openldap-technical

openldap-technical@openldap.org

9 participants
9868 discussions

ldap_simple_bind_s ok ,but ldap_simple_bind no
by owen nirvana 24 Nov '08

24 Nov '08

I write a dll using Novel CLDAP SDK, because no dev files from openLDAP could be use in windows. basically, they are same, and I found the same problems yet. ldap_simple_bind could not work , but ldap_simple_bind_s is ok. the former return "Operations Error", maybe it is the problem of LDAP Server, ( debian lenny, openLDAP 2.4.11 deb) gtalk:freeespeech@gmail.com

2 1

configuring ppolicy overlay using cn=config
by Vincent Panel 22 Nov '08

22 Nov '08

Hi, I was able to succesfully load the module and "assign" the overlay to the database by using cn=config configuration style. I had to import an LDIF similar to this : add olcOverlay={1}ppolicy,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {1}ppolicy to have the equivalent of the "overlay ppolicy" directive in slapd.conf But now, I try to have the equivalent of the "ppolicy_default" directive. I've had a quick look at the code and it seems and attribute olcPPolicyDefault exists, but it doesn't work... Could you give me a hand ? Thanks, Vincent

2 1

Re: import LDIF file from openldap to redhat directory server
by Pierangelo Masarati 21 Nov '08

21 Nov '08

Please keep postings to the list revathi ganesh wrote: > Thanks for your reply.. > Can you give me the procedure how to back up the entire openldap to LDIF file > > # ldapsearch -x -LLL > openldap.ldif > > Is this correct. No. Please read my previous message, which contains an indication of the correct procedure. p. > > Thanks > > > --- On Fri, 21/11/08, Pierangelo Masarati <ando(a)sys-net.it> wrote: > >> From: Pierangelo Masarati <ando(a)sys-net.it> >> Subject: Re: import LDIF file from openldap to redhat directory server >> To: "revathi ganesh" <cholam20(a)yahoo.co.in> >> Cc: openldap-technical(a)openldap.org >> Date: Friday, 21 November, 2008, 12:23 AM >> revathi ganesh wrote: >>> Dear gurus >>> >>> I have installed redhat directory server in a new >> server. The OS is RHEL V5. >>> We already are running openldap in RHEL V4. Now how >> can I import the all the datas (user accounts) from openldap >> to RHDS. >>> Please give me the procedure. >> To extract the data in LDIF, you can use slapcat(8). Then, >> you probably better ask on a RHDS list. >> >> p. >> >> >> Ing. Pierangelo Masarati >> OpenLDAP Core Team >> >> SysNet s.r.l. >> via Dossi, 8 - 27100 Pavia - ITALIA >> http://www.sys-net.it >> ----------------------------------- >> Office: +39 02 23998309 >> Mobile: +39 333 4963172 >> Fax: +39 0382 476497 >> Email: ando(a)sys-net.it >> ----------------------------------- > > > Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/ Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando(a)sys-net.it -----------------------------------

6 6

Memory consumption issue
by tkohlhepp 21 Nov '08

21 Nov '08

Hi guys, I've discovered a major memory issue. We have an OpenLDAP server (2.4.11) running with almost 2 million entries. When I do a ldapsearch to retrieve the entire tree the memory consumption grows and grows and will never stop before it ate the entire RAM and swap. My slapd.conf file looks like this: include /var/ldap/ldap-ds/etc/schema/core.schema include /var/ldap/ldap-ds/etc/schema/netmobile.schema include /var/ldap/ldap-ds/etc/schema/netmobile.acc.schema include /var/ldap/ldap-ds/etc/schema/netmobile.zMRDB.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/ldap/ldap-ds/var/run/slapd.pid argsfile /var/ldap/ldap-ds/var/run/slapd.args access to * by dn="cn=replica,ou=replica,ou=ldapaccounts,o=netmldap" write by users read by anonymous read access to * by self write by users read by anonymous read #threads 2 # all logging #loglevel -1 # only syncrepl logging loglevel 16640 ####################################################################### # BDB database definitions ####################################################################### database monitor access to dn.subtree="cn=Monitor" by dn.exact="cn=admin,ou=netm,ou=people,o=netmldap" write by dn.exact="cn=admin,ou=netm,ou=people,o=netmldap" read by * none database bdb suffix "cn=accesslog" rootdn "cn=Admin,o=netmldap" directory /var/ldap/ldap-ds/cn=accesslog index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE limits dn.exact="cn=Admin,o=netmldap" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited database config rootdn "cn=admin,cn=config" rootpw config database bdb suffix "o=netmldap" rootdn "cn=Admin,o=netmldap" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}5ycg8tSV/i0Z99FKaylr0Az5x1nBA8TC directory /var/ldap/ldap-ds/o=netmldap #dbcachesize 1000000 cachesize 1000 idlcachesize 3000 cachefree 500 searchstack 8 #readonly on # Indices to maintain index default pres,eq index cn index netmzMRDBPhoneNumber index netmAccNumAddr index netmAccNumPort index netmLogin2 index netmPortalName index netmCarrierID # new indices - 2007-01-15 index netmLogin pres,eq index netmClientContractUniqueName index netmPrivateMail index netmContactTecEmail index netmContactBillingEmail index netmFirmEmail index netmContactCommEmail index netmzMRDBCarrier index netmzMRDBblacklistLA index netmzMRDBPortingDate index objectClass pres,eq index entryCSN,entryUUID eq # Save the time that the entry gets modified lastmod on overlay syncprov syncprov-checkpoint 1000 60 overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE # scan the accesslog DB every day, and purge entries older than 7 days logpurge 07+00:00 01+00:00 limits dn.exact="cn=Admin,o=netmldap" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited sizelimit -1 The DB_CONFIG look like this set_cachesize 0 8435456 1 set_lg_regionmax 262144 set_lg_bsize 2097152 # will automatically remove transaction logs # this setting isn't recommended set_flags DB_LOG_AUTOREMOVE When I start slapd is consumes that much RAM total kB 478476 After doing the search it looks like this total kB 937316 I've done a pmap -x to see where the memory goes but this process is marked as anonymous. So I don't know how to get this memory back. I have to restart the LDAP server to get this memory released. I would appreciate if someone could help me to solve this issue. Thanks Thorsten

5 7

Ldap Add Fail
by karthikeyan.chetty＠wipro.com 21 Nov '08

21 Nov '08

Dear open-ldap Team, Currently we are using ldap Version-2.4.8 on our Fedora Core 9 machine. When we try to create a computer account using ldap-add with non admin user we are getting error "insufficientAccessRights". Please let us know how we can add computer account in Active Directory with non admin users?? Thanks in advance. S.Karthikeyan Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com

1 0

RE: Debugging a user authentication
by Adrian Marsh 21 Nov '08

21 Nov '08

All, I'm not sure if my questions here are getting through to the group (I don't see a copy to myself) I've diagnosed this issue. The user has a "£" (UK Pound) in his password. Remove it and everything authenticates OK. Are there settings in Apache/LDAP for controlling what characters can be used as passwords? Adrian ________________________________ From: Adrian Marsh Sent: 14 November 2008 11:49 To: 'openldap-technical(a)openldap.org' Subject: Debugging a user authentication Hi All, Using Apache 2.2, how do I debug the LDAP lookups being made to a 2003 Domain Controller. Ive one user whos failing to authenticate, but all my other users do and Im trying to see who. He authenticates ok, same password via other mechanisms to the DC, but just not via the Apache LDAP lookup. I'm an LDAP novice so am looking for names of debug tools/methods etc. Thanks, Adrian

5 11

Delta-sync symptom in 2.4.11
by William Jojo 20 Nov '08

20 Nov '08

Running 2.4.11 on AIX 5.3, I have setup a delta-syncrepl test with bdb (not hdb). Now the software passes test043, but when I setup the first copy from the master, the following happened: The master is populated with 62485 dn's. When the replica was started it sync'ed 29786 dn's. I had to stop the replica and restart it to make the sync move along (several times...). second sync pulls 15858 dn's third sync pulls 4428 dn's forth sync pulls nothing, but the replica has only 50072 dn's and does not sync further. Is does not appear to be an ACL issue since the replicator account has read access to * on the master. Otherwise this is just like test043, except or the missing dn's. :-) Any ideas? Cheers, Bill

2 1

import LDIF file from openldap to redhat directory server
by revathi ganesh 20 Nov '08

20 Nov '08

Dear gurus I have installed redhat directory server in a new server. The OS is RHEL V5. We already are running openldap in RHEL V4. Now how can I import the all the datas (user accounts) from openldap to RHDS. Please give me the procedure. Thanks Cholam20 From Chandigarh to Chennai - find friends all over India. Go to http://in.promos.yahoo.com/groups/citygroups/

2 1

RE: cont contact server since 3 days+please help
by Burton, Kris - Acision 20 Nov '08

20 Nov '08

>From the results below it looks like your server is not even coming up. This would explain why you are not able to search or add entries. Next thing to look at is to see if you are getting any useful information in the slapd.log. This should be in /var/log/slapd.log. If you don't know where it is located then try using the locate command I think ubuntu should have that or something equivalent. If you don't find one then you might need to enable the log in /etc/syslog.conf. I use RH so I assume something similar is available on ubuntu. I added the list back to the CC so others that might know more about ubuntu specifics can help and so they can assist you as well. --Kris ________________________________ From: Donny George [mailto:donny008@gmail.com] Sent: Wednesday, November 19, 2008 3:13 PM To: Burton, Kris - Acision Subject: Re: cont contact server since 3 days+please help hello kris this are the results that i get when i try to listen , guess this is not wat u were expecting root@ubuntu:/home/administrator# ps -eaf | grep slapd root 14183 14172 0 22:07 pts/0 00:00:00 grep slapd root@ubuntu:/home/administrator# netstat -na | grep 389 root@ubuntu:/home/administrator# telnet 10.4.139.5<http://10.4.139.5> 389 Trying 10.4.139.5... telnet: Unable to connect to remote host: Connection refused i tried the earlier steps like ldapsearch -d 255 after reading different forums of ldap but please dont misunderstand me to be an expert in openldap could you tell me how to establish the connectivity or where did i go wrong thanking you don On Wed, Nov 19, 2008 at 10:16 AM, Burton, Kris - Acision <kris.burton(a)acision.com<mailto:kris.burton@acision.com>> wrote: Have you on the server side verified that LDAP is up and listening on the proper port? ps -eaf | grep slapd netstat -na | grep 389 tcp 0 0 0.0.0.0:389<http://0.0.0.0:389> 0.0.0.0:* LISTEN If the above come back and indicate it is up and listening see if you can telnet to the <ip> 389 and get something back. Also you could check to see if you are getting errors on server startup by checking the slapd.log on the server side and see if it is reporting any errors. If you are using the command line search are you specifying the remote server using the -h option? Most of the errors seem to indicate there is nothing listening on the server to handle the search request. --Kris Burton ________________________________ From: openldap-technical-bounces+kris.burton=acision.com<http://acision.com>@OpenLDAP.org [mailto:openldap-technical-bounces+kris.burton<mailto:openldap-technical-bounces%2Bkris.burton>=acision.com<http://acision.com>@OpenLDAP.org] On Behalf Of Donny George Sent: Wednesday, November 19, 2008 8:47 AM To: openldap-technical(a)openldap.org<mailto:openldap-technical@openldap.org> Subject: cont contact server since 3 days+please help hello all i am a beginner with openldap and installed a server and a client with ldap(both machines ubuntu 8.04) but once i tried to populate the database at the server it gave the error that it couldnt contact the server. i cudnt connect to the server frmo the client either. i ran the command ldapsearch -d 255 to debug and heres the result ldap_create ldap_pvt_sasl_getmech ldap_search put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" ldap_build_search_req ATTRS: supportedSASLMechanisms ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 10.4.139.5:389<http://10.4.139.5:389> ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.4.139.5:389<http://10.4.139.5:389> ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_close_socket: 3 ldap_err2string ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) and if i run ldapsearch -x it gives the message ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) please someone help, i dont know where i cud start to solve this error. -- Donny George This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -- Donny George This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

3 3

Data sync tools
by Bad Guy 20 Nov '08

20 Nov '08

Dear all, We are running a multi-master openldap 2.4.11, we always get delay sync in some servers. Is there any way to do a periodic re-sync without restarting the openldap slapd daemon ? Thanks _________________________________________________________________ 5 GB 超大容量、創新便捷、安全防護垃圾郵件和病毒 — 立即升級 Windows Live Hotmail http://mail.live.com

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical