recentpopularlog in

kme : openldap   18

Appendix A: LDAP: Text Search Filter | http://www.zytrax.com/
Note that wildcards do not seem to be allowed with 'memberOf'; at least not with AD.
ldap  ad  openldap  search  webmaster  sysadmin  reference 
november 2017 by kme
Howard Chu - LMDB [The Databaseology Lectures - CMU Fall 2015] - YouTube | https://www.youtube.com/
For icing on the cake, packages build by default with useful compile-time features such as consistent use of the ELF rpath header, allowing programs to run in the target environment without requiring LD_LIBRARY_PATH to be set at all, since the built binaries contain internal annotations telling the runtime linker where its library dependencies are to be found.
openldap  lmdb  database  dba  conference  talk 
november 2017 by kme
Re: Simple authentication with SASL
At 08:14 AM 2/14/2005, Jorge Ruão wrote:
>Hi,
>
>is there a way to specify simple authentication in /etc/openldap/ldap.conf?
>
>I'm using Red Hat AS 3.0 with the openldap RPM and it comes with SASL support.
>
>I don't to type -x in all ldapsearches, so is there a way to specify/force the use of simple authentication in the ldap.conf file?

no.
ldap  openldap  configfile  solution 
december 2016 by kme
LDAP filter for blank (empty) attribute - Stack Overflow
Perhaps, you could, if your DN's are consistent, use something like:

(&(!(manager=cn*))(manager=*))
ldap  ldif  ldapsearch  openldap  sysadmin  solution 
may 2016 by kme
A.2.3 LDIF Format for Modifying Entries - LDIF File Format
Say you want to delete the 'userCertificate' attribute; here's how you can get a list of entries to modify, and then add the 'changetype: modify' line by hand to each one:
lsearch '(&(objectClass=posixAccount)(userCertificate;binary=*))' dn > deleteCerts.ldif

If you are making several modifications to an entry, then, between each modification you enter, add a line that contains a hyphen (-) only. For example:

dn: cn=Barbara Fritchy,ou=Sales,o=Oracle,c=US
changetype: modify
add: work-phone
work-phone: 650/506-7000
work-phone: 650/506-7001
-
delete: home-fax
-
replace: home-phone
home-phone: 415/697-8899
sysadmin  openldap  ldif  ldap  solution 
may 2016 by kme
Re: kill HUP
So, you have to use the MacPorts wrapper script in /opt/local/etc/LaunchDaemons/org.macports.slapd to restart the daemon after, say, rotating logs.
mac  osx  sysadmin  logfiles  slapd  openldap  solution 
february 2016 by kme
Portfile in trunk/dports/databases/openldap – MacPorts
Things I had to fix:

* According to https://trac.macports.org/attachment/ticket/23405/openldap.Portfile.trac23405_v1.diff, the OpenLDAP port should support a 'non_root' variant, but I can't see any evidence of that. Nonetheless, the default Portfile wants to run 'slapd' as the user 'ldap' (which is correctly created), but the post-install process didn't correctly give this 'ldap' user permissions to /opt/local/var/openldap-data.

- the solution here was to:


chown -R ldap:ldap /opt/local/var/openldap-data

# And so that it can read its own schemata and config files:
cd /opt/local/etc/openldap/
find . -type f -exec chgrp ldap {} \; -exec chmod g+r {} \;
find . -type d -exec chgrp ldap {} \; -exec chmod g+rx {} \;

then to create directories with appropriate permissions for the logs and the pidfile in /opt/local/var.

* My slapd.conf looks like this:


pidfile /opt/local/var/run/openldap/slapd.pid
argsfile /opt/local/var/run/openldap/slapd.args
logfile /opt/local/var/log/openldap/slapd.log
loglevel 256

* 'slapd' won't complain out loud about not being able to read its own configuration file unless you run it with '-d', say '-d 5'. It just dies, and the 'slapd.wrapper' stays running forever like a zombie. Running 'slapd -d 5 -u ldap <...>' was the only way I was able to figure all of this out.

* In order to rotate the logfiles created by 'slapd', I used the system-provided newsyslog.conf with instructions found here: http://serverfault.com/a/644768. My org.macports.slapd.conf looks like


# logfilename [owner:group] mode count size(KB) when flags [/pid_file] [sig_num]
#/opt/local/var/log/openldap/slapd.log ldap:ldap 644 2 2048 * G /opt/local/var/run/openldap/slapd.pid
/opt/local/var/log/openldap/slapd.log ldap:ldap 644 2 2048 * RG /opt/local/etc/LaunchDaemons/org.macports.slapd/slapd.wrapper restart


Unfortunately, slapd doesn't respond to user signals (it just dies), so you have to give newsyslog the 'R' flag option and use the MacPorts wrapper script to (hopefully) restart the daemon.
macports  ldap  openldap  sysadmin  configfile  mac  osx  solution 
february 2016 by kme
5.6. Tcl Extensions
I kept wondering what 'xinstall' was in the portfile for OpenLDAP, and this was the answer. A portfile is Tcl script, and 'xinstall' is a Tcl extension (like a function, I guess).

In any case, it didn't do what it was supposed to do, because the/opt/local/var/openldap-data directory wasn't owned by the 'ldap' user like it was a'sposed to be, and 'slapd' didn't even complain when run with the '-u ldap' option, it just died. Silently.
macports  tcl  sysadmin  openldap  solution 
february 2016 by kme
linux - How do I clone an OpenLDAP database - Stack Overflow - http://stackoverflow.com/
http://stackoverflow.com/questions/792563/how-do-i-clone-an-openldap-database#2902158
For example, dump database from a master server under dc=master,dc=com and load it in a backup server

$ ldapsearch -Wx -D "cn=admin_master,dc=master,dc=com" -b "dc=master,dc=com" -H ldap://my.master.host -LLL > ldap_dump-20100525-1.ldif
$ ldapadd -Wx -D "cn=admin_backup,dc=backup,dc=com" -H ldap://my.backup.host -f ldap_dump-20100525-1.ldif

The -W flag above prompts for ldap admin_master password however since we are redirecting output to a file you wont see the prompt - just an empty line. Go ahead and type your ldap admin_master password and and it will work. First line of your output file will need to be removed (Enter LDAP Password:) before running ldapadd.

Last hint, ldapadd(1) is a hard link to ldapmodify(1) with the -a (add) flag turned on.
openldap  ldap  sysadmin  backupandrecovery  importexport  solution 
february 2016 by kme
F a c i l e L o g i n: Setting up OpenLDAP under MAC OS X - http://blog.facilelogin.com/
The answer was: you have to actually create enough of the directory structure to encapsulate the children of whatever you dumped to the LDIF. This guide is perfect.

Strangely, OpenLDAP doesn't even seem to care if the "root" user doesn't exist anywhere in the tree, which completely mystifies me.
openldap  ldap  ldif  sysadmin  solution 
february 2016 by kme

Copy this bookmark:





to read