Re: OpenLdap
> > The immediate reason for the failure should be found in the sshd logs in > > /var. But the trick with LDAP for login authentication is this: I'm probably making a mistake. I will try again from the beginning. I'll pass the information. Thanks. On Tue, Oct 12, 2021 at 5:04 PM Henning Follmann wrote: > > On Mon, Oct 11, 2021 at 06:04:08PM -0500, Nicholas Geovanis wrote: > > On Mon, Oct 11, 2021, 7:31 AM Gokan Atmaca wrote: > > > > > Hello > > > > > > I am using openldap. I configured a different server as ldap client. > > > When I say "id user", the information comes. I have two organized > > > units. "people" and "groups". my test environment. But I can't login. > > > What could be causing the problem? > > > > > > > The immediate reason for the failure should be found in the sshd logs in > > /var. But the trick with LDAP for login authentication is this: > > why should this be in the sshd logs? > > Is he/she even try to ssh into that machine and using openldap as a > passwort store? Or a local login, httpd, email... > > He/she might even try to just login into ldap, from the post > it is not clear what he/she is actually trying. > > > > > (1) Make sure the services file is stepping thru the authentication > > databases in the order you believe is correct. > > (2) make sure name resolution is doing what you think it's doing. > > (3) Make sure that clock time is synchronized across all servers involved > > in that login and authentication. > > > > > > Example: > > > $ id gokhan (ldap_user) > > > uid=1(gokhan) gid=2000(ob) groups=2000(ob) > > > > > > Thanks. > > > > > > > > > -- > > > ⢀⣴⠾⠻⢶⣦⠀ > > > ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system > > > ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org > > > ⠈⠳⣄ > > > > > > > > -- > Henning Follmann | hfollm...@itcfollmann.com >
Re: OpenLdap
On Mon, Oct 11, 2021 at 06:04:08PM -0500, Nicholas Geovanis wrote: > On Mon, Oct 11, 2021, 7:31 AM Gokan Atmaca wrote: > > > Hello > > > > I am using openldap. I configured a different server as ldap client. > > When I say "id user", the information comes. I have two organized > > units. "people" and "groups". my test environment. But I can't login. > > What could be causing the problem? > > > > The immediate reason for the failure should be found in the sshd logs in > /var. But the trick with LDAP for login authentication is this: why should this be in the sshd logs? Is he/she even try to ssh into that machine and using openldap as a passwort store? Or a local login, httpd, email... He/she might even try to just login into ldap, from the post it is not clear what he/she is actually trying. > > (1) Make sure the services file is stepping thru the authentication > databases in the order you believe is correct. > (2) make sure name resolution is doing what you think it's doing. > (3) Make sure that clock time is synchronized across all servers involved > in that login and authentication. > > > Example: > > $ id gokhan (ldap_user) > > uid=1(gokhan) gid=2000(ob) groups=2000(ob) > > > > Thanks. > > > > > > -- > > ⢀⣴⠾⠻⢶⣦⠀ > > ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system > > ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org > > ⠈⠳⣄ > > > > -- Henning Follmann | hfollm...@itcfollmann.com
Re: OpenLdap
On Mon, Oct 11, 2021, 6:04 PM Nicholas Geovanis wrote: > > > On Mon, Oct 11, 2021, 7:31 AM Gokan Atmaca wrote: > >> Hello >> >> I am using openldap. I configured a different server as ldap client. >> When I say "id user", the information comes. I have two organized >> units. "people" and "groups". my test environment. But I can't login. >> What could be causing the problem? >> > > The immediate reason for the failure should be found in the sshd logs in > /var. But the trick with LDAP for login authentication is this: > > (1) Make sure the services file is stepping thru the authentication > databases in the order you believe is correct. > I wrote "services file". I actually meant PAM configuration. Example: >> $ id gokhan (ldap_user) >> uid=1(gokhan) gid=2000(ob) groups=2000(ob) >> >> Thanks. >> >> >> -- >> ⢀⣴⠾⠻⢶⣦⠀ >> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system >> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org >> ⠈⠳⣄ >> >>
Re: OpenLdap
On Mon, Oct 11, 2021, 7:31 AM Gokan Atmaca wrote: > Hello > > I am using openldap. I configured a different server as ldap client. > When I say "id user", the information comes. I have two organized > units. "people" and "groups". my test environment. But I can't login. > What could be causing the problem? > The immediate reason for the failure should be found in the sshd logs in /var. But the trick with LDAP for login authentication is this: (1) Make sure the services file is stepping thru the authentication databases in the order you believe is correct. (2) make sure name resolution is doing what you think it's doing. (3) Make sure that clock time is synchronized across all servers involved in that login and authentication. Example: > $ id gokhan (ldap_user) > uid=1(gokhan) gid=2000(ob) groups=2000(ob) > > Thanks. > > > -- > ⢀⣴⠾⠻⢶⣦⠀ > ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system > ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org > ⠈⠳⣄ > >
OpenLdap
Hello I am using openldap. I configured a different server as ldap client. When I say "id user", the information comes. I have two organized units. "people" and "groups". my test environment. But I can't login. What could be causing the problem? Example: $ id gokhan (ldap_user) uid=1(gokhan) gid=2000(ob) groups=2000(ob) Thanks. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄
Re: SLAPD_SENTINEL_FILE problem and openldap / slapds jessie changelog missing
On Tue, Aug 20, 2019 at 11:10:12AM +0200, Neo wrote: > This seems also broken > > [root@host~]# apt changelog slapd > Err Changelog for slapd > (http://packages.debian.org/changelogs/pool/updates/main/o/openldap/openldap_2.4.40+dfsg-1+deb8u5/changelog) > 404 Not Found [IP: 5.153.231.3 80] > Err Changelog for slapd > (http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.40+dfsg-1+deb8u5.changelog) > 404 Not Found [IP: 151.101.240.204 80] > E: changelog download failed Jessie, eh? root@meglin2:~# apt-cache policy slapd slapd: Installed: (none) Candidate: 2.4.40+dfsg-1+deb8u5 Version table: 2.4.40+dfsg-1+deb8u5 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 2.4.40+dfsg-1+deb8u4 0 500 http://ftp.us.debian.org/debian/ jessie/main amd64 Packages root@meglin2:~# apt changelog slapd E: Invalid operation changelog Don't know quite what to tell you. If you can't install the pacakge, verify that you're using a sane sources.list for jessie. I don't know why your "apt" has a changelog subcommand. Did you mix releases? Turns out, it's in "apt-get" in jessie, not in "apt" or "apt-cache". root@meglin2:~# apt-cache changelog slapd E: Invalid operation changelog root@meglin2:~# apt-get changelog slapd Err Changelog for slapd (http://packages.debian.org/changelogs/pool/updates/main/o/openldap/openldap_2.4.40+dfsg-1+deb8u5/changelog) 404 Not Found Err Changelog for slapd (http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.40+dfsg-1+deb8u5.changelog) 404 Not Found E: changelog download failed ... and not working here either. Oh well. Maybe that's one of the things that LTS doesn't bother with?
Re: SLAPD_SENTINEL_FILE problem and openldap / slapds jessie changelog missing
On 19.08.2019 22:03, Andrei POPESCU wrote: apt changelog slapd Thanks for your answer Andrei This seems also broken [root@host~]# apt changelog slapd Err Changelog for slapd (http://packages.debian.org/changelogs/pool/updates/main/o/openldap/openldap_2.4.40+dfsg-1+deb8u5/changelog) 404 Not Found [IP: 5.153.231.3 80] Err Changelog for slapd (http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.40+dfsg-1+deb8u5.changelog) 404 Not Found [IP: 151.101.240.204 80] E: changelog download failed
Re: SLAPD_SENTINEL_FILE problem and openldap / slapds jessie changelog missing
On Lu, 19 aug 19, 15:15:03, Neo wrote: > Hi Debian lovers > > I struggle to find the current changelog for slapd/openldap. Try 'apt changelog slapd'. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
SLAPD_SENTINEL_FILE problem and openldap / slapds jessie changelog missing
Hi Debian lovers I struggle to find the current changelog for slapd/openldap. [root@host ~]# dpkg -l | grep slap ii slapd 2.4.40+dfsg-1+deb8u5 amd64 OpenLDAP server (slapd) [root@host ~]# cat /etc/*version 8.11 https://metadata.ftp-master.debian.org/changelogs//main/o/openldap/openldap_2.4.40+dfsg-1+deb8u5_changelog -> 404. Basically I have seen, that in the file /etc/default/slapd there is (and was before the update) this entry: # If SLAPD_SENTINEL_FILE is set to path to a file and that file exists, # the init script will not start or restart slapd (but stop will still # work). Use this for temporarily disabling startup of slapd (when doing # maintenance, for example, or through a configuration management system) # when you don't want to edit a configuration file. SLAPD_SENTINEL_FILE=/etc/ldap/noslapd so on service restart, it failed until i commented this out. Interesting: root@host ~]# ll /etc/ldap/noslapd ls: cannot access /etc/ldap/noslapd: No such file or directory So the sentence "If SLAPD_SENTINEL_FILE is set to path to a file and that file exists" seems to be wrong. on another, similar, but more actual host [ ok ] Stopping slapd (via systemctl): slapd.service. [ ok ] Starting slapd (via systemctl): slapd.service. [root@host2 bin]# dpkg -l | grep slapd ii slapd 2.4.44+dfsg-5+deb9u2 amd64 OpenLDAP server (slapd) [root@host2 bin]# cat /etc/*version 9.9 [root@host2 bin]# cat /etc/default/slapd [..] # If SLAPD_SENTINEL_FILE is set to path to a file and that file exists, # the init script will not start or restart slapd (but stop will still # work). Use this for temporarily disabling startup of slapd (when doing # maintenance, for example, or through a configuration management system) # when you don't want to edit a configuration file. SLAPD_SENTINEL_FILE=/etc/ldap/noslapd [..] Any clues about that? Thank you. Best regards Spacerat
unable to log in using openldap user
Hi, I need some guidance on setting openldap server and to do authentication using openldap users. openldap server: jessie 64-bit openldap client: jessie 64-bit ldapsearch test from client to server: # ldapsearch -h 192.168.191.120 -D cn=admin,dc=test,dc=lab -W -x -b 'dc=test,dc=lab' 'userName=*' Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: userName=* # requesting: ALL # # search result search: 2 result: 0 Success log during log in test with user admin Feb 3 09:25:33 clt nscd: nss_ldap: could not connect to any LDAP server as cn=admin,dc=test,dc=lab - Can't contact LDAP server Feb 3 09:25:33 clt nscd: nss_ldap: failed to bind to LDAP server ldap:///192.168.191.120: Can't contact LDAP server Feb 3 09:25:33 clt nscd: nss_ldap: reconnecting to LDAP server... Feb 3 09:25:33 clt nscd: nss_ldap: could not connect to any LDAP server as cn=admin,dc=test,dc=lab - Can't contact LDAP server Feb 3 09:25:33 clt nscd: nss_ldap: failed to bind to LDAP server ldap:///192.168.191.120: Can't contact LDAP server Feb 3 09:25:33 clt nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)... Feb 3 09:25:34 clt nscd: nss_ldap: could not connect to any LDAP server as cn=admin,dc=test,dc=lab - Can't contact LDAP server Feb 3 09:25:34 clt nscd: nss_ldap: failed to bind to LDAP server ldap:///192.168.191.120: Can't contact LDAP server Feb 3 09:25:34 clt nscd: nss_ldap: could not search LDAP server - Server is unavailable Feb 3 09:25:34 clt nscd: nss_ldap: could not connect to any LDAP server as cn=admin,dc=test,dc=lab - Can't contact LDAP server Feb 3 09:25:34 clt nscd: nss_ldap: failed to bind to LDAP server ldap:///192.168.191.120: Can't contact LDAP server Feb 3 09:25:34 clt nscd: nss_ldap: reconnecting to LDAP server... Feb 3 09:25:34 clt nscd: nss_ldap: could not connect to any LDAP server as cn=admin,dc=test,dc=lab - Can't contact LDAP server Feb 3 09:25:34 clt nscd: nss_ldap: failed to bind to LDAP server ldap:///192.168.191.120: Can't contact LDAP server Feb 3 09:25:34 clt nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)... Feb 3 09:25:35 clt nscd: nss_ldap: could not connect to any LDAP server as cn=admin,dc=test,dc=lab - Can't contact LDAP server Feb 3 09:25:35 clt nscd: nss_ldap: failed to bind to LDAP server ldap:///192.168.191.120: Can't contact LDAP server Feb 3 09:25:35 clt nscd: nss_ldap: could not search LDAP server - Server is unavailable Feb 3 09:25:36 clt login[2549]: pam_unix(login:auth): check pass; user unknown Feb 3 09:25:36 clt login[2549]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= Feb 3 09:25:36 clt login[2549]: pam_ldap: ldap_simple_bind Can't contact LDAP server Feb 3 09:25:36 clt login[2549]: pam_ldap: reconnecting to LDAP server... Feb 3 09:25:36 clt login[2549]: pam_ldap: ldap_simple_bind Can't contact LDAP server Feb 3 09:25:40 clt login[2549]: FAILED LOGIN (1) on '/dev/tty1' FOR 'UNKNOWN', Authentication failure article followed to setup openldap server: http://www.server-world.info/en/note?os=Debian_8&p=openldap any help would be appreciated, perhaps there's something really basic is/are missing
Re: Configuring OpenLDAP to support dynamic list overlay in Wheezy
On 06/02/14 21:06, Alan Chandler wrote: I am stuggling to understand how to get the dynamic list overlay working using OpenLdap I think I found a good solution to this problem here http://koivunej.wordpress.com/2012/07/16/learning-openldap-2-4-cnconfig-usage/ I have a least got the olcOverlay element as a subsidiary of the database config. Combining that with Step 4 here http://www.whitemiceconsulting.com/2010/02/configuring-openldaps-dynlist-in.html gives me enough clues to finish In particular it uses olcDlAttrSet Attribute to define the equivalent of dynlist-attrset Not actually working yet, but now I need to construct the actual directory tree for the data. Alan Chandler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52f53481.3060...@chandlerfamily.org.uk
Configuring OpenLDAP to support dynamic list overlay in Wheezy
I am stuggling to understand how to get the dynamic list overlay working
using OpenLdap
It uses the online version of configuring slapd, and all the
instructions on the internet seems to assume an older version with
slapd.conf file.
I have manage to configure the module part to include dynlist (at least
I have an entry in the config DIT)
I have loaded a schema which defines GroupOfURLs as an attribute, and I
have an object class called olcOverlayConfig available.
The LDAP server is running on a headless RaspberryPI, running its own
version of Debian Wheezy (Raspbian), but so far it hasn't seemed any
different to standard Debian Wheezy
The bit I can't figure out is how to add the equivalent of the two commands
overlay dynlist
dynlist-attset
I think I should create an entry under olcDatabase={1}hdb,cn=config
with
DN:olcOverlay=dynlist,olcDatabase={1}hdb,cn=config
ObjectClass:olcOverlayConfig
olcOverlay:dynlist
and presumably another attribute to handle dynlist-attset, but what?
Any help would be appreciated
Thanks
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/52f3f96b.9070...@chandlerfamily.org.uk
Re: SAMBA share permission via openldap
2012/7/7 Camaleón : > On Fri, 06 Jul 2012 12:58:18 +0800, Umarzuki Mochlis wrote: > >> Could anyone suggest a good management interface (WUI) available in >> debian squeeze repo/third party to manage SAMBA shared folder for >> openldap users? > > Not a recommendation but a list of available tools for your review: > > http://wiki.samba.org/index.php/Samba_%26_LDAP#GUI_Tools > > Mmm, at Debian standard repositories I can see "luma", "jxplorer", > "ldaptor-webui" and "gosa", not sure if any of these would be of your > liking. > > I, being a java-lover (I specially like java for small applications that > can be put in portable USB flash keys and used in multiple operating > systems), would start with "jxplorer" O:-) > thanks for the suggestion, i will check them out -- Regards, Umarzuki Mochlis http://debmal.my -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cahw9mbxcyuzddw1-ynghstvkt8kwxg7lt_enkajuwrtqe-3...@mail.gmail.com
Re: SAMBA share permission via openldap
On Fri, 06 Jul 2012 12:58:18 +0800, Umarzuki Mochlis wrote: > Could anyone suggest a good management interface (WUI) available in > debian squeeze repo/third party to manage SAMBA shared folder for > openldap users? Not a recommendation but a list of available tools for your review: http://wiki.samba.org/index.php/Samba_%26_LDAP#GUI_Tools Mmm, at Debian standard repositories I can see "luma", "jxplorer", "ldaptor-webui" and "gosa", not sure if any of these would be of your liking. I, being a java-lover (I specially like java for small applications that can be put in portable USB flash keys and used in multiple operating systems), would start with "jxplorer" O:-) Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jt9eju$2af$9...@dough.gmane.org
SAMBA share permission via openldap
Hi, Could anyone suggest a good management interface (WUI) available in debian squeeze repo/third party to manage SAMBA shared folder for openldap users? -- Regards, Umarzuki Mochlis http://debmal.my -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cahw9mbydhjhfh91yxkq-j_pwhgm7u6u-1+7vrpyr4kiodyz...@mail.gmail.com
Re: Debian's OpenLDAP
On 04/19/2011 09:04 AM, Christian Müller wrote: Hi, I'm using the Debian Squeeze OpenLDAP. Where can I set ACLs? Isn't it possible to execute the "access to" directives with ldapmodify? There's no slapd.conf file in Debian, they use a slapd.d folder - Chris Hi , it's not Debian's OpenLDAP , it is like that in all recent openldap installations . you can have access to config if you use cn=config like ldapvi -D "cn=admin,cn=config" --host ldap://localhost -b cn=config change ldapvi with the preferred ldapclient tool . Regards , Alex -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4dad3a4a.4070...@biotec.tu-dresden.de
Debian's OpenLDAP
Hi, I'm using the Debian Squeeze OpenLDAP. Where can I set ACLs? Isn't it possible to execute the "access to" directives with ldapmodify? There's no slapd.conf file in Debian, they use a slapd.d folder - Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4926bbd0f62e6d0ca6d635866cd8f...@gs-mx.com
Re: Admin password (cn=admin,dc=config) for OpenLDAP in Debian Squeeze
On 02/02/2011 05:24 PM, Rob Owens wrote: > On Mon, Jan 31, 2011 at 05:05:56PM +0200, Razvan Deaconescu wrote: >> Hi! >> >> I've browsed the configuration page for slapd[1] and it mentions that, >> for starting from version 2.3, "The LDAP configuration engine allows all >> of slapd's configuration options to be changed on the fly, generally >> without requiring a server restart for the changes to take effect." >> >> I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). Trying to >> configure TLS support I've found this page[2] mentions using the >> cn=admin,dc=config account and a password for it. What is the user and >> password required to update the LDAP configuration database in a >> Debian-based configuration? >> > Do you have a file called /etc/libnss-ldap.secret or /etc/pam_ldap.secret? > Sometimes the password is stored there. Both the /etc/libnss-ldap.conf and the /etc/pam_ldap.conf files mention that the *.secret files are to be used as password files for the LDAP account to be used by root: --- # grep -C 3 secret /etc/pam_ldap.conf # The credentials to bind with. # Optional: default is no credential. #bindpw secret # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/pam_ldap.secret (mode 600) rootbinddn cn=manager,dc=example,dc=net # The port. --- I think this is only used for the client side and is not a server configuration. Razvan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d4992cd.5020...@rosedu.org
Re: Admin password (cn=admin,dc=config) for OpenLDAP in Debian Squeeze
On Mon, Jan 31, 2011 at 05:05:56PM +0200, Razvan Deaconescu wrote: > Hi! > > I've browsed the configuration page for slapd[1] and it mentions that, > for starting from version 2.3, "The LDAP configuration engine allows all > of slapd's configuration options to be changed on the fly, generally > without requiring a server restart for the changes to take effect." > > I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). Trying to > configure TLS support I've found this page[2] mentions using the > cn=admin,dc=config account and a password for it. What is the user and > password required to update the LDAP configuration database in a > Debian-based configuration? > Do you have a file called /etc/libnss-ldap.secret or /etc/pam_ldap.secret? Sometimes the password is stored there. -Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110202152459.ga7...@aurora.owens.net
Admin password (cn=admin,dc=config) for OpenLDAP in Debian Squeeze
Hi!
I've browsed the configuration page for slapd[1] and it mentions that,
for starting from version 2.3, "The LDAP configuration engine allows all
of slapd's configuration options to be changed on the fly, generally
without requiring a server restart for the changes to take effect."
I'm using slapd 2.4.23-7 on a Debian Squeeze (testing). Trying to
configure TLS support I've found this page[2] mentions using the
cn=admin,dc=config account and a password for it. What is the user and
password required to update the LDAP configuration database in a
Debian-based configuration?
I found out the password should be stored as olcRootPW in the
olcDatabase={0}config. However, the default configuration lacks this
password:
---
# slapcat -n0 | grep -C 5 '^\(olcRootDN\|olcRootPW\)'
olcAccess: {0}to * by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: ed743d3a-adc6-102f-9a18-f1967b980507
creatorsName: cn=config
---
I found the easiest way was to add a olcRootPW option to the
olcDatabase={0}config file (password generated using slappasswd) and
then restarting the server. However, manually editing these files is
discouraged, but I didn't find a better way.
How should this be handled. Is there a specialized way of configuring
the above mentioned password?
Razvan
[1] http://www.openldap.org/doc/admin24/slapdconf2.html
[2] http://ilostmynotes.blogspot.com/2009/04/openldap-24-and-tls.html
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4d46cfd4.4000...@rosedu.org
OpenLDAP no connection!
That night, I had a problem with stopping the LDAP, the only thing I have in the log is this: connection_read(42): no connection! my version OpenLDAP is: @(#) $OpenLDAP: slapd 2.4.11 (Jul 24 2010 08:14:20) $#012#...@murphy:/build/buildd-openldap_2.4.11-1+lenny2-i386-H5BDjb/open ldap-2.4.11/debian/build/servers/slapd Debian Lenny 5. after the restart ldap I have the following message: connection_input: conn=32 deferring operation: pending operations I honestly do not know what happens, I have this problem and sometimes for my system for some reason not yet know what it is, and debugging of slapd.conf is 256 and as I passed the e-mail that is the only information I have. Can anyone help me? Thanks -- Márcio Luciano Donada Aurora Alimentos - Cooperativa Central Oeste Catarinense Departamento de T.I. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c9355d5.1040...@auroraalimentos.com.br
samba idmap and openldap. user add problem.
Hello! There is a samba (configured with backend idmap - http://kbase.redhat.com/faq/docs/DOC-4844 and http://wiki.samba.org/index.php/Ldapsam_Editposix) and ldap from lenny. Catalog filled with the necessary data for the samba. Workstations and users part of the domain. But there is a problem: Adding user: net user add testuser password -UAdministrator%password The user is not added to the group Domain Users. Enter below the the user can not do. Although the windows of his views and ldap it is. If try to manually add the group: net rpc group addmem "domain users" testuser -UAdministrator%password Users not add to group domain users. Then add the local user testuser using useradd. After this manipulation of the user can easily add to the group domain users. http://dumpz.org/11006/ - smb.conf http://dumpz.org/11008/ - nsswitch.conf http://dumpz.org/11007/ - log ldap'a when adding a user when viewing of users in such logs pdc: [2009/07/28 17:17:34, 0] passdb / pdb_get_set.c: pdb_get_group_sid (210) pdb_get_group_sid: Failed to find Unix account for testuser signature.asc Description: OpenPGP digital signature
Re: OpenLdap manual howto available
Great article. I must have a look at that ! thanks On Wed, Jul 22, 2009 at 8:35 AM, gn643202 wrote: > Lukasz Szybalski wrote: >> >> Just an FYI. >> I'm working on openldap howto for Debian. >> >> http://lucasmanual.com/mywiki/OpenLdap > > This is great, but: > > Under "Connect to openldap" with luma you should note that nothing is in > the Address Book. > > Then under "Simple address book" > > "Create a file called directory.ldiff" > Where do you create it? In /etc/ldap? > > Maybe "Connect to openldap" and "Simple address book" should be reversed? > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject > of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > > -- lubo http://www.linuxconfig.org/Linux-News/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: OpenLdap manual howto available
Lukasz Szybalski wrote: Just an FYI. I'm working on openldap howto for Debian. http://lucasmanual.com/mywiki/OpenLdap This is great, but: Under "Connect to openldap" with luma you should note that nothing is in the Address Book. Then under "Simple address book" > "Create a file called directory.ldiff" Where do you create it? In /etc/ldap? Maybe "Connect to openldap" and "Simple address book" should be reversed? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: OpenLdap manual howto available
On Mon, 20 Jul 2009 11:45:15 -0500, Lukasz Szybalski in gmane.linux.debian.user wrote: > Just an FYI. > I'm working on openldap howto for Debian. > > http://lucasmanual.com/mywiki/OpenLdap > > This manual shows how to setup openldap and gives a workaround to some > of the known bugs that prevent openldap to be reconfigured, and > migration tools from finish migration. The setting up of openldap is > fairly easy, but without few key instructions that I've listed its > almost impossible for new user to finish. > > Took me 2 weeks but after reading above OpenLdap Manual howto you will > setup ldap server in as little as 10minutes. > > Enjoy. (More content coming as days go by) Excellent ! Thanks for sharing your hard work. -- Regards, S. Fishpaste -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: OpenLdap manual howto available
On 2009-07-20 11:45, Lukasz Szybalski wrote: Just an FYI. I'm working on openldap howto for Debian. http://lucasmanual.com/mywiki/OpenLdap This manual shows how to setup openldap and gives a workaround to some of the known bugs that prevent openldap to be reconfigured, and migration tools from finish migration. The setting up of openldap is fairly easy, but without few key instructions that I've listed its almost impossible for new user to finish. Took me 2 weeks but after reading above OpenLdap Manual howto you will setup ldap server in as little as 10minutes. Enjoy. (More content coming as days go by) Contents 1. OpenLDAP 1. What is required 2. Install 3. Authentication 4. Connect to openldap 5. Simple addressbook 1. Thunderbird Thanks for your hard work. This should be very useful to me. 2. Outlook 2. Linux integration with LDAP 1. libnss-ldap 1. migrationtools 2. libpam 3. Troubleshooting 1. result: 32 No such object 4. References -- Scooty Puff, Sr The Doom-Bringer -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
OpenLdap manual howto available
Just an FYI. I'm working on openldap howto for Debian. http://lucasmanual.com/mywiki/OpenLdap This manual shows how to setup openldap and gives a workaround to some of the known bugs that prevent openldap to be reconfigured, and migration tools from finish migration. The setting up of openldap is fairly easy, but without few key instructions that I've listed its almost impossible for new user to finish. Took me 2 weeks but after reading above OpenLdap Manual howto you will setup ldap server in as little as 10minutes. Enjoy. (More content coming as days go by) Contents 1. OpenLDAP 1. What is required 2. Install 3. Authentication 4. Connect to openldap 5. Simple addressbook 1. Thunderbird 2. Outlook 2. Linux integration with LDAP 1. libnss-ldap 1. migrationtools 2. libpam 3. Troubleshooting 1. result: 32 No such object 4. References -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: OpenLDAP stuff ??
On Tuesday, 10.03.2009 at 12:12 -0300, Rodrigo Hashimoto wrote: > I wanna study openldap but I didn't find any cool tutorial or site to > study it, does anyone has something or know any site ? There are lots of OpenLDAP tutorials around, googling those terms returns many. Perhaps you should explain exactly why they aren't suitable or some more details of what you're trying to do? Dave. -- Dave Ewart da...@ceu.ox.ac.uk Computing Manager, Cancer Epidemiology Unit University of Oxford / Cancer Research UK PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc N 51.7516, W 1.2152 signature.asc Description: Digital signature
OpenLDAP stuff ??
Hello, I wanna study openldap but I didn't find any cool tutorial or site to study it, does anyone has something or know any site ? Thanks
active directory replicating over openldap
hi, someone knows if active directory can replicate its database over an openldap server in debian...and if its possible how...or where can i find a hoeto... thanks
Migration: Active Directory ---> OpenLDAP
Hi All, I need advice. Currently we have Windows 2003 as our authentication service using AD. We wanted to migrate it to OpenLDAP. Is there a way to migrate this using scripts or is there any tools that I can use? Thanks! cheers, janskey
openldap, kerberos, ssh
hello folks, i am trying to migrate from NIS setup to a ldap setup to achieve the following. a) LDAP server holds multiple NIS domain user information, nfs automount information associated with the nis domains. b) the user authentication via ssh is done against a kerberos server to provide one-time login support. c) the ldap server also checks with Microsoft AD directory to see if the user account has a corresponding account in AD. if it doesn't then it fails. I am kind of stuck has to how to achieve b & c. I have read about padl migration tools for nis to ldap but beyond that i am lost. I kind of figure that referral option ldap could probably be used to query AD. I am not sure. Would appreciate pointers to guides, hints, writeups of successful implementations . thank you. regards John ps: i am not subscribed to the list. please cc: me Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
openldap, kerberos, ssh
hello folks, i am trying to migrate from NIS setup to a ldap setup to achieve the following. a) LDAP server holds multiple NIS domain user information, nfs automount information associated with the nis domains. b) the user authentication via ssh is done against a kerberos server to provide one-time login support. c) the ldap server also checks with Microsoft AD directory to see if the user account has a corresponding account in AD. if it doesn't then it fails. I am kind of stuck has to how to achieve b & c. I have read about padl migration tools for nis to ldap but beyond that i am lost. I kind of figure that referral option ldap could probably be used to query AD. I am not sure. Would appreciate pointers to guides, hints, writeups of successful implementations . thank you. regards John ps: i am not subscribed to the list. please cc: me Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
openldap, kerberos, ssh
hello folks, i am trying to migrate from NIS setup to a ldap setup to achieve the following. a) LDAP server holds multiple NIS domain user information, nfs automount information associated with the nis domains. b) the user authentication via ssh is done against a kerberos server to provide one-time login support. c) the ldap server also checks with Microsoft AD directory to see if the user account has a corresponding account in AD. if it doesn't then it fails. I am kind of stuck has to how to achieve b & c. I have read about padl migration tools for nis to ldap but beyond that i am lost. I kind of figure that referral option ldap could probably be used to query AD. I am not sure. Would appreciate pointers to guides, hints, writeups of successful implementations . thank you. regards John Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: which stands for openldap on debian
Openldap is provided by slapd Sjoerd Mathias Brodala schreef: > Hi. > > abdelkader belahcene, 22.08.2007 11:33: >> There is no openldap on debian, Which package stands for it > > Use "apt-cache search openldap". > > > Regards, Mathias > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: which stands for openldap on debian
Hi. abdelkader belahcene, 22.08.2007 11:33: > There is no openldap on debian, Which package stands for it Use "apt-cache search openldap". Regards, Mathias -- debian/rules signature.asc Description: OpenPGP digital signature
which stands for openldap on debian
Hi, There is no openldap on debian, Which package stands for it best regards -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail +SASL +openldap
On Mon, 13 Aug 2007, Sergio Belkin wrote: Hi community Hello I have to authenticate Sendmail using openldap (I can't choose another SMTP is for my job, also I've already got cyrus-imap using sasl and openldap). I use sendmail/openldap/dovecot Should I SASL in order to integrate both sendmail and openldap. Or does another way exist of performing this task? To have sendmail recognize a user in ldap as local, the getpw* functions will need to work. This means you should make sure libnss-ldap is installed and working (and `getent passwd ` works) You will still likely want SASL setup (libsasl2, libsasl2-modules, sasl2-bin) so you eventually setup SMTP AUTH with other than PLAIN/LOGIN. -- Rick Nelson "[In 'Doctor' mode], I spent a good ten minutes telling Emacs what I thought of it. (The response was, 'Perhaps you could try to be less abusive.')" (By Matt Welsh) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Sendmail +SASL +openldap
Hi community I have to authenticate Sendmail using openldap (I can't choose another SMTP is for my job, also I've already got cyrus-imap using sasl and openldap). Should I SASL in order to integrate both sendmail and openldap. Or does another way exist of performing this task? Thanks in advance! -- Sergio Belkin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: import a md5 hash to openldap userpassword
On Sun, Jun 17, 2007 at 01:03:30AM +0200, Martin Marcher wrote:
> Hello,
>
> this will probably land on some ldap ldap list but maybe someone knows
> offhand:
>
> i have a couple of users in a database with the passwords stored as md5
> hashes
>
> something like
>
> "alice" "3858f62230ac3c915f300c664312c63f" (foobar in plaintext)
>
> Now i want to import alice into ldap
>
> dn: uid=alice,dc=example,dc=com
> objectClass: simpleSecurityObject
> userpassword: {MD5}3858f62230ac3c915f300c664312c63f
>
> which doesn't really work. I found serveral that suggested using a
> base64 encoded string
>
IIRC, the MD5 format used by ldap, login and so on, is not the same as a
vanilla md5 hash. That is, the password uses a salt and a modified md5
algorithm. Without having the plaintext passwords, I am not sure how
you can convert one to the other.
As a side note, if you are using this ldap for login authentication, you
want to make sure that your clients are configured to use 'pam_password
exop' so that the password hashing gets handled on the server. Of
course, this means that you want an SSL link to your ldap server.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
import a md5 hash to openldap userpassword
Hello,
this will probably land on some ldap ldap list but maybe someone knows offhand:
i have a couple of users in a database with the passwords stored as md5 hashes
something like
"alice" "3858f62230ac3c915f300c664312c63f" (foobar in plaintext)
Now i want to import alice into ldap
dn: uid=alice,dc=example,dc=com
objectClass: simpleSecurityObject
userpassword: {MD5}3858f62230ac3c915f300c664312c63f
which doesn't really work. I found serveral that suggested using a
base64 encoded string
so I tried:
userpassword:: Mzg1OGY2MjIzMGFjM2M5MTVmMzAwYzY2NDMxMmM2M2Y=
userpassword: {MD5}Mzg1OGY2MjIzMGFjM2M5MTVmMzAwYzY2NDMxMmM2M2Y=
all to no avail.
any hints on the right format (I don't have the plaintext passwords
and I'd prefer not to spend time with brute forcing them)
thanks
martin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Installing OpenLDAP on Etch
On Fri, 2007-05-04 at 20:54 -0400, Jan Sneep wrote:
> > -Original Message-
> > From: Greg Folkert [mailto:[EMAIL PROTECTED]
> > Sent: May 4, 2007 4:13 PM
> > To: debian-user@lists.debian.org
> > Subject: Re: Installing OpenLDAP on Etch
> >
>
>
>
> > Then follow your instructions after the "configuring and installing
> > sections" in the guide.
>
> Nothing seems to be in the same folder that corresponds to the manual ...
> know of any documentation that tells where files were created during the
> Debian install ... the Gnome -> Places -> Find Files is petty useless at
> actually finding anything ... :O(
Location of files won't be exactly like they have them... it not a "word
for word" translation.
IOW, you start here:
http://www.openldap.org/doc/admin23/slapdconf2.html
Files are not located in /usr/local/etc/openldap/, but are in /etc/ldap.
/usr/local/etc/openldap/slapd.conf is actually /etc/ldap/slapd.conf.
So, in other words, remove the "/usr/local" from the front of the
instructions.
Things that are "supposed to be located" in /usr/local/var will be
located under /var/lib/slapd. In fact /etc/ldap/slapd.conf has the
following directive:
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
In it. So, things aren't as missing as you thought.
The binaries for all the OpenLDAP stuff will be in /usr/bin
and /usr/sbin (some may even be in /bin or /sbin, depending on thier
actual function, but typically not). Any libraries need for OpenLDAP
will be in /usr/lib/ldap.
All of these changes are due to the File Hierarchy System (to see the
directive do "man hier") as it is applied to Most Distributions. Yes
while confusing, it does allow for making a cohesive system. Where as
using the "/usr/local" directives keep most everything in
"/usr/local/openldap" making a nice little container for everything, it
does make it tougher to make a "good, stable, integrated and
maintainable" system of it.
Also, to figure out exactly "what" was installed and where they are use
the following, in a gnome-terminal:
dpkg -L slapd | less
and for the ldap-utils do:
dpkg -L ldap-utils
This will tell you exactly where things are.
--
greg, [EMAIL PROTECTED]
Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup
signature.asc
Description: This is a digitally signed message part
RE: Installing OpenLDAP on Etch
Many Thanks Greg (and all the others who have been helping me with this one today) ... that worked perfectly. :O) > -Original Message- > From: Greg Folkert [mailto:[EMAIL PROTECTED] > Sent: May 4, 2007 4:13 PM > To: debian-user@lists.debian.org > Subject: Re: Installing OpenLDAP on Etch > > > On Fri, 2007-05-04 at 16:08 -0400, Jan Sneep wrote: > > I'm trying to install OpenLDAP. Has anyone done this on Etch yet? > > > > I have downloaded the software and extracted the files as > per the Admin > > Guide and I'm stuck on one of the steps. I think based on > the output in the > > log files that this has to do with the default setup under > Debian Etch so > > thought I should post the question here first. > > > > After downloading the software you are supposed to run the > script Configure. > > > > http://www.openldap.org/doc/admin23/install.html#Running%20configure > > > > apt-get install slapd ldap-utils > > Then follow your instructions after the "configuring and installing > sections" in the guide. > > > -- > greg, [EMAIL PROTECTED] > > Novell's Directory Services is a competitive product to Microsoft's > Active Directory in much the same way that the Saturn V is a > competitive > product to those dinky little model rockets that kids light > off down at > the playfield. -- Thane Walkup > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.467 / Virus Database: 269.6.2/787 - Release > Date: 2007.05.03 2:11 PM > No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.467 / Virus Database: 269.6.2/787 - Release Date: 2007.05.03 2:11 PM -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Installing OpenLDAP on Etch
On Fri, 2007-05-04 at 16:08 -0400, Jan Sneep wrote: > I'm trying to install OpenLDAP. Has anyone done this on Etch yet? > > I have downloaded the software and extracted the files as per the Admin > Guide and I'm stuck on one of the steps. I think based on the output in the > log files that this has to do with the default setup under Debian Etch so > thought I should post the question here first. > > After downloading the software you are supposed to run the script Configure. > > http://www.openldap.org/doc/admin23/install.html#Running%20configure > apt-get install slapd ldap-utils Then follow your instructions after the "configuring and installing sections" in the guide. -- greg, [EMAIL PROTECTED] Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part
Installing OpenLDAP on Etch
I'm trying to install OpenLDAP. Has anyone done this on Etch yet? I have downloaded the software and extracted the files as per the Admin Guide and I'm stuck on one of the steps. I think based on the output in the log files that this has to do with the default setup under Debian Etch so thought I should post the question here first. After downloading the software you are supposed to run the script Configure. http://www.openldap.org/doc/admin23/install.html#Running%20configure when I ran ./configure the first time the output was; debian:/etc/openldap/openldap-2.3.35# ./configure Configuring OpenLDAP 2.3.35-Release ... checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... no checking for mawk... mawk checking whether make sets $(MAKE)... yes checking configure arguments... done checking for cc... no checking for gcc... no configure: error: Unable to locate cc(1) or suitable replacement. Check PATH or set CC. So after some help from the list I did; export CC=/usr/lib/gcc/i486-linux-gnu/4.1.2/cc1 and the ran the ./configure again and the output changed to; debian:/etc/openldap/openldap-2.3.35# ./configure Configuring OpenLDAP 2.3.35-Release ... checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... no checking for mawk... mawk checking whether make sets $(MAKE)... yes checking configure arguments... done checking for ar... ar checking for style of include used by make... GNU checking for gcc... /usr/lib/gcc/i486-linux-gnu/4.1.2 checking for C compiler default output file name... configure: error: C compiler cannot create executables See `config.log' for more details. So it recognised c1 as a C Compiler, but still couldn't do the job. Looking in the 'config.log' file down toward the middle I can see the following lines; configure:4633: checking whether the C compiler works configure:4639: ./conftest.s ./configure: line 4640: ./conftest.s: Permission denied configure:4642: $? = 126 configure:4651: error: cannot run C compiled programs. Which makes it looks like a PERMISSIONS issue? Can anyone help with what I might do to get this to work? The following is the full output of the 'config.log' file. This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by configure, which was generated by GNU Autoconf 2.59. Invocation command line was $ ./configure ## - ## ## Platform. ## ## - ## hostname = debian uname -m = i686 uname -r = 2.6.18-4-686 uname -s = Linux uname -v = #1 SMP Wed Apr 18 09:55:10 UTC 2007 /usr/bin/uname -p = unknown /bin/uname -X = unknown /bin/arch = i686 /usr/bin/arch -k = unknown /usr/convex/getsysinfo = unknown hostinfo = unknown /bin/machine = unknown /usr/bin/oslevel = unknown /bin/universe = unknown PATH: /usr/local/sbin PATH: /usr/local/bin PATH: /usr/sbin PATH: /usr/bin PATH: /sbin PATH: /bin PATH: /usr/bin/X11 PATH: /usr/lib/gcc/i486-linux-gnu/4.1.2 PATH: /etc/openldap/openldap-2.3.35 ## --- ## ## Core tests. ## ## --- ## configure:1616: checking build system type configure:1634: result: i686-pc-linux-gnulibc1 configure:1642: checking host system type configure:1656: result: i686-pc-linux-gnulibc1 configure:1664: checking target system type configure:1678: result: i686-pc-linux-gnulibc1 configure:1707: checking for a BSD-compatible install configure:1762: result: /usr/bin/install -c configure:1773: checking whether build environment is sane configure:1816: result: yes configure:1881: checking for gawk configure:1910: result: no configure:1881: checking for mawk configure:1897: found /usr/bin/mawk configure:1907: result: mawk configure:1917: checking whether make sets $(MAKE) configure:1937: result: yes configure:2146: checking configure arguments configure:3867: result: done configure:4083: checking for ar configure:4099: found /usr/bin/ar configure:4109: result: ar configure:4168: checking for style of include used by make configure:4196: result: GNU configure:4267: checking for gcc configure:4293: result: /usr/lib/gcc/i486-linux-gnu/4.1.2/cc1 configure:4537: checking for C compiler version configure:4540: /usr/lib/gcc/i486-linux-gnu/4.1.2/cc1 --version &5 GNU C version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) (i486-linux-gnu) compiled by GNU C version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21). GGC heuristics: --param ggc-min-expand=47 --param ggc-min-heapsize=31993 configure:4543: $? = 0
openldap crashed when syncrepl is activ
Hallo to all, I'm doing some testing with slapd (from testing, 2.3.25-1 ) and syncrepl. Syncrepl loads now, but every time I try to modify something, for example a telephoneNumber, the slapd crashes. If I deactivate syncrepl there is no problem. Can anybody tell me if it is a configuration error or a bug? Tia! Angela Here the debug output and my slapd.conf => access_allowed: auth access granted by auth(=xd) conn=8 op=0 BIND dn="cn=admin,dc=aag" mech=SIMPLE ssf=0 send_ldap_result: err=0 matched="" text="" conn=8 op=0 RESULT tag=97 err=0 text= daemon: activity on 1 descriptor daemon: activity on: 11r daemon: read activity on 11 connection_get(11) ber_dump: buf=0x0819b090 ptr=0x0819b090 end=0x0819b0f9 len=105 : 02 01 02 66 44 04 1b 75 69 64 3d 63 6b 65 6e 74 ...fD..uid=ckent 0010: 2c 6f 75 3d 76 65 72 6b 61 75 66 2c 64 63 3d 61 ,ou=verkauf,dc=a 0020: 61 67 30 25 30 23 0a 01 02 30 1e 04 0f 74 65 6c ag0%0#...0...tel 0030: 65 70 68 6f 6e 65 4e 75 6d 62 65 72 31 0b 04 09 ephoneNumber1... 0040: 31 31 31 31 31 31 31 31 31 a0 1e 30 1c 04 17 32 1..0...2 0050: 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 .16.840.1.113730 0060: 2e 33 2e 34 2e 32 01 01 ff.3.4.2... daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL ber_dump: buf=0x0819b090 ptr=0x0819b093 end=0x0819b0f9 len=102 : 66 44 04 1b 75 69 64 3d 63 6b 65 6e 74 2c 6f 75 fD..uid=ckent,ou 0010: 3d 76 65 72 6b 61 75 66 2c 64 63 3d 61 61 67 30 =verkauf,dc=aag0 0020: 25 30 23 0a 01 02 30 1e 04 0f 74 65 6c 65 70 68 %0#...0...teleph 0030: 6f 6e 65 4e 75 6d 62 65 72 31 0b 04 09 31 31 31 oneNumber1...111 0040: 31 31 31 31 31 31 a0 1e 30 1c 04 17 32 2e 31 36 11..0...2.16 0050: 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e .840.1.113730.3. 0060: 34 2e 32 01 01 ff 4.2... do_modify: dn (uid=ckent,ou=verkauf,dc=aag) ber_dump: buf=0x0819b090 ptr=0x0819b0b4 end=0x0819b0f9 len=69 : 30 23 0a 01 02 30 1e 04 0f 74 65 6c 65 70 68 6f 0#...0...telepho 0010: 6e 65 4e 75 6d 62 65 72 31 0b 04 09 31 31 31 31 neNumber1... 0020: 31 31 31 31 31 a0 1e 30 1c 04 17 32 2e 31 36 2e 1..0...2.16. 0030: 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 840.1.113730.3.4 0040: 2e 32 01 01 ff .2... ber_dump: buf=0x0819b090 ptr=0x0819b0db end=0x0819b0f9 len=30 : 30 1c 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 0...2.16.840.1.1 0010: 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 ff 13730.3.4.2... ber_dump: buf=0x0819b090 ptr=0x0819b0f6 end=0x0819b0f9 len=3 : 00 01 ff ... => ldap_bv2dn(uid=ckent,ou=verkauf,dc=aag,0) <= ldap_bv2dn(uid=ckent,ou=verkauf,dc=aag)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=ckent,ou=verkauf,dc=aag)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=ckent,ou=verkauf,dc=aag)=0 modifications: replace: telephoneNumber one value, length 9 conn=8 op=1 MOD dn="uid=ckent,ou=verkauf,dc=aag" conn=8 op=1 MOD attr=telephoneNumber bdb_modify: uid=ckent,ou=verkauf,dc=aag <= acl_access_allowed: granted to database root bdb_modify_internal: replace telephoneNumber bdb_modify_internal: replace entryCSN bdb_modify_internal: replace modifiersName bdb_modify_internal: replace modifyTimestamp send_ldap_result: err=0 matched="" text="" modifications: Speicherzugriffsfehler *** # This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile/var/run/slapd/slapd.args # Read slapd.conf(5) for possible values loglevel0 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb moduleload syncprov # The maximum number of entries that is returned for a search operation sizelimit 500 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 ### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend
howto openldap secured
hi everyone, Is the slapd package provided in debian stable SSL/TSL enabled (does-it support the protocol 'ldaps') or, do I have to install other packages. Thanks signature.asc Description: Ceci est une partie de message numériquement signée
Re: openssh authentication via openldap
darwin <[EMAIL PROTECTED]> writes: > All, > I just set up three of my debian sarge boxes to authenticate against > an openldap server. I'm using PAM and everything works as expected > except for ssh on one host. When I try to ssh to the box as an ldap > user I immediately get kicked out. From this box I can successfully > grab getent ldap info and also su to ldap users. I'm not quite sure > what's going on here. Why would every service work except for ssh ? > I've pasted some logs below and some /etc/pam.d files but everything > *seems* in order. Any help would be appreciated. > > /var/log/auth.log > Feb 27 04:44:37 web2 sshd[26645]: Illegal user foo from :::172.16.0.1 > Feb 27 04:44:39 web2 sshd[26645]: (pam_unix) check pass; user unknown > Feb 27 04:44:39 web2 sshd[26645]: (pam_unix) authentication failure; > logname= uid=0 euid=0 tty=ssh ruser= rhost=asdf > Feb 27 04:44:39 web2 sshd[26645]: pam_ldap: error trying to bind as > user "uid=foo,cn=users,dc=domain,dc=tld" (Invalid credentials) <--- > The password is correct :) > Feb 27 04:44:40 web2 sshd[26645]: error: PAM: Authentication failure > for illegal user foo from asdf > Feb 27 04:44:40 web2 sshd[26645]: Failed keyboard-interactive/pam for > illegal user foo from :::172.16.0.1 port 58015 ssh2 > > /etc/pam.d > :: > ssh > :: > auth required pam_nologin.so > auth required pam_env.so # [1] > @include common-auth > @include common-account > @include common-session > sessionoptional pam_motd.so # [1] > sessionoptional pam_mail.so standard noenv # [1] > sessionrequired pam_limits.so > @include common-password > :: > common-account > :: > account required pam_unix.so > account sufficient pam_ldap.so > :: > common-auth > :: > authrequired pam_env.so > authsufficient pam_unix.so likeauth nullok > authsufficient pam_ldap.so use_first_pass > authrequired pam_deny.so > session required pam_mkhomedir.so skel=/etc/skel umask=0027 > :: > common-password > :: > passwordrequired pam_cracklib.so retry=3 type= > passwordsufficient pam_unix.so nullok use_authtok md5 shadow > passwordsufficient pam_ldap.so use_authtok > passwordrequired pam_deny.so > :: > common-session > :: > session required pam_limits.so > session required pam_unix.so > session optional pam_ldap.so I once had a problem with ssh/ldap... it turned out I had forgotten to restart the ssh daemon after changing pam. I know it's simple... but I forgot to do it. Maybe you did too? Nic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
openssh authentication via openldap
All, I just set up three of my debian sarge boxes to authenticate against an openldap server. I'm using PAM and everything works as expected except for ssh on one host. When I try to ssh to the box as an ldap user I immediately get kicked out. From this box I can successfully grab getent ldap info and also su to ldap users. I'm not quite sure what's going on here. Why would every service work except for ssh ? I've pasted some logs below and some /etc/pam.d files but everything *seems* in order. Any help would be appreciated. /var/log/auth.log Feb 27 04:44:37 web2 sshd[26645]: Illegal user foo from :::172.16.0.1 Feb 27 04:44:39 web2 sshd[26645]: (pam_unix) check pass; user unknown Feb 27 04:44:39 web2 sshd[26645]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=asdf Feb 27 04:44:39 web2 sshd[26645]: pam_ldap: error trying to bind as user "uid=foo,cn=users,dc=domain,dc=tld" (Invalid credentials) <--- The password is correct :) Feb 27 04:44:40 web2 sshd[26645]: error: PAM: Authentication failure for illegal user foo from asdf Feb 27 04:44:40 web2 sshd[26645]: Failed keyboard-interactive/pam for illegal user foo from :::172.16.0.1 port 58015 ssh2 /etc/pam.d :: ssh :: auth required pam_nologin.so auth required pam_env.so # [1] @include common-auth @include common-account @include common-session sessionoptional pam_motd.so # [1] sessionoptional pam_mail.so standard noenv # [1] sessionrequired pam_limits.so @include common-password :: common-account :: account required pam_unix.so account sufficient pam_ldap.so :: common-auth :: authrequired pam_env.so authsufficient pam_unix.so likeauth nullok authsufficient pam_ldap.so use_first_pass authrequired pam_deny.so session required pam_mkhomedir.so skel=/etc/skel umask=0027 :: common-password :: passwordrequired pam_cracklib.so retry=3 type= passwordsufficient pam_unix.so nullok use_authtok md5 shadow passwordsufficient pam_ldap.so use_authtok passwordrequired pam_deny.so :: common-session :: session required pam_limits.so session required pam_unix.so session optional pam_ldap.so -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
non debian source (openldap)
I am trying to install openldap-2.3.17(stable) because I need some features (smbk5passwd) which are not present in debian stable or testing packages. It builds fine on sarge, but I am concerned about future upgrades and debian packages that depend on ldap libraries What would be the best way to deal with non debian sources: a) openldap installs in /usr/local/[bin|lib|include|..etc] by default, so I leave it there (then it would not be in the way of possible future debian package). Then, make symbolic links from /usr/local/lib/* and /usr/local/include/* to proper debian locations. Then, make three dummy packages with equivs that provide same things that debian ldap packages provide (slapd, tools, ldap libraries) so other ldap dependant packages work. I am especially concerned with ldap shared libraries, and whether symbolic links to proper locations is all that it takes to make other dependant packages install and work. b) install openldap in /usr/local/..., but install debian ldap libraries so other packages that are depending on them would install or work
Re: strange uid attribute in OpenLDAP
Eugen Wintersberger wrote: Hi there I'm trying to use LDAP to administer the users on our department network. So far, Kerberos works fine, and also storing the user data into LDAP seems to work. However, if I set in an LDIF file the uid attribute to, for instance testuser and add the LDIF file to the LDAP tree, asubsequent ldapsearch yields something like this: . . . . uid::=Xgswqef . . . or something in this way. If I use gq (a GTK program) to search the LDAP tree the uid attribute of the new user looks ok. Has anyone of you an idea whats going on here. thanks Eugen PS: I use a Debain testing system on this machine. The second colon (:) signifies that it's base64 encoded. The client gq (and lots of other clients) will transparently base64 decode any attributes that are stored that way. The ldapsearch client shows you exactly what's stored in the directory. The spec says that any value may (or may not) be base64 encoded. be well, ~c -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
strange uid attribute in OpenLDAP
Hi there I'm trying to use LDAP to administer the users on our department network. So far, Kerberos works fine, and also storing the user data into LDAP seems to work. However, if I set in an LDIF file the uid attribute to, for instance testuser and add the LDIF file to the LDAP tree, asubsequent ldapsearch yields something like this: . . . . uid::=Xgswqef . . . or something in this way. If I use gq (a GTK program) to search the LDAP tree the uid attribute of the new user looks ok. Has anyone of you an idea whats going on here. thanks Eugen PS: I use a Debain testing system on this machine. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Problem with OpenLDAP + Courier-IMAP
Hi, I'm running a small server on Debian 3.1. I set up Courier IMAP with LDAP. Mail account are stored in rootitMailaccount schemas. The Mailboxes are served fine. Anyway, if I try to use authenumerate I get the following in my mail.log: Jun 8 10:21:00 server authdaemond.ldap: authdaemond.ldap: getvalues.c:37: ldap_get_values: Assertion `target != ((void *)0)' failed. Jun 8 10:21:00 server authdaemond.ldap: restarting authdaemond children Can anybody help me? Thank you for your interest. Best regards, Peter
Re: Using Openldap for office contacts
In message <[EMAIL PROTECTED]>, Robert S <[EMAIL PROTECTED]> writes I have installed debian in our office - principally for use as a mail server, using courier-imap. We've got about 6 windows PCs and one debian box. Has worked without a hitch and everyone is very pleased with it. I'm wondering if it might be possible to convert our contacts database (currently we're using MS Outlook 2000) over to Openldap. There would need to be some simple way with which we could modify records in the ldap database. So far it looks as if you need to write a program that converts a .csv to an .ldif file then import it into ldap. This is much too complicated - we'd need to be able to use a windows client program to do that. So far I've got the impression that there is no easy way of doing this at the moment. Is there a website that explains how to do this? I don't think there's a mail client program that will do it. It's quite possible to use a browser with perl/CGI on the server, platform independent. I'm using thttpd, not apache, and three CGI scripts of about 3K each to do a simple listing (with Mailto: entries), an edit, and a new contact page. It's very crude and only has email names and full names. You'd want more fields for a proper contact list but that's not too hard. What it doesn't have at all is proper security (the ldap admin's password is hard-coded into the edit and write scripts) but that could be added. Ldap is good at permissions. It's the perl LDAP module that does all the clever bits, and it wouldn't be hard to do a much more sophisticated job. The drawback is that you'd need to get a bit familiar with perl, which has a fairly sharp initial learning curve if you're used to more formal programming languages. What you'll probably also find useful, if you don't already know about it, is LDAPExplorerTool which runs under Windows and allows you to see what's going on and fix mistakes. -- Joe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Using Openldap for office contacts
On Mon, Nov 29, 2004 at 10:26:01AM +1100, Robert S wrote: > I'm wondering if it might be possible to convert our contacts database > (currently we're using MS Outlook 2000) over to Openldap. There would need > to be some simple way with which we could modify records in the ldap > database. > So far it looks as if you need to write a program that converts a .csv to an > .ldif file then import it into ldap. such a script sounds like the way to go for the initial import... http://www.openldap.org/lists/openldap-software/200308/msg00598.html > need to be able to use a windows client program to do that. I don't know what software would be best to update the contacts database from windows, there's apparently a program "luma" that does it from Debian. http://luma.sourceforge.net/screenshots.html anyone know about updating ldap addressbooks from windows? don't mail clients allow you to update ldap addressbooks? Sorry, I have no clues about LDAP! Sam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Using Openldap for office contacts
I have installed debian in our office - principally for use as a mail server, using courier-imap. We've got about 6 windows PCs and one debian box. Has worked without a hitch and everyone is very pleased with it. I'm wondering if it might be possible to convert our contacts database (currently we're using MS Outlook 2000) over to Openldap. There would need to be some simple way with which we could modify records in the ldap database. So far it looks as if you need to write a program that converts a .csv to an .ldif file then import it into ldap. This is much too complicated - we'd need to be able to use a windows client program to do that. So far I've got the impression that there is no easy way of doing this at the moment. Is there a website that explains how to do this? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Looking for openldap 2.2
Hello All Does anyone have a deb of openldap 2.2.18 The latest version I can find is 2.1.30-3 Thank you Andrew Ritchie --- Server and Database Administrator ed-IT, Faculty Of Education Doug McDonell Building The University of Melbourne ph: 8344 8719 __ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SPAM] Re: openldap and debian
Michael Banta wrote: I'm using apt to try to install openldap. However it shows packages that need to be installed that do not make sense to me. Like: xfree86-common xlibs I don't run x-windows, why would it need a xfree86 anything? Also I assumed that it install Berkeley db for a database(as a dependency). It does not attempt to do do. I am installing from official sources(debian). I did apt-get install ldap-server and apt-get install slapd, both say they need to install these files. The xfree86 stuff. I don't even have x installed. OK. ldap-server is a virtual package provided by slapd. Using "apt-rdepends slapd" (package: apt-rdepends), it appears that the X dependencies are being pulled in by the libiodbc2 package. Basically this should be considered a bug. However, for what it's worth, libiodbc2 only has this dependency in stable/woody. The libiodbc2 library does not list these dependencies in the unstable version. I assume that the xlibs and libgtk1.2 dependencies for libiodbc2 are just compile time options for libiodbc2. So, that leaves three options. One is to use libiodbc2 from testing or unstable. However, since pulling in libiodbc2 from testing or unstable would (from what I can tell) involve upgrading your libc6 to testing or unstable, that really isn't an option. A second option is to recompile the libiodbc2 package for woody and configure whichever compile-time options are needed to not include support for whatever is pulling in those dependencies. A third option is to download the .deb for your architecture from http://packages.debian.org/stable/libs/libiodbc2 and force install it with dpkg without installing those dependencies. I would think it should still run. Maybe others see something that I've missed. Which of these options sounds best to you? Ask here if you need assistance with whatever you choose. dircha -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SPAM] Re: openldap and debian
> Michael Banta wrote: > > I'm using apt to try to install openldap. However it shows packages > > that need to be installed that do not make sense to me. Like: > > > > xfree86-common xlibs > > > > I don't run x-windows, why would it need a xfree86 anything? > > > > Also I assumed that it install Berkeley db for a database(as a > > dependency). It does not attempt to do do. > > What is the name of the package you are attempting to install, and are > you installing it from an official debian source, or a third party apt > repository? This will be helpful to help figure out how to get it to do > what you want. > > Using "apt-cache show [package name]", does the package you are > attempting to install list xfree86-common and xlibs as Depends: or only > as Recommends:? > > If this is the problem, while for aptitude I know the /etc/apt/apt.conf > option to prevent treating recommended packages as dependencies, I do > not recall how to do this with apt-get. I believe that dselect provides > for this as well. Are you handy with dselect? > > dircha > Ok, it says the following packages will be installed also, so I guess dependencies. I am installing from official sources(debian). I did apt-get install ldap-server and apt-get install slapd, both say they need to install these files. The xfree86 stuff. I don't even have x installed. I have no experience with dselect. Thanks for replying. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: openldap and debian
Michael Banta wrote: I'm using apt to try to install openldap. However it shows packages that need to be installed that do not make sense to me. Like: xfree86-common xlibs I don't run x-windows, why would it need a xfree86 anything? Also I assumed that it install Berkeley db for a database(as a dependency). It does not attempt to do do. What is the name of the package you are attempting to install, and are you installing it from an official debian source, or a third party apt repository? This will be helpful to help figure out how to get it to do what you want. Using "apt-cache show [package name]", does the package you are attempting to install list xfree86-common and xlibs as Depends: or only as Recommends:? If this is the problem, while for aptitude I know the /etc/apt/apt.conf option to prevent treating recommended packages as dependencies, I do not recall how to do this with apt-get. I believe that dselect provides for this as well. Are you handy with dselect? dircha -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
openldap and debian
Hello. I have a question about openldap and debian. I'm using apt to try to install openldap. However it shows packages that need to be installed that do not make sense to me. Like: xfree86-common xlibs I don't run x-windows, why would it need a xfree86 anything? Also I assumed that it install Berkeley db for a database(as a dependency). It does not attempt to do do. Anyone have any advice?
openldap - cannot access local accounts when network is down
This is in continuation to another thread titled: "LDAP client configuration question". But since the question is a bit different than that I am opening another thread... I have two machines one acting as LDAP server (k2) and another LDAP client (kusumanchi). When the network is present, I am able to login into both local and ldap accounts from "kusumanchi". But when the network is down (unplugging the ethernet cable), I am not able to login into the client at all ... Can anyone tell me what to do? My configuration files are as follows 1) /etc/ldap/ldap.conf host k2.mae.cornell.edu base o=cttg,c=US ssl no pam_password md5 2) /etc/nsswitch.conf passwd: ldap compat group: ldap compat shadow: ldap compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis 3) /etc/pam.d/common-account account sufficient pam_unix.so use_first_pass account sufficient pam_ldap.so 4) /etc/pam.d/common-auth authsufficient pam_unix.so use_first_pass authsufficient pam_ldap.so 5) /etc/pam.d/common-password passwordsufficient pam_unix.so md5 use_first_pass passwordsufficient pam_ldap.so 6) /etc/pam.d/common-session session requiredpam_unix.so I also tried (a) changing "sufficient" to "required" in both the line (b) changing the order of the lines in these configuration files (c) changing the "use_first_pass" to "try_first_pass" but none of them work. I want the local accounts to be checked first so I kept the "pam_ldap.so" in the second line. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
OpenLDAP (slapd) will not work
Hello! My slapd doesn't work any more. He has simply stopped and I don't know why? I have attached the log file. Does anybody have a tip? Regards, Ralph Jan 13 00:14:40 linuxserver slapd[1676]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) Jan 13 00:14:40 linuxserver slapd[1676]: bdb_db_init: Initializing BDB database Jan 13 00:14:58 linuxserver slapd[1677]: bdb(dc=dasralph,dc=home): unable to join the environment Jan 13 00:14:58 linuxserver slapd[1677]: bdb_db_open: dbenv_open failed: Resource temporarily unavailable (11) Jan 13 00:14:58 linuxserver slapd[1677]: backend_startup: bi_db_open(0) failed! (11) Jan 13 00:14:58 linuxserver slapd[1677]: bdb(dc=dasralph,dc=home): txn_checkpoint interface requires an environment configured for the transaction subsystem Jan 13 00:14:58 linuxserver slapd[1677]: bdb_db_destroy: txn_checkpoint failed: Invalid argument (22) Jan 13 00:14:58 linuxserver slapd[1677]: slapd stopped. Jan 13 00:14:58 linuxserver slapd[1677]: connections_destroy: nothing to destroy.
OpenLDAP needs X?!
Why does OpenLDAP need X? How do I get around this? Mike # apt-cache show slapd Package: slapd Priority: extra Section: net Installed-Size: 1768 Maintainer: Wichert Akkerman <[EMAIL PROTECTED]> Architecture: i386 Source: openldap2 Version: 2.0.23-6.3 Provides: ldap-server Depends: libc6 (>= 2.2.4-4), libdb3 (>= 3.2.9-16), libiodbc2, libldap2 (>= 2.0.23-1), libsasl7, libwrap0, debconf (>= 0.2.50), fileutils (>= 4.0i-1), psmisc Suggests: openldap-guide, ldap-utils Conflicts: umich-ldapd, ldap-server Filename: pool/main/o/openldap2/slapd_2.0.23-6.3_i386.deb Size: 606922 MD5sum: 42fc1c90d802d9bc155094cd2c5b3a05 Description: OpenLDAP server (slapd). This is the OpenLDAP (Lightweight Directory Access Protocol) standalone server (slapd). The server can be used to provide a standalone directory service and also includes the slurpd replication server and centipede. # apt-get install slapd Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: libfreetype6 libglib1.2 libgtk1.2 libgtk1.2-common libiodbc2 xfree86-common xlibs The following NEW packages will be installed: libfreetype6 libglib1.2 libgtk1.2 libgtk1.2-common libiodbc2 slapd xfree86-common xlibs 0 packages upgraded, 8 newly installed, 0 to remove and 8 not upgraded. Need to get 3769kB of archives. After unpacking 10.9MB will be used. Do you want to continue? [Y/n] n Abort. -- A program should be written to model the concepts of the task it performs rather than the physical world or a process because this maximizes the potential for it to be applied to tasks that are conceptually similar and, more important, to tasks that have not yet been conceived. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
rolodap/openldap question
Hi, has anybody managed to get rolodap (http://rolodap.sourceforge.net) working with debian woody ? Though there is no .deb yet (I was planning to roll one, once I get it working, installation is straightforward, except for one thing: it doesn't work The problem: when I try to add a new contact, I get the following message: Error!! Unable to bind to LDAP server Contact you network administrator. Since I am the network admin, that's not much help.. Apparently, there is a problem in authentication, possibly a missing component ? In the larger scale of things, I'm trying to deploy an LDAP solution to the following problem: - A number of users need to have access to one shared, and a few private addressbooks. No user should have access to another's private book. - All users use different clients (at the very least mozilla, evolution and Outlook) at different times, from different locations. (really; I'm just as likely to be working with outlook from an XP laptop, in the garden, as I'm likely to use twig from my psion on the road.) Does any body have any suggestions, or ready to roll LDAP schema's I could deploy ? Thanks in advance, TimT -- [EMAIL PROTECTED] Voodoo Programmer/Keeper of the Rubber Chicken Tell Godot I couldn't wait. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
woody and openldap not playing ball
I can't get ldap to listen on any ports or both of the ip addresses, and the ports don't show up under a port scan. there is nothing in iptables or in hosts.allow / deny, it's a default install of woody so there is no firewall that i know of.. HELP.. Gregory Machin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
Hi everyone! I'd like to finally announce "version 1.0" of my (unofficial) LDAP-Howto "Using OpenLDAP on Debian Woody to serve Linux and Samba users": http://homex.subnet.at/~max/ldap/ I hope it may be of help to somebody. Of course, I'm always glad to hear about your opinion, additions, corrections or any other kind of add-ons. Cheers, Max -- The first time any man's freedom is trodden on, we're all damaged. http://homex.subnet.at/~max/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT: Elfquest] WAS: Re: Howto released: Using OpenLDAP onDebian Woody to serve Linux andSamba users
On Tue, 2003-08-12 at 16:18, David Fokkema wrote: > On Tue, Aug 12, 2003 at 09:25:45PM +0100, Pigeon wrote: > > On Tue, Aug 12, 2003 at 08:43:09PM +0200, David Fokkema wrote: > > > Can it be 'fresh' as 'cool' outside? (I might have gotten a little bit > > > confused, here, ;-). At least I know of fresh breezes, between moderate > > > and strong, but that is somewhat different... > > > > My favourite weather, of which I have been feeling a severe lack > > recently... > > The only type of persons I have met which really liked this kind of > weather (like I do and, apparently, you do too) are people who sail a > lot. You don't happen to be one of those people, do you? Or has this > something to do with your pigeons??? I've only really sailed a few times in my life, but I love cool weather. Then again, it could have something to do with growing up in Sarajevo and being surrounded by mountains, or with spending every winter break as a child at my grandmother's house where 'heating' was what the wood-burning stove in the kitchen did for that one room. :) Though sailing sure does sound like a fun hobby. :) -- Alex Malinovich Support Free Software, delete your Windows partition TODAY! Encrypted mail preferred. You can get my public key from any of the pgp.net keyservers. Key ID: A6D24837 signature.asc Description: This is a digitally signed message part
Re: [OT: Elfquest] WAS: Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
On Tue, Aug 12, 2003 at 05:32:12PM +0100, Pigeon wrote: > On Tue, Aug 12, 2003 at 01:56:55PM +0200, David Fokkema wrote: > > On Tue, Aug 12, 2003 at 11:25:00AM +0200, Stephan Seitz wrote: > > > Shade and sweet water! > > > > I was going to argue that this is an incorrect translation and should've > > been 'shade and fresh water', but, apparantly, this is wrong. Wendy > > herself has said 'shade and sweet water'. Why? Is there some sort of > > english subtlety I miss here? Why is water sweet? > > > > I am from the Netherlands, where they say: 'schaduw en zoet water', > > where 'zoet' means 'sweet', but 'zoet water', as opposed to 'zout > > water', means 'fresh water' as opposed to 'salt (sea) water'. > > 'Sweet' has a more general meaning of 'good' with a sense of > 'comforting' or 'deeply satisfying', as well as the specific meaning > of 'tastes like sugar'. There are places in America called Sweet Water > where hot, thirsty and tired pioneers on the trail got to a river and > made good use of it, or something. That's nice to know. Sweet Water... We don't have names like that in the Netherlands, as far as I can think of, but then, there's a _lot_ of sweet/fresh water around here... > From your 2nd para, it sounds like the Dutch use is pretty similar, > which isn't too surprising as it's obviously the same word spelt a bit > different. Do you mean that you always say 'zoet water', and don't say > ' water'? Yes, I do. It's always 'zoet water'. Other translations of 'fresh' combined with 'water': As in 'fresh vegetables' vers water (lately gathered water) As in 'It's fresh outside'fris water (cool water) Can it be 'fresh' as 'cool' outside? (I might have gotten a little bit confused, here, ;-). At least I know of fresh breezes, between moderate and strong, but that is somewhat different... David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT: Elfquest] WAS: Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
On Tue, Aug 12, 2003 at 08:43:09PM +0200, David Fokkema wrote: | On Tue, Aug 12, 2003 at 05:32:12PM +0100, Pigeon wrote: | > On Tue, Aug 12, 2003 at 01:56:55PM +0200, David Fokkema wrote: | > > On Tue, Aug 12, 2003 at 11:25:00AM +0200, Stephan Seitz wrote: | > > > Shade and sweet water! | > > | > > I was going to argue that this is an incorrect translation and should've | > > been 'shade and fresh water', but, apparantly, this is wrong. Wendy | > > herself has said 'shade and sweet water'. Why? Is there some sort of | > > english subtlety I miss here? Why is water sweet? | > > | > > I am from the Netherlands, where they say: 'schaduw en zoet water', | > > where 'zoet' means 'sweet', but 'zoet water', as opposed to 'zout | > > water', means 'fresh water' as opposed to 'salt (sea) water'. | > | > 'Sweet' has a more general meaning of 'good' with a sense of | > 'comforting' or 'deeply satisfying', as well as the specific meaning | > of 'tastes like sugar'. There are places in America called Sweet Water | > where hot, thirsty and tired pioneers on the trail got to a river and | > made good use of it, or something. | | That's nice to know. Sweet Water... We don't have names like that in | the Netherlands, as far as I can think of, but then, there's a _lot_ of | sweet/fresh water around here... "Sweet Water" is also a manufacturer of water purifiers. http://www.cascadedesigns.com/sweetwater/ -D -- Love is not affectionate feeling, but a steady wish for the loved person's ultimate good as far as it can be obtained. --C.S. Lewis http://dman13.dyndns.org/~dman/ pgp0.pgp Description: PGP signature
Re: [OT: Elfquest] WAS: Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
On Tue, Aug 12, 2003 at 11:18:29PM +0200, David Fokkema wrote: > On Tue, Aug 12, 2003 at 09:25:45PM +0100, Pigeon wrote: > > On Tue, Aug 12, 2003 at 08:43:09PM +0200, David Fokkema wrote: > > > Can it be 'fresh' as 'cool' outside? (I might have gotten a little bit > > > confused, here, ;-). At least I know of fresh breezes, between moderate > > > and strong, but that is somewhat different... > > > > My favourite weather, of which I have been feeling a severe lack > > recently... > > The only type of persons I have met which really liked this kind of > weather (like I do and, apparently, you do too) are people who sail a > lot. You don't happen to be one of those people, do you? Or has this > something to do with your pigeons??? The pigeons are part of it. They don't want to sit on eggs in this weather, and find it hard to give older chicks enough water. Eggs should be incubated at 38 deg C, and young chicks reared at 35 deg C, reducing the temperature when they start to get a reasonable covering of feathers. It's been well over that in the roof recently and all the pigeons have been roosting outside. Since I'm not in a position to make large vents in the walls, there's not much I can do about it. Sailing: during my preschool years, my father and his mates built a trimaran in the back garden, and during my school years I sailed on this quite a lot. Unfortunately seasickness and the fact that I found sailing out of sight of land extremely boring conspired to prevent me really catching the bug. Outdoors-wise, though, I much prefer a fresh cool day to go for a walk in somewhere like the Lake District than either a hot day or a rainy day. Indoors, I get uncomfortable if it's much over 25 deg C, and sweat buckets, which apart from being unpleasant can have potentially destructive consequences when making measurements on live equipment. > Anyway, since this is already _very_ OT, the past week has been > uncommonly hot in Europe, and there wasn't much wind, at least around > here. I could use some not to hot day, with a fresh breeze on one of my > free saturdays. Yes. Past few saturdays just didn't do it. I have a skylight whose aperture is nicely filled by a large industrial fan, blowing out... Pity I can't fit one in the roof. -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F pgp0.pgp Description: PGP signature
Re: [OT: Elfquest] WAS: Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
On Tue, Aug 12, 2003 at 08:43:09PM +0200, David Fokkema wrote: > Can it be 'fresh' as 'cool' outside? (I might have gotten a little bit > confused, here, ;-). At least I know of fresh breezes, between moderate > and strong, but that is somewhat different... My favourite weather, of which I have been feeling a severe lack recently... -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F pgp0.pgp Description: PGP signature
[OT: Elfquest] WAS: Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
On Tue, Aug 12, 2003 at 11:25:00AM +0200, Stephan Seitz wrote: > Shade and sweet water! I was going to argue that this is an incorrect translation and should've been 'shade and fresh water', but, apparantly, this is wrong. Wendy herself has said 'shade and sweet water'. Why? Is there some sort of english subtlety I miss here? Why is water sweet? I am from the Netherlands, where they say: 'schaduw en zoet water', where 'zoet' means 'sweet', but 'zoet water', as opposed to 'zout water', means 'fresh water' as opposed to 'salt (sea) water'. David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
Markus, You HERO I struggled for ages with LDAP and could not get it to work really well!!! I am going to try your HOWTO tonight! I waited for a good HOWTO! Since I couldn't get it to work before, I could not write one myself unfortunately. Good work Markus! Did anyone, or maybe you Markus, by any chance, try this HOWTO on an unstable / Sarge server? I am running unstable on my home-server because I need to try new stuff quite often. As I read the HOWTO it shouldn't be a problem, but I hope someone tried... Regards, Pim Bliek - PingWings - Where do you want to go tomorrow? - - - - - - - - - - - - - - - - - - - - - - - M: 06-28474259 E: [EMAIL PROTECTED] I: www.pingwings.nl - > Hi everyone! > > I'd like to finally announce "version 1.0" of my (unofficial) LDAP-Howto > "Using OpenLDAP on Debian Woody to serve Linux and Samba users": > http://homex.subnet.at/~max/ldap/ > I hope it may be of help to somebody. > > Of course, I'm always glad to hear about your opinion, additions, > corrections or any other kind of add-ons. > > Cheers, > Max > > -- > The first time any man's freedom is trodden on, we're all damaged. > > > http://homex.subnet.at/~max/ > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT: Elfquest] WAS: Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
On Tue, Aug 12, 2003 at 09:25:45PM +0100, Pigeon wrote: > On Tue, Aug 12, 2003 at 08:43:09PM +0200, David Fokkema wrote: > > Can it be 'fresh' as 'cool' outside? (I might have gotten a little bit > > confused, here, ;-). At least I know of fresh breezes, between moderate > > and strong, but that is somewhat different... > > My favourite weather, of which I have been feeling a severe lack > recently... The only type of persons I have met which really liked this kind of weather (like I do and, apparently, you do too) are people who sail a lot. You don't happen to be one of those people, do you? Or has this something to do with your pigeons??? Anyway, since this is already _very_ OT, the past week has been uncommonly hot in Europe, and there wasn't much wind, at least around here. I could use some not to hot day, with a fresh breeze on one of my free saturdays. Yes. Past few saturdays just didn't do it. David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
On Tue, 12 Aug 2003 10:54:40 +0200 (CEST) "Pim Bliek | PingWings.nl" <[EMAIL PROTECTED]> wrote: Hi! > I am going to try your HOWTO tonight! Hope it works. :) > Did anyone, or maybe you Markus, by any chance, try this HOWTO on an > unstable / Sarge server? No, sorry, most of our servers are at least partially publicly accessible, so they need to be "up" and "secure" so they all run Woody. :) > As I read the HOWTO it > shouldn't be a problem, but I hope someone tried... I don't know what exactly was changed from OpenLDAP 2.0.x to 2.1.x, but AFAIK it's not that little... Furthermore, as Stephan has already mentioned, LDAP support in Samba has been greatly improved. (As I read somewhen somewhere, Debian package maintainers seemed to have bad luck with the Samba-alpha-release-versions they used, as they had serious bugs repeatedly it seems. I guess this has changed with Samba-3.0.0beta2 already, which I've just realized has hit Sarge already too :) ...) Cheers, Max -- The first time any man's freedom is trodden on, we're all damaged. http://homex.subnet.at/~max/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
Hi! On Tue, Aug 12, 2003 at 10:54:40AM +0200, Pim Bliek | PingWings.nl wrote: Did anyone, or maybe you Markus, by any chance, try this HOWTO on an unstable / Sarge server? I am running unstable on my home-server because I I'm not sure, that you can run samba 3.0beta together with ldap. At least I didn't get any success, only segfaults from samba. And samba's ldap schema is completly new in 3.0. Shade and sweet water! Stephan -- | Stephan Seitz E-Mail: [EMAIL PROTECTED] | | WWW: http://fsing.fs.uni-sb.de/~stse/| | PGP Public Keys: http://fsing.fs.uni-sb.de/~stse/pgp.html | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT: Elfquest] WAS: Re: Howto released: Using OpenLDAP on Debian Woody to serve Linux andSamba users
On Tue, Aug 12, 2003 at 01:56:55PM +0200, David Fokkema wrote: > On Tue, Aug 12, 2003 at 11:25:00AM +0200, Stephan Seitz wrote: > > Shade and sweet water! > > I was going to argue that this is an incorrect translation and should've > been 'shade and fresh water', but, apparantly, this is wrong. Wendy > herself has said 'shade and sweet water'. Why? Is there some sort of > english subtlety I miss here? Why is water sweet? > > I am from the Netherlands, where they say: 'schaduw en zoet water', > where 'zoet' means 'sweet', but 'zoet water', as opposed to 'zout > water', means 'fresh water' as opposed to 'salt (sea) water'. 'Sweet' has a more general meaning of 'good' with a sense of 'comforting' or 'deeply satisfying', as well as the specific meaning of 'tastes like sugar'. There are places in America called Sweet Water where hot, thirsty and tired pioneers on the trail got to a river and made good use of it, or something. From your 2nd para, it sounds like the Dutch use is pretty similar, which isn't too surprising as it's obviously the same word spelt a bit different. Do you mean that you always say 'zoet water', and don't say ' water'? -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F pgp0.pgp Description: PGP signature
[Help] apache2 with openldap question.....
Hello List¡G i'm axa from Asia , i've a question about apache2 TLS/SSL authenticate through openldap i've post my question in Gentoo GNU/Linux forum URL as follow http://forums.gentoo.org/viewtopic.php?t=69409 Could u look my question detail when u free. That's a very strange questioni CAN NOT success pass through apache authentication -- Trust & Unique ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
OpenLDAP and Kerberos questions
Hi all, I recently decided it would be a good thing to centralize all of the user information and authentication on my network. After some reading I found that Kerberos will provide me th necessary secure authentication scheme, and OpenLDAP should provide me the user information DB. Both appear to have available PAM modules, but I lack the foresight on how to proceed. Here is my theory and how I want to set it up: Users are allowed to login using ssh or local login via virtual terminal or WDM. I am using the default WDM and Xauth setup currently in Debian. Correct me if I am wrong, but the current version of X uses Xauth by default. So far this has proven secure. Telnet and rlogin are explicitly disallowed. To accomplish this I would like login to use Kerberos for authentication first with unix login as a fall back. The auth lines in /etc/pam.d/login could be like the following: authrequiredpam_nologin.so authsufficient pam_krb5.so authrequiredpam_unix.so Theoretically this will allow Kerberos to authenticate the user and if failed pass authentication to local unix authentication. Since Kerberos only provides authentication, I have to use another method to set up the account information for the user. This is where I would like to use OpenLDAP so I can centrally manage user account information. So I think the following account lines would be needed for setting up user account info using LDAP: account sufficient pam_ldap.so account requiredpam_unix.so Again this should use LDAP first and fall back to local unix if needed. Ideally this would be all I need to do. However since we used Kerberos above, I think I would have to use the following as well for the password and session sections; passwordsufficient pam_kerb5.so passwordrequiredpam_unix.so session requiredpam_kerb5.so session requiredpam_unix.so Should use Kerberos password to allow password changes by the user and the session one maintains the session key until logout. (I read something on this but cannot find it now. So I could be very wrong.) They both have the usual fall back to pam_unix.so. So all of that is essentially theory and I was wondering if anyone has any suggestions. Especially the existing OpenLDAP and Kerberos maintainers. Steve Langasek, you seem to have written a pam module before, any suggestions? For the curious, I have read up on this. I am simply not very confident of my understanding. Any help would be great. Please reply to me directly or CC me. I am not subscribed to the list. (Wasn't there a thing on how to handle this in mutt recently) Thanks, Matthew P. McGuire -- Matthew P. McGuire <[EMAIL PROTECTED]> 1024D/E21C0E88 CB82 7859 26B2 95E3 1328 5198 D57A D072 E21C 0E88 When choice matters, choose Debian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: openldap problem with testing
Quenten Griffith said: > > I tried doing it one at a time and then I get the same error diffrent > line > > slapadd: could not add entry dn="o=mystikalphoenix,c=us" (line=10) so you had 1 file with this: dn: o=mystikalphoenix,c=us objectClass: organization o: mystikalphoenix and did slapadd -l and it failed with that error? next thing I would do is increase debugging to 65535 on the openldap server(restart it after you change the debug in slapd.conf) and try again, see what the debug log says(you may be able to get away with debug of 256 too ..) also you can try debugging on slapadd itself, also if you haven't already I would erase(backup before if you want) the contents of /var/lib/ldap, if your making a new DB I like to start with no files in that directory. Also be sure that if Openldap is running as a non-root user that it has read/write access to that directory. from the format of your LDAP entries it looks as though your following my HOWTO so I think you've probably done this part already. I've populated a buncha databases and if ldap is failing on that particular entry that is very odd. Another thing, you can try to just grab my basic LDIF file, change your slapd.conf to be the same as mine, and try slapadd see what happens I have used that exact ldif file to populate a database while I was testing so I know it works at least under openldap 2.0.23. If it works, then delete /var/lib/ldap/* again and change your slapd.conf back. good luck! nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: openldap problem with testing
Entries in an LDIF file are separated by blank lines, so removing them would definitely cause strange results. Are you able to start the server? If so, do you get the same error trying to import with ldapadd? -- Michael Heironimus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: openldap problem with testing
I tried doing it one at a time and then I get the same error diffrent line slapadd: could not add entry dn="o=mystikalphoenix,c=us" (line=10) I go into VI and go to line 10 and VI tells me I only have 9lines which is true. So the first blank line would be line 10 and that is where slapdadd is erroring out, even though there really is no line 10 nate wrote: > Quenten Griffith said: > > I am trying to import my database with a fresh install of openldap from > > testing and I get an error that it can't parse line 4 when I do a > > slapadd -l basic.ldif. Line 4 is a blank line, so i removed all the blank > > lines and then it complains about it can't parse line 57 and the file > > only has 56 lines, so when it finds a blank line it errors out. > > > dn: ou=People, o=mystikalphoenix,c=us > > objectClass: organizationalUnit > > ou: People > > objectClass: organizationalUnit > > ou: People > > this looks to be a problem ..this is the 4th entry so maybe > it is referring to that..openldap can be strange when it spits > out errors. > > if fixing that doesn't solve the problem I reccomend adding the > entries one at a time(just make them seperate files and slapadd > each in turn). > > nate > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: openldap problem with testing
Quenten Griffith said: > I am trying to import my database with a fresh install of openldap from > testing and I get an error that it can't parse line 4 when I do a > slapadd -l basic.ldif. Line 4 is a blank line, so i removed all the blank > lines and then it complains about it can't parse line 57 and the file > only has 56 lines, so when it finds a blank line it errors out. > dn: ou=People, o=mystikalphoenix,c=us > objectClass: organizationalUnit > ou: People > objectClass: organizationalUnit > ou: People this looks to be a problem ..this is the 4th entry so maybe it is referring to that..openldap can be strange when it spits out errors. if fixing that doesn't solve the problem I reccomend adding the entries one at a time(just make them seperate files and slapadd each in turn). nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
openldap problem with testing
I am trying to import my database with a fresh install of openldap from
testing and I get an error that it can't parse line 4 when I do a
slapadd -l basic.ldif. Line 4 is a blank line, so i removed all the
blank lines and then it complains about it can't parse line 57 and the
file only has 56 lines, so when it finds a blank line it errors out.
slapadd: could not add entry dn="o=mystikalphoenix,c=us" (line=4)
and you can see here line 4 is empty
dn: o=mystikalphoenix,c=us
objectClass: organization
o: mystikalphoenix
dn: cn=admin, o=mystikalphoenix,c=us
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: admin
description: LDAP administrator
userPassword: {MD5}2hpVc0nyXGQbGjaK9bIYpw==
dn: cn=nss, o=mystikalphoenix,c=us
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: nss
description: LDAP administrator
userPassword: {MD5}2hpVc0nyXGQbGjaK9bIYpw==
dn: ou=People, o=mystikalphoenix,c=us
objectClass: organizationalUnit
ou: People
objectClass: organizationalUnit
ou: People
dn: ou=Group, o=mystikalphoenix,c=us
objectclass: top
objectclass: organizationalUnit
ou: Group
dn: cn=Simon de Monfert, ou=People,o=mystikalphoenix, c=us
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetLocalMailRecipient
uid: simon
cn: Simon de Monfert
sn: Monfert
givenname: Simon
title: Earl
departmentNumber: Leichester
mobile: 111-111-
postalAddress: Address line 1$Address line 2$Address line 3
telephoneNumber: 222-222-
facsimileTelephoneNumber: 333-333-
userpassword: {MD5}2hpVc0nyXGQbGjaK9bIYpw==
labeleduri: http://mystikalphoenix.org
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mailRoutingAddress: [EMAIL PROTECTED]
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/simon
gecos: simon
description: Not Available
localityName: home
dn: cn=test,ou=Group,o=mystikalphoenix,c=us
objectClass: posixGroup
objectClass: top
cn: test
gidNumber: 1000
If I delete the empty line on line for the error then will say the same
thing but with the next blank line.
Here is my sldap.conf file
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile/var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel0
###
# ldbm database definitions
###
# The backend type, ldbm, is the default standard
databaseldbm
# The base of your directory
suffix "o=mystikalphoenix,c=us"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Indexing options
index objectClass eq
# Save the time that the entry gets modified
lastmod on
# The base of your directory
suffix "o=mystikalphoenix,c=us"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Indexing options
index objectClass eq
# Save the time that the entry gets modified
lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by dn="cn=admin,o=mystikalphoenix,c=us" write
by anonymous auth
by self write
by * none
# The admin dn has full write access
access to *
by dn="cn=admin,o=mystikalphoenix,c=us" write
by * read
Has anyone seen this type of error before?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Woody OpenLdap bind failure
I have just installed the opendlap 2.x from Woody. anonymous binds connect but fail to list the root just giving the schema: Root DSE objectClass top objectClass OpenLDAProotDSE binds as the adim fail to bind ldap client used: http://www.iit.edu/~gawojar/ldap/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: samba-tng and openldap
Well it ended up being I was missing libpam0-dev once that package was installed it went fine. nate wrote: >Quenten Griffith said: > > >>I installed that package from the source I made of openldap per your >>instructions. I wish to thank you for your great how to on this and all >>the work you put in to it. Some reason I still get that error though. >>This box had been upgraded to testing so I may wipe it and start it all >>over again with Woody (the source where pulled from the Woody branch >>though). >> >> > >what does config.log say after configure fails for samba-tng? it's >possible that theres a bug in the more recent cvs, if you haven't already >try this verison: >http://howto.linuxpowered.net/ldap/sambatng-cvs.tar.bz2 > >which is the one I used to build the document, if it works then the >version you have has a bug most likely, if it doesn't then the problem >is elsewhere. I used the above sources to build on at least 3 different >debian 3.0 systems so I'm sure it works :) > >also joining the samba-tng mailing list may help too(i'm also on that >list) > >good luck! > >nate > > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: samba-tng and openldap
Quenten Griffith said: > I installed that package from the source I made of openldap per your > instructions. I wish to thank you for your great how to on this and all > the work you put in to it. Some reason I still get that error though. > This box had been upgraded to testing so I may wipe it and start it all > over again with Woody (the source where pulled from the Woody branch > though). what does config.log say after configure fails for samba-tng? it's possible that theres a bug in the more recent cvs, if you haven't already try this verison: http://howto.linuxpowered.net/ldap/sambatng-cvs.tar.bz2 which is the one I used to build the document, if it works then the version you have has a bug most likely, if it doesn't then the problem is elsewhere. I used the above sources to build on at least 3 different debian 3.0 systems so I'm sure it works :) also joining the samba-tng mailing list may help too(i'm also on that list) good luck! nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: samba-tng and openldap
I installed that package from the source I made of openldap per your instructions. I wish to thank you for your great how to on this and all the work you put in to it. Some reason I still get that error though. This box had been upgraded to testing so I may wipe it and start it all over again with Woody (the source where pulled from the Woody branch though). nate wrote: >Quenten Griffith said: > > >>That is what I was going by was your howto word for word and I get that >>error >> >> > > >did you install the libldap2-dev package? if you built ldap from >source as in my instructions you'll need the libldap2-dev package >from the sources you built, not from the debian archives, they are >not compadible(one has SSL one does not). > >look at config.log for a more detailed report. > >nate > > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: samba-tng and openldap
Quenten Griffith said: > That is what I was going by was your howto word for word and I get that > error did you install the libldap2-dev package? if you built ldap from source as in my instructions you'll need the libldap2-dev package from the sources you built, not from the debian archives, they are not compadible(one has SSL one does not). look at config.log for a more detailed report. nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: samba-tng and openldap
That is what I was going by was your howto word for word and I get that error nate wrote: >Quenten Griffith said: > > >>Hello any here been able to compile the newist cvs of samba-tng with >>ldap support, I have openlap installed from source, and I am trying to >>install samba-tng using debian/rules binary command from the source but >>get this error >> >> > >check out my HOWTO on openldap, it includes samba-tng info and openldap >compilation info(geared towards debian 3.0): > >http://howto.linuxpowered.net/ldap/ldap.html > >nate > > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: samba-tng and openldap
Quenten Griffith said: > Hello any here been able to compile the newist cvs of samba-tng with > ldap support, I have openlap installed from source, and I am trying to > install samba-tng using debian/rules binary command from the source but > get this error check out my HOWTO on openldap, it includes samba-tng info and openldap compilation info(geared towards debian 3.0): http://howto.linuxpowered.net/ldap/ldap.html nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
samba-tng and openldap
Hello any here been able to compile the newist cvs of samba-tng with
ldap support, I have openlap installed from source, and I am trying to
install samba-tng using debian/rules binary command from the source but
get this error
hecking for ber_bvfree in -llber... no
checking for ldap.h... yes
checking for lber.h... yes
checking for ldap_init in -lldap... no
configure: error: Cannot link with ldap libraries.
make: *** [build-stamp] Error 1
I am guessing there is something missing from my ldap that I need to
compile with it but I don't know what.
Here are the flags I am using to complie TNG
--enable-debug --enable-syslog --enable-proctitle \
--enable-cache --enable-referrals --enable-ipv6 \
--enable-local --with-readline \
--with-threads --enable-slapd --enable-cleartext \
--enable-crypt --enable-passwd \
--enable-multimaster --enable-phonetic --enable-rlook
ups \
--enable-wrappers --enable-dynamic --disable-dnssrv \
--enable-ldap --enable-ldbm --enable-shell --enable-s
ql \
--enable-slurpd --enable-shared --with-tls \
--prefix=/usr --localstatedir=/var/lib \
--sysconfdir=/etc --libexecdir='$${prefix}'/sbin \
--mandir='$${prefix}'/share/man --with-subdir=ldap
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Where I Can Find OpenSSH+OpenLDAP Documents?
Hi, On Tue, 26 Mar 2002, Henrik Hempelmann wrote: > Emile van Bergen wrote: > > > Did you look at > > http://www.linux.org/docs/ldp/howto/LDAP-Implementation-HOWTO/index.html > > That may save you a lot of work...? > > yes, this is the common way to hold login data in LDAP, but is there a way > to store ssh authorization keys in LDAP? (Hire somebody to) hack this into OpenSSH? Shouldn't be too difficult -- I've hacked LDAP support into things before. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Where I Can Find OpenSSH+OpenLDAP Documents?
Emile van Bergen wrote: Hi, On Mon, 25 Mar 2002, Simon Tennant wrote: Did you look at http://www.linux.org/docs/ldp/howto/LDAP-Implementation-HOWTO/index.html That may save you a lot of work...? yes, this is the common way to hold login data in LDAP, but is there a way to store ssh authorization keys in LDAP? henrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Where I Can Find OpenSSH+OpenLDAP Documents?
Hi, On Mon, 25 Mar 2002, Simon Tennant wrote: > I've done a quick guide avaliable at http://www.imaginator.com/~simon/ldap/ > > S. Did you look at http://www.linux.org/docs/ldp/howto/LDAP-Implementation-HOWTO/index.html That may save you a lot of work...? Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Where I Can Find OpenSSH+OpenLDAP Documents?
I've done a quick guide avaliable at http://www.imaginator.com/~simon/ldap/ S. -- Simon Tennant home 415 753 1872 cell 415 810 2629 aim simontennant On Mar 21, axacheng wrote: a>Hell List : a> a>Does Anyone Know where i can find the OpenSSH+OpenLDAP implement a> a>documents in the internet?? a> a>i was already used Google's search engine to search about this a> a>reference(OPENSSH+OPENLDAP) BUT..might be it has stolen by a> a>alien @_@ a> a>thanks a> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Where I Can Find OpenSSH+OpenLDAP Documents?
Hello Russell Coker <[EMAIL PROTECTED]>, I installed libnss-ldap in woody, copied /usr/share/doc/libnss-ldap/examples/nsswitch.ldap to /etc/nsswitch.conf. in /etc/libnss-ldap.conf, the remote ldap server information is defined, and /etc/nsswitch.conf defines that: # the following two lines obviate the "+" entry in /etc/passwd and /etc/group. passwd: files ldap group: files ldap So it will authenticate the files then, if fails, ldap server, right? OK. So I added a user "james" on the remote ldap server with some attributes like uid, uidnumber, loginshell and userpassword,etc. But I didn't add "james" in my local OS. However, when I ssh my local machine with account "james", it just doesn't work. Is there anything I could have missed? On Thu, 21 Mar 2002 17:37:31 +0100 Russell Coker <[EMAIL PROTECTED]> wrote: > On Thu, 21 Mar 2002 16:53, axacheng wrote: > > Does Anyone Know where i can find the OpenSSH+OpenLDAP implement > > > > documents in the internet?? > > Just use the PAM LDAP support and configure /etc/pam.d/ssh appropriately. > > But first try nss-ldap as it's slightly easier to setup and has all the same > config file formats etc. > > -- > If you send email to me or to a mailing list that I use which has >4 lines > of legalistic junk at the end then you are specifically authorizing me to do > whatever I wish with the message and all other messages from your domain, by > posting the message you agree that your long legalistic sig is void. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Patrick Hsieh <[EMAIL PROTECTED]> GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg
Re: Where I Can Find OpenSSH+OpenLDAP Documents?
On Thu, 21 Mar 2002 16:53, axacheng wrote: > Does Anyone Know where i can find the OpenSSH+OpenLDAP implement > > documents in the internet?? Just use the PAM LDAP support and configure /etc/pam.d/ssh appropriately. But first try nss-ldap as it's slightly easier to setup and has all the same config file formats etc. -- If you send email to me or to a mailing list that I use which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void.
Where I Can Find OpenSSH+OpenLDAP Documents?
Hell List : Does Anyone Know where i can find the OpenSSH+OpenLDAP implement documents in the internet?? i was already used Google's search engine to search about this reference(OPENSSH+OPENLDAP) BUT..might be it has stolen by alien @_@ thanks -- Trust & Unique ... axacheng <[EMAIL PROTECTED]>
