Search Results

Search found 238 results on 10 pages for 'openldap'.

Page 5/10 | < Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >

  • ldap sync with outlook

    - by Dr Casper Black
    Hi, I have a task to research the possibilities of LDAP as a centralized Address Book. I have setup a openLDAP on debian 5.07. I managed to search the LDAP contacts from MS Outlook 2007 (with some drawbacks like Outlook cant recognize street and organization fields). My question is, is it possible ,& how, to sync data on LDAP server with applications that support LDAP? I could not find any data on this topic.

    Read the article

  • LDAP users as OU

    - by vpereira
    Hi, i'm facing a strange LDAP configuration. Some admin, just created users as OU in OpenLDAP. To do it, the admin, changed some attributes in the OU like posixAccount, inetOrgPerson, organizationalPerson and person.. my question is what is the advantage to do it? It works, but i would like to know the drawbacks about it.

    Read the article

  • ldap not properly resolving host

    - by mes5k
    Hi, I just changed the IP address of my (openldap) ldap server and despite DNS propagating, ldap still isn't resolving the new address correctly. When I run "host myserver.com" the proper ip address is returned. There is no entry in /etc/hosts for myserver.com. But when I run: ldapsearch -d 1 -x "uid" -H ldap://myserver.com I see the old address. How can I force ldap to check DNS for the proper IP address? thanks, Mike

    Read the article

  • Is it possible to have non-replicated data on an LDAP consumer?

    - by mvillar
    I've read all the available documentation, the Mastering OpenLDAP book, and like a zillion mail-list posts but I haven't found a way to make such scenario possible. I see several use cases for this scenario like an enterprise application syncing all users from the main LDAP of the Org but keeping it's own application related schemas and objects in its server. So please, could you point me in the right direction or help me discard the possibility at all?

    Read the article

  • ldap export and import

    - by Jure1873
    Is it possible to export all the data inside openldap for example using ldapsearch or some other tool to a (ldif?) file and then import everything on another server and put this in a script that would be run every day. So that I could use the other one as a backup when the first/master server is not available? I have full access to the first/master server, but I can't modify it's configuration so I think I can't set up replication.

    Read the article

  • Using SSL on slapd

    - by Warren
    I am setting up slapd to use SSL on Fedora 14. I have the following in my /etc/openldap/slapd.d/cn=config.ldif: olcTLSCACertificateFile: /etc/pki/tls/certs/SSL_CA_Bundle.pem olcTLSCertificateFile: /etc/pki/tls/certs/mydomain.crt olcTLSCertificateKeyFile: /etc/pki/tls/private/mydomain.key olcTLSCipherSuite: HIGH:MEDIUM:-SSLv2 olcTLSVerifyClient: demand and the following in my /etc/sysconfig/ldap: SLAPD_LDAP=no SLAPD_LDAPS=yes In my ldap.conf file, I have BASE dc=mydomain,dc=com URI ldaps://localhost TLS_CACERTDIR /etc/pki/tls/certs TLS_REQCERT allow However, when I connect to the localhost, ldapsearch returns the following: ldap_initialize( <DEFAULT> ) ldap_create Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: loaded CA certificate file /etc/pki/tls/certs/978601d0.0 from CA certificate directory /etc/pki/tls/certs. TLS: loaded CA certificate file /etc/pki/tls/certs/b69d4130.0 from CA certificate directory /etc/pki/tls/certs. TLS certificate verification: defer TLS: error: connect - force handshake failure: errno 0 - moznss error -12271 TLS: can't connect: . ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) What do I have incorrect?

    Read the article

  • How to enable catch-all email in iRedMail Open Source edition?

    - by Matthias
    How to create catch-all email alias for domain in iRedMail Open Source edition? I know that's possible via LDAP and found the following instructions: http://iredmail.org/wiki/index.php?title=Addition/OpenLDAP/Catch-all The problem is how exactly to add this parameters via phpLDAPAdmin? I select "Create new entry here" and choose mailUser type. Then in step 2 first question is about "RDN" with select box "select RDN attribute". What should I choose as RDN? Which fields of the "Create Object" form should be filled? Unfortunetly there is completely no validation of user input and final errors does not contain explanation what's wrong Also when I try to import example from iredmail wiki phpldapadmin it gives LDIF Import Parse Error Description: A valid dn line is required [] dn line is: dn: [email protected],ou=Users,domainName=mydomain.eu,o=domains,dc=myserver,dc=pl

    Read the article

  • ldap sync with outlook

    - by Dr Casper Black
    I have a task to research the possibilities of LDAP as a centralized Address Book. I have setup a openLDAP on debian 5.07. I managed to search the LDAP contacts from MS Outlook 2007 (with some drawbacks like Outlook cant recognize street and organization fields). My question is, is it possible ,& how, to sync data on LDAP server with applications that support LDAP? I could not find any data on this topic. EDIT: The point is, to have a centralized list of contacts that can be sync with various applications, for instance Outlook, Thunderbird, Phonebook on mobile phones...etc The Question is, Is it possible to transfer (update) data on a client application from LDAP database and viceversa? So not to search LDAP server data, but to download contact that are not available in the client application (Outlook) and upload data to LDAP if the contact is in (Outlook) and not in LDAP database and the other way around, in other words synchronize.

    Read the article

  • Migrating LDAP user and password to SAMBA4 AD

    - by Rudy Dajoh
    As title suggests. We are migrating from OpenLDAP as user authentication to Samba 4 AD Domain. But I can't find any information on how to transfer passwords and users to Samba 4 AD. How to migrate all LDAP user base at ou=People,dc=company,dc=com to samba 4 AD domain? I don't need to assistance transferring everything, I only need to transfer user accounts. I've finished migrating them all but user/passwords. Can it be done? If so, how?

    Read the article

  • ldap_modify: Insufficient access (50)

    - by Lynn Owens
    I am running an OpenLDAP 2.4 server that uses the SSL service for communication. It works for lookups. I am trying to add mirror mode replication. So this is the command that I'm executing: ldapmodify -D "cn=myuser,dc=mydomain,dc=com" -H ldaps://myloadbalancer -W -f /etc/ldap/ldif/server_id.ldif Where this is my server_id.ldif: dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 myserver1 olcServerID: 2 myserver2 and this is my cn\=config.ldif in the slapd.d tree of text files: dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 structuralObjectClass: olcGlobal entryUUID: ff9689de-c61d-1031-880b-c3eb45d66183 creatorsName: cn=config createTimestamp: 20121118224947Z olcLogLevel: stats olcTLSCertificateFile: /etc/ldap/certs/ldapscert.pem olcTLSCertificateKeyFile: /etc/ldap/certs/ldapskey.pem olcTLSCACertificateFile: /etc/ldap/certs/ldapscert.pem olcTLSVerifyClient: never entryCSN: 20121119022009.770692Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20121119022009Z But unfortunately I'm getting this: Enter LDAP Password: modifying entry "cn=config" ldap_modify: Insufficient access (50) If I try to specify the config database I get this: ldapmodify -H 'ldaps://myloadbalancer/cn=config' -D "cn=myuser,cn=config" -W -f ./server_id.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)} Does anyone know how I can add the serverID to the config database so that I can complete the setup of mirror mode?

    Read the article

  • AuthBasicProvider: failover not working when the first LDAP is down?

    - by quanta
    I've been trying to setup redundant LDAP servers with Apache 2.2.3. /etc/httpd/conf.d/authn_alias.conf <AuthnProviderAlias ldap master> AuthLDAPURL ldap://192.168.5.148:389/dc=domain,dc=vn?cn AuthLDAPBindDN cn=anonymous,ou=it,dc=domain,dc=vn AuthLDAPBindPassword pa$$w0rd </AuthnProviderAlias> <AuthnProviderAlias ldap slave> AuthLDAPURL ldap://192.168.5.199:389/dc=domain,dc=vn?cn AuthLDAPBindDN cn=anonymous,ou=it,dc=domain,dc=vn AuthLDAPBindPassword pa$$w0rd </AuthnProviderAlias> /etc/httpd/conf.d/authz_ldap.conf # # mod_authz_ldap can be used to implement access control and # authenticate users against an LDAP database. # LoadModule authz_ldap_module modules/mod_authz_ldap.so <IfModule mod_authz_ldap.c> <Location /> AuthBasicProvider master slave AuthzLDAPAuthoritative Off AuthType Basic AuthName "Authorization required" AuthzLDAPMemberKey member AuthUserFile /home/setup/svn/auth-conf AuthzLDAPSetGroupAuth user require valid-user AuthzLDAPLogLevel error </Location> </IfModule> If I understand correctly, mod_authz_ldap will try to search users in the second LDAP if the first server is down or OpenLDAP on it is not running. But in practice, it does not happen. Tested by stopping LDAP on the master, I get the "500 Internal Server Error" when accessing to the Subversion repository. The error_log shows: [11061] auth_ldap authenticate: user quanta authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] Did I misunderstand?

    Read the article

  • Multiple LDAP servers with mod_authn_alias: failover not working when the first LDAP is down?

    - by quanta
    I've been trying to setup redundant LDAP servers with Apache 2.2.3. /etc/httpd/conf.d/authn_alias.conf <AuthnProviderAlias ldap master> AuthLDAPURL ldap://192.168.5.148:389/dc=domain,dc=vn?cn AuthLDAPBindDN cn=anonymous,ou=it,dc=domain,dc=vn AuthLDAPBindPassword pa$$w0rd </AuthnProviderAlias> <AuthnProviderAlias ldap slave> AuthLDAPURL ldap://192.168.5.199:389/dc=domain,dc=vn?cn AuthLDAPBindDN cn=anonymous,ou=it,dc=domain,dc=vn AuthLDAPBindPassword pa$$w0rd </AuthnProviderAlias> /etc/httpd/conf.d/authz_ldap.conf # # mod_authz_ldap can be used to implement access control and # authenticate users against an LDAP database. # LoadModule authz_ldap_module modules/mod_authz_ldap.so <IfModule mod_authz_ldap.c> <Location /> AuthBasicProvider master slave AuthzLDAPAuthoritative Off AuthType Basic AuthName "Authorization required" AuthzLDAPMemberKey member AuthUserFile /home/setup/svn/auth-conf AuthzLDAPSetGroupAuth user require valid-user AuthzLDAPLogLevel error </Location> </IfModule> If I understand correctly, mod_authz_ldap will try to search users in the second LDAP if the first server is down or OpenLDAP on it is not running. But in practice, it does not happen. Tested by stopping LDAP on the master, I get the "500 Internal Server Error" when accessing to the Subversion repository. The error_log shows: [11061] auth_ldap authenticate: user quanta authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] Did I misunderstand? AuthBasicProvider ldap1 ldap2 only means that if mod_authz_ldap can't find the user in ldap1, it will continue with ldap2. It doesn't include the failover feature (ldap1 must be running and working fine)?

    Read the article

  • Removing/modifying LDAP objectclasses/attributes using olc

    - by Foezjie
    I'm having trouble using openldap's olc to modify a schema without shutting down the server. To test some things out, I made the following schema: objectIdentifier tests orgUlyssisOID:4 objectIdentifier testAttribute tests:1 objectIdentifier testObjectClass tests:2 attributeType ( testAttribute:1 NAME 'attr1' DESC 'attribuut 1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' ) attributeType ( testAttribute:2 NAME 'attr2' DESC 'attribuut 2' SUP userPassword SINGLE-VALUE ) objectclass ( testObjectClass:1 NAME 'class1' DESC 'objectclass 1' SUP top STRUCTURAL MUST (attr1 $ attr2 ) ) And added it to a new schema called test. (cn={9}test.ldif in cn=schema). Now I can't seem to figure out how to delete class1 from that schema. I use the following LDIF (and tried lots of variations too, to no avail) dn : cn={9}test,cn=schema,cn=config changetype: modify delete: olcObjectClasses olcObjectClasses: ( testObjectClass:1 NAME 'class1' DESC 'objectclass 1' SUP top STRUCTURAL MUST ( attr1 $ attr2 ) ) Running ldapmodify -x -W -D cn=admin,cn=config -f test.ldif -d 0 gives no output. -d 1 gives this: ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_pvt_connect: fd: 4 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush2: 38 bytes to sd 4 ldap_result ld 0x7f2a8ccf3430 msgid 1 wait4msg ld 0x7f2a8ccf3430 msgid 1 (infinite timeout) wait4msg continue ld 0x7f2a8ccf3430 msgid 1 all 1 ** ld 0x7f2a8ccf3430 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Mon Sep 10 11:29:57 2012 ** ld 0x7f2a8ccf3430 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7f2a8ccf3430 request count 1 (abandoned 0) ** ld 0x7f2a8ccf3430 Response Queue: Empty ld 0x7f2a8ccf3430 response count 0 ldap_chkResponseList ld 0x7f2a8ccf3430 msgid 1 all 1 ldap_chkResponseList returns ld 0x7f2a8ccf3430 NULL ldap_int_select read1msg: ld 0x7f2a8ccf3430 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x7f2a8ccf3430 msgid 1 message type bind ber_scanf fmt ({eAA) ber: read1msg: ld 0x7f2a8ccf3430 0 new referrals read1msg: mark request completed, ld 0x7f2a8ccf3430 msgid 1 request done: ld 0x7f2a8ccf3430 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 4 ldap_free_connection: actually freed So no real indication of an error. Where am I doing it wrong? Bonus question: If I have some entries of a certain objectclass, can I modify it (add/remove attributeTypes) without removing the entries? Thanks in advance for all help.

    Read the article

  • ldapsearch against Active Directory fails

    - by Guacamole
    I am using ldapsearch from OpenLDAP tools to search our corporate Active Directory for my email and phone number. This query is a test to ensure that I can authenticate against the domain so I can set up a linux wiki with NTLM authentication. My theory is that if I can successfully query the AD for information, then I am a step closer to getting my wiki to authenticate against AD (I have instructions to set up moin wiki under ActiveDirectory). The problem is that I can't seem to get the ldapsearch query right. I have seen many tutorials on the net that indicate that -D should be something like -D "Americas\John_Marsharll"; however, I keep getting ldap_bind: Invalid credentials (49) error messages when I use Americas\John_Marshall. The only time I get sensical results is when I query with the parameters below. However, even then, I can't figure out how to get email and phone number. [John_Marsharll@WN7-BG3YSM1 ~]$ ldapsearch -x -h 10.1.1.1 \ -b "cn=Users,dc=Americas" mail telephonenumber -D "cn=John_Marshall,dc=Americas" # extended LDIF # # LDAPv3 # base <cn=Users,dc=Americas> with scope subtree # filter: (objectclass=*) # requesting: mail telephonenumber -D cn=John_Marshall,dc=Americas # # search result search: 2 result: 32 No such object # numResponses: 1 [John_Marshall@WN7-BG3YSM1 ~]$ Can someone give me pointers on what I'm doing wrong with the ldapsearch query above? Our AD ldap server is 10.1.1.1 and the AD domain is "Americas".

    Read the article

  • Error on LDAP Login - xsessions error - Session lasted less than 10 seconds

    - by Draineh
    I have two machines both running CentOS 5.6 64bit. On the LDAP Machine it has a DHCP, BIND and OpenLDAP Server. LDAP is correctly configured and users can authenticate against it. Using root I configure machine 2 to use LDAP for authentication and when trying to log in it successfully authenticates against a saved user on the LDAP Server but produces the following errors and then throws me back to the login screen. I can still sign in as root and use the machine as normal. The syslog doesn't show any errors and I disabled SELinux to see if it was interfering. The error; Your session only lasted less than 10 seconds. If you have not lgoged out yourself, this could mean that there is some installation problem or that you may be out of diskspace. Try logging in with one of the failsafe sessions to see if you can fix this problem. There is then a tickbox to view the contents of ~/.xsessions-errors which contains; /etc/gdm/PreSession/Default: Registering your session with utmp /etc/gdm/PreSession/Default: running: /usr/bin/sessreg -a -u /var/run/utmp -x "/var/gdm:0:Xservers" -h "" -l ":0" "admin" localuser:admin being added to access control list No profile for user 'admin' found /bin/sh: /usr/bin/dbus-launch --exit-with-session /etc/X11/Xinit/Xclients: No such file or directory /bin/sh: line 0: exec: /usr/bin/dbus-launch --exit-with-session /etc/X11/xinit/Xclients: cannot execute: No such file or directory Apologies if someone notices something isn't spelt quite right or doesn't sound right, the system never actually creates or saves this file so I have had to type it across from the screen. Through the authentication panel in CentOS on the client I have set it to create the users home directory on login. The user is being correctly authenticated and the /home/admin folder has been created but this error would suggest it has not? The client is a new install on an 80gb hard drive so there is well over 80% of the drive still available. Thanks for any suggestions or pointers.

    Read the article

  • Client authentication with RubyLDAP ldap

    - by Marcelo de Moraes Serpa
    Hello all, I'm trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to support client-authentication, and this is where things get tricky: The client is a web application written in Ruby, and we are using RubyLDAP (so far we have used it for non-SSL ldap stuff with great success). My question is: Is there a way to load a client certificate and send its data over the wire to the LDAP server when doing a LDAP::SSLConn? I haven't found anything obvious on the API docs (http://ruby-ldap.sourceforge.net/rdoc/) nor while googling around. I know I that I can prevent the server from asking for a certificate by putting the following on slapd.conf (OpenLDAP): TLSVerifyClient never However, this is not an option here. Thanks, Marcelo.

    Read the article

  • LDAP installed, running, but can't connect remotely [Ubuntu 10.10]

    - by Casey Jordan
    Hi all, I installed LDAP on my ubuntu 10.10 system, using the tutorial found here: https://help.ubuntu.com/10.10/serverguide/C/openldap-server.html Everything seems to be working well, when logged into the server via ssh I can run commands like: > ldapsearch -xLLL -b "dc=easydita,dc=com" uid=john sn givenName cn dn: uid=john,ou=people,dc=easydita,dc=com sn: Doe givenName: John cn: John Doe So I think that's a good sign that things are working well. However I have had zero luck connecting to the server remotely via GUI tools or command line. I have tied JXplorer, and LDAP administration tool. Running commands like this: > ldapsearch -xLLL -W -H ldap://ice.rit.edu -d1 "dc=easydita,dc=com" ldap_url_parse_ext(ldap://ice.rit.edu) ldap_create ldap_url_parse_ext(ldap://ice.rit.edu:389/??base) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ice.rit.edu:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush2: 34 bytes to sd 3 ldap_result ld 0xb8940170 msgid 1 wait4msg ld 0xb8940170 msgid 1 (infinite timeout) wait4msg continue ld 0xb8940170 msgid 1 all 1 ** ld 0xb8940170 Connections: * host: ice.rit.edu port: 389 (default) refcnt: 2 status: Connected last used: Thu Mar 17 19:42:29 2011 ** ld 0xb8940170 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0xb8940170 request count 1 (abandoned 0) ** ld 0xb8940170 Response Queue: Empty ld 0xb8940170 response count 0 ldap_chkResponseList ld 0xb8940170 msgid 1 all 1 ldap_chkResponseList returns ld 0xb8940170 NULL ldap_int_select read1msg: ld 0xb8940170 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 16 contents: read1msg: ld 0xb8940170 msgid 1 message type bind ber_scanf fmt ({eAA) ber: read1msg: ld 0xb8940170 0 new referrals read1msg: mark request completed, ld 0xb8940170 msgid 1 request done: ld 0xb8940170 msgid 1 res_errno: 49, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_err2string ldap_bind: Invalid credentials (49) I am pretty sure that I set up the admin password correctly, but the tutorial was not very specific about that. (Also could not find instructions on how to reset admin password.) Additional info: I was told that this file might hold important information so I will post it: /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage by * break olcRootDN: cn=admin,cn=config structuralObjectClass: olcDatabaseConfig entryUUID: eca09490-e524-102f-87c5-17d7a82e8985 creatorsName: cn=config createTimestamp: 20110317205733Z entryCSN: 20110317205733.193089Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20110317205733Z Given that it seems I have this almost set up correctly is there any steps I can take to correct this? Thanks, Casey

    Read the article

  • Can't configure PAM + LDAP on Debian Lenny - Getting error=49 on server logs

    - by Jorge Suárez de Lis
    I've been migrating some servers and desktops using Ubuntu 10.04 from getting the users from an old OpenLDAP implementation to a newer Centos Active Directory. I haven't had any problems so far, until I reached a Debian Lenny server. I've set up the server as the others, setting /etc/ldap.conf and /etc/ldap/ldap.conf. However, when I issue "getent passwd", I get nothing from the LDAP server. Reading the pam_ldap manpage, I realized that /etc/ldap.conf was not an accepted file by pam_ldap -it worked with Ubuntu though-, so I renamed it to /etc/pam_ldap.conf. Same result. However, once I've changed the name of this file, when I login using SSH I get this on the LDAP server logs: [20/Jul/2012:11:19:40 +0200] conn=16501 fd=155 slot=155 connection from x.x.x.50 to 10.1.176.237 [20/Jul/2012:11:19:40 +0200] conn=16501 op=0 BIND dn="uid=ubuntu,ou=Applications,ou=CITIUS,dc=inv,dc=usc,dc=es" method=128 version=3 [20/Jul/2012:11:19:40 +0200] conn=16501 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=ubuntu,ou=applications,ou=citius,dc=inv,dc=usc,dc=es" [20/Jul/2012:11:19:40 +0200] conn=16501 op=1 SRCH base="ou=People,ou=CITIUS,dc=inv,dc=usc,dc=es" scope=2 filter="(uid=jorge.suarez)" attrs=ALL [20/Jul/2012:11:19:40 +0200] conn=16501 op=1 RESULT err=0 tag=101 nentries=1 etime=0 notes=U [20/Jul/2012:11:19:40 +0200] conn=16501 op=2 BIND dn="uid=jorge.suarez,ou=People,ou=CITIUS,dc=inv,dc=usc,dc=es" method=128 version=3 [20/Jul/2012:11:19:40 +0200] conn=16501 op=2 RESULT err=49 tag=97 nentries=0 etime=0 The password isn't working. I don't know that could be wrong, anything else seems to be OK. That user/password is working from another clients: [20/Jul/2012:11:29:39 +0200] conn=16528 fd=188 slot=188 connection from x.x.x.224 to 10.1.176.237 [20/Jul/2012:11:29:39 +0200] conn=16528 op=0 BIND dn="uid=ubuntu,ou=Applications,ou=CITIUS,dc=inv,dc=usc,dc=es" method=128 version=3 [20/Jul/2012:11:29:39 +0200] conn=16528 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=ubuntu,ou=applications,ou=citius,dc=inv,dc=usc,dc=es" [20/Jul/2012:11:29:39 +0200] conn=16528 op=1 SRCH base="ou=People,ou=CITIUS,dc=inv,dc=usc,dc=es" scope=2 filter="(uid=jorge.suarez)" attrs=ALL [20/Jul/2012:11:29:39 +0200] conn=16528 op=1 RESULT err=0 tag=101 nentries=1 etime=0 notes=U [20/Jul/2012:11:29:39 +0200] conn=16528 op=2 BIND dn="uid=jorge.suarez,ou=People,ou=CITIUS,dc=inv,dc=usc,dc=es" method=128 version=3 [20/Jul/2012:11:29:39 +0200] conn=16528 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=jorge.suarez,ou=people,ou=citius,dc=inv,dc=usc,dc=es" I'm using SSHA for storing passwords on the LDAP server. Maybe this is not supported by Debian Lenny? On pam_ldap.conf, I've set up this, as in all the other servers: # Do not hash the password at all; presume # the directory server will do it, if # necessary. This is the default. pam_password md5 Also tried clear, but it didn't work. Anyways, it's weird that issuing getent passwd still gets me no users. However, if I use pamtest from the package libpam-dotfile to test login, it works. # pamtest ssh jorge.suarez Trying to authenticate <jorge.suarez> for service <ssh>. Password: Authentication successful. # pamtest foo jorge.suarez Trying to authenticate <jorge.suarez> for service <foo>. Password: Authentication successful. But "su" won't work also: # su jorge.suarez Id. descoñecido: jorge.suarez Just the output from getent passwd : # getent passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh Debian-exim:x:101:103::/var/spool/exim4:/bin/false statd:x:102:65534::/var/lib/nfs:/bin/false sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin luser:x:1000:1000:Usuario local de Burdeos,,,:/home/luser:/bin/bash messagebus:x:105:107::/var/run/dbus:/bin/false sge-admin:x:1001:1001:Administrador do SGE,,,:/home/cluster/sge-admin:/bin/bash ntp:x:107:110::/home/ntp:/bin/false haldaemon:x:108:111:Hardware abstraction layer,,,:/var/run/hald:/bin/false vde2-net:x:109:114::/var/run/vde2:/bin/false uml-net:x:110:115::/home/uml-net:/bin/false polkituser:x:111:116:PolicyKit,,,:/var/run/PolicyKit:/bin/false Debian-pxe:x:113:65534:Dummy user for Debian pxe package,,,:/home/Debian-pxe:/bin/false Nscd was stopped from the beginning.

    Read the article

  • LDAP socket keep-alive

    - by Dmitry Khalatov
    We are using OpenLDAP client library to conect to an LDAP server. The problem is that if there is no activity for some time, server (or firewall in the middle) drops TCP connection. Our current implementation of "keep-alive" just does search for baseDN from time to time - any better ideas ?

    Read the article

  • How to set ulimits in Solaris 10

    - by James Bradley
    I normally use pam_limits.so and /etc/security/limits.conf to set ulimits on filesize/cputime etc for the regular users logging in to my server running Ubuntu. Can anyone give the best way of doing similar with Solaris 10. I think it is done using /etc/system but have no idea what to add to the file or indeed if it is the correct file. I'm particularly interested in setting up ulimit -f without going down the .profile route.

    Read the article

  • Postfix: LDAP not working (warning: dict_ldap_lookup: Search base not found: 32: No such object)

    - by Heinzi
    I set up LDAP access with postfix. ldapsearch -D "cn=postfix,ou=users,ou=system,[domain]" -w postfix -b "ou=users,ou=people,[domain]" -s sub "(&(objectclass=inetOrgPerson)(mail=[mailaddr]))" delivers the correct entry. The LDAP config file looks like root@server2:/etc/postfix/ldap# cat mailbox_maps.cf server_host = localhost search_base = ou=users,ou=people,[domain] scope = sub bind = yes bind_dn = cn=postfix,ou=users,ou=system,[domain] bind_pw = postfix query_filter = (&(objectclass=inetOrgPerson)(mail=%s)) result_attribute = uid debug_level = 2 The bind_dn and bind_pw should be the same as I used above with ldapsearch. Nevertheless, calling postmap doesn't work: root@server2:/etc/postfix/ldap# postmap -q [mailaddr] ldap:/etc/postfix/ldap/mailbox_maps.cf postmap: warning: dict_ldap_lookup: /etc/postfix/ldap/mailbox_maps.cf: Search base 'ou=users,ou=people,[domain]' not found: 32: No such object If I change LDAP configuration, so that anonymous users have complete access to LDAP olcAccess: {-1}to * by * read then it works: root@server2:/etc/postfix/ldap# postmap -q [mailaddr] ldap:/etc/postfix/ldap/mailbox_maps.cf [user-id] But when I restrict this access to the postfix user: olcAccess: {-1}to * by dn="cn=postfix,ou=users,ou=system,[domain]" read by * break it doesn't work but produces the error printed above (although ldapsearch works, only postmap doesn't). Why doesn't it work when binding with a postfix DN? I think I set up the LDAP ACL for the postfix user correctly, as the ldapsearch command should prove. What can be the reason for this behaviour?

    Read the article

  • LDAP change user pass on client

    - by Sean
    I am trying to allow ldap users to change their password on client machines. I have tried pam every which way I can think of /etc/ldap.conf & /etc/pam_ldap.conf, as well. At this point I'm stuck. Client: Ubuntu 11.04 Server: Debian 6.0 The current output is this: sobrien4@T-E700F-1:~$ passwd passwd: Authentication service cannot retrieve authentication info passwd: password unchanged /var/log/auth.log gives this during the command: May 9 10:49:06 T-E700F-1 passwd[18515]: pam_unix(passwd:chauthtok): user "sobrien4" does not exist in /etc/passwd May 9 10:49:06 T-E700F-1 passwd[18515]: pam_ldap: ldap_simple_bind Can't contact LDAP server May 9 10:49:06 T-E700F-1 passwd[18515]: pam_ldap: reconnecting to LDAP server... May 9 10:49:06 T-E700F-1 passwd[18515]: pam_ldap: ldap_simple_bind Can't contact LDAP server getent passwd |grep sobrien4 (note keeping short since testing with that account, however it outputs all ldap users): sobrien4:Ffm1oHzwnLz0U:10000:12001:Sean O'Brien:/home/sobrien4:/bin/bash getent group shows all ldap groups. /etc/pam.d/common-password (Note this is just the most current, I have tried a lot of different options): password required pam_cracklib.so retry=3 minlen=8 difok=3 password [success=1 default=ignore] pam_unix.so use_authtok md5 password required pam_ldap.so use_authtok password required pam_permit.so Popped open wireshark as well, the server & client are talking. I have the password changing working on the server. I.E. the server that runs slapd, I can log in with the ldap user and change the passwords. I tried copying the working configs from the server initially and no dice. I also tried cloning it, and just changing ip & host, and no go. My guess is that the client is not authorized by ip or hostname to change a pass. Pertaining to the slapd conf, I saw this in a guide and tried it: access to attrs=loginShell,gecos by dn="cn=admin,dc=cengineering,dc=etb" write by self write by * read access to * by dn="cn=admin,dc=cengineering,dc=etb" write by self write by * read So ldap seems to be working okay, just can't change the password.

    Read the article

  • LDAP Structure: dc=example,dc=com vs o=Example

    - by PAS
    I am relatively new to LDAP, and have seen two types of examples of how to set up your structure. One method is to have the base being: dc=example,dc=com while other examples have the base being o=Example. Continuing along, you can have a group looking like: dn: cn=team,ou=Group,dc=example,dc=com cn: team objectClass: posixGroup memberUid: user1 memberUid: user2 ... or using the "O" style: dn: cn=team, o=Example objectClass: posixGroup memberUid: user1 memberUid: user2 My questions are: Are there any best practices that dictate using one method over the other? Is it just a matter of preference which style you use? Are there any advantages to using one over the other? Is one method the old style, and one the new-and-improved version? So far, I have gone with the dc=example,dc=com style. Any advice the community could give on the matter would be greatly appreciated.

    Read the article

  • Active Directory using Samba/Open LDAP for user accounts

    - by Jon Rhoades
    I know this is the wrong way round... but Is it possible to use AD in front of Samba for our PC clients, so that the user accounts are in Samba/Open LDAP. Managing our fleet of Windows PC's is becoming more and more difficult with just Samba v3 - until Samba v4 comes along, it would be great if we could leverage Active Directory, but have the accounts stored in Samba/Open LDAP. Windows PC's are a minority in our organisation & Samaba/Open LDAP are used for just about every service (Zimbra/RADIUS/Intranet/SAN/Printing/...) so it will have to remain the definitive account source. Anyway, it probably can't be done, but I thought I would ask for ideas anyway.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10  | Next Page >