objectClass e 0120: 71 q ber_flush2: 296 bytes to sd 4 0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc 0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn= 0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj 0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM 0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD 0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0. 0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1. 0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240... 0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc= 0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD 00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v 00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap- 00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o 00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a 00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan 00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1.. 0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD 0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object 0120: 43 6c 61 73 73 20 65 71 Class eq ldap_write: want=296, written=296 0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc 0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn= 0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj 0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM 0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD 0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0. 0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1. 0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240... 0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc= 0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD 00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v 00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap- 00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o 00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a 00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan 00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1.. 0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD 0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object 0120: 43 6c 61 73 73 20 65 71 Class eq ldap_result ld 0x7f1aaa121dc0 msgid 2 wait4msg ld 0x7f1aaa121dc0 msgid 2 (timeout 100000 usec) wait4msg continue ld 0x7f1aaa121dc0 msgid 2 all 1 ** ld 0x7f1aaa121dc0 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Tue May 25 05:42:41 2021 ** ld 0x7f1aaa121dc0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x7f1aaa121dc0 request count 1 (abandoned 0) ** ld 0x7f1aaa121dc0 Response Queue: Empty ld 0x7f1aaa121dc0 response count 0 ldap_chkResponseList ld 0x7f1aaa121dc0 msgid 2 all 1 ldap_chkResponseList returns ld 0x7f1aaa121dc0 NULL ldap_int_select read1msg: ld 0x7f1aaa121dc0 msgid 2 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 34 02 01 02 69 2f 0a 04...i/. ldap_read: want=46, got=46 0000: 01 15 04 00 04 28 6f 62 6a 65 63 74 43 6c 61 73 .....(objectClas 0010: 73 3a 20 76 61 6c 75 65 20 23 30 20 69 6e 76 61 s: value #0 inva 0020: 6c 69 64 20 70 65 72 20 73 79 6e 74 61 78 lid per syntax ber_get_next: tag 0x30 len 52 contents: ber_dump: buf=0x565118724fb0 ptr=0x565118724fb0 end=0x565118724fe4 len=52 0000: 02 01 02 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 ...i/......(obje 0010: 63 74 43 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 ctClass: value # 0020: 30 20 69 6e 76 61 6c 69 64 20 70 65 72 20 73 79 0 invalid per sy 0030: 6e 74 61 78 ntax read1msg: ld 0x7f1aaa121dc0 msgid 2 message type add ber_scanf fmt ({eAA) ber: ber_dump: buf=0x565118724fb0 ptr=0x565118724fb3 end=0x565118724fe4 len=49 0000: 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 63 74 43 i/......(objectC 0010: 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 30 20 69 lass: value #0 i 0020: 6e 76 61 6c 69 64 20 70 65 72 20 73 79 6e 74 61 nvalid per synta 0030: 78 x read1msg: ld 0x7f1aaa121dc0 0 new referrals read1msg: mark request completed, ld 0x7f1aaa121dc0 msgid 2 request done: ld 0x7f1aaa121dc0 msgid 2 res_errno: 21, res_error: <objectClass: value #0 invalid per syntax>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x565118724fb0 ptr=0x565118724fb3 end=0x565118724fe4 len=49 0000: 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 63 74 43 i/......(objectC 0010: 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 30 20 69 lass: value #0 i 0020: 6e 76 61 6c 69 64 20 70 65 72 20 73 79 6e 74 61 nvalid per synta 0030: 78 x ber_scanf fmt (}) ber: ber_dump: buf=0x565118724fb0 ptr=0x565118724fe4 end=0x565118724fe4 len=0 ldap_msgfree ldap_err2string ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 4 0000: 30 05 02 01 03 42 00 0....B. ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B. ldap_free_connection: actually freed Note: i have manually typed the contents of the ldif file to make sure no extra characters are there.

2 10

Symas OpenLDAP for Linux 2.4.59 Released
by Quanah Gibson-Mount 04 Jun '21

04 Jun '21

The latest version of Symas OpenLDAP for Linux is now available for RHEL7, RHEL8, Ubuntu18 LTS, and Ubuntu 20 LTS. <https://repo.symas.com/sofl/> for installation instructions. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

OpenLDAP 2.4.x branch support
by Norm Green 04 Jun '21

04 Jun '21

Do we have some idea of how long the 2.4.x branch will be maintained and supported? The roadmap page appears to be out of date (https://openldap.org/software/roadmap.html). thanks, Norm Green

2 1

openSUSE/SLE packages for 2.5.5 (was: OpenLDAP 2.5.5 available)
by Michael Ströder 04 Jun '21

04 Jun '21

On 6/4/21 12:32 AM, project(a)openldap.org wrote: > OpenLDAP 2.5.5 is now available for download as detailed on our download page: > > https://www.openldap.org/software/download/ As usual you can find packages for several openSUSE/SLE versions in this OBS project: https://build.opensuse.org/project/show/home:stroeder:openldap25 Notes: - The packages are still considered experimental and not tested in production. This is not a statement about OpenLDAP 2.5.5 itself. - This is my private work not related to the OpenLDAP nor the openSUSE projects => blame me if something looks wrong with the packaging. - If unsure install openldap-ms, not openldap2. This uses a separate prefix /opt/openldap-ms. Ciao, Michael.

1 0

openSUSE/SLE packages for 2.4.59 (was: OpenLDAP 2.4.59 available)
by Michael Ströder 04 Jun '21

04 Jun '21

On 6/4/21 12:28 AM, project(a)openldap.org wrote: > OpenLDAP 2.4.59 is now available for download as detailed on our download page: > > https://www.openldap.org/software/download/ As usual you can find packages for several openSUSE/SLE versions here: https://build.opensuse.org/package/show/network:ldap/openldap2 OpenLDAP 2.4.59 will probably reach regular openSUSE Tumbleweed repos during the next days. Ciao, Michael.

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical