openldap-technical

openldap-technical@openldap.org

9897 discussions

Re: Much Higher Latency With Paged Results Asked
by Romain Madala 28 Jul '21

28 Jul '21

Hi, I'm using "Ubuntu 20.04.2 LTS" slapd is : apt-cache policy slapd slapd: Installed: 2.4.49+dfsg-2ubuntu1.8 My DB backend is olcDatabase={1}mdb.ldif, If you need further details, please provide me with the commands because I'm quite a newbie. Thanks in advance, Le mar. 27 juil. 2021 à 17:00, Quanah Gibson-Mount <quanah(a)symas.com> a écrit : > > > --On Tuesday, July 27, 2021 1:50 PM +0000 romain.madala(a)gmail.com wrote: > > > Hi, > > > > Is there anyone who could help me to figure out this behaviour ? > > What release of OpenLDAP are you running? What database backend are you > using? Please provide additional details of the issue. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

2 1

Re: OpenLDAP 2.5.6 available
by Michael Ströder 27 Jul '21

27 Jul '21

On 7/27/21 8:31 PM, project(a)openldap.org wrote: > OpenLDAP 2.5.6 is now available As usual you can find packages for several openSUSE/SLE versions in this OBS project: https://build.opensuse.org/project/show/home:stroeder:openldap25 Feedback welcome! Notes: - The packages are still considered experimental and not tested in production. This is not a statement about OpenLDAP 2.5.6 itself. - This is my private work not related to the OpenLDAP nor the openSUSE projects => blame me if something looks wrong with the packaging. - If unsure install openldap-ms, not openldap2. This uses a separate prefix /opt/openldap-ms. Ciao, Michael.

1 0

Much Higher Latency With Paged Results Asked
by Romain Madala 27 Jul '21

27 Jul '21

Hi, Could someone explain to me why I get ~100 ms latency when I query with a *-E pr=500* option while it usually takes 5 ms if I query the same without the option ? Question is raised because I use a solution which unfortunately query with the option even though there is no real need to do so, and can make up to 100K requests in a row, So eventually with a 100 ms latency x 100 k request, the global wait time can get very ugly. Thanks in advance,

3 2

adding a new module smbkrb5pwd - error missingAttributeDescription
by Heinemann, Peter G 23 Jul '21

23 Jul '21

Hello, Using: openldap 2.4.58 RHEL 8 I'm attempting to add a new module, smbkrb5pwd (because we use MIT Kerberos). Compiled and linked under the full openldap2.4.58 source tree per instructions (README and here https://github.com/opinsys/smbkrb5pwd) ldapadd is failing, the log shows: conn=19701 op=1 ADD dn="cn=module{0},cn=config" Jul 22 12:15:58 slapd[605702]: lt_dlopenext failed: (smbkrb5pwd.so) file not found Jul 22 12:15:58 slapd[605702]: conn=19701 op=1 RESULT tag=105 err=80 text=<olcModuleLoad> handler exit Using this ldif: dn: cn=module{0},cn=config objectClass: olcModuleList cn: module olcModulepath: /etc/openldap/smbkrb5pwd olcModuleload: {0}smbkrb5pwd.so I've tried olcModuleload with the full path, or olcModulepath with just the module name and still get the lt_dlopenext The directory and files are visible: ll /etc/openldap/smbkrb5pwd/smbkrb5pwd.* -rw-r--r--. 1 ldap ldap 145638 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.a -rw-r--r--. 1 ldap ldap 888 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.la -rw-r--r--. 1 ldap ldap 889 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.lai -rw-r--r--. 1 ldap ldap 146720 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.o lrwxrwxrwx. 1 root root 19 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.so -> smbkrb5pwd.so.0.0.1 lrwxrwxrwx. 1 root root 19 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.so.0 -> smbkrb5pwd.so.0.0.1 -rwxr-xr-x. 1 ldap ldap 97624 Jul 22 12:13 /etc/openldap/smbkrb5pwd/smbkrb5pwd.so.0.0.1 Thanks for any guidance as to what I've missed in the setup. Peter

4 4

RE25 testing call #1 (OpenLDAP 2.5.6)
by Quanah Gibson-Mount 22 Jul '21

22 Jul '21

This is the first testing call for OpenLDAP 2.5.6. Depending on the results, this may be the only testing call. Generally, get the code for RE25: <https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_5/o…> Extract, configure, and build. Execute the test suite (via make test) after it is built. Optionally, cd tests && make its to run through the regression suite. Thanks! OpenLDAP 2.5.6 Engineering Fixed libldap buffer overflow (ITS#9578) Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590) Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747) Fixed slapd multiple config defaults (ITS#9363) Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603) Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608) Build Fixed library symbol versioning on Solaris (ITS#9591) Fixed compile warning in libldap/tpool.c (ITS#9601) Fixed compile wraning in libldap/tls_o.c (ITS#9602) Contrib Fixed ppm module for sysconfdir (ITS#7832) Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 1

Replacing memberof with dynlist
by j.vandeville＠gmail.com 16 Jul '21

16 Jul '21

Hello, Apologies for my bad English, it's not my native langage I'm toying with openldap 2.5.5 and the dynlist overlay to replace the memberof overlay (since it's the recommanded way to manage the memberof attribute in a replicate environnement). My configuration for the dynlist overlay is like this : overlay dynlist dynlist-attrset groupOfURLs memberURL memberOf If I create a group like this : dn: cn=GroupB,ou=Groups,dc=appartement,dc=me objectClass: posixGroup objectClass: top objectClass: groupOfNames cn: GroupB member: uid=bob,ou=Users,dc=appartement,dc=me gidNumber: 14056 and a user like this : dn: uid=bob,ou=Users,dc=appartement,dc=me objectClass: posixAccount objectClass: top objectClass: inetOrgPerson objectClass: shadowAccount objectClass: groupOfURLs [...Attributes omitted for clarity...] givenName: bob sn: bob displayName: bob uid: bob memberURL: ldap:///ou=Groups,dc=appartement,dc=me??sub?(member=uid=bob,ou=Users,dc=appartement,dc=me) everything works fine, the memberof attribute is generate on the fly if I request it in the search My "issue" is that my LDAP Client is not capable of creating a posix account with the objectclass groupOfURLs or the memberURL attribute... So when I create a new user, I need to manually edit the user in the database to add the objectclass groupOfURLs and the memberURL, which is very tedious. Is there a way for openldap to dynamically add theses attributes when a new user is created ? For exemple, my LDAP client send an "Addrequest" with the following attributes : dn: uid=leon,ou=Users,dc=appartement,dc=me objectClass: posixAccount objectClass: top objectClass: inetOrgPerson objectClass: shadowAccount [...Attributes omitted for clarity...] givenName: leon sn: leon displayName: leon uid: leon openldap intercept the request, add the following attributes : objectClass: groupOfURLs memberURL: ldap:///ou=Groups,dc=appartement,dc=me??sub?(member=uid=bob,ou=Users,dc=appartement,dc=me) and then write the new entry in the database. Is that possible ? I looked at slapo-rwm but I'm not sure if this overlay can add attributes... Thanks !

2 2

Re: Symas OpenLDAP for Linux 2.5
by Dave Macias 15 Jul '21

15 Jul '21

> > Yes, although we haven't yet announced it since it's still a WIP. > I see. So if I understand correctly, the 2.5 release is good to go, but the packaged (rpm/deb/etc) files are still WIP? Best, Dave

2 1

Re: Symas OpenLDAP for Linux 2.5
by Dave Macias 14 Jul '21

14 Jul '21

Looking at: https://repo.symas.com/sofl/ They mention 2.4.59.1 But looks like the baseurl for 2.5 is now: https://repo.symas.com/repo/rpm/SOLDAP/release25/ Yes? Thanks, Dave On Wed, Jul 14, 2021 at 11:19 AM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Tuesday, July 13, 2021 5:37 PM -0700 "Paul B. Henson" <henson(a)acm.org> > > wrote: > > > We're currently using the RHEL8 sofl repo, which currently has version > > 2.4.59.1 available. Our management wants to start doing automatic > > updates to the latest patches for security compliance reasons. This > > isn't an issue with the native RHEL repos as they generally never > > release major updates or incompatible packages. > > > > I wanted to check though how the release of openldap 2.5 via sofl is > > going to be handled. Is it just going to show up one day in the existing > > repo such that it would automatically get upgraded to, or is it going to > > be a different package name or a new repo that will require manual > > intervention in order to upgrade? > > Symas OpenLDAP packages for 2.5 will be an entirely different beast. > > Regards, > Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

2 1

Symas OpenLDAP for Linux 2.5
by Paul B. Henson 14 Jul '21

14 Jul '21

We're currently using the RHEL8 sofl repo, which currently has version 2.4.59.1 available. Our management wants to start doing automatic updates to the latest patches for security compliance reasons. This isn't an issue with the native RHEL repos as they generally never release major updates or incompatible packages. I wanted to check though how the release of openldap 2.5 via sofl is going to be handled. Is it just going to show up one day in the existing repo such that it would automatically get upgraded to, or is it going to be a different package name or a new repo that will require manual intervention in order to upgrade? Thanks...

2 1

password complexity controls and gecos
by kevin martin 08 Jul '21

08 Jul '21

using ppolicy and a Default User Policy, along with ppm, I achieve the ability to control password length, password history, and complexity in as much as I can regulate that users must include numbers/special characters/letters (upper and lower case). However, what I can't find a way to add to this is to have the gecos field be checked against the password being submitted during a change to verify that a users userid and/or first or last names aren't part of the password. Is this possible in openldap? --- Regards, Kevin Martin

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical