Gerd König | 21 Oct 08:13

newbie question: how to put company structure to ldap

Hello again,

in my first email there was an copy-paste error.

The dn of the teams are also of the format
dn=<teamname>,ou=teams,dc=example,dc=com

any help appreciated....GERD....

Gerd König | 21 Oct 08:00

newbie question: how to put company structure to ldap

Hello,

I'm going to create a ldap directory for the company to have a central
place for user administration.
I've started with an example found in the web. First of all I created
the top level dc=example,dc=com and the manager
(cn=manager,dc=example,dc=com).
Afterwards I created 2 organizational units:
ou=persons
ou=teams
and filled them with content (see at bottom of the email).

I'm in doubt if this is the correct way to build the directory and
"connect" each user to its team. I only set the "ou=" property of each
person to its teamname, and added one "member=" entry for each person to
the team-object. I'm not happy with such setting.

What if a person changes the team, do I have to update the person's
"ou=" and the "member=" section of the teams ??

Is this really the way to implement such a company->team->person hierarchy ?

any help appreciated....GERD....

dn: cn=Tinky Winky,ou=people,dc=example,dc=com
objectclass: inetOrgPerson
sn: Tinky
cn: Tinky Winky
uid: twinky
userpassword: twinky
(Continue reading)

Agarwal, Sharad | 15 Oct 16:53

LDAP Error 32 v/s Empty Result Set

Hi All,

Is it standard behavior for an LDAP server to respond with (LDAP Error
32) when a query is run that has no match?

I tried a zero result query with the embedded LDAP Server (that comes
with WebLogic). This query does not return LDAP Error 32, it just
returns an empty result set.

Code snippet:
~~~~
        int ldapVersion   = LDAPConnection.LDAP_V3;
        int ldapPort      = 27001; 
        String ldapHost   = "fesbosbgdd33v3";
        String loginDN    =
"uid=vgnadmin,ou=people,ou=VgnLDAPRealm,dc=vgndomain";
        String password   = "password masked";
        String searchBase = "ou=groups,ou=VgnLDAPRealm,dc=vgndomain";
        String searchFilter =
"(&(uniquemember=cn=Administrators,ou=groups,ou=VgnLDAPRealm,dc=vgndomai
n)(objectclass=groupOfUniqueNames))";
~~~~

Code output:
~~~~
searchResults.getCount() = 0
~~~~

The same kind of query against another LDAP interface (Oracle Virtual
Directory) returns LDAP Error 32. 
(Continue reading)

Michael Ströder | 13 Oct 16:11

ANNOUNCE: web2ldap release 1.0.5

HI!

Find a new release of web2ldap on

        http://www.web2ldap.de/download.html

About:
web2ldap is a full-featured LDAPv3 client written in Python and designed
to run as a stand-alone Web gateway or under the control of a web server
with FastCGI or SCGI support (e.g., Apache with mod_fastcgi or mod_scgi).

Ciao, Michael.

------------------------------------------------------------------------

Changes since last 1.0.0 announcement:

1.0.5

Release Date: 2008-10-13

* Improvements to plugin modules/classes:

  o New plugin module lotusdomino for LDAP interface of Lotus
    Domino server.
  o New plugin class for attribute types found in schema of MIT
    Kerberos LDAP backend: krbTicketFlags, krbPrincipalType and
    krbTicketPolicyReference.
  o New plugin class for LDAP syntax UUID.
  o Fix in BitArrayInteger.formValue for adding new values.
(Continue reading)

Wessel Louwris | 13 Oct 12:08
Picon

ldap model to provide rights to people/groups

Hi,

I have some trouble designing an LDAP model.  I have to setup something in which I can lookup what right a person has to access a certain module.
This has to be  generic in respect of where the peoples/groups are stored in the directory. So it could be implemented in different LDAP organisations.

I came up with the following:
* a structural myModule class with some text attributes (version)
* a structural myMember class with one text attribute which describes the access and a link to a user/group somewhere in the directory

Now I make a hierarchy like:
cn=moduleA,ou=Modules  : with a myVersion text attribute
  cn=user1,cn=moduleA,ou=Modules : with myMode (read/write etc string) attribute and myTargetDN DN attribute which points somewhere.

Attached are the schema & ldif sample (all created with the Apache DS eclipse plugins)

My questions are:
* does this make any sense. Or is there hardly anything to say about it without the exact project information etc
* can I put an index on the myTargetDN? Because this one will be searched for mostly I think: 'is current user allowed to access this module.'
* should I make more use of auxiliary classes? (couldn't find a decent structural class where I could base myModule on)
* Any ideas on where can I find more info about LDAP modelling? (besides this mailing list ;-)

Thanks a lot for your time/feedback.

greetings, Wessel
 
   


Attachment (my.schema): application/octet-stream, 700 bytes
Justin Dearing | 11 Oct 17:06
Picon

Guessing root DNs for active directory

Hi,

Let me know if this is the wrong list for this question, and where best to ask this.

I am trying to write a simple program in java that "guesses" if the machine is running on active directory and connects to the domain controller via LDAP. My goal is to submit a patch to JXPlorer (and eventually other software like apache directory studio) to "detect" active directory and "auto-configure" a connection to it.

Right now I am grabing the envirormental variable "USERDNSDOMAIN", and transforming it from "foo.com" to "dc=foo,dc=com". This works good enough. However, Is it possible via some sort of LDAP query to get the base DN of either the domain I am authenticated to, or better yet all domains in the forest?

If anyone cares to help me in my research, or laugh at a .NET programmer trying to write JAVA, feel free to take a poke at my code in SVN, http://nightelves.svn.sourceforge.net/viewvc/nightelves/LI-PHP/LDAP/LDAP.Tests/src/LDAP/Tests.java?revision=57&view=markup

Thanks and Regards,

Justin Dearing
ELCIN HAKTANIR | 10 Oct 17:24

Re: slapadd newbie


Sorry not 100,000,000 just 100,000


ELCIN HAKTANIR/OKSIJEN/TR/VODAFONE

10/10/2008 06:22 PM

To
ldap-63aXycvo3TyHXe+LvDLADg@public.gmane.org
cc
Subject
Re: [ldap] Re: slapadd newbieLink




100,000,000 subscribers is:2.1G total.

bash-2.05# du -c -h *.bdb

157M    dn2id.bdb
2.0G    id2entry.bdb
2.0M    objectClass.bdb
2.1G    total

again my Configuration information about my Environment:
---------------------------------------------------------------------
openldap-2.4.10-sol9-sparc-local.gz  installed on a System with Configuration:  

bash-2.05# prtdiag
System Configuration:  Sun Microsystems  sun4u Sun Fire 280R (2 X UltraSPARC-III+)
System clock frequency: 150 MHz
Memory size: 2048 Megabytes

========================= CPUs ===============================================

          Run    E$    CPU     CPU
Brd  CPU  MHz    MB   Impl.    Mask
---  ---  ----  ----  -------  ----
 A    0    900   8.0  US-III+  2.3
 B    1    900   8.0  US-III+  2.3

========================= Memory Configuration ===============================

           Logical  Logical  Logical
      MC   Bank     Bank     Bank         DIMM    Interleave  Interleaved
 Brd  ID   num      size     Status       Size    Factor      with
----  ---  ----     ------   -----------  ------  ----------  -----------
 CA    0     0      1024MB   no_status     512MB     2-way        0
 CA    0     2      1024MB   no_status     512MB     2-way        0




Gavin Henry <ghenry <at> suretecsystems.com>
Sent by: bounce-ldap-5624112 <at> listserver.itd.umich.edu

10/10/2008 06:14 PM

Please respond to
Gavin Henry <ghenry-0iySFhgulYrkQYj/0HfcvtBPR1lH4CV8@public.gmane.org>

To
Quanah Gibson-Mount <quanah <at> zimbra.com>
cc
ELCIN HAKTANIR <elcin.haktanir <at> vodafone.com>, ldap-63aXycvo3TyHXe+LvDLADg@public.gmane.org
Subject
[ldap] Re: slapadd newbie






----- "Quanah Gibson-Mount" <quanah-zAQalKWTt5vQT0dZR+AlfA@public.gmane.org> wrote:

> --On Friday, October 10, 2008 5:39 PM +0300 ELCIN HAKTANIR
> <elcin.haktanir-ANTagKRnAhdWk0Htik3J/w@public.gmane.org> wrote:
>
> >
> > Question1:
> > ---------------
> > Is it rational that slapadd took 31 minutes for 100,000
> entries(23Kbyte
> > per subscriber i guess) without index.?
> > I think it is so slow.isn't it?
> > What have i done wrong then?Could you please help to reduce this
> time ?
>
> Verify your DB_CONFIG file.  Set the tool-threads value in slapd.conf,
>
> assuming OpenLDAP 2.3 or later.  Don't use debug flags with slapadd.
> Also
> the disk speed is going to have an impact.

Also see the -q flag:

-q     enable quick (fewer integrity checks) mode.  Does fewer consistency checks on the input data, and no consistency checks when writing the database.  Improves the load time but if any errors or interruptions occur the resulting database will be unusable.


--
Kind Regards,

Gavin Henry.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry-0iySFhgulYrkQYj/0HfcvtBPR1lH4CV8@public.gmane.org

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.












--------------------------------------

Bu elektronik posta ve onunla iletilen bütün dosyalar gizlidir sadece yukarıda isimleri belirtilen kişiler arasında özel haberleşme amacını taşımaktadır. Size yanlışlıkla ulaşmıssa bu elektonik postanın içeriğini açıklamanız , kopyalamanız, yönlendirmeniz ve kullanmanız kesinlikle yasaktır. Lütfen mesajı geri gönderiniz ve sisteminizden siliniz. Vodafone Teknoloji Hizmetleri A.Ş. bu mesajın içeriği ile ilgili olarak hiç bir hukuksal sorumluluğu kabul etmez.

This electonic mail and any files transmitted with it are intended for the private use of the persons named above. If you received this message in error, forwarding, copying or use of any of the information is strictly prohibited. Please immediately notify the sender and delete it from your system. Vodafone Teknoloji Hizmetleri A.S. does not accept legal responsibility for the contents of this message.
--------------------------------------













--------------------------------------

Bu elektronik posta ve onunla iletilen bütün dosyalar gizlidir sadece yukarıda isimleri belirtilen kişiler arasında özel haberleşme amacını taşımaktadır. Size yanlışlıkla ulaşmıssa bu elektonik postanın içeriğini açıklamanız , kopyalamanız, yönlendirmeniz ve kullanmanız kesinlikle yasaktır. Lütfen mesajı geri gönderiniz ve sisteminizden siliniz. Vodafone Teknoloji Hizmetleri A.Ş. bu mesajın içeriği ile ilgili olarak hiç bir hukuksal sorumluluğu kabul etmez.

This electonic mail and any files transmitted with it are intended for the private use of the persons named above. If you received this message in error, forwarding, copying or use of any of the information is strictly prohibited. Please immediately notify the sender and delete it from your system. Vodafone Teknoloji Hizmetleri A.S. does not accept legal responsibility for the contents of this message.
--------------------------------------


Joao Amancio | 7 Oct 00:43
Picon

Re: Low performance on searches

Thanks for advices!


Hope help someone here next time!
: )


On Mon, Oct 6, 2008 at 7:32 PM, Quanah Gibson-Mount <quanah-zAQalKWTt5vQT0dZR+AlfA@public.gmane.org> wrote:
--On Monday, October 06, 2008 7:23 PM -0300 Joao Amancio <jjamancio-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:


Quanah,

My OpenLDAP version/release is: 2.4.11
I configured it at a Slackware 12.1 Linux.
Isn't "cachesize" setting configured in DB_CONFIG by the "set_cachesize"
option?

Copy the list on responses if you want further help.

The OpenLDAP cachesize is not the same as the BDB set_cachsize.  I suggest you read the slapd-bdb man page.


--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Re: Low performance on searches

--On Monday, October 06, 2008 7:23 PM -0300 Joao Amancio 
<jjamancio@...> wrote:

>
> Quanah,
>
> My OpenLDAP version/release is: 2.4.11
> I configured it at a Slackware 12.1 Linux.
> Isn't "cachesize" setting configured in DB_CONFIG by the "set_cachesize"
> option?

Copy the list on responses if you want further help.

The OpenLDAP cachesize is not the same as the BDB set_cachsize.  I suggest 
you read the slapd-bdb man page.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Joao Amancio | 6 Oct 23:24
Picon

Low performance on searches

Hi people,

First of all: "I'm new to OpenLDAP..."
The problem is:
Every search on the base take several time and sometimes (not so rare) returns a "time out" message.
I don't know if the problem is in the app query or if it's in configuration files.

When I run the 'db_stat -m' command, the results are:

320MB 740B      Total cache size
1           Number of caches
320MB 8KB       Pool individual cache size
0           Maximum memory-mapped file size
0           Maximum open file descriptors
0           Maximum sequential buffer writes
0           Sleep after writing maximum sequential buffers
0           Requested pages mapped into the process' address space
542724      Requested pages found in the cache (99%)
20          Requested pages not found in the cache
463         Pages created in the cache
20          Pages read into the cache


Based on the official OpenLDAP documentation, the values in red are great and so I've made no change on file DB_CONFIG.
My slapd.conf is set as follow:

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/samba.schema
pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args
database        bdb
suffix          "dc=bluefish,dc=com,dc=br"
rootdn          "cn=Manager,dc=bluefish,dc=com,dc=br"
rootpw          secret
directory       /usr/local/var/openldap-data
index   objectClass     eq
index cn,sn,givenname,mail,uid eq
index entryCSN,entryUUID eq
access to dn.base="cn=Manager,o=Bluefish"
      by peername.regex=127\.0\.0\.1 auth
      by peername.regex=192\.168\.0\.100 auth
      by peername.regex=192\.168\.0\.135 auth
      by peername.regex=192\.168\.0\.32 auth
      by peername.regex=192\.168\.0\.35 auth
      by peername.regex=192\.168\.0\.37 auth
      by users none
      by * none
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
      by self write
      by anonymous auth
      by * read


Could anyone help me to determine where is the problem for getting "time out" message on searches?

Server configuration:
Intel Core2 Quad 2.40Ghz
2 GB RAM
1 HD - 250 GB SATAII (everything is here)

Thanks for any kind of help,
João Ferreira


Manuel Vacelet | 6 Oct 16:13
Picon

Several DN one LDAP query

Hello,

I'd like to know if it's correct to retrieve several entries from a
directory in one LDAP query based on the DN.
I have several group DN:
cn=marketing,ou=Groups,dc=example,dc=com
cn=sales,ou=Groups,dc=example,dc=com
And I'd like to get the entries of all DN in only one query (I
actually want to get all the members of these groups).

Is it correct/possible to do this or do I have to run one query per DN ?

Thanks,
Manuel


Gmane