Debian Lenny and Openldap installation Problem?
Dear List, I changed debian/configure.options --enable-backends=yes --enable-bdb=yes --enable-ldbm=yes dpkg-buildpackage -b errors cp: cannot stat `./debian/tmp/etc/ldap/schema': No such file or directory dh_install: command returned error code 256 make: *** [binary-arch] Error 1 dpkg-buildpackage: failure: debian/rules binary gave error exit status 2 how i can solve this problem ? thanks. -- Murat Uğur Eminoğlu http://ipucu.murat.ws http://fotoblog.murat.ws
2.4.19 freezed at Debian Lenny
Hello I've compiled and installed 2.4.19 on a Debian Lenny server (64 bits) it freezed few hours ago I had to restart slapd to make it working again. any info about this problem at this release ? Thank you
Some openldap 2.4 questions
Hi, Three quick issues about slapd 2.4. 1. I'm setting up a syncrepl replication. In the process of testing, I had added three syncprov overlays instead of one, and I ended up with: dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: 600b89e6-9317-102e-9872-8714c398f98b creatorsName: cn=admin,cn=config createTimestamp: 2010060900Z entryCSN: 2010060900.858973Z#00#000#00 modifiersName: cn=admin,cn=config modifyTimestamp: 2010060900Z dn: olcOverlay={1}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpCheckpoint: 20 10 structuralObjectClass: olcSyncProvConfig entryUUID: 600ba142-9317-102e-9873-8714c398f98b creatorsName: cn=admin,cn=config createTimestamp: 2010060900Z entryCSN: 2010060900.859584Z#00#000#00 modifiersName: cn=admin,cn=config modifyTimestamp: 2010060900Z dn: olcOverlay={2}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {2}syncprov olcSpSessionlog: 500 structuralObjectClass: olcSyncProvConfig entryUUID: 600badea-9317-102e-9874-8714c398f98b creatorsName: cn=admin,cn=config createTimestamp: 2010060900Z entryCSN: 2010060900.859909Z#00#000#00 modifiersName: cn=admin,cn=config modifyTimestamp: 2010060900Z The thing is, that I cannot delete any of them because cn=config does not support delete operation. Is this ok to leave it as is? or any workaround to get rid of the unwanted ones? 2. About N-Way replication... What's the best authentication to use? Because RootDN is the admin, and in simple authentication I would store cleartext password in the syncrepl configuration, I'm assuming that the best here would be to use some SASL mech? 3. Assuming a running normal replication(master-slave) with refreshAndPersist, is there any method of checking of the status of the replication? like show slave status in MySQL. I have tested it with cutting the transmission by iptables, and ok, it caught up after reconnection, but the master did not complain at all when the connection was not there... -- Best regards, Radosław Antoniuk
Some openldap 2.4 questions
Hi, Three quick issues about slapd 2.4. 1. I'm setting up a syncrepl replication. In the process of testing, I had added three syncprov overlays instead of one, and I ended up with: dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov structuralObjectClass: olcSyncProvConfig entryUUID: 600b89e6-9317-102e-9872-8714c398f98b creatorsName: cn=admin,cn=config createTimestamp: 2010060900Z entryCSN: 2010060900.858973Z#00#000#00 modifiersName: cn=admin,cn=config modifyTimestamp: 2010060900Z dn: olcOverlay={1}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpCheckpoint: 20 10 structuralObjectClass: olcSyncProvConfig entryUUID: 600ba142-9317-102e-9873-8714c398f98b creatorsName: cn=admin,cn=config createTimestamp: 2010060900Z entryCSN: 2010060900.859584Z#00#000#00 modifiersName: cn=admin,cn=config modifyTimestamp: 2010060900Z dn: olcOverlay={2}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {2}syncprov olcSpSessionlog: 500 structuralObjectClass: olcSyncProvConfig entryUUID: 600badea-9317-102e-9874-8714c398f98b creatorsName: cn=admin,cn=config createTimestamp: 2010060900Z entryCSN: 2010060900.859909Z#00#000#00 modifiersName: cn=admin,cn=config modifyTimestamp: 2010060900Z The thing is, that I cannot delete any of them because cn=config does not support delete operation. Is this ok to leave it as is? or any workaround to get rid of the unwanted ones? 2. About N-Way replication... What's the best authentication to use? Because RootDN is the admin, and in simple authentication I would store cleartext password in the syncrepl configuration, I'm assuming that the best here would be to use some SASL mech? 3. Assuming a running normal replication(master-slave) with refreshAndPersist, is there any method of checking of the status of the replication? like show slave status in MySQL. I have tested it with cutting the transmission by iptables, and ok, it caught up after reconnection, but the master did not complain at all when the connection was not there... -- Best regards, Radosław Antoniuk
Re: Unable to Search/Authenticate Users
Todd Reed wrote: I’m trying to get a Web Application to authenticate to OpenLDAP. I have one user account that I am binding as (user: webldapauth). I have another user account that I am trying to log in via the application (user: webuser). The “webuser” is in a OU called “WebAppUsers”. With an LDAP Browser, I can bind to LDAP as both users. But, when I try to log in to the web app, I’m binding with the user “webldapauth”, but cannot log in with the “webuser” account. The web application calls are good because I can point it to an ActiveDirectory server and it works fine. This is my first attempt with OpenLDAP. I believe there is a configuration problem with OpenLDAP, but I’m not sure where to look or troubleshoot at. Would anyone be able to provide any guidance? I’ve looked at the manuals and other help files, but nothing has worked so far. I'd check the ACLs. Ciao, Michael.
Need help setting up n-way + cn=config
Hi I am in the process of testing a new n-way setup, I have come across some problem's. when trying to setup unique I keep getting undefined attribute error dn: olcOverlay={2}unique,olcDatabase={1}hdb,cn=config changetype: modify add: olcunique_uri olcunique_uri: ldap:///?uid?sub but it fails ldap_modify: Undefined attribute type (17) additional info: olcunique_uri: AttributeDescription contains inappropriate characters also while trying to setting olcaccess parameter I can't find any information on how setup a ipv6 network Currently I have 'to dn.sub=ou=SUDOers,dc=samad,dc=com,dc=au '. 'by dn.exact=cn=libnss-ldap,ou=Roles,dc=samad,dc=com,dc=au read '. 'by dn.exact=cn=libpam-ldap,ou=Roles,dc=samad,dc=com,dc=au read '. 'by peername.ip=192.168.12.0%255.255.252.0 read '. 'by peername.ip=192.168.8.0%255.255.252.0 read '. 'by peername.ip=192.168.4.0%255.255.252.0 read '. 'by peername.ip=127.0.0.1 read '. 'by peername.ipv6=::1 read '. 'by peername.path=/var/run/slapd/ldapi read '. 'by * none ', I have a ipv6 network 2002:3cf1:f856::/48 but I can't seem to put in 'by peername.ipv6=2002:3cf1:f856::%48 read '. do I need to write out a complete mask
Re: Some openldap 2.4 questions
Radosław Antoniuk wrote: Hi, Three quick issues about slapd 2.4. 1. I'm setting up a syncrepl replication. In the process of testing, I had added three syncprov overlays instead of one, and I ended up with: The thing is, that I cannot delete any of them because cn=config does not support delete operation. Is this ok to leave it as is? or any workaround to get rid of the unwanted ones? Since it's just a test installation, your best action is to delete it all and start over with the correct LDIF. 2. About N-Way replication... What's the best authentication to use? Because (1) RootDN is the admin, and (2) in simple authentication I would store cleartext password in the syncrepl configuration, I'm assuming that (3) the best here would be to use some SASL mech? What do any of these 3 points have to do with each other, let alone with N-way replication? 3. Assuming a running normal replication(master-slave) with refreshAndPersist, is there any method of checking of the status of the replication? like show slave status in MySQL. I have tested it with cutting the transmission by iptables, and ok, it caught up after reconnection, but the master did not complain at all when the connection was not there... If you had read the docs http://www.openldap.org/doc/admin24/replication.html you wouldn't need to ask such questions. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/