openldap-technical

openldap-technical@openldap.org

9 participants
9868 discussions

How to generate access logs
by Luciano Andre Baramarchi 27 Aug '08

27 Aug '08

Hi, I'm using OpenLDAP with HP-UX and LDAP-UX (HP product) to integrate users and passwords with NSS. The integration works fine but, sometimes the system lost the username when I run "id" command. In contact with HP support, they suspect that the problem is in OpenLDAP server. I need to generate a log of the all access to LDAP server to validate if the problem occurs because the server don't respond or the client don't query the server Is possible to generate this log? How? Thanks a lot. PS.: Sorry ... I'm brasilian and my english needs to improve ... --------------------------------------------- Luciano A. Baramarchi Multitask Consultoria luciano(a)multitasknet.com.br 47 9911 4484 ---------------------------------------------

1 0

How to import xml file
by İlker Aktuna (Koç.net) 27 Aug '08

27 Aug '08

Hi, I am a new OpenLDAP user. I wonder if there is an easy way of importing an XML file to OpenLDAP server. I've read on some forums that importing LDIF is possible but XML is not. If an XML importer is not available I am also willing to convert my XML file to LDIF but I don't know of a free XML to LDIF converter. Could you please help me ? Thanks, ilker _____________________________________________________________________________________________________________________________________________ Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez. This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence. _____________________________________________________________________________________________________________________________________________

2 1

Help Regarding Multi master replication
by piyush joshi 27 Aug '08

27 Aug '08

Dear All, I am configuring OpenLDAP with multi master replication. I have configured both server's slapd.conf file and as well as loaded syncprov module and following is the syncrepl configuration First LDAP Server IP - 192.168.1.8 Second LDAP Server IP - 192.168.1.12 On first server syncrepl rid=001 provider=ldap://192.168.1.12 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=***,dc=com" attrs=* bindmethod=simple binddn="cn=root,dc=***,dc=com" credentials=*** overlay syncprov syncprov-checkpoint 50 10 and on second server syncrepl rid=001 provider=ldap://192.168.1.8 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=***,dc=com" attrs=* bindmethod=simple binddn="cn=root,dc=***,dc=com" credentials=*** overlay syncprov syncprov-checkpoint 50 10 But Now I am unable to modify, add or delete any record so what is the proper solution to make it work . I need your support to make it work. Thanks Regards Piyush Joshi 9415414376

2 1

Re: RHEL 5 cannot authenticate thru ldap
by Santosh Balan 27 Aug '08

27 Aug '08

Hi, If you are using pam.d for authentication then i beleive that the below site is a very good reference material for installation. http://coewww.rutgers.edu/www1/linuxclass2003/lessons/lecture8.html I have referred to the above site and done for authentication and automounting a partition. Kindly refer and revert if it was of any support to you. Thanks and regards Santosh Balan +91-9819419509 (Open Source is the technology for future) > ----- Original Message ----- > From: "Dat Duong" <datduong2000(a)yahoo.com> > To: "Santosh Balan" <santosh.balan(a)linuxmail.org>, openldap-technical(a)openldap.org > Subject: Re: RHEL 5 cannot authenticate thru ldap > Date: Tue, 26 Aug 2008 07:55:03 -0700 (PDT) > > > Hi, > > Thanks for a quick respond. I did use the GUI within GNOME called > "Athentication". I think I'm using pam.d I haven't try to copy > anything yet. Also, I can't do the ldapsearch using -ZZ for TLS on > RHEL 5. However, I get some errors. I was able to do the ldapsearch > for -ZZ on Solaris. > > > thanks again, > > > > ----- Original Message ---- > From: Santosh Balan <santosh.balan(a)linuxmail.org> > To: Dat Duong <datduong2000(a)yahoo.com>; openldap-technical(a)openldap.org > Sent: Monday, August 25, 2008 10:05:01 PM > Subject: Re: RHEL 5 cannot authenticate thru ldap > > Hi, > > > From where r u taking data for authentication. Is it using pamd > > or creating a new ldap bdb or ldbm. > > Have u configured your client machine to connect to the ldap server > for authentication using system-config-authentication. > > In case you are using the pamd authentication module then you need > to copy the following files from /usr/share/doc/nss_ldap-253/pam.d/ > directory namely login, passwd, su, ssh to /etc/pam.d . > > Then u need to try to authenticate. > > Try googling through for the other method of authentication i.e. > using ldbm or bdb database. As scripts needs to be executed to load > your users data. > > Kindly check and revert. > > Thanks and Regards > Santosh Balan > +91-9819419509. > > > > > ----- Original Message ----- > > From: "Dat Duong" <datduong2000(a)yahoo.com> > > To: openldap-technical(a)openldap.org > > Subject: RHEL 5 cannot authenticate thru ldap > > Date: Mon, 25 Aug 2008 11:01:16 -0700 (PDT) > > > > > > Hi, > > > > I don't know what is the reason why i can't authenticate thru the > > ldap server from RHEL 5. I can do ldapsearch -x -LLL and it > > listed the data. Any help who be appreciated...thanks > > > > > > > > > > > > > > = > > > -- > Powered by Outblaze > > > > > = -- Powered by Outblaze

1 0

Re: RHEL 5 cannot authenticate thru ldap
by Dat Duong 26 Aug '08

26 Aug '08

Hi, Thanks for a quick respond. I did use the GUI within GNOME called "Athentication". I think I'm using pam.d I haven't try to copy anything yet. Also, I can't do the ldapsearch using -ZZ for TLS on RHEL 5. However, I get some errors. I was able to do the ldapsearch for -ZZ on Solaris. thanks again, ----- Original Message ---- From: Santosh Balan <santosh.balan(a)linuxmail.org> To: Dat Duong <datduong2000(a)yahoo.com>; openldap-technical(a)openldap.org Sent: Monday, August 25, 2008 10:05:01 PM Subject: Re: RHEL 5 cannot authenticate thru ldap Hi, >From where r u taking data for authentication. Is it using pamd or creating a new ldap bdb or ldbm. Have u configured your client machine to connect to the ldap server for authentication using system-config-authentication. In case you are using the pamd authentication module then you need to copy the following files from /usr/share/doc/nss_ldap-253/pam.d/ directory namely login, passwd, su, ssh to /etc/pam.d . Then u need to try to authenticate. Try googling through for the other method of authentication i.e. using ldbm or bdb database. As scripts needs to be executed to load your users data. Kindly check and revert. Thanks and Regards Santosh Balan +91-9819419509. > ----- Original Message ----- > From: "Dat Duong" <datduong2000(a)yahoo.com> > To: openldap-technical(a)openldap.org > Subject: RHEL 5 cannot authenticate thru ldap > Date: Mon, 25 Aug 2008 11:01:16 -0700 (PDT) > > > Hi, > > I don't know what is the reason why i can't authenticate thru the > ldap server from RHEL 5. I can do ldapsearch -x -LLL and it listed > the data. Any help who be appreciated...thanks > > > > > = -- Powered by Outblaze

1 0

RHEL 5 cannot authenticate thru ldap
by Dat Duong 26 Aug '08

26 Aug '08

Hi, I don't know what is the reason why i can't authenticate thru the ldap server from RHEL 5. I can do ldapsearch -x -LLL and it listed the data. Any help who be appreciated...thanks

2 1

Re: RHEL 5 cannot authenticate thru ldap
by Santosh Balan 26 Aug '08

26 Aug '08

Hi, >From where r u taking data for authentication. Is it using pamd or creating a new ldap bdb or ldbm. Have u configured your client machine to connect to the ldap server for authentication using system-config-authentication. In case you are using the pamd authentication module then you need to copy the following files from /usr/share/doc/nss_ldap-253/pam.d/ directory namely login, passwd, su, ssh to /etc/pam.d . Then u need to try to authenticate. Try googling through for the other method of authentication i.e. using ldbm or bdb database. As scripts needs to be executed to load your users data. Kindly check and revert. Thanks and Regards Santosh Balan +91-9819419509. > ----- Original Message ----- > From: "Dat Duong" <datduong2000(a)yahoo.com> > To: openldap-technical(a)openldap.org > Subject: RHEL 5 cannot authenticate thru ldap > Date: Mon, 25 Aug 2008 11:01:16 -0700 (PDT) > > > Hi, > > I don't know what is the reason why i can't authenticate thru the > ldap server from RHEL 5. I can do ldapsearch -x -LLL and it listed > the data. Any help who be appreciated...thanks > > > > > = -- Powered by Outblaze

1 0

Create new user via a user belonging to a specific group
by Stelios A. 24 Aug '08

24 Aug '08

Hello all, An example user in my LDAP structure is like: dn: cn=Full Name,ou=Users,dc=mydomain,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: person objectClass: organizationalPerson objectClass: top givenName: Full sn: Name cn: Full Name uid: fname userPassword: {MD5}HNtFsPRLE3okNNjVm6lmpw== uidNumber: 1004 gidNumber: 100 homeDirectory: /home/fname loginShell: /bin/bash mail: fname(a)mydomain.com This user is under group of IT where I want to give him access to add new entry into the OpenLDAP. I'm connecting to LDAP server via his details and phpldapadmin and trying to create a new user but I'm getting the following error: Error number: 0x13 (LDAP_CONSTRAINT_VIOLATION) Description: Some constraint would be violated by performing the action. This can happen when you try to add a second value to a single-valued attribute, for example. My ACL's in the master ldap server are: access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=com" write by dn="uid=syncrepl,ou=system,dc=mydomain,dc=com" write by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com" write by dn="uid=authenticate,ou=system,dc=mydomain,dc=com" read by anonymous auth by self write by * none access to attrs=givenName,sn,cn by group/groupOfUniqueNames/uniqueMember="cn=IT,ou=Groups,dc=mydomain,dc=com" write by self write by users auth by anonymous auth access to dn.base="" by * read access to * by dn="cn=admin,dc=mydomain,dc=com" write by group/groupOfUniqueNames/uniqueMember="cn=LDAP Admins,ou=Groups,dc=mydomain,dc=com" write by * read I'm also using in this file the overlay unique for attributes uid,mail and uidNumber in case that this has anything to do. Any help is much appreciated. Thanks

2 3

some attributes forbidden in a schema
by nicolas＠gibelin.fr 23 Aug '08

23 Aug '08

Hello, I have some troubles in the creation of a ldap schema. I would like something like that: attributetype ( eloOrganizationalUnitAttribute:7.30.2008.1.22 NAME 'street' DESC 'Cinema street' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE ) attributetype ( eloOrganizationalUnitAttribute:7.30.2008.1.23 NAME 'postalCode' DESC 'Cinema Zip code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE ) When I restart slapd, I have an error (but no output was produced) ans there is nothing niteresting in syslog. If I change the attributes' names (street -> cstreet, postalCode -> cpostalCode for instance), all works fine. I could keep my schema like that but it's not very beautiful. Do you know what's happen ? I have seen some schema over the net which use 'street' and 'postalCode' and without problems. I'm a bit jalous :) Thank you !

2 2

Re: Windows AD --> Linux/OpenLDAP
by Gustavo Mendes de Carvalho 23 Aug '08

23 Aug '08

Hi Janskey, You can try it using ldifde command, like this ldifde -f exportuserfile.ldif -s ServerName -d "dc=foo,dc=com " \ -r " (&(objectCategory=Person)(objectClass=User)(givenName=*)) " \ -l " CN,givenName,objectClass,sAMAccountName " If you have any doubt, try ldifde /? Regards > Date: Thu, 21 Aug 2008 06:32:58 -0700 (PDT) > From: janskey <janskey_boy(a)yahoo.com> > Subject: Windows AD --> Linux/OpenLDAP > To: openldap-technical(a)openldap.org > Message-ID: <543692.93491.qm(a)web51701.mail.re2.yahoo.com> > Content-Type: text/plain; charset="us-ascii" > > Hi All, > > I need advice on how I can migrate my AD to linux/OpenLDAP? > Currently we're using Windows 2003 evaluation and its going to expire. > > cheers, > > janskey --- Gustavo Mendes de Carvalho email: gmcarvalho(a)gmail.com

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical