Problem browsing LDAP with Outlook
by Chris Bryant
When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS.
When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well.
I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also.
Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration.
Thanks,
Chris
USA.NET
You Run Your Business. We'll Run Your Email.
This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.
3 years, 1 month
LDAPCon 2011 Call for Papers
by Peter Gietz
With the usual apologies.
The 3rd Edition of the International Conference on LDAP (LDAPCon
2011[1]) will be held on October, 10-11, 2011 in Heidelberg, Germany.
A Call For Papers[2] has been raised and the Program Committee asks you
to submit abstracts by July 8th.
The International Conference on LDAP is a technical forum for IT
professionals interested in LDAP and related topics like directory
servers, directory management applications, directory integration,
identity and access management, and meta directories.
It focuses on implementation and integration of LDAP servers and
LDAP-enabled client applications. The event will bring together vendors,
developers, active and prospective LDAP practitioners to share their
experiences about deployment strategies, service operations,
interoperability, discuss LDAP usage in new projects and learn about
upcoming trends and developments.
The 1st LDAPCon[3] was held in September 2007 in Germany, the 2nd
LDAPCon[4] was held in September 2009 in Portland, Oregon, USA
(Some pictures from LDAPCon 2007 [5] and a nice summary of LDAPCon 2009 [6])
So if you're involved with LDAP in interesting projects and you want to
share your experiences, please check the Call For Papers and submit a
proposal.
Best,
Peter
[1]: http://www.ldapcon.org
[2]: http://www.daasi.de/ldapcon2011/index.php?site=cfp
[3]: http://www.guug.de/veranstaltungen/ldapcon2007/index.html
[4]: http://www.symas.com/ldapcon2009
[5]: http://www.flickr.com/photos/ludovic_p/sets/72157601937159198/detail/
[6]: http://blogs.sun.com/Ludo/entry/ldapcon_2009_summary
--
_______________________________________________________________________
Peter Gietz (CEO)
DAASI International GmbH phone: +49 7071 407109-0
Europaplatz 3 Fax: +49 7071 407109-9
D-72074 Tübingen mail: peter.gietz(a)daasi.de
Germany Web: www.daasi.de
DAASI International GmbH, Tübingen
Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175
Directory Applications for Advanced Security and Information Management
_______________________________________________________________________
12 years, 1 month
Re: [389-users] get base dn from ldapsearch
by Angel Bosch Mora
> Maybe I am understanding this wrong but could you not just check in
> the config what the search base is set to on the client side? What is
> the problem you are trying to solve?
>
yes, you're right. i can just take a look at ldap.conf but there's several places to look:
- debian/ubuntu uses /etc/ldap/ldap.conf
- RHEL/CentOS uses /etc/openldap/ldap.conf
- custom compilations can use any path. ex: /usr/local/ldap/ldap.conf
- windows openldap uses... i don't really know :P
so what im trying to do is resolving configured base without knowing anything about the client.
for example, this command gives me the server even if i dont know anything about the conf:
ldapsearch -d1 -x -LLL "(uid=example)" uid 2>&1 | grep ldap_connect_to_host
im just a little bit surprised that i can't find any debuglevel that gives me the BASE
abosch
12 years, 2 months
Referral errors ....
by Reinhard Nappert
Hi,
I have the following setup:
I have a 2 multimaster replication setup, where both masters also have a number of shadowing agreements to other consumers. The data gets replicated to all boxes and there are no issues. When I try to perform an update on the slaves, it works on all, but one. Meaning, the server sends back err=10, with the referral to one of the masters and the client automatically follows the referrals. Unfortunately, it does not works with one box:
When there is an attempt to write to the db, the server returns an error-code 1, with the following message:
javax.naming.NamingException: [LDAP: error code 1 - Mapping tree node for o=base is set to return a referral, but no referral is configured for it];
This can also be seen in the access file:
[26/Apr/2011:05:35:45 -0300] conn=3418 op=13256 ADD dn="ou=test,o=base"
[26/Apr/2011:05:35:45 -0300] conn=3418 op=13256 RESULT err=1 tag=105 nentries=0 etime=0
When I have a look at the configuration, it looks exactly like the others:
dn: cn="o=Base",cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: "o=Base"
nsslapd-state: referral on update
nsslapd-backend: userRoot
modifiersName: cn=server,cn=plugins,cn=config
modifyTimestamp: 20100721202730Z
nsslapd-referral: ldap://master-ld01:389/o=Base
nsslapd-referral<ldap://master-ld01:389/o=Basensslapd-referral>: ldap://master-ld02:389/o=Base
numSubordinates<ldap://master-ld02:389/o=BasenumSubordinates>: 1
dn: cn=replica,cn="o=Base",cn=mapping tree,cn=config
nsDS5ReplicaBindDN: cn=replication,cn=config
nsDS5ReplicaRoot: o=Base
nsDS5Flags: 0
nsDS5ReplicaType: 2
nsds5ReplicaPurgeDelay: 43200
objectClass: top
objectClass: nsDS5Replica
cn: replica
modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config
modifyTimestamp: 20110421052744Z
nsDS5ReplicaId: 65535
nsState:: //8AAAAAAADLv69NAAAAAAAAAAAAAAAALSoAAAAAAAAIAAAAAAAAAA==
nsDS5ReplicaName: 59480b7e-94fb11df-9df8eeea-774385c0
nsDS5ReplicaReferral: ldap://master-ld01:389/o=Base
nsDS5ReplicaReferral<ldap://master-ld01:389/o=BasensDS5ReplicaReferral>: ldap://master-ld02:389/o=Base
I was wondering if someone has seen this kind of issue. Everything looks fine to me and I can not explain this behavior.
Right now, I can not reproduce this issue. I only see it in this one setup.
Thanks,
-Reinhard
12 years, 4 months
Active Directory to 389 Directory Server Sync
by Augustine Ike
Good Morning All,
How is everyone? Hope fine? I install the 389
Directory Server and it works very well.
I am trying to update the Users by performing a Unidirectional Sync from
Active Directory. After this, I
intend syncing passwords too. For now, I can't even get the sync to work. I
have followed everything in
the DOCS and still no luck.
That said, the sync operation says it's successful but then the OU's remain
empty. If I add an Entry in
The Directory Server and Active Directory, I get an error so I know some
things is happening. Any thoughts?
Thanks
Augstine
12 years, 5 months
userpasswd not replicating
by Yonathan Dossow
Hi,
I'm using luma to modify users passwords, until 389-ds-base 1.2.6
everything worked ok. but with 1.2.8.2 the updated password isn't
propagating to the slaves.
However, with 389-console, passwd or even ldapmodify it works ok.
auditing the process, I found that luma deletes the userpasswd attibute
and adds it again. 389-console and passwd only modifies the attribute.
I have 4 ldap servers (1 master, 3 slaves) and 1 AD server.
Is this behavior expected in 1.2.8.2?
I'm attaching audit logs for luma and passwd, for the master and one
slave.
thanks
--
Yonathan H. Dossow Acun~a
Unidad de Servicios de Computacion e Internet Fono: +56 32 2654367
Universidad Tecnica Federico Santa Maria Valparaiso, Chile
12 years, 5 months
Announcing 389 Directory Server version 1.2.8.2
by Rich Megginson
The 389 Project team is pleased to announce the release of
389-ds-base-1.2.8.2. This is the first Stable release from the 1.2.8
branch. Since the last Stable release (1.2.7.5) there have been many
bug fixes and a couple of new features.
Installation
yum install --enablerepo=updates-testing 389-ds
# or for EPEL
yum install --enablerepo=epel-testing 389-ds
setup-ds-admin.pl
Upgrade
yum upgrade --enablerepo=updates-testing 389-ds-base
idm-console-framework 389-admin 389-ds-console 389-admin-console
# or for EPEL
yum upgrade --enablerepo=epel-testing 389-ds-base
idm-console-framework 389-admin 389-ds-console 389-admin-console
setup-ds-admin.pl -u
How to Give Feedback
The best way to provide feedback is via the Fedora Update system. Each
update is broken down by package and platform. For example, if you are
using Fedora 13, and you have successfully installed or upgraded all of
the packages, and the console and etc. works, then go to the links below
for Fedora 13 and provide feedback.
* EL-5 - https://admin.fedoraproject.org/updates/389-ds-base-1.2.8.2-1.el5
* Fedora 13 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.8.2-1.fc13
* Fedora 14 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.8.2-1.fc14
* Fedora 15 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.8.2-1.fc15
scroll down to the bottom of the page, and click on the Add a comment >>
link
* select one of the Works for me or Does not work radio buttons, add
text, and click on the Add Comment button
If you are using a build on another platform, just send us an email to
389-users(a)lists.fedoraproject.org
Reporting Bugs
If you find a bug, or would like to see a new feature, you can enter it
here - https://bugzilla.redhat.com/enter_bug.cgi?product=389
More Information
* Release Notes - http://port389.org/wiki/Release_Notes
* Install_Guide - http://port389.org/wiki/Install_Guide
* Download - http://port389.org/wiki/Download
12 years, 5 months
master stops responding when slave cannot be updated
by brandon
Okay, I don't know if this is the designed behaviour or not, but we have
a single master server with one slave, and we shutdown the slave to
rebuild it, but did not remove the replication agreement. The master
server stopped responding to queries after a period of time, and did not
start servicing queries again until the slave came back online and it
was able to complete its replication (read-only queries, nothing that
should require changes).
Is this the designed behaviour?
Running
389-ds-base-1.2.7.5-1 on the Master
389-ds-base-1.3.3-1 on the Slave
On the master, there are a bunch of log messages about the Replication
Manager getting TCP connection reset by pee, Consumer failed to replay
change, and DSA is unwilling to perform. These were expected, since the
slave was down. If it would help, I can digup those entries.
Thanks,
-Brandon
12 years, 5 months
Error using db2ldif to backup NetscapeRoot
by Diego Woitasen
Hi,
I'm using db2ldiff to backup all my databases (139). It works fine for all
databases but NetscapeRoot.The ldiff is written but there is an weird output
when I run the command:
/opt/dirsrv/lib/dirsrv/slapd-mreldc03/db2ldif -n NetscapeRoot -a /tmp/xx
Exported ldif file: /tmp/xx
ldiffile: /tmp/xx
[25/Apr/2011:13:02:12 -0300] ldif2dbm - _get_and_add_parent_rdns: Failed to
position at ID 170
[25/Apr/2011:13:02:12 -0300] - ldbm2ldif: Failed to get dn of ID 170
[25/Apr/2011:13:02:12 -0300] ldif2dbm - _get_and_add_parent_rdns: Failed to
position at ID 170
[25/Apr/2011:13:02:12 -0300] - ldbm2ldif: Failed to get dn of ID 171
[25/Apr/2011:13:02:12 -0300] ldif2dbm - _get_and_add_parent_rdns: Failed to
position at ID 170
[25/Apr/2011:13:02:12 -0300] - ldbm2ldif: Failed to get dn of ID 172
[25/Apr/2011:13:02:12 -0300] ldif2dbm - _get_and_add_parent_rdns: Failed to
position at ID 170
.
.
.
.
[25/Apr/2011:13:11:28 -0300] - ldbm2ldif: Failed to get dn of ID 337
[25/Apr/2011:13:11:28 -0300] ldif2dbm - _get_and_add_parent_rdns: Failed to
position at ID 294
[25/Apr/2011:13:11:28 -0300] - ldbm2ldif: Failed to get dn of ID 325
[25/Apr/2011:13:11:28 -0300] ldif2dbm - _get_and_add_parent_rdns: Failed to
position at ID 294
[25/Apr/2011:13:11:28 -0300] - ldbm2ldif: Failed to get dn of ID 353
[25/Apr/2011:13:11:28 -0300] ldif2dbm - _get_and_add_parent_rdns: Failed to
position at ID 294
[25/Apr/2011:13:11:28 -0300] - ldbm2ldif: Failed to get dn of ID 353
[25/Apr/2011:13:11:28 -0300] - export NetscapeRoot: Processed 267 entries
(100%).
[25/Apr/2011:13:11:28 -0300] - All database threads now stopped
Shall I worry about that lines?
Regards,
Diego
--
Diego Woitasen
12 years, 5 months
