Questions tagged [openldap]
OpenLDAP Software is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project.
108
questions
12
votes
1
answer
16k
views
How do I query the available base DNs in an OpenLDAP server?
If I have multiple branches in my directory (e.g. dc=me,dc=org; dc=you,dc=org; dc=them,dc=org) then how can I query the directory to give me a list of these available base DNs?
Is this a question of ...
- 185
10
votes
1
answer
10k
views
What does ldapsearch response mean?
I created a ldap directory with a number of users and groups. When I query this directory from a remote server with:
ldapsearch -H ldap://ldap.myserver.net/ -x -vvvvvvv -b dc=myserver,dc=net -D cn=...
- 318
5
votes
2
answers
11k
views
No write access to parent
I am facing an issue chen trying to setup an openldap server with chef.
Configuration:
Ubuntu 15.04
OpenLdap 2.4.31
Chef/OpenLdap 2.7.1
For information, when I run dkpg-reconfigure ...
- 151
3
votes
1
answer
7k
views
ldapmodify insufficient access (50)
I'm trying to enable logging in an openldap (slapd) server. So I tried to execute:
$ ldapmodify -D cn=admin,dc=domain,dc=tld -W -H ldap:/// <<EOF
> dn: cn=config
> changetype:modify
&...
- 188
3
votes
0
answers
2k
views
Trying to configure openldap TLSCipherSuite
I have an openldap server, and I'm trying to tune my TLSCipherSuite settings to be as secure as I can have them.
Please do not critique my actual security settings. Please just help me understand ...
- 1,266
3
votes
1
answer
6k
views
Authentication against LDAP on Apache fails with password mismatch
I want to accomplish LDAP authentication on my Linux machine, but can't get it working. Currently, I get the following error in the Apache log: AH01617: user john.doe: authentication failure for "/": ...
- 31
2
votes
1
answer
2k
views
OpenLDAP: Converting flat file (slapd.conf) to OLC (slapd.d)...can't access cn=config
I'm attempting to set up OpenLDAP. I was having trouble with the OLC config option, so I went with the slapd.conf style input as I'm a complete noob at LDAP and it was easier to understand.
I now ...
- 193
2
votes
2
answers
673
views
cannot run tgz file in windows 7 virtualbox
I'm doing a project for school, and I wanted to create an active directory domain on Windows 7 through rktools and other files, but nothing worked, so i'm trying openLDAP. Now, I've downloaded the ...
- 39
2
votes
1
answer
725
views
openldap -- exclude specific attributes from replication
I have two openldap servers replicating cn=config with syncrepl in a provider-consumer relationship. There are a few attributes that I would like to exclude from replication.
I see that syncrepl has ...
- 1,266
2
votes
1
answer
4k
views
OpenLDAP - possible to search without specifying base?
I am having some issues with OpenLDAP and Spring security, where the latter does a search with the whole path in dn (filter), and an empty base. OpenLDAP does not like this, and the query fails. The ...
- 533
2
votes
1
answer
3k
views
Include gid in home directory map with nslcd
I need to specify a different path to home directories on a particular server than different from LDAP one. I know ho to change using map in /etc/nslcd.conf:
map passwd homeDirectory "/otherhome/$uid"...
- 883
2
votes
0
answers
678
views
OpenLDAP with TLS AD backend
I'm currently using OpenLDAP as a read-only proxy for an internal Active Directory domain. My main issue is the connection works fine between AD DC and proxy without SSL, it doesn't work with it.
My ...
- 51
2
votes
1
answer
211
views
Struggling with OpenLDAP configuration
I've been configurating a LDAP server on a linux instance using AWS EC2.
Up to now, I successfully set up LDAP and phpLDAPadmin to work together.
I've created Users and Groups "Organisation Units". I'...
- 135
2
votes
0
answers
312
views
How can we cache ldap login credentials in mac using opendirectory
In mac using Active Directory we can cache ldap login credentials by checking create mobile account at login. Is there any other way to do same thing in openldap. Please some one share information ...
- 190
2
votes
2
answers
2k
views
OpenLDAP: slaptest not parsing variable in config
When running the command:
slaptest -f slapd.conf
Against my slapd config file I'm getting this error message
51dfbb3e lt_dlopenext failed: (back_@BACKEND@) file not found
slaptest: bad ...
- 121
2
votes
0
answers
392
views
Authenticate Mac OS X Mountain Lion against EL6 OpenLDAP only succeeds for ssh
I'm having an issue with mountain lion authenticating against a CentOS 6 openldap/krbkdc server. I can ssh into the macs in question and I am issued a ticket and all autofs mounts (like the homedir) ...
- 293
2
votes
1
answer
170
views
Some problems adding data to ldap
I'm trying to add some data to the ldap directory, but i get the following error.
sudo slapadd < ldapdata.txt
slap_sasl_init: auxprop add plugin failed
slapadd: slap_init failed!
Where is the ...
- 23
1
vote
1
answer
6k
views
How do you add an ldap group to a system user?
The question is basically the same as : serverfault
I am unable to add a ldap group to a system user. This does not work :
usermod -a -G ldapGroup systemUser
The same with gpasswd command.
The ...
- 15
1
vote
1
answer
1k
views
OpenLDAP complains that the fields are not indexed
I am using OpenLDAP (slapd) v2.4.47 on Debian.
It complains in the following manner in the logfile (/var/log/debug)
slapd[1142]: conn=1508 op=4 SRCH base="cn=persons,cn=internal" scope=2 ...
- 386
1
vote
1
answer
1k
views
OpenLDAP's cn=config add separate user for replication of “olcDatabase={0}config,cn=config”
I hope I'm not asking a dumb question. I'm new to creating my own LDAP service.
For my regular mdb database it's easy to add multiple administrators. Since it contains an olcSuffix attribute it's ...
- 133
1
vote
1
answer
2k
views
"Error(s) encountered" While Using ldapscripts
Below, I show my OpenLDAP configuration. This is a fresh OpenLDAP installation on a fresh Debian Stretch installation.
I am unable to use ldapscripts. Regardless what I do, I get the errors shown at ...
- 1,029
1
vote
1
answer
4k
views
Using Samba4 with OpenLDAP on the same server to authenticate Windows clients accounts
I already have OpenLDAP directory with some services doing the authentication against it (OpenVPN, Jabber, Freeradius, redmine, etc...).
And What I still need to do is to make my server a domain ...
- 1,325
1
vote
1
answer
8k
views
openldap TLS failure -- ldap_start_tls: Connect error (-11)
From what I can tell it's a certificate verification issue, but I have no idea why.
~ > ldapsearch -x -ZZ -LLL -H ldap://ldap.dark.kow.is -b dc=dark,dc=kow,dc=is
ldap_start_tls: Connect error (-11)...
- 131
1
vote
1
answer
653
views
OpenLDAP : authentication through "domain\username" or "username@domain"
Is there a way to configure OpenLDAP to use authentication through "domain\username" or "username@domain" instead of (or in addition to) by DN ?
I use openLDAP version 2.4.40.
1
vote
1
answer
1k
views
LDAP setup with two DIT
I am having an openLDAP which is having a database say dc=domain1,dc=com.
Now I am trying to add 1 more, dc=domain2,dc=com.
Below are the steps, we did to achieve this,
[root@host user]# service ...
1
vote
1
answer
1k
views
Restricting ssh access to server within a kerberos/ldap infrastructure
I have a MIT-Kerberos / OpenLDAP infrastructure. I want to limit the ssh-access for my users, so that only members of a specific group are allowed to ssh to my servers.
When I just had OpenLDAP ...
- 13
1
vote
1
answer
2k
views
how to use MD5 for authentication in OpenLDAP?
I've installed OpenLDAP in AWS, everything was working as expected until I tried to authenticate a user, it asks me for the password and when I provide it, it says Permission denied, please try again. ...
- 904
1
vote
2
answers
83
views
ldap schema in development should it be the same as productions
I been using LDAP for alot of years now and most of the firms I worked for LDAP schema in development looks just like the schema in production, QA(Staging).
etc: suffix "dc=firm,dc=com"
I just ...
- 121
1
vote
0
answers
21
views
Need help in creating custom objectclasses and attributetypes in openldap
I am trying to create an custom attribute in openldap. For which i am suppose to create an objectclasses. Here my ldif file below.
Ldif File Content
dn: cn=schema,cn=config
changetype: modify
add: ...
Shubham Mitkary
1
vote
0
answers
467
views
How to add a password policy on OpenLDAP 2.4.11?
I have a server with OpenLDAP 2.4.11 installed.
I'm trying to add a password policy for all my users.
So, I enable ppolicy module :
bash# grep ppolicy /etc/ldap/slapd.conf
include /etc/ldap/...
- 111
1
vote
1
answer
211
views
ldapmodifyuser replace with base64
I'd like to modify some entries in our LDAP. In the field gecos currently some users only have their user name which I would like to replace by their full name. In general this isn't a problem, but I ...
- 378
1
vote
0
answers
388
views
Ldapsearch through ssh tunell
I have four machines A, B, C, D and I would like to use ldapsearch on the first machine through an ssh tunnel over to C with a jump from B to C. Currently ldapsearch on C contacts the ldap server on D,...
- 11
1
vote
0
answers
185
views
phpldapadmin not authenticating ldap service
I am getting the above error message I pretty sure I am giving correct Login DN and password
I want to know how can I troubleshoot and inspect what is going wrong where
both the containers are ...
- 165
1
vote
0
answers
118
views
Migrate debian login from ldap to local login
we have a debian stretch machine on which the users login by ldap. Since we want to shut down our ldap server(not used anymore except by this single machine), i have to search for a way to migrate the ...
- 11
1
vote
1
answer
33
views
OpenLDAP Integration
I have installed an OpenLDAP server on an AWS EC2 Ubuntu 16.04 instance.
It's working fine while my client machine is connected to the internet, but whenever I am disconnecting internet from client ...
- 11
1
vote
0
answers
317
views
OpenLDAP slapadd on a translucent overlay
I have an OpenLDAP database which seems to have one or two corrupt records (probably from machine crashes while update in process). Anyway, whenever anyone or anything access these records slapd ...
- 11
1
vote
1
answer
1k
views
Why won't LDAP client authenticate users
I have followed instructions here: https://computingforgeeks.com/install-and-configure-openldap-phpldapadmin-on-ubuntu-18-04-lts/
and Added users as per https://computingforgeeks.com/how-to-install-...
- 11
1
vote
0
answers
878
views
How to Set Mac OS X LDAP to Use Remote Home Folder
I have a MacOSX El Capitan machine that uses LDAP for authentication.
This part already works and I can log onto the machine with LDAP accounts.
I set the NFSHomeDirectory as #/Users/$uid$ which ...
- 111
1
vote
0
answers
1k
views
FusionDirectory: OpenLDAP with SSL or TLS
I have looked around and found a lot online about how to set up TLS for OpenLDAP. The basic idea is adding the olcTLS items to include cert, key, cacert in cn=config.
However, with FusionDirectory, ...
- 129
1
vote
0
answers
663
views
Import schema into Samba/AD domain?
I have set up a Samba4 domain controller to serve as my Active Directory PDC. It works flawlessly in that respect. My next challenge is to install FusionDirectory to make managing it easier and to ...
- 1,017
1
vote
0
answers
3k
views
OpenLDAP TLS negotiation failure ldap_start_tls: Connect error (-11) additional info: A TLS packet with unexpected length was received
I have tried to configure Openldap with TLS. I have an TLS certificates and configured with .ldif file and changed necessary configuration in ldap.conf file. I am using ubuntu 14.04 LTS operating ...
- 21
1
vote
1
answer
242
views
LDAP - PAM Home Directory Incorrect
I have OpenLDAP setup on Centos 6. LDAP has my account homeDirectory as /home/me but a server that I'm logging into is trying to create my home directory at /users/me.
How can I trace down why the ...
- 433
1
vote
0
answers
296
views
LDAP AUTHENTICATION UBUNTU
I have setup an ldap server on Ubuntu,
Configuration steps:
sudo apt-get install slapd ldap-utils
Reconfigure LDAP
sudo dpkg-reconfigure slapd
DNS name
example.com
Install PHPldapadmin
sudo ...
- 11
1
vote
0
answers
41
views
genet group doesn't show the user in the ldap directory
I am running openldap2-2.4.26-0.24.36 server.
ON the machine, I use ldapmodify to add a user to the group.
Query with ldapsearch can show the correct user being added.
However getent group $...
- 111
1
vote
1
answer
2k
views
TLS negotiation failed on ldaps:// - sslv3 alert bad record mac
We are facing an issue in one of our openldap environments, while enabling secure queries via ldaps:// our integration environment keeps returning the following error to out ldapsearch command:
...
- 11
1
vote
0
answers
2k
views
How to uninstall openldap?
How can i uninstall OPENldap from linux? I had problems with the initial configuration of openldap with the domain or how can i change the configuration of the ldap domain?
- 21
1
vote
1
answer
60
views
Is it possible to store Hashed data in a different field than userPassword in LDAP
I've been asked to store hashed data in a LDAP server. Putting hashed passwords is easy but I'm not sure if LDAP allows to store data like email hashed or even encrypted.
Creating a LDIF file with a ...
- 111
1
vote
1
answer
707
views
slapd not launching on Mac OS X 10.6
I have a slight problem with the openldap server installed with Mac OS X 10.6.8 (regular, not server). When I launch slapd in a terminal, it stops itself after 1 or 2 seconds... I just have the time ...
- 171
0
votes
1
answer
9k
views
ldap_modify: No such object (32)
I installed OpenLDAP on Centos 7 and tried to create the admin user. But I got some error on ldap_modify. Below are my steps:
Install OpenLDAP and start it:
sudo yum install openldap openldap-...
- 133
0
votes
1
answer
368
views
OpenLDAP TLS vs SSL
I'm experimenting with OpenLDAP replication. I'm using a Docker image:
https://github.com/osixia/docker-openldap
to spawn a couple of containers that are talking to each other. The default ...
- 433