Questions tagged [openldap]
OpenLDAP Software is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. LDAP is a platform-independent protocol for querying and modifying data using directory services running over TCP/IP.
1,462
questions
53
votes
4
answers
263k
views
How do I authenticate with LDAP via the command line?
The LDAP server is hosted on Solaris. The client is CentOS. OpenLDAP/NSLCD/SSH authentication via LDAP work fine, but I am not able to use the ldapsearch commands to debug LDAP issues.
[root@tst-01 ~]...
- 4,013
39
votes
12
answers
2k
views
You're an open source shop.. how do you do shared calendaring? [closed]
I run an open source collaboration suite, I'm happy with it, my userbase are happy with it too... all except for calendaring. It's a serious sore point, and I'm scrambling to find a solution.
I've ...
- 813
35
votes
2
answers
90k
views
How do I configure LDAP on Centos 6 for user authentication in the most secure and correct way?
During the last couple of days I have been using a lot of F-words, while browsing Internet for good documentation about how to setup an LDAP-server. So far I have found none, but plenty that are less ...
- 1,213
21
votes
2
answers
44k
views
How to migrate LDAP (database,schema,configuration) to other machine
I'm using openldap 2.4.40, and i need to migrate my existing ldap database, configuration, and schema (basically everything ldap server related) to a new machine.
the problem is, I use cn=config ...
- 608
20
votes
1
answer
22k
views
LDAP Structure: dc=example,dc=com vs o=Example
I am relatively new to LDAP, and have seen two types of examples of how to set up your structure.
One method is to have the base being: dc=example,dc=com while other examples have the base being o=...
- 698
20
votes
2
answers
38k
views
How do I configure Reverse Group Membership Maintenance on an openldap server? (memberOf)
I am currently working on integrating LDAP authentication into a system and I would like to restrict access based on LDAP group. The only way to do this is via a search filter and therefore I believe ...
- 774
17
votes
4
answers
39k
views
Calculate Days Since 1/1/1970
How can you calculate the number of days since 1/1/1970? This is for updating the shadowLastChange attribute on OpenLDAP.
Is there a way to do this using the linux date command?
- 2,589
17
votes
6
answers
62k
views
Web interface for LDAP management [closed]
We are going to implement LDAP for centralized authentication in our organization. Which is the best simple LDAP management tool available ?
- 2,589
17
votes
2
answers
36k
views
Configure OpenLDAP with TLS=required
Nowadays, OpenLDAP needs to be configured with ldapmodify cn=config, as describe here. But nowhere I can find how you configure it to only accept TLS traffic. I just confirmed that our server accepts ...
- 8,114
16
votes
6
answers
19k
views
Active Directory vs OpenLDAP
This is for a small company (12 developers) who haven't implemented any centralized user database - they've grown organically and just created accounts on computers as they needed.
From a management ...
- 989
16
votes
2
answers
41k
views
LDAP: backup with slapcat vs ldapsearch
Used: openldap-servers-2.4.23-34.el6_5.1.x86_64
Task: create script for crontab to create scheduled database full backup.
1) slapcat - create file in in the default format, Berkeley DB.
2) slapcat ...
- 334
16
votes
5
answers
41k
views
Setting up RADIUS + LDAP for WPA2 on Ubuntu
I'm setting up a wireless network for ~150 users. In short, I'm looking for a guide to set RADIUS server to authenticate WPA2 against a LDAP. On Ubuntu.
I got a working LDAP, but as it is not in ...
- 639
15
votes
2
answers
25k
views
Basic openldap setup using slapd.d configuration
I'm trying to set up a test openldap server, having not worked with openldap before. I'm using the standard openldap-servers package on a redhat based machine (using Oracle Linux). I've installed the ...
- 287
15
votes
4
answers
56k
views
Why does this ldapadd command quit with an "Invalid syntax" error?
I'm very new to openldap but extremely well versed in the linux/unix environment. I'm trying to setup my very first test openldap environment using the guide here. I've also read most of the admin ...
- 419
15
votes
2
answers
69k
views
ldap_add no such object (32) matched dn dc=domain dc=com
When im trying to import users to LDAP using this command:
ldapadd -x -D "cn=Manager,dc=domain,dc=com" -W -f /etc/openldap/root.ldif
I have this error:
ldap_add no such object (32)
...
- 261
14
votes
2
answers
47k
views
"no global superior knowledge" while adding a country
I must add an organizationalunit like this into a freshly installed OpenLDAP (on Ubuntu 12.04) :
dn: ou=MYREGION, ou=MYAPP, ou=GROUPS, o=myorganization, c=fr
ou: MYREGION
objectClass: top
objectClass:...
- 674
14
votes
3
answers
95k
views
ldap_modify: Insufficient access (50)
I am running an OpenLDAP 2.4 server that uses the SSL service for communication. It works for lookups.
I am trying to add mirror mode replication.
So this is the command that I'm executing:
...
- 435
13
votes
5
answers
51k
views
CentOS openLDAP cert trust issues
# LDAPTLS_CACERTDIR=/etc/ssl/certs/ ldapwhoami -x -ZZ -H ldaps://ldap.domain.tld
ldap_start_tls: Can't contact LDAP server (-1)
additional info: TLS error -8172:Peer's certificate issuer has ...
- 13k
13
votes
2
answers
3k
views
SSH only works after intentionally failed password
So, I'm having a rather weird problem. I have a server, that when I try to SSH into, immediately closes the connection if I type in the correct password on the first attempt. However, if I ...
- 161
12
votes
3
answers
33k
views
How do I get openldap on Centos 6 to write anything to it's log files
I don't get any information in my log file for openldap on my Centos 6 server. This is how i configured it. SELinux is disabled at the moment.
First created a folder where I'd like to store the log ...
- 1,213
12
votes
9
answers
17k
views
OpenLDAP TLS Authentification
I am trying to implement TLS as per https://help.ubuntu.com/lts/serverguide/openldap-server.html
When I try to modify cn=config database with this ldif file:
dn: cn=config
add: ...
- 171
12
votes
3
answers
39k
views
OpenLDAP - where is my slapd.conf?
I have installed OpenLDAP on Unbuntu 10.04.
I wanted to configure my ldap but I can't find slapd.conf in /etc/ldap/
In this directory there is a ldap.conf but seems not to be the same.
How can I ...
12
votes
2
answers
7k
views
Slappasswd output randomized
I was expecting slappasswd to produce a fixed hash but it appears that the output is randomized as I never get the same output for the same input password:
$ slappasswd -s secret
{SSHA}...
- 3,553
12
votes
5
answers
12k
views
Small, simple LDAP server as an alternative to OpenLDAP [closed]
I have taken a look at the installation and configuration instructions for the newer OpenLDAP releases and decided that it's too much work to set up for my small userbase. Basically, I only use LDAP ...
- 638
12
votes
2
answers
14k
views
SSSD rejects LDAP login with su: incorrect password
I've set up an LDAP server with user accounts. I've successfully configured a Rails application to authenticate against this LDAP server. I'm now trying to configure SSSD to authenticate against LDAP, ...
- 983
11
votes
6
answers
45k
views
CentOS 6 + LDAP + NFS. File ownership is stuck on "nobody"
I've been trying to get LDAP authentication and NFS exported home directories on CentOS 6 working for a few days now. I've gotten to the point that I can now login to the client machine using the ...
- 3,437
11
votes
4
answers
44k
views
ldap_modify: Other (e.g., implementation specific) error (80), <olcAccess> handler exited with 1
When modifying the Open-LDAP configuration using:
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to *
by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=...
- 825
10
votes
2
answers
21k
views
Does Linux keeps a cache of groups members if on LDAP ? (Difference between groups vs getent group))
Our users and groups LDAP configuration is working.
Our server is using LDAP to store users and groups.
# /etc/nsswitch.conf :
passwd: compat ldap
group: compat ldap
shadow: ...
- 648
10
votes
3
answers
20k
views
Disallow global anonymous bind with cn=config
With slapd.conf you could globally disable anonymous binding and require authentication with the following static directives:
disallow bind_anon
require authc
How can I achieve the same global ...
- 297
10
votes
5
answers
23k
views
Does Nginx support LDAP authentication?
Does nginx support ldap authentication? I have just migrated from apache and would like to move all of my authentications which are based on openldap and mod_auth_ldap to nginx.
Let me know if that is ...
- 1,138
10
votes
5
answers
37k
views
ldap_add: Constraint violation (19)
I'm having issues importing users with ldapadd and ldif files. The error I'm getting is:
ldap_add: Constraint violation (19)
additional info: structuralObjectClass: no user modification allowed
The ...
- 3,553
10
votes
3
answers
16k
views
How to get SASL authentication to work with DIGEST-MD5 for OpenLDAP?
I'm setting up OpenLDAP slapd on Ubuntu 14.04 Trusty Tahr. I want certain instances (replication etc.) that aren't users to be able to login via SASL using DIGEST-MD5 mechanism.
Unlike users, they ...
- 595
10
votes
1
answer
18k
views
OpenLdap TLS authentication setup
I am trying to setup openldap on ubuntu 12.04 by following this guide
https://help.ubuntu.com/12.04/serverguide/openldap-server.html
When I tried to enable TLS on the server by creating a self signed ...
- 111
10
votes
2
answers
19k
views
Active Directory Authentication with LDAP proxy
We have a services in a isolated network.
These services need to authenticate users against the Active Directory server.
However the Active Directory server is not directly available so I have to ...
- 1,366
10
votes
2
answers
8k
views
Can't access cn=config through Apache Directory Studio GUI
I am quite familiar with openldap. The dynamic configuration is quite new to me. So I wanted to make life easier and change openldap configuration through Apache Directory Studio GUI.
Openldap is ...
- 151
9
votes
3
answers
30k
views
How to disable anonymous access on LDAP
I need to secure my LDAP server and am not quite sure the best way to go about it. I am running Debian "Lenny", and using OpenLDAP (slapd).
I notice that if I run:
ldapsearch -x -W -b 'dc=example,dc=...
- 698
9
votes
3
answers
21k
views
"wrong attributetype" when using ldapadd
When attempting to load the following configuration
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcMirrorMode
olcMirrorMode: TRUE
I get the following error:
root@box:~# ldapadd -Y ...
- 371
9
votes
2
answers
17k
views
OpenLDAP No such object (32)
I am trying to setup an OpenLDAP server with FusionDirectory as a frontend
Following this guide:
http://documentation.fusiondirectory.org/en/documentation/admin_installation_redhat_6
http://...
- 219
9
votes
1
answer
45k
views
ldap export and import
Is it possible to export all the data inside openldap for example using ldapsearch or some other tool to a (ldif?) file and then import everything on another server and put this in a script that would ...
- 3,702
9
votes
4
answers
31k
views
How to disable an LDAP account?
The LDAP uses the posixAccount schema and related attributes and I wonder if there's a standardized way to disable an account. Re-enabling the account should obviously re-enable the former password.
...
- 736
9
votes
1
answer
26k
views
How to correctly ldapmodify replace olcAccess lines?
This is a part from olcDatabase={1}hdb.ldif
olcAccess: {0}to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by dn="cn=admin,dc=somesite,dc=com" write
by * none
olcAccess: {1}...
- 281
9
votes
6
answers
15k
views
No Root DSE returned from OpenLDAP
I'm trying to set up an OpenLDAP server on ubuntu 9.10, which uses slapd version 2.4.18.
After initializing and populating a new hdb database, everything seems OK, but I can not get the server to ...
Magne
9
votes
2
answers
17k
views
How do I use ldapdelete to delete an improperly set up olc database?
I've been walking through this tutorial and kept getting errors -- likely because I was typing it in manually -- so I retried, executing it after entering in
# Load dynamic backend modules
dn: cn=...
- 429
9
votes
3
answers
9k
views
Add GSSAPI to OpenLdap in supportedSASLMechanisms
I'm looking how to add the GSSAPI support into my OpenLDAP ?
Current setup
MIT Kerberos V + OpenLDAP
Kerberos bind to openldap
Able to issue kerberos tickets to my users (with kinit exampluser)
Able ...
- 1,193
9
votes
0
answers
10k
views
LDAP: creating a bind user with limited privileges
I need to bind to an OpenLDAP server to authenticate users, but I don't want this low-privileged or "delegated administrator" to be able to see more attributes than strictly necessary.
How do I ...
- 2,879
9
votes
2
answers
9k
views
OpenLDAP memberOf attribute is not updated after group update
I have an OpenLDAP setup on Debian 7.1, (OpenLDAP 2.4.31), and I am trying to set up the memberof overlay. My configuration is just like I have read at lots of sites throughout the internet, however, ...
- 191
8
votes
10
answers
22k
views
Using Lets Encrypt certificates with openLDAP
I've been running an openLDAP server for several months now and we use it to authenticate for a number of applications. A previous staff member set up the server and it doesn't seem to be a standard ...
- 414
8
votes
3
answers
41k
views
ldapadd/ldapmodify: clarifications needed about these commands
The ldapmodify man page states that:
The default for ldapmodify is to modify existing entries
Yet when I try to import an LDIF file with ldapmodify I get the below error:
ldapmodify: modify ...
- 3,553
8
votes
2
answers
48k
views
Unknown LDAP cn=config admin password
When I installed OpenLDAP I was asked to create a password for an admin user but now I realize there's another admin user for cn=config whose password I don't know. Does anyone know how should I ...
- 508
8
votes
1
answer
731
views
Starting openLDAP
I work as a sysadmin in a company and i am required to Deploy openLDAP. I have read a lot of materials but i really can't figure out where to start.
First about the company:
Services:
Email: every ...
- 809