Hi Chris,
vq@vq-HVM-domU:~$ ldapsearch -x -w Vq0106%% -D "cn=admin,dc=nodomain" -b cn=config # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
vq@vq-HVM-domU:~$ cat /usr/share/slapd/sssvlv.ldif dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
In order to actually get the search working, I use base dc=nodomain
It is not my choice. I inherited the server and the configuration. Nor do I know much about OpenLDAP configuration. I am a programmer and my job is [among other things] hacking the client piece. Unfortunately, there is nobody else [better] qualified to configure the server. Hence, I am filling in for an administrator.
The "ldapsearch -x -w SECRET -D "cn=admin,dc=nodomain" -b dc=nodomain" version works fine and I do in fact get results.
Sincerely,
Igor Shmukler
On Wed, Nov 12, 2014 at 11:47 AM, Chris Card ctcard@hotmail.com wrote:
Hi Chris,
Sorry to bother you again.
> ldapadd -x -w <password> -D cn=config -f <ldif file>
-D cn=config was giving me an authentication error. I used credentials, which work for ldapsearch and got a syntax error.
vq@vq-HVM-domU:~$ ldapadd -x -w SECRET -D "cn=admin, dc=nodomain" -f /usr/share/slapd/sssvlv.ldif ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Is cn=admin,dc=nodomain the rootdn for the cn=config directory?
Does
ldapsearch -x -w SECRET -D "cn=admin,dc=nodomain" -b cn=configwork?
What are the contents of sssvlv.ldif? (it's possible I made a typo, it was untested)
Chris
vq@vq-HVM-domU:~$ ldapsearch -x -w Vq0106%% -D "cn=admin,dc=nodomain" -b cn=config # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
vq@vq-HVM-domU:~$ cat /usr/share/slapd/sssvlv.ldif dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
In order to actually get the search working, I use base dc=nodomain
It is not my choice. I inherited the server and the configuration. Nor do I know much about OpenLDAP configuration. I am a programmer and my job is [among other things] hacking the client piece. Unfortunately, there is nobody else [better] qualified to configure the server. Hence, I am filling in for an administrator.
The "ldapsearch -x -w SECRET -D "cn=admin,dc=nodomain" -b dc=nodomain" version works fine and I do in fact get results.
Are you sure that slapd is using the slapd.d configuration, rather than the old-style slapd.conf? If slapd.d is being used, then slapd should be running with -F <dir>/slap.d, if not then it will be running with -f <dir>/slapd.conf.
Chris
Hello Chris,
Yes, I am now sure that slapd.d is being used. Last night, Andrew explained how this can be checked.
Sincerely,
Igor Shmukler
On Wed, Nov 12, 2014 at 12:28 PM, Chris Card ctcard@hotmail.com wrote:
vq@vq-HVM-domU:~$ ldapsearch -x -w Vq0106%% -D "cn=admin,dc=nodomain" -b cn=config # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
vq@vq-HVM-domU:~$ cat /usr/share/slapd/sssvlv.ldif dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
In order to actually get the search working, I use base dc=nodomain
It is not my choice. I inherited the server and the configuration. Nor do I know much about OpenLDAP configuration. I am a programmer and my job is [among other things] hacking the client piece. Unfortunately, there is nobody else [better] qualified to configure the server. Hence, I am filling in for an administrator.
The "ldapsearch -x -w SECRET -D "cn=admin,dc=nodomain" -b dc=nodomain" version works fine and I do in fact get results.
Are you sure that slapd is using the slapd.d configuration, rather than the old-style slapd.conf? If slapd.d is being used, then slapd should be running with -F <dir>/slap.d, if not then it will be running with -f <dir>/slapd.conf.
Chris
Chris,
I am guess making wild guesses... Could it be that I need to adjust the below line: dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config
Should I perhaps replace cn=config with dc=nodomain or something else?
Thank you,
Igor Shmukler
On Wed, Nov 12, 2014 at 12:30 PM, Igor Shmukler igor.shmukler@gmail.com wrote:
Hello Chris,
Yes, I am now sure that slapd.d is being used. Last night, Andrew explained how this can be checked.
Sincerely,
Igor Shmukler
On Wed, Nov 12, 2014 at 12:28 PM, Chris Card ctcard@hotmail.com wrote:
vq@vq-HVM-domU:~$ ldapsearch -x -w Vq0106%% -D "cn=admin,dc=nodomain" -b cn=config # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
vq@vq-HVM-domU:~$ cat /usr/share/slapd/sssvlv.ldif dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
In order to actually get the search working, I use base dc=nodomain
It is not my choice. I inherited the server and the configuration. Nor do I know much about OpenLDAP configuration. I am a programmer and my job is [among other things] hacking the client piece. Unfortunately, there is nobody else [better] qualified to configure the server. Hence, I am filling in for an administrator.
The "ldapsearch -x -w SECRET -D "cn=admin,dc=nodomain" -b dc=nodomain" version works fine and I do in fact get results.
Are you sure that slapd is using the slapd.d configuration, rather than the old-style slapd.conf? If slapd.d is being used, then slapd should be running with -F <dir>/slap.d, if not then it will be running with -f <dir>/slapd.conf.
Chris
Hello,
I am also curious about another part of the olcDatabase parameter. How do I know whether to use bdb or hdb? I don't care either way of course. I just need my test server to work, so I could proceed with my main duty - programming.
Sincerely,
Igor Shmukler
On Wed, Nov 12, 2014 at 12:36 PM, Igor Shmukler igor.shmukler@gmail.com wrote:
Chris,
I am guess making wild guesses... Could it be that I need to adjust the below line: dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config
Should I perhaps replace cn=config with dc=nodomain or something else?
Thank you,
Igor Shmukler
On Wed, Nov 12, 2014 at 12:30 PM, Igor Shmukler igor.shmukler@gmail.com wrote:
Hello Chris,
Yes, I am now sure that slapd.d is being used. Last night, Andrew explained how this can be checked.
Sincerely,
Igor Shmukler
On Wed, Nov 12, 2014 at 12:28 PM, Chris Card ctcard@hotmail.com wrote:
vq@vq-HVM-domU:~$ ldapsearch -x -w Vq0106%% -D "cn=admin,dc=nodomain" -b cn=config # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
vq@vq-HVM-domU:~$ cat /usr/share/slapd/sssvlv.ldif dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
In order to actually get the search working, I use base dc=nodomain
It is not my choice. I inherited the server and the configuration. Nor do I know much about OpenLDAP configuration. I am a programmer and my job is [among other things] hacking the client piece. Unfortunately, there is nobody else [better] qualified to configure the server. Hence, I am filling in for an administrator.
The "ldapsearch -x -w SECRET -D "cn=admin,dc=nodomain" -b dc=nodomain" version works fine and I do in fact get results.
Are you sure that slapd is using the slapd.d configuration, rather than the old-style slapd.conf? If slapd.d is being used, then slapd should be running with -F <dir>/slap.d, if not then it will be running with -f <dir>/slapd.conf.
Chris
On Wed, Nov 12, 2014 at 12:41:46PM +0200, Igor Shmukler wrote:
I am also curious about another part of the olcDatabase parameter. How do I know whether to use bdb or hdb? I don't care either way of course. I just need my test server to work, so I could proceed with my main duty - programming.
For a test server it probably does not matter which database you use unless you need to load large amounts of data, or do unusual things like rename whole subtrees (bdb cannot do that).
For a production server using current OpenLDAP code, mdb is the first choice. If you are forced to use older software then hdb may be safer.
Andrew
Hi Andrew,
I definitely could not care less which backend database is used. I only asked about this to get VLV working. Currently, it does not. I need to get on with my job, which is programming and not *nix administration. Until Virtual List View working, I cannot do that.
Sincerely,
Igor Shmukler
On Wed, Nov 12, 2014 at 1:11 PM, Andrew Findlay andrew.findlay@skills-1st.co.uk wrote:
On Wed, Nov 12, 2014 at 12:41:46PM +0200, Igor Shmukler wrote:
I am also curious about another part of the olcDatabase parameter. How do I know whether to use bdb or hdb? I don't care either way of course. I just need my test server to work, so I could proceed with my main duty - programming.
For a test server it probably does not matter which database you use unless you need to load large amounts of data, or do unusual things like rename whole subtrees (bdb cannot do that).
For a production server using current OpenLDAP code, mdb is the first choice. If you are forced to use older software then hdb may be safer.
Andrew
| From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 |
Igor,
Igor Shmukler schrieb (12.11.2014 11:36 Uhr):
I am guess making wild guesses... Could it be that I need to adjust the below line: dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config
Should I perhaps replace cn=config with dc=nodomain or something else?
No.
With slapd.d config instead of "old" slapd.conf, you now have (at least) two databases in slapd: * you config database - which is always at cn=config - and * your "data" database - which base that is under is totally up to you.
You can export the config with slapcat command, cn=config is propably the first database, so you use "-n 0". (You should backup the other databases as well.) You can change the exported config or post it here, if you have not before. This may tell you/us how to authorize to slapd with ldapadd to modify the config online. You could import the cn=config database back with slapadd offline, but you might have to delete the existing database first. ldapadd is a bit more difficult to use but safer.
(This may have been a lot easier to explain with slapd.conf, but the times are changing ...)
Marc
--On November 12, 2014 at 6:23:53 PM +0100 Marc Patermann hans.moser@ofd-z.niedersachsen.de wrote:
You can change the exported config or post it here, if you have not before. This may tell you/us how to authorize to slapd with ldapadd to modify the config online.
Ubuntu already documents how to authorize to the config db, and I already provided a URL to the Ubuntu documentation. Here's the link again:
https://help.ubuntu.com/lts/serverguide/openldap-server.html
which clearly provides an example of how to bind to the root database via ldapsearch (which can logically be extended to ldapmodify, ldapadd, etc).
--Quanah
Hello Andrew, Chris, Marc and everyone,
Our system administrator accidentally blew the machine away. then reinstalled Ubuntu from scratch I personally installed and configured OpenLDAP server. I was able to add users and groups. Yet, I am again unable to add sssvlv support.
If I run the script as cn=admin,dc=test,dc=com, I get the below error. vq@vq-HVM-domU:~$ ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f sssvlv.ldif Enter LDAP Password: adding new entry "olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Running it as cn=config gives me another error: vq@vq-HVM-domU:~$ ldapadd -x -D cn=config -W -f sssvlv.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
There is a change, though. I see "olcRootDN: cn=admin,dc=test,dc=com and olcRootPW" when I do slapcat. I did not see those before.
As per Marc's suggestion, I am attaching the output of slapcat(8). While I learned a bit about OpenLDAP configuration, my "skills" are clearly insufficient to figure out how to add sssvlv support.
My sssvlv.ldif is below: dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
It was composed by Chris, as your's truly has to clue what needs to go there.
Please advise. I am totally stumbled.
Thank you,
Igor Shmukler
On Wed, Nov 12, 2014 at 7:41 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
--On November 12, 2014 at 6:23:53 PM +0100 Marc Patermann hans.moser@ofd-z.niedersachsen.de wrote:
You can change the exported config or post it here, if you have not before. This may tell you/us how to authorize to slapd with ldapadd to modify the config online.
Ubuntu already documents how to authorize to the config db, and I already provided a URL to the Ubuntu documentation. Here's the link again:
https://help.ubuntu.com/lts/serverguide/openldap-server.html
which clearly provides an example of how to bind to the root database via ldapsearch (which can logically be extended to ldapmodify, ldapadd, etc).
--Quanah
-- Quanah Gibson-Mount Platform Architect Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
Hi Igor,
----------------------------------------
Date: Thu, 13 Nov 2014 14:45:23 +0200 Subject: Re: adding VLV support to OpenLDAP 2.4.31 From: igor.shmukler@gmail.com To: openldap-technical@openldap.org CC: ctcard@hotmail.com; hans.moser@ofd-z.niedersachsen.de; andrew.findlay@skills-1st.co.uk
Hello Andrew, Chris, Marc and everyone,
Our system administrator accidentally blew the machine away. then reinstalled Ubuntu from scratch I personally installed and configured OpenLDAP server. I was able to add users and groups. Yet, I am again unable to add sssvlv support.
If I run the script as cn=admin,dc=test,dc=com, I get the below error. vq@vq-HVM-domU:~$ ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f sssvlv.ldif Enter LDAP Password: adding new entry "olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Running it as cn=config gives me another error: vq@vq-HVM-domU:~$ ldapadd -x -D cn=config -W -f sssvlv.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
There is a change, though. I see "olcRootDN: cn=admin,dc=test,dc=com and olcRootPW" when I do slapcat. I did not see those before.
As per Marc's suggestion, I am attaching the output of slapcat(8). While I learned a bit about OpenLDAP configuration, my "skills" are clearly insufficient to figure out how to add sssvlv support.
My sssvlv.ldif is below: dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
Edit your slapcat output and find this part:
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: fb40d480-ff68-1033-8514-977390a9c614 creatorsName: cn=config createTimestamp: 20141113101004Z entryCSN: 20141113101004.425496Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20141113101004Z
Change it to
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break olcRootDN: cn=config olcRootPW: secret structuralObjectClass: olcDatabaseConfig entryUUID: fb40d480-ff68-1033-8514-977390a9c614 creatorsName: cn=config createTimestamp: 20141113101004Z entryCSN: 20141113101004.425496Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20141113101004Z
Stop slapd, and apply new config with
slapadd -F <dir>/slapd.d -l <slapcat file> -b cn=config
Start slapd, and then you should be able to do
ldapadd -x -w secret -D cn=config -f sssvlv.ldif
Chris
Hi Chris,
Thank you for your continues help. I appreciate it very much.
I have a question regarding the line: olcRootPW: secret
Should secret be used literally (as in secret), or do I put a password hash there?
Sincerely,
Igor Shmukler
On Thu, Nov 13, 2014 at 3:18 PM, Chris Card ctcard@hotmail.com wrote:
Hi Igor,
Date: Thu, 13 Nov 2014 14:45:23 +0200 Subject: Re: adding VLV support to OpenLDAP 2.4.31 From: igor.shmukler@gmail.com To: openldap-technical@openldap.org CC: ctcard@hotmail.com; hans.moser@ofd-z.niedersachsen.de; andrew.findlay@skills-1st.co.uk
Hello Andrew, Chris, Marc and everyone,
Our system administrator accidentally blew the machine away. then reinstalled Ubuntu from scratch I personally installed and configured OpenLDAP server. I was able to add users and groups. Yet, I am again unable to add sssvlv support.
If I run the script as cn=admin,dc=test,dc=com, I get the below error. vq@vq-HVM-domU:~$ ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f sssvlv.ldif Enter LDAP Password: adding new entry "olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
Running it as cn=config gives me another error: vq@vq-HVM-domU:~$ ldapadd -x -D cn=config -W -f sssvlv.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
There is a change, though. I see "olcRootDN: cn=admin,dc=test,dc=com and olcRootPW" when I do slapcat. I did not see those before.
As per Marc's suggestion, I am attaching the output of slapcat(8). While I learned a bit about OpenLDAP configuration, my "skills" are clearly insufficient to figure out how to add sssvlv support.
My sssvlv.ldif is below: dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
Edit your slapcat output and find this part:
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: fb40d480-ff68-1033-8514-977390a9c614 creatorsName: cn=config createTimestamp: 20141113101004Z entryCSN: 20141113101004.425496Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20141113101004Z
Change it to
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break olcRootDN: cn=config olcRootPW: secret structuralObjectClass: olcDatabaseConfig entryUUID: fb40d480-ff68-1033-8514-977390a9c614 creatorsName: cn=config createTimestamp: 20141113101004Z entryCSN: 20141113101004.425496Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20141113101004Z
Stop slapd, and apply new config with
slapadd -F <dir>/slapd.d -l <slapcat file> -b cn=config
Start slapd, and then you should be able to do
ldapadd -x -w secret -D cn=config -f sssvlv.ldif
Chris
Hi Igor
I have a question regarding the line: olcRootPW: secret
Should secret be used literally (as in secret), or do I put a password hash there?
If you put "secret" in there, then the password is "secret", but you can put a password hash generated with slappasswd in there. I was just trying to get you going ...
Chris
Igor Shmukler igor.shmukler@gmail.com writes:
reinstalled Ubuntu from scratch I personally installed and configured OpenLDAP server. I was able to add users and groups. Yet, I am again unable to add sssvlv support. [...] As per Marc's suggestion, I am attaching the output of slapcat(8). [...] My sssvlv.ldif is below: dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
Write this into sssvlv.ldif:
dn: cn=module{0}, cn=config changetype: modify add: olcModuleLoad olcModuleLoad: sssvlv.la
dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcSssVlvConfig olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
The load it into a running slapd as root:
# ldapmodify -Y external -H ldapi:/// -f sssvlv.ldif
No need to touch passwords or anything else.
Hello Feri,
Yes. This worked. Thank you. I cannot even express how grateful I am for your help. Well, everyone's really. Yet, you actually managed to solve my problem. You are the man.
Thank you again,
Igor Shmukler
On Thu, Nov 13, 2014 at 4:07 PM, Ferenc Wagner wferi@niif.hu wrote:
Igor Shmukler igor.shmukler@gmail.com writes:
reinstalled Ubuntu from scratch I personally installed and configured OpenLDAP server. I was able to add users and groups. Yet, I am again unable to add sssvlv support. [...] As per Marc's suggestion, I am attaching the output of slapcat(8). [...] My sssvlv.ldif is below: dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
Write this into sssvlv.ldif:
dn: cn=module{0}, cn=config changetype: modify add: olcModuleLoad olcModuleLoad: sssvlv.la
dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcSssVlvConfig olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
The load it into a running slapd as root:
# ldapmodify -Y external -H ldapi:/// -f sssvlv.ldif
No need to touch passwords or anything else.
Good luck, Feri.
Hello,
Well, I sort of jumped the gun on worked. The script worked fine. No errors. However, the sssvlv is unable. I did lsof and the module is not loaded. Just in case, I restarted slapd(8), but that did not help.
What can this mean? How does one go about this?
Sincerely,
Igor Shmukler
On Thu, Nov 13, 2014 at 4:10 PM, Igor Shmukler igor.shmukler@gmail.com wrote:
Hello Feri,
Yes. This worked. Thank you. I cannot even express how grateful I am for your help. Well, everyone's really. Yet, you actually managed to solve my problem. You are the man.
Thank you again,
Igor Shmukler
On Thu, Nov 13, 2014 at 4:07 PM, Ferenc Wagner wferi@niif.hu wrote:
Igor Shmukler igor.shmukler@gmail.com writes:
reinstalled Ubuntu from scratch I personally installed and configured OpenLDAP server. I was able to add users and groups. Yet, I am again unable to add sssvlv support. [...] As per Marc's suggestion, I am attaching the output of slapcat(8). [...] My sssvlv.ldif is below: dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
Write this into sssvlv.ldif:
dn: cn=module{0}, cn=config changetype: modify add: olcModuleLoad olcModuleLoad: sssvlv.la
dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcSssVlvConfig olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
The load it into a running slapd as root:
# ldapmodify -Y external -H ldapi:/// -f sssvlv.ldif
No need to touch passwords or anything else.
Good luck, Feri.
Oops. The module is loaded. My bad. Forgot sudo. I just need to figure out how to connect to the server. When I use ~$ ldapsearch -h 81.91.108.76 -D "cn=admin, dc=test,dc=com" -W -b dc=test,dc=com -E vlv=1/1:1 I get an error: VLV control requires server side sort control
On Thu, Nov 13, 2014 at 4:23 PM, Igor Shmukler igor.shmukler@gmail.com wrote:
Hello,
Well, I sort of jumped the gun on worked. The script worked fine. No errors. However, the sssvlv is unable. I did lsof and the module is not loaded. Just in case, I restarted slapd(8), but that did not help.
What can this mean? How does one go about this?
Sincerely,
Igor Shmukler
On Thu, Nov 13, 2014 at 4:10 PM, Igor Shmukler igor.shmukler@gmail.com wrote:
Hello Feri,
Yes. This worked. Thank you. I cannot even express how grateful I am for your help. Well, everyone's really. Yet, you actually managed to solve my problem. You are the man.
Thank you again,
Igor Shmukler
On Thu, Nov 13, 2014 at 4:07 PM, Ferenc Wagner wferi@niif.hu wrote:
Igor Shmukler igor.shmukler@gmail.com writes:
reinstalled Ubuntu from scratch I personally installed and configured OpenLDAP server. I was able to add users and groups. Yet, I am again unable to add sssvlv support. [...] As per Marc's suggestion, I am attaching the output of slapcat(8). [...] My sssvlv.ldif is below: dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
Write this into sssvlv.ldif:
dn: cn=module{0}, cn=config changetype: modify add: olcModuleLoad olcModuleLoad: sssvlv.la
dn: olcOverlay=sssvlv,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcSssVlvConfig olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
The load it into a running slapd as root:
# ldapmodify -Y external -H ldapi:/// -f sssvlv.ldif
No need to touch passwords or anything else.
Good luck, Feri.
Igor Shmukler wrote:
Oops. The module is loaded. My bad. Forgot sudo. I just need to figure out how to connect to the server. When I use ~$ ldapsearch -h 81.91.108.76 -D "cn=admin, dc=test,dc=com" -W -b dc=test,dc=com -E vlv=1/1:1 I get an error: VLV control requires server side sort control
There's nothing wrong with the server. You just need to specify a sort control, as required by the VLV specification.
openldap-technical@openldap.org
-
Andrew Findlay -
Chris Card -
Ferenc Wagner -
Howard Chu -
Igor Shmukler -
Marc Patermann -
Quanah Gibson-Mount