openldap-technical

openldap-technical@openldap.org

9 participants
9902 discussions

ldap utils: option dropped
by A. Schulze 04 Aug '21

04 Aug '21

Hello, in openldap-2.5.6, ldapsearch no longer understand '-h' to specify an LDAP server. '-H' must be uses now everywhere. Yes, it makes sense, but it break some things here. So I read https://www.openldap.org/doc/admin25/appendix-changes.html and https://www.openldap.org/doc/admin25/appendix-upgrading.html but did not found documentation for this change. I hoped to find also information about other potential changes to plan the 2.4 -> 2.5 migration. Are there other places I may search for documentation? Andreas

2 1

Generating a memberOf attribute for posixGroups (dynlist module)
by Eduardo Lúcio Amorim Costa 03 Aug '21

03 Aug '21

According to this post http://blog.oddbit.com/post/2013-07-22-generating-a-membero/ it is possible to use a strategy for generating a memberOf attribute for posixGroups (dynlist module). This need arose for a legacy OpenLDAP LDAP and with several applications using it. So, this seems to me the best solution to be able to use the memberOf as a filter. NOTE: Complete information about the problem here https://stackoverflow.com/questions/68583838/ldap-add-a-filter-to-an-ldap-u… ). *QUESTION:* Has anyone tested/used the procedure in the post http://blog.oddbit.com/post/2013-07-22-generating-a-membero/ ? Ie, generating a memberOf attribute for posixGroups (dynlist module)? What I have for group OU and user OU is what goes below... *GROUP* ``` cn: accessgroup gidNumber: 1004 memberUid: usera userb userc userd usere userf userg userh useri objectClass: top posixGroup ``` *USERS* ``` cn: User Letter A gecos: User Letter A gender: M gidNumber: 544 givenName: User gotoLastSystemLogin: 01.01.1970 00:00:00 homeDirectory: /home/usera loginShell: /bin/bash mail: user.letter.a(a)domain.abc.de objectClass: top person organizationalPerson inetOrgPerson gosaAccount posixAccount shadowAccount sambaSamAccount [...] uid: usera uidNumber: 1004 [...] ``` *Thanks! =D* -- *Eduardo Lúcio* Tecnologia, Desenvolvimento e Software Livre LightBase Consultoria em Software Público eduardo.lucio(a)lightbase.com.br <eduardo.lucio(a)LightBase.com.br> *+55-61-3347-1949* - http://brlight.org <eduardo.lucio(a)LightBase.com.br> - *Brasil-DF* *Software livre! Abrace essa idéia! * *"Aqueles que negam liberdade aos outros não a merecem para si mesmos."* *Abraham Lincoln*

3 5

Re: Generating a memberOf attribute for posixGroups (dynlist module)
by Eduardo Lúcio Amorim Costa 30 Jul '21

30 Jul '21

Hi people! My version is the one below... ``` [root@ldap_provider ~]# slapd -VV @(#) $OpenLDAP: slapd 2.4.44 (Apr 28 2021 13:32:00) $ mockbuild(a)x86-02.bsys.centos.org: /builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd ``` ...anything else you can tell us? PLUS: Is this procedure safe? Have you ever used it? []'s Em sex., 30 de jul. de 2021 às 13:37, Quanah Gibson-Mount <quanah(a)symas.com> escreveu: > > > --On Friday, July 30, 2021 2:30 PM -0300 Eduardo Lúcio Amorim Costa > <eduardolucioac(a)gmail.com> wrote: > > > > > > > According to this post > > http://blog.oddbit.com/post/2013-07-22-generating-a-membero/ it is > > possible to use a strategy for generating a memberOf attribute for > > posixGroups (dynlist module). > > > > This need arose for a legacy OpenLDAP LDAP and with several applications > > using it. > > > > So, this seems to me the best solution to be able to use the memberOf as > > a filter. > > You want OpenLDAP 2.5's version of dynlist. > > Regards, > Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > -- *Eduardo Lúcio* Tecnologia, Desenvolvimento e Software Livre LightBase Consultoria em Software Público eduardo.lucio(a)lightbase.com.br <eduardo.lucio(a)LightBase.com.br> *+55-61-3347-1949* - http://brlight.org <eduardo.lucio(a)LightBase.com.br> - *Brasil-DF* *Software livre! Abrace essa idéia! * *"Aqueles que negam liberdade aos outros não a merecem para si mesmos."* *Abraham Lincoln*

2 2

Configure openldap 2.5.6 on CentOS7 with TLS
by Scott Classen 30 Jul '21

30 Jul '21

Hello, I’m making some progress with building 2.5.6 on my CentOS 7 machine, but I am stuck getting TLS support First I installed openssl version 1.1.1 from the epel repository: sudo yum install openssl11.x86_64 sudo yum install openssl11-devel.x86_64 sudo yum install openssl11-libs.x86_64 sudo yum install openssl11-static.x86_64 Then download and configure openldap: wget https://www.openldap.org/software/download/OpenLDAP/openldap-release/openld… tar zxvf openldap-2.5.6.tgz cd openldap-2.5.6/ CPPFLAGS=-I/usr/include/openssl11 export CPPFLAGS ./configure --with-tls=openssl [snip] checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking for SSL_export_keying_material_early in -lssl... no configure: error: Could not locate TLS/SSL package Any idea how I might get past this? I can configure, make depend, and make if I don’t specify the "--with-tls=openssl” option, but my understanding was that TLS was essential for OpenLDAP. Thanks, Scott

3 3

Re: Much Higher Latency With Paged Results Asked
by Romain Madala 28 Jul '21

28 Jul '21

Hi, I'm trying to understand what I can do to reduce the time needed by slapd to answer one simple query even though using the paging response option. When I do my request without pr switch it takes 5 ms, but if i do use the option it's around 105ms. Question is why ? And how I can get back to 5 ms when using the option ? Thanks Le mer. 28 juil. 2021 à 21:10, Quanah Gibson-Mount <quanah(a)symas.com> a écrit : > > > --On Tuesday, July 27, 2021 8:13 PM +0200 Romain Madala > <romain.madala(a)gmail.com> wrote: > > > Please provide additional details of the issue. > > Thanks, but you didn't answer the above. > > Regards, > Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

2 1

Re: Much Higher Latency With Paged Results Asked
by Romain Madala 28 Jul '21

28 Jul '21

Hi, I'm using "Ubuntu 20.04.2 LTS" slapd is : apt-cache policy slapd slapd: Installed: 2.4.49+dfsg-2ubuntu1.8 My DB backend is olcDatabase={1}mdb.ldif, If you need further details, please provide me with the commands because I'm quite a newbie. Thanks in advance, Le mar. 27 juil. 2021 à 17:00, Quanah Gibson-Mount <quanah(a)symas.com> a écrit : > > > --On Tuesday, July 27, 2021 1:50 PM +0000 romain.madala(a)gmail.com wrote: > > > Hi, > > > > Is there anyone who could help me to figure out this behaviour ? > > What release of OpenLDAP are you running? What database backend are you > using? Please provide additional details of the issue. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

2 1

Re: OpenLDAP 2.5.6 available
by Michael Ströder 27 Jul '21

27 Jul '21

On 7/27/21 8:31 PM, project(a)openldap.org wrote: > OpenLDAP 2.5.6 is now available As usual you can find packages for several openSUSE/SLE versions in this OBS project: https://build.opensuse.org/project/show/home:stroeder:openldap25 Feedback welcome! Notes: - The packages are still considered experimental and not tested in production. This is not a statement about OpenLDAP 2.5.6 itself. - This is my private work not related to the OpenLDAP nor the openSUSE projects => blame me if something looks wrong with the packaging. - If unsure install openldap-ms, not openldap2. This uses a separate prefix /opt/openldap-ms. Ciao, Michael.

1 0

Much Higher Latency With Paged Results Asked
by Romain Madala 27 Jul '21

27 Jul '21

Hi, Could someone explain to me why I get ~100 ms latency when I query with a *-E pr=500* option while it usually takes 5 ms if I query the same without the option ? Question is raised because I use a solution which unfortunately query with the option even though there is no real need to do so, and can make up to 100K requests in a row, So eventually with a 100 ms latency x 100 k request, the global wait time can get very ugly. Thanks in advance,

3 2

adding a new module smbkrb5pwd - error missingAttributeDescription
by Heinemann, Peter G 23 Jul '21

23 Jul '21

Hello, Using: openldap 2.4.58 RHEL 8 I'm attempting to add a new module, smbkrb5pwd (because we use MIT Kerberos). Compiled and linked under the full openldap2.4.58 source tree per instructions (README and here https://github.com/opinsys/smbkrb5pwd) ldapadd is failing, the log shows: conn=19701 op=1 ADD dn="cn=module{0},cn=config" Jul 22 12:15:58 slapd[605702]: lt_dlopenext failed: (smbkrb5pwd.so) file not found Jul 22 12:15:58 slapd[605702]: conn=19701 op=1 RESULT tag=105 err=80 text=<olcModuleLoad> handler exit Using this ldif: dn: cn=module{0},cn=config objectClass: olcModuleList cn: module olcModulepath: /etc/openldap/smbkrb5pwd olcModuleload: {0}smbkrb5pwd.so I've tried olcModuleload with the full path, or olcModulepath with just the module name and still get the lt_dlopenext The directory and files are visible: ll /etc/openldap/smbkrb5pwd/smbkrb5pwd.* -rw-r--r--. 1 ldap ldap 145638 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.a -rw-r--r--. 1 ldap ldap 888 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.la -rw-r--r--. 1 ldap ldap 889 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.lai -rw-r--r--. 1 ldap ldap 146720 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.o lrwxrwxrwx. 1 root root 19 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.so -> smbkrb5pwd.so.0.0.1 lrwxrwxrwx. 1 root root 19 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.so.0 -> smbkrb5pwd.so.0.0.1 -rwxr-xr-x. 1 ldap ldap 97624 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.so.0.0.1 Thanks for any guidance as to what I've missed in the setup. Peter

4 4

RE25 testing call #1 (OpenLDAP 2.5.6)
by Quanah Gibson-Mount 22 Jul '21

22 Jul '21

This is the first testing call for OpenLDAP 2.5.6. Depending on the results, this may be the only testing call. Generally, get the code for RE25: <https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_5/o…> Extract, configure, and build. Execute the test suite (via make test) after it is built. Optionally, cd tests && make its to run through the regression suite. Thanks! OpenLDAP 2.5.6 Engineering Fixed libldap buffer overflow (ITS#9578) Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590) Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747) Fixed slapd multiple config defaults (ITS#9363) Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603) Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608) Build Fixed library symbol versioning on Solaris (ITS#9591) Fixed compile warning in libldap/tpool.c (ITS#9601) Fixed compile wraning in libldap/tls_o.c (ITS#9602) Contrib Fixed ppm module for sysconfdir (ITS#7832) Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical