openldap-technical

openldap-technical@openldap.org

12 participants
9935 discussions

how to solve invalid structural object class chain
by owen nirvana 18 Dec '08

18 Dec '08

I try to a entry like this: cn = .. ,dc=..,dc=..,dc=..,dc=.. cn = .. objectClass: person objectClass: inetOrgPerson objectClass: organizatinoalRole objectClass: device objectClass: pkiUser roleOccupant: ... employeeNumber : .. userCertificate;binary :: BASE64 Encode icSerilNumber: .. tel: ... fax: ... telex: .. log reports " invalid structural object class chain in organizatinoalRole/Person or organizatinoalRole/inetOrgPerson etc" I try many combination about the order of person ,inetOrgPerson and organizatinoalRole, and the same error was reported. thanks for help gtalk:freeespeech@gmail.com

1 0

Unix id command and Openldap
by okossuth＠antel.com.uy 18 Dec '08

18 Dec '08

Hi Does the id command works with a system using OPENLDAP authentication ? I have implemented a server with openldap 2.4 and several clients use this system to authenticate users, and works fine except that when I do a "id user" on a client it only gives me the information of the primary group which the user belongs to and not of the suplementary groups that he is also a member of in the LDAP server... any ideas?? Saludos, Oskar Kossuth Administrador UNIX ANTEL Telecomunicaciones El presente correo y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo anexando este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender immediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that is not the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy.

4 9

Solaris 10 LDAP Password issue
by John Gee 18 Dec '08

18 Dec '08

Hello Community, i have a problem with Solaris 10 LDAP password encryption to a OpenLDAP Server. When setting a inital Password with ldapadd login works fine, after the user changed inital Password on a Solaris-Station with 'passwd -r ldap' Solaris commited it with 'password successfully changed for john'. But the user cant login with the new Password. 1) Setting initial Password with ldapadd (Password: 8ASdhXY!Xy) version: 1 dn: uid=john,ou=people,ou=unix,o=kleinfeld,c=ch userPassword: {MD5}khVDRrTSYMHjTw7V6VEZwg== 2) User Login and change password with 'passwd -r ldap' (Password: 9DnxSF!dKS) version: 1 dn: uid=john,ou=people,ou=unix,o=kleinfeld,c=ch userPassword: {crypt}0vUAwIdPR4X2E Has someone a idea whats going wrong? I cant track down this problem. --( nsswitch.conf )--- passwd: compat passwd_compat: files ldap group: files ldap shadow_compat files ldap --( pam.conf )--- login auth sufficient pam_unix_auth.so.1 login auth required pam_ldap.so.1 rlogin auth sufficient pam_unix_auth.so.1 rlogin auth required pam_ldap.so.1 other auth sufficient pam_unix_auth.so.1 other auth required pam_ldap.so.1 --( /etc/security/policy.conf )--- CRYPT_ALGORITHMS_ALLOW=1,2a,md5 CRYPT_DEFAULT=__unix__ Regards John

2 2

Openldap 2.3.39 Solaris 9 (maybe memory leaks).
by Andrea Cirulli 18 Dec '08

18 Dec '08

Hi all, we are experiencing a lot of problems with openldap 2.3.39 on Solaris 9. We have the following set: 1- One producer Solaris 9 openldap 2.3.39 2- 19 Consumer, synchronized with the producer through syncrepl, Solaris 9 openldap 2.3.39 3- We manage the authentication on 2000 systems , almost equally distributed on the 20 ldap server The producer is often going down, each hour and less during the day. We noticed that every time the Producer is going down the virtual memory used is bigger than 3,8 Gb and the RSS (resident set size) is bigger than 2,1 Gb. This is a snapshot of prstat when openldap is about of crashing: PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 1965 root 3873M 2179M sleep 60 0 0:41:40 0.5% slapd/27. The openldap is compiled in this way: ./configure --enable-bdb --enable-ppolicy --with-tls If these informations are not enough, I could provide other informations. It seems that there is a memory leak. P.S: We are using these systems since 2,5 years, the number of the managment systems is always growing up. We have this problem since 2 weeks. -- Andrea Cirulli

2 1

N-Way Multi-Master replication - delete problem
by Adrien Futschik 18 Dec '08

18 Dec '08

I'm testing N-Way Multi-Master replication with OpenLDAP 2.411. I have setup 2 Masters (m1 & m2) starting form test050-syncrepl-multimaster and modifying it. Every thing seems to work fine except deleting entries. Let me explain. case 1 : . When I add an entry on m1 it is successfully replicated on m2. . When I try to delete this entry on m1, it is successfully removed from m1, but not replicated on m2. . When, I try to delete this entry on m2, it is successfully removed from m2 & m1. case 2 : . When I add an entry on m2 it is successfully replicated on m1. . When I try to delete this entry on m2, it is successfully removed from m2, but not replicated on m1. . When, I try to delete this entry on m1, it is successfully removed from m1 & m2. I don't have the same problem when I delete an attribute or update an entry. Is this normal ? Adrien Futschik

2 1

Re: Versioning entries in the DIT
by Lorenzo Pastrana 18 Dec '08

18 Dec '08

On Wed, 2008-12-17 at 23:47 -0800, Howard Chu wrote: > ere's no standard or transparent way to do this. The most > straightforward > approach is to use a multi-valued RDN for your entries, e.g. instead > of > cn=foo,o=example > use > cn=foo+id=1,o=example > cn=foo+id=2,o=example > and so on. That makes sense ... > Except of course, that you can no longer reference entries without > knowing > their version number. Well if i consider a 'HEAD' entry (without a number) all others are old versions. And that would be also ok for me. Thanks for the tip. LP Lorenzo Pastrana - Happy End Vision -------------------------- Design web Conception multimédia Communication visuelle et édition -------------------------- Tél. : 01 42 47 83 09 Fax : 01 47 70 70 19 E-mail : lorenzo.pastrana(a)happyend.fr

1 0

RE: slapd won't run as service
by Quanah Gibson-Mount 16 Dec '08

16 Dec '08

--On Tuesday, December 16, 2008 9:22 PM -0800 Eddie Grenier <edo(a)edwaa.com> wrote: > set_lg_dir /usr/local/var/openldap-logs > ----------------------------------------------------- > > Admittedly, I know very little about these configuration options. I set > these parameters after finding a "suggested" DB_CONFIG file on the > internet. > > Any help is much appreciated! First, I would suggest you keep your replies on the list, so other people can gain knowledge too. Second, it clearly notes it stores the log files in /usr/local/var/openldap-logs. I'm guessing the slapd user can't access that location. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

2 1

Floating point numbers in ldap
by Lorenzo Pastrana 16 Dec '08

16 Dec '08

I can't find any mentions of floating point/real data types in ldap attributes syntax, I've been reading the laconic 'Numeric Sting' specifications : 6.23. Numeric String ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) The encoding of a string in this syntax is the string value itself. Example: 1997 Would this work ok (matching & ordering) with a 1.997 value ? If not, how do I get ldap to match and order floating point scalars ? Thanks. Lo. Lorenzo Pastrana - Happy End Vision -------------------------- Design web Conception multimédia Communication visuelle et édition -------------------------- Tél. : 01 42 47 83 09 Fax : 01 47 70 70 19 E-mail : lorenzo.pastrana(a)happyend.fr

2 4

ldap user not visible in home directory
by Donny George 16 Dec '08

16 Dec '08

Hello I have set up a ldap and used LAM to populate the database. though i can see the user created both on the server and the client , i cant see the users home directory I am also not able to use the command id username is this specifically because i committed some error in the config file or would it be something other major mistake ? somehow i cant figure out the mistake -- Donny George

1 0

slapd won't run as service
by Eddie Grenier 15 Dec '08

15 Dec '08

I've installed, configured and run OpenLDAP on my server. However, if I try to run it as a service using "service ldap start" it doesn't run. Also, the configuration file step returns "OK" as does the starting slapd step. I've narrowed it down to the fact that if slapd is run as user root things work just fine. I've already done "chown -R ldap:ldap /var/lib/ldap" but that doesn't seem to help. Here is the output I see when trying to run as user ldap: slapd startup: initiated. bdb_db_open: dc=edwaa,dc=com bdb_db_open: dbenv_open(/var/lib/ldap) bdb(dc=edwaa,dc=com): Invalid log file: log.0000000001: No such file or directory bdb(dc=edwaa,dc=com): PANIC: No such file or directory bdb(dc=edwaa,dc=com): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery bdb_db_open: dbenv_open failed: DB_RUNRECOVERY: Fatal error, run database recovery (-30978) backend_startup: bi_db_open(0) failed! (-30978) slapd shutdown: initiated ====> bdb_cache_release_all bdb(dc=edwaa,dc=com): DB_ENV->lock_id_free interface requires an environment configured for the locking subsystem slapd shutdown: freeing system resources. bdb(dc=edwaa,dc=com): txn_checkpoint interface requires an environment configured for the transaction subsystem bdb_db_destroy: txn_checkpoint failed: Invalid argument (22) slapd stopped. connections_destroy: nothing to destroy. Any ideas would be much appreciated!

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical