openldap-technical

openldap-technical@openldap.org

5 participants
9899 discussions

LDAP Connection
by Manjunath Warad 17 Apr '08

17 Apr '08

Hi All, I have few queries on LDAP connection. I searched in the archieve but failed to get clarified. 1. Why LDAP server should terminate session if it fails to parse message. It can either send failure response or drop that particular message expecting a proper message from the client next time. Quote from RFC 4511 "If the server receives an LDAPMessage from the client in which the LDAPMessage SEQUENCE tag cannot be recognized, the messageID cannot be parsed, the tag of the protocolOp is not recognized as a request, or the encoding structures or lengths of data fields are found to be incorrect, then the server SHOULD return the Notice of Disconnection described in Section 4.4.1, with the resultCode set to protocolError, and MUST immediately terminate the LDAP session as described in Section 5.3." "and MUST immediately terminate the LDAP session as described in" 2. How it should be dealt with requests received by server while processing BIND request? Is it dropped or cached and processed later? RFC Quote "Similarly, servers SHOULD NOT process or respond to requests received while processing a BindRequest." regards, Manjunath **************************************************************************** *********** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

1 0

Nothing logged in the log file...
by Paul Lee 17 Apr '08

17 Apr '08

Dear sir, I am using openldap 2.4.8 and my compile option is : ./configure --enable-modules=yes --enable-ppolicy=yes --enable-overlays=yes --enable-syncprov=yes --with-cyrus-sasl --enable-wrappers My slapd.conf : loglevel any logfile /var/lib/ldap/ldap.log I start the openldap by following command : /usr/local/libexec/slapd -f /usr/local/etc/openldap/slapd.conf And then, I add some entries using java and check the log ldap.log, but the size is 0 bytes, nothing logged !!! Can anyone tell me what's wrong ? Thanks Confidential Communication - This e-mail (including any attachments) is confidential and may be legally privileged. If this e-mail has been sent to you by mistake please inform us by reply e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the information in it.

3 5

Replication failed using slapadd
by Paul Lee 17 Apr '08

17 Apr '08

Dear sir, I am using openldap 2.4.8 and config as 3 way masters, the slapd.connf is shown below : syncrepl rid=001 provider=ldap://202.245.193.128:389/ bindmethod=simple binddn="cn=Manager" credentials=secret searchbase="o=HKSARG" schemachecking=off type=refreshAndPersist attrs="*,+" retry="1 +" interval=00:00:01:00 syncrepl rid=002 provider=ldap://10.166.23.218:389/ bindmethod=simple binddn="cn=Manager" credentials=secret searchbase="o=HKSARG" schemachecking=off type=refreshAndPersist attrs="*,+" retry="1 +" interval=00:00:01:00 syncrepl rid=003 provider=ldap://10.0.1.34:389/ bindmethod=simple binddn="cn=Manager" credentials=secret searchbase="o=HKSARG" schemachecking=off type=refreshAndPersist attrs="*,+" retry="1 +" interval=00:00:01:00 Then, I startup 2 servers (rid= 002 and rid=003), I execute the command in sever 1 (i.e. rid=001) : slapadd -l import.ldif to import 3 entries to the ldap servers. Then, I startup server 1 (rid = 001) and use the command ldapsearch to retrieve the entries, find that all 3 entries are added in server 1, however, when I retrieve the records in server 2 and server 3, only the 1st record is added. Any idea of what's wrong ? Thanks Confidential Communication - This e-mail (including any attachments) is confidential and may be legally privileged. If this e-mail has been sent to you by mistake please inform us by reply e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the information in it.

1 0

Problem searching LDAP
by Nuno Manuel Martins 16 Apr '08

16 Apr '08

While trying to debug my problems with authentication I discovered the problem was with searching the LDAP entries. If I search my database by the CN field I get this output: ldapsearch -D "cn=manager,dc=example,dc=com" -x -W "cn=myuser" # myuser, Users, example.com dn: uid=myuser,o=Users,dc=example,dc=com uid: myuser cn: myUser objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 13789 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 10002 gidNumber: 10001 homeDirectory: /home/ldap/john gecos: myUser (LDAP) userPassword:: <stuff> It seems pretty normal to me and working. However, if I try to search with "uid=myuser" nothing is returned. What is more, if I instead search with "uid=myuser*" the entry is returned successfully, which tells me that somewhere on the LDAP structure I probably have a problem with strange characters. Is there a way to efficiently correct this or do I have to import everything again? Of course, I could be wrong in my assumption... anything else that could be causing this behaviour besides strange "invisible" characters on UID field? Thank you, Nuno

2 1

Help with ACLs
by David Clarke 16 Apr '08

16 Apr '08

Hello and apologies if I'm posting this in the wrong location. I'm trying to apply some security to my openldap repository and I'm struggling with how or even if I can express a particular constraint. I have an ou containing inetOrgPerson's and the person's "o" attribute is the string value of the organisation "o" to which the user belongs, e.g. "Some Company Ltd". e.g. dn=uid=12345679,ou=people,dc=thecompany,dc=co,dc=nz attr o=Some Company Ltd The organisation "Some Company Ltd" can have subsidiary organisations, specified by the "owner" attribute of the subsidiary having the "dn" of owner organisation. e.g. dn: o=Subsidiary Company Ltd,ou=organisations,dc=thecompany,dc=co,dc=nz having attr owner:o=Some Company Ltd,ou=organisations,dc=thecompany,dc=co,dc=nz What I would like to do is restrict the user to having read access only to those subsidiary organisations based on the value of the user's "o" attribute. Is this a reasonable approach or should I be expressing this differently in my schema? I hope I've expressed that reasonably clearly. Any help would be much appreciated.

2 1

DB_CONFIG Problem
by Luke Lee 16 Apr '08

16 Apr '08

Hi, I've been trying to run my newly built OpenLDAP 2.3 server on a RedHat Enterprise server. Since it's installed under the /usr/local directory, I modified the /etc/rc.d/init.d/ldap script. When I tried to start it up the first time by running service ldap start, I received the following error messages: Checking configuration files for slapd: bdb_db_open: Warning - No DB_CONFIG file found in directory /usr/local/var/openldap-data: (2) Expect poor performance for suffix dc=mydomain,dc=com. bdb_db_open: db_open(/usr/local/var/openldap-data/id2entry.bdb) failed: No such file or directory (2) bdb(dc=mydomain,dc=com): Unknown locker ID: 0 backend_startup_one: bi_db_open failed! (2) slap_startup failed (test would succeed using the -u switch) When I copy the following DB_CONFIG file from an example, I received similar error messages as the above. The DB_CONFIG file that I use is the following: # $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.3 2006/08/17 17:36:19 kurt Exp $ # Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. # # See Sleepycat Berkeley DB documentation # <http://www.sleepycat.com/docs/ref/env/db_config.html> # for detail description of DB_CONFIG syntax and semantics. # # Hints can also be found in the OpenLDAP Software FAQ # <http://www.openldap.org/faq/index.cgi?file=2> # in particular: # <http://www.openldap.org/faq/index.cgi?file=1075> # Note: most DB_CONFIG settings will take effect only upon rebuilding # the DB environment. # one 0.25 GB cache set_cachesize 0 268435456 1 # Data Directory #set_data_dir db # Transaction Log settings set_lg_regionmax 262144 set_lg_bsize 2097152 #set_lg_dir logs # Note: special DB_CONFIG flags are no longer needed for "quick" # slapadd(8) or slapindex(8) access (see their -q option). The error mesages are the following: Checking configuration files for slapd: bdb_db_open: db_open(/usr/local/var/openldap-data/id2entry.bdb) failed: No such file or directory (2) bdb(dc=mydomain,dc=com): Unknown locker ID: 0 backend_startup_one: bi_db_open failed! (2) slap_startup failed (test would succeed using the -u switch) Can anyone please help resolve the problem? Thanks in advance! Luke ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

2 1

Fwd: Integrating LDAP with postfix mailserver
by Aravind Arjunan 15 Apr '08

15 Apr '08

---------- Forwarded message ---------- From: Andhu <aravind.arjunan(a)gmail.com> Date: 12 Apr 2008 17:52 Subject: Integrating LDAP with postfix mailserver To: aravind.arjunan(a)gmail.com hi i had mailserver and mailbox server are in two different machines. Both are having the same domain (linux.com) In my mailserver i configured all the mails to relay to my mailbox server. SMTP authentication is also enabled The problem is I configured LDAP in my mailserver to store user information. I created all the users in the ldap database. So when i try to send a mail to a user exists in ldap database, where as only mailbox is present in the mailbox server without user, my mail is not delivering to the recipient it was bouncing back to the sender.When i check the log i found that it was not checking the ldap database itself. My main.cf file: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldapaliases.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 fallback_relay = $mydomain html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = 151.2.119.150 mydomain = linux.com myhostname = experts.linux.com mynetworks = 151.2.0.0/16, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES relay_domains = $mydestination sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, check_relay_domains smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 ldapaliases_server_host = localhost ldapaliases_server_port = 389 ldapaliases_search_base = dc=linux,dc=com ldapaliases_scope = sub ldapaliases_query_filter = (uid=%s) ldapaliases_result_attribute = maildrop My /etc/postfix/ldapaliases.cf file server_host = 127.0.0.1 search_base = dc=linux,dc=com server_port = 389 scope = sub bind = no query_filter = (maillocaladdress=%s) result_attribute = maildrop dereference = 3 My /etc /openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix "dc=linux,dc=com" rootdn "cn=Manager,dc=linux,dc=com" rootpw {SSHA}BJbifO2zEGwJXoyx63QkeiCwdVE7b1eJ directory /var/lib/ldap/linux.com access to attrs=userPassword by self write by dn="cn=syncuser,dc=linux,dc=com" read by anonymous auth by * none access to * by dn="cn=syncuser,dc=linux,dc=com" read by * read # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index default sub The LDIF file which i added in ldap dn: uid=saurav,ou=solution,dc=linux,dc=com cn: Manaager sn: ganguly uid: saurav mail: saurav(a)linux.com description: Indian Team telephoneNumber: 012101012 userPassword: password uidNumber: 1023 homeDirectory: /home/saurav/ gidNumber: 10023 objectClass: person objectClass: top objectClass: inetOrgperson objectClass: posixAccount dn: uid=anil,ou=solution,dc=linux,dc=com cn: Manager sn: kumble uid: anil mail: anil(a)linux.com description: Indian Team telephoneNumber: 0212101012 userPassword: password uidNumber: 1024 homeDirectory: /home/anil/ gidNumber: 1034 objectClass: person objectClass: top objectClass: inetOrgperson objectClass: posixAccount This is the logs which are taken when i send mail from client to the user who has added in ldap database. Apr 12 17:20:32 experts postfix/smtpd[6010]: connect from unknown[151.2.117.166] Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match: unknown: no match Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match: 151.2.117.166: no match Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match: unknown: no match Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match: 151.2.117.166: no match Apr 12 17:20:32 experts postfix/smtpd[6010]: match_hostname: unknown ~? 151.2.0.0/16 Apr 12 17:20:32 experts postfix/smtpd[6010]: match_hostaddr: 151.2.117.166 ~? 151.2.0.0/16 Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 220 experts.linux.com ESMTP Postfix Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]: EHLO aravind Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250-experts.linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250-PIPELINING Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250-SIZE 10240000 Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250-VRFY Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250-ETRN Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250-AUTH LOGIN CRAM-MD5 NTLM GSSAPI DIGEST-MD5 PLAIN Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match: unknown: no match Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match: 151.2.117.166: no match Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250-AUTH=LOGIN CRAM-MD5 NTLM GSSAPI DIGEST-MD5 PLAIN Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250 8BITMIME Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]: AUTH NTLM Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate: sasl_method NTLM Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate: uncoded challenge: Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 334 Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]: TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw== Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate: decoded response: NTLMSSP Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate: uncoded challenge: NTLMSSP Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 334 TlRMTVNTUAACAAAAIgAiADAAAAAFggIAPnghBvgGfvEAAAAAAAAAAAAAAAAAAAAARQBYAFAARQBSAFQAUwAuAEwASQBOAFUAWAAuAEMATwBNAA== Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]: TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABIAAAACAAIAEgAAAAOAA4AUAAAAAAAAACOAAAABYIAAgUBKAoAAAAPcwBhAGoAdQBBAFIAQQBWAEkATgBEAFJPl9ZLA1BtNohiKVmLgNtBPl0/ zPjlEjMgU4lgCqJ5FET4UeQQCdR/uCK1hQRvew== Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate: decoded response: NTLMSSP Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 235 Authentication successful Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]: MAIL FROM: <saju(a)linux.com> Apr 12 17:20:32 experts postfix/smtpd[6010]: extract_addr: input: <saju(a)linux.com> Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_check_addr: addr=saju(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: connect to subsystem private/rewrite Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr request = rewrite Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr rule = local Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr address = saju(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 0 Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: address Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: address Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: saju(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: (list terminator) Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: (end) Apr 12 17:20:32 experts postfix/smtpd[6010]: rewrite_clnt: local: saju(a)linux.com -> saju(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr request = resolve Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr address = saju(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 0 Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: transport Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: transport Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: smtp Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: nexthop Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: nexthop Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: recipient Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: recipient Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: saju(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 4096 Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: (list terminator) Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: (end) Apr 12 17:20:32 experts postfix/smtpd[6010]: resolve_clnt: `saju(a)linux.com' -> transp=`smtp' host=`linux.com' rcpt=`saju(a)linux.com' flags= class=default Apr 12 17:20:32 experts postfix/smtpd[6010]: ctable_locate: install entry key saju(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: extract_addr: result: saju(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: fsspace: .: block size 4096, blocks free 55825 Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_check_size: blocks 4096 avail 55825 min_free 0 msg_size_limit 10240000 Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250 Ok Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]: RCPT TO: <saurav(a)linux.com> Apr 12 17:20:32 experts postfix/smtpd[6010]: extract_addr: input: <saurav(a)linux.com> Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_check_addr: addr=saurav(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr request = rewrite Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr rule = local Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr address = saurav(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 0 Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: address Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: address Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: saurav(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: (list terminator) Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: (end) Apr 12 17:20:32 experts postfix/smtpd[6010]: rewrite_clnt: local: saurav(a)linux.com -> saurav(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr request = resolve Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr address = saurav(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 0 Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: transport Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: transport Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: smtp Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: nexthop Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: nexthop Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: recipient Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: recipient Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: saurav(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 4096 Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: (list terminator) Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: (end) Apr 12 17:20:32 experts postfix/smtpd[6010]: resolve_clnt: `saurav(a)linux.com' -> transp=`smtp' host=`linux.com' rcpt=`saurav(a)linux.com' flags= class=default Apr 12 17:20:32 experts postfix/smtpd[6010]: ctable_locate: install entry key saurav(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: extract_addr: result: saurav(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr request = rewrite Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr rule = local Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr address = postmaster Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: flags Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 0 Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: address Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: address Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: postmaster(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket: wanted attribute: (list terminator) Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: (end) Apr 12 17:20:32 experts postfix/smtpd[6010]: rewrite_clnt: local: postmaster -> postmaster(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: >>> START Recipient address RESTRICTIONS <<< Apr 12 17:20:32 experts postfix/smtpd[6010]: generic_checks: name=permit_sasl_authenticated Apr 12 17:20:32 experts postfix/smtpd[6010]: generic_checks: name=permit_sasl_authenticated status=1 Apr 12 17:20:32 experts postfix/smtpd[6010]: >>> CHECKING RECIPIENT MAPS <<< Apr 12 17:20:32 experts postfix/smtpd[6010]: ctable_locate: leave existing entry key saurav(a)linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: maps_find: recipient_canonical_maps: saurav(a)linux.com: not found Apr 12 17:20:32 experts postfix/smtpd[6010]: maps_find: recipient_canonical_maps: saurav: not found Apr 12 17:20:32 experts postfix/smtpd[6010]: maps_find: recipient_canonical_maps: @linux.com: not found Apr 12 17:20:32 experts postfix/smtpd[6010]: mail_addr_find: saurav(a)linux.com -> (not found) Apr 12 17:20:32 experts postfix/smtpd[6010]: maps_find: canonical_maps: saurav(a)linux.com: not found Apr 12 17:20:32 experts postfix/smtpd[6010]: maps_find: canonical_maps: saurav: not found Apr 12 17:20:32 experts postfix/smtpd[6010]: maps_find: canonical_maps: @linux.com: not found Apr 12 17:20:32 experts postfix/smtpd[6010]: mail_addr_find: saurav(a)linux.com -> (not found) Apr 12 17:20:32 experts postfix/smtpd[6010]: maps_find: virtual_alias_maps: saurav(a)linux.com: not found Apr 12 17:20:32 experts postfix/smtpd[6010]: maps_find: virtual_alias_maps: saurav: not found Apr 12 17:20:32 experts postfix/smtpd[6010]: maps_find: virtual_alias_maps: @linux.com: not found Apr 12 17:20:32 experts postfix/smtpd[6010]: mail_addr_find: saurav(a)linux.com -> (not found) Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_check_rewrite: trying: permit_inet_interfaces Apr 12 17:20:32 experts postfix/smtpd[6010]: permit_inet_interfaces: unknown 151.2.117.166 Apr 12 17:20:32 experts postfix/smtpd[6010]: before input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping Apr 12 17:20:32 experts postfix/smtpd[6010]: after input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping Apr 12 17:20:32 experts postfix/smtpd[6010]: connect to subsystem public/cleanup Apr 12 17:20:32 experts postfix/smtpd[6010]: public/cleanup socket: wanted attribute: queue_id Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: queue_id Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 431A52ECEA Apr 12 17:20:32 experts postfix/smtpd[6010]: public/cleanup socket: wanted attribute: (list terminator) Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: (end) Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr flags = 50 Apr 12 17:20:32 experts postfix/smtpd[6010]: 431A52ECEA: client=unknown[151.2.117.166], sasl_method=NTLM, sasl_username=saju(a)experts.linux.com Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250 Ok Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]: DATA Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 354 End data with <CR><LF>.<CR><LF> Apr 12 17:20:32 experts postfix/smtpd[6010]: public/cleanup socket: wanted attribute: status Apr 12 17:20:32 experts postfix/cleanup[6013]: 431A52ECEA: message- id=<000001c89c93$800efa90$802cefb0$@com> Apr 12 17:20:32 experts postfix/qmgr[5876]: 431A52ECEA: from=<saju(a)linux.com>, size=2672, nrcpt=1 (queue active) Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: status Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 0 Apr 12 17:20:32 experts postfix/smtpd[6010]: public/cleanup socket: wanted attribute: reason Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: reason Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: (end) Apr 12 17:20:32 experts postfix/smtpd[6010]: public/cleanup socket: wanted attribute: (list terminator) Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name: (end) Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 250 Ok: queued as 431A52ECEA Apr 12 17:20:32 experts postfix/smtp[6014]: 431A52ECEA: to=<saurav(a)linux.com>, relay=rules.linux.com[151.2.119.150], delay=0, status=bounced (host rules.linux.com[151.2.119.150] said: 550 <saurav(a)linux.com>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command)) Apr 12 17:20:32 experts postfix/cleanup[6013]: 917512ECF0: message- id=<20080412115032.917512ECF0(a)experts.linux.com> Apr 12 17:20:32 experts postfix/qmgr[5876]: 917512ECF0: from=<>, size=4589, nrcpt=1 (queue active) Apr 12 17:20:32 experts postfix/qmgr[5876]: 431A52ECEA: removed Apr 12 17:20:32 experts postfix/smtp[6014]: 917512ECF0: to=<saju(a)linux.com>, relay=rules.linux.com[151.2.119.150], delay=0, status=bounced (host rules.linux.com[151.2.119.150] said: 550 <saju(a)linux.com>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command)) Apr 12 17:20:32 experts postfix/qmgr[5876]: 917512ECF0: removed Apr 12 17:20:34 experts postfix/smtpd[6010]: < unknown[151.2.117.166]: QUIT Apr 12 17:20:34 experts postfix/smtpd[6010]: > unknown[151.2.117.166]: 221 Bye Apr 12 17:20:34 experts postfix/smtpd[6010]: match_hostname: unknown ~? 151.2.0.0/16 Apr 12 17:20:34 experts postfix/smtpd[6010]: match_hostaddr: 151.2.117.166 ~? 151.2.0.0/16 Apr 12 17:20:34 experts postfix/smtpd[6010]: disconnect from unknown[151.2.117.166] Apr 12 17:20:34 experts postfix/smtpd[6010]: master_notify: status 1 Apr 12 17:20:34 experts postfix/smtpd[6010]: connection closed

1 0

Re: OpenLDAP 2.3 Make Test Failed
by Luke Lee 14 Apr '08

14 Apr '08

Thank you for the suggestion. I followed your instructions and was able to successfully complete the make test. Thanks again! Luke ----- Original Message ---- From: Quanah Gibson-Mount <quanah(a)zimbra.com> To: Luke Lee <leeluke77(a)yahoo.com>; openldap-technical(a)openldap.org Sent: Friday, April 11, 2008 5:10:35 PM Subject: Re: OpenLDAP 2.3 Make Test Failed --On Friday, April 11, 2008 5:06 PM -0700 Luke Lee <leeluke77(a)yahoo.com> wrote: > > > Hi Quanah, > > Thank you for the response. > > I have the following set when I ran the configure: I suggest you compare your LD_FLAGS line with mine. You're missing some important options. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

1 0

Dynlist and roles/groups
by Ashley Penney 14 Apr '08

14 Apr '08

Hi, I'm not sure if this is exactly the right list, but I'm stuck trying to implement something at work and I'm hoping someone can help me. Background: We have an existing openldap setup that uses roles rather than groups to determine who gets what. We have people under ou=People, and roles under ou=Roles. Here's parts of my person object: dn: uid=apenney,ou=People,dc=law,dc=harvard,dc=edu objectClass: hostObject objectClass: inetOrgPerson objectClass: lawHarvardEduPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: qmailUser objectClass: shadowAccount objectClass: top cn: Ashley Penney isMemberOf: cn=SFTP User:member,ou=Roles,dc=law,dc=harvard,dc=edu isMemberOf: cn=SFTPUser,ou=Roles,dc=law,dc=harvard,dc=edu Here's cn=SFTPUser,ou=Roles dn: cn=SFTPUser,ou=Roles,dc=law,dc=harvard,dc=edu objectClass: lawHarvardEduRole objectClass: organizationalUnit objectClass: posixGroup objectClass: top cn: SFTPUser gidNumber: 24 ou: Roles ou: Xythos description: Indicates that a user has SFTP access. displayName: SFTP User (SFTP User) What I want to be able to do, via nss_ldap, is to interate over the isMemberOf entries, and check the cn=x,ou=roles for a posixGroup. I've managed to get it building a search of the form: SRCHbase="ou=Roles,dc=law,dc=harvard,dc=edu" scope=2deref=3filter="(|distinguishedName=cn=sftpuser:member,ou=roles,dc=law,dc=harvard,dc=edu)(distinguishedName=cn=sftpuser,ou=roles,dc=law,dc=harvard,dc=edu))" It then does a SRCHattr=objectClass lookup, but this fails. My understanding is this requires some support in openldap itself, and I can't figure out if this is provided or not. So, my alternative method is to build a dynamic list up, from my understanding, and have it build me a dynamic sftp-users group. I cannot figure out what values I would map however, and I'd appreciate any assistance anyone can offer.

1 0

creating attributes in new objectclass
by Christophe Dumonet 14 Apr '08

14 Apr '08

Hello, I have created a new objectclass for my company, and added some new attributes. Slapd restarts well, I can create new attributes with values in dns, but When I want to search with the attribute with an ldapsearch or another tools (postfix ), these attributes are not find. for example : I got no answer with : ldapsearch -x -b "ou=people,dc=ifma,dc=fr" -H ldap://172.16.10.92 -D "cn=admin,dc=ifma,dc=fr" -W -LLL "(backupmail1=dumonet(a)backup1.ifma.fr)" uid ( While I see in a ldap browser an attribute backupmail1 with dumonet(a)backup1.ifma.fr in value , and got an uid ! ) My objectclass is in a new schema : , and is included in slapd.conf by include /etc/ldap/schema/ifma.schema vi ifma.schema : #schema local IFMA #Date : 23/01/2008 #Author: Christophe Dumonet - IFMA # # CLASS IFMA # attributetype ( 1.3.6.1.4.1.7135.1.3.7.103 NAME 'pathbackupmail1' DESC 'chemin pour backupmail1' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) attributetype ( 1.3.6.1.4.1.7135.1.3.7.102 NAME 'backupmail1' DESC 'Adresse mail fictive pour backup mail 1 en temps reel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) objectclass ( 1.3.6.1.4.1.7135.1.3.7.1 NAME 'ifma' SUP top AUXILIARY DESC 'classe d infos ifma' MAY ( backupmail1 $ pathbackupmail1 )) Why ? Is my schema not well created, my syntax ? other , I work with openldap 2.3.30 , thanks for answer ! Christophe Dumonet. -- ---------------------------------------------------- Christophe Dumonet Centre de Ressources Informatiques Institut Francais de Mecanique Avancee (IFMA) Campus des Cezeaux BP 265 63175 AUBIERE Cedex Tel : +33 - 4.73.28.80.64 Fax : +33 - 4.73.28.81.00 Mail : Christophe.Dumonet(a)ifma.fr ----------------------------------------------------

2 2

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical