| |
| |
| |
|
Page: 1 2
Comments:
<poonj> hey guys
<poonj> I'm not exactly sure what is wrong...but when I try to restart my slapd daemon in debian...its acting really weird
<poonj> the process starts, but the openldap script doesn't exit nicely...
<poonj> it hangs at "Starting Slapd"
<poonj> is something wrong?
<poonj> hey guys...I'm trying to setup samba to work with LDAP. I'm getting the following error from slapd....(uniqueMember) index_param failed (18)<= bdb_equality_candidates: (uniqueMember) index_param failed (18)
<poonj> unique member isn't an attribute that is setup...
<Gagatan> poonj: its more an advice than an error, samba tries searching for uniqueMember, but slapd hasn't indexed that attribute.. its as simple as that.
<poonj> gatatan
<Gagatan> poonj: read the admin-guide with regards to indexing
<poonj> ummm, so it shouldn't affect the performance?
<poonj> well, I mean in terms of LDAP not working..
<poonj> if thats the case, then I don't know where to look to see what is wrong..
<Gagatan> well.. that it would.. openldap would return a result from that searc, but it would be slower than if it was indexed.
<poonj> okay
<Gagatan> other ldap-implementation won't give a result if you try to use a filter on a non-indexed attribute
<poonj> gotcha
<Gagatan> such as Oracle LDAP (Oracle Internet Directory)
<poonj> have you setup something with LDAP to use with samba?
<Gagatan> once, a long long time ago.. go to #samba if its samba-related.
<Gagatan> www.grotan.com/ldap has a slapd.access.conf you can cook from with regards to ACLs
<poonj> okay
<poonj> the problem is..
<poonj> I don't know for sure if its a samba problem
<poonj> but I'll ask them..
<poonj> I just wanted to make sure that error wasn't casuing anything to break
<Gagatan> now you know :)
<poonj> :)
<poonj> okay
<poonj> thanks Gagatan
<_ranger_> actually, to be exact, it's nss_ldap that searches on uniqueMember
<_ranger_> and, you can configure it to search on something more reasonable (such as member)
<mathieu> is it possible to only allow anonymous access from localhost (openldap)?
<antarus> mathieu: sorta :x
<antarus> mathieu: I think you can do it in acl's using peers
<antarus> or wait, no :x
<mathieu> k :)
<hiems> Hello everyone
<hiems> There's any phpldapadmin user that may have an idea why it misses to show some schemes that I can see on openldap, instead? (with the command ldapsearch -x -s base -b "cn=subschema" objectcl***es)
<converter> hiems: turn on some logging in slapd.conf and chances are the log will tell you what's wrong (***uming phpldapadmin isn't the cause)
<hiems> That's a good idea, I'll go for it
<hiems> No, nothing wrong on phpldapadmin side, from the log
<hiems> It just doesn't find the desired schema (inetorgaddress) on the schemas list
<hiems> But with the ldap* command lines tools I can see that the object cl***es on it are loaded, and I can also put in the database some objects of that object cl***
<hiems> (Of course, if I try to change the object cl*** of such objects from phpldapadmin I get an error, nonexistant schema)
<hiems> I don't have any ACL set, they're the default ones
<converter> hiems: you're looking at the slapd log? what is loglevel set to in slapd.conf?
<hiems> No, sorry, I was looking at the phpldapadmin log only
<hiems> I'll check the log of slapd too now
<contraventor> how use ldap without cyrus in slapd.conf ?
<antarus> er....
<antarus> without SASL?
<contraventor> antarus yeap
<antarus> had to check, cyrus is also an imapd :p
<contraventor> antarus i'm using cyrus-sasl on smtp
<contraventor> hiahiahiaiha
<contraventor> :P
<contraventor> yeap
<contraventor> slapd error ..
<antarus> so hmmmm
<antarus> I don't have sasl on mine, afaik
<antarus> are you asking how to set up ldap to not use it or...
<contraventor> antarus how ?
<antarus> or you have issues getting smtp/imap to auth against ldap with no sasl..
<contraventor> in slapd.conf how set for not use sasl ?
<antarus> er..
<antarus> it should just work(TM)
<contraventor> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
<Gagatan> -x
<antarus> from what program..
<antarus> if it's ldap{search,add,modify...} you need to do what Gagatan said and use -x
<antarus> since those programs use SASL by default
<contraventor> hmmm
<contraventor> i'm testing
<antarus> if it's some other program
<antarus> you generally want to turn off TLS..since afaik, SASL is ldap's TLS provider
<Gagatan> what does SASL have to do with TLS? it's SSL and TLS you're thinking about - right?
<antarus> ahhh probably ;)
<contraventor> command ldapadd return -> SASL/DIGEST-MD5 authentication started & Please enter your p***word: & ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
<antarus> ldapadd -x
<contraventor> not work ...
<contraventor> ok
<antarus> like Gagatan just mentioned a few lines up :P
<contraventor> antarus ldapadd -x not return command line for insert p***word
<antarus> contraventor: ldapadd binds anonymous unless you tell it different
<antarus> contraventor: you could probably do something like
<antarus> ldapadd -x -D "cn=Manager,dc=example,dc=org"
<antarus> change Manager to your root LDAP account, and the example, org stuff to your site config
<antarus> and then it will prompt for your LDAP root p***word
<contraventor> hmmm
<contraventor> ok ;D
<antarus> if you know the dn of a user in LDAP you can bind to them as well
<antarus> er..
<antarus> sorry you need a -W at the end of that
<antarus> turns prompting on ;P
<antarus> otherwise it will complain that you are binding without a p***wor d;P
<contraventor> xii
<contraventor> antarus not work ;(
<contraventor> ldapadd -x -D "cn=administrador,dc=mcsa,dc=com,dc=br"
<contraventor> ldap_bind: Server is unwilling to perform (53)
<contraventor> additional info: unauthenticated bind (DN with no p***word) disallowed
<contraventor> ;/
<antarus> ok reread the lines I just wrote
<antarus> about the -W :p
<contraventor> antarus you looking my slapd.conf please ?
<antarus> pastebin it somewhere
<contraventor> ok
<contraventor> ;D
<contraventor> antarus http://www.phpavancado.net/pastelog/1051
<contraventor> my slapd.conf
<contraventor> is correct ?
<contraventor> dc=mcsa == dc=MY-DOMAIN
<antarus> hrm
<antarus> is your domain mcsa.com.br ?
<contraventor> antarus yeap
<antarus> try dc=mcsa,dc=com.br
<antarus> only 2 dc's instead of 3
<contraventor> antarus ok
<contraventor> i'm testing
<antarus> because mine is similar
<contraventor> ;D
<antarus> dc=egr,dc=msu.edu
<contraventor> antarus error == ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) on ldapadd
<contraventor> ;/
<contraventor> i'm change , not work
<contraventor> antarus error on syslog
<contraventor> jaspion slapd[11199]: sql_select option missing
<contraventor> slapd[11199]: auxpropfunc error no mechanism available
<antarus> contraventor: using -x with ldapadd shouldn't give you a SASL error..
<contraventor> antarus ldapadd -x not return command line for insert p***word
<contraventor> ;/
<podzap> .
<antarus> contraventor: the same one you used before..?
<podzap> ..
<antarus> podzap: how is that going there?
<podzap> antarus: going fine here, thanks :-O)
<podzap> how about you?
<antarus> irritated at git, looking for a good book on LDAP that I can make work buy
<antarus> since we need to switch from NIS+ soon
<podzap> you need the ldap bible
<podzap> "implementing and deploying ldap directory services"
<podzap> also, if you are in a hurry and short on expertise, hiring a good consultant will certainly help.
<antarus> I dont' anticipate problems
<podzap> that's a real good book, then. get it :-)
<antarus> we are the IT department, so I figure we can set up our own ldap ;), I'm fairly confident in myself anyway :0
<antarus> the recommendation is appreciated ;)
<contraventor> antarus yeap
<antarus> mostly my learning has come at the expense of me getting OX working
<antarus> and the guy here before me supposidely had ldap "close to done" but I can't find any of his schema's anywhere, and he didn't document anything ;)
Return to
#ldap
or
Go to some related
logs:
dukedrake
#perl
#linux
#math
#suse
#perl
#kde
generate unique id javascript microtime md5
#perl
#web
|
|
