Questions tagged [slapd]
slapd (Standalone LDAP Daemon) is an LDAP server implementation, part of the OpenLDAP open source project.
97
questions
16
votes
2
answers
41k
views
LDAP: backup with slapcat vs ldapsearch
Used: openldap-servers-2.4.23-34.el6_5.1.x86_64
Task: create script for crontab to create scheduled database full backup.
1) slapcat - create file in in the default format, Berkeley DB.
2) slapcat ...
- 334
15
votes
2
answers
25k
views
Basic openldap setup using slapd.d configuration
I'm trying to set up a test openldap server, having not worked with openldap before. I'm using the standard openldap-servers package on a redhat based machine (using Oracle Linux). I've installed the ...
- 287
4
votes
1
answer
16k
views
ldap_modify: Insufficient access (50) when changing password
I'm trying to modify the LDAP admin password on a fresh OpenLDAP install on CentOS 6.7 (similar to RHEL 6.7).
I created a file called change_ldap_password.ldif:
# Hash your password:
# slappasswd -h ...
- 983
4
votes
2
answers
15k
views
Apply changes to PAM changes
Does the server or a specific service needs to be restarted to let changes to pam files (/etc/pam.d/system-auth) take effect?
longer version - I'm working on configuring SSSD to connect with LDAP for ...
- 99
4
votes
3
answers
9k
views
How do I renew an expired Ubuntu OpenLDAP SSL Certificate
We went through the steps of revoking an SSL Certificate used by our OpenLDAP server and renewing it but we are unable to start slapd.
Here are the commands we used:
openssl verify ...
- 51
3
votes
3
answers
2k
views
what names for TLS certificates when using SRV records
When I'm using a SRV DNS record, what name(s) do I put in the TLS certificate? For example, if I'm setting up slapd on two servers (klas1 and klas2), and I define these DNS records (using bind zone ...
- 151
3
votes
2
answers
6k
views
Can't contact LDAP server remotely from Mac
I'm trying to configure a LDAP server with some basic security parameters, including TLS and required authenticated binding.
I have started the server, and can access it from localhost with the ...
- 238
3
votes
1
answer
8k
views
OpenLDAP gives duplicate attributeType error
I am setting up a login node and am using openLDAP from the repository on Ubuntu 14.04 and I am running into an issue of duplicate attributeTypes.
The problem seems to lie in the "gecos" field ...
- 148
3
votes
1
answer
6k
views
How to increase size of OpenLDAP MDB database? (MDB_MAP_FULL Error Code)
I'm getting this error related to slapd service (OpenLDAP server) in syslog
mdb_idl_insert_keys: c_put id failed: MDB_MAP_FULL: Environment
mapsize limit reached (-30792)
This error comes when ...
- 215
3
votes
3
answers
4k
views
slapd.d missing after installation
I am following the instructions on https://www.openldap.org/doc/admin24/quickstart.html to install OpenLDAP on RedHat. Everything goes fine until step 9:
Import the configuration database
You are now ...
- 153
3
votes
1
answer
12k
views
Failed to bind to server ldap://<ipaddress> Error: Can't contact LDAP server
We are running a Linux 2.6.32-431.3.1.el6.x86_64 kernel and keep seeing the following messages in /var/log/messages periodically showing up on our user space server. When the messages appear we also ...
- 31
3
votes
1
answer
7k
views
slapd : attribute type undefined
I'm trying to put a config of slapd on the new server.
I did it the same way, but it was probably two years ago and in slightly different environnement (I'm on the Debian actually and it was on CentOS ...
- 141
2
votes
2
answers
3k
views
recover ldap database without log files
A colleague of mine accidentally deleted ldap transaction log files (from /var/lib/ldap) on our ldap 2.4 server running on centos. Now the slapd deamon won't start, when running it with debug flag ...
- 141
2
votes
2
answers
648
views
Creating POSIX group without members in LDAP
I am running OpenLDAP database with activated rfc2307bis schema. I'm trying now to load new groups in my testing instance (Debian) and everything works fine. With the old rfc2307 (NIS) schema, it was ...
- 39
2
votes
1
answer
3k
views
OpenLDAP default configuration file is `/etc/ldap/slapd.d` rather than `/etc/ldap/slapd.conf`
My openldap (version 2.4.31) makes directory /etc/ldap/slapd.d as its default configuration files rather than /etc/ldap/slapd.conf as the old version does. I found it becomes more complicated to ...
- 579
2
votes
1
answer
4k
views
Configure selinux to allow openldap on CentOS 6.4
I'm trying to run an OpenLDAP server on CentOS 6.4 with selinux enabled, but slapd is dieing as soon as it's started via /etc/init.d/slapd start. (init script reports OK; everything works fine after ...
- 1,024
2
votes
1
answer
13k
views
ldap on Ubuntu 16.04 - Invalid credentials (49)
I'm trying to set up a local LDAP instance so I can debug some software that uses LDAP for authentication. I had this working correctly on Ubuntu 14.04 LTS, but trying to upgrade to Ubuntu 16.04 LTS ...
2
votes
1
answer
1k
views
command line alternative to dpkg-reconfigure slapd
Is there a way to reconfigure slapd, providing all configuration options as command-line parameters/arguments?
My goal is to be find an alternative to the interactive UI.
Thank you
- 207
2
votes
2
answers
2k
views
OpenLDAP syncrepl probblem with password policies
Recently I have been working to get slapd syncrepl working using an LDAP backend (push based replication). While I have had fantastic results with syncrepl doing pull based, the push based is killing ...
- 834
2
votes
1
answer
2k
views
openldap with macOS Clients
I try to configure the mac clients to use a LDAP to connect to their session (using openLDAP).
I have created PosixAccounts with PosixGroups, and tried on ubuntu systems : I can log-in with my users.
...
- 133
2
votes
1
answer
5k
views
Configure Jenkins with LDAP : parameter 'Root DN'
I am installing an LDAP server and configuring Jenkins in order to accept LDAP for authentication. In Jenkins parameters, I have a weird behavior with the parameter Root DN.
Documentation says :
Root ...
- 413
2
votes
1
answer
2k
views
Is This Normal LDAP Behaviour In CentOS Linux?
Hello fine people!
As a novice in the Linux world, I have managed to learn enough to put into production a ClearOS 5.2 server running the CentOS Linux Distro. This box serves as my Primary Domain ...
- 323
2
votes
1
answer
3k
views
How do the slapd logging levels work?
I can't seem to find an example of how each of the log levels in slapd work. I want slapd to log the users who are logging in, and the server that they are trying to log into, as well as any ...
- 1,381
2
votes
0
answers
266
views
OpenLDAP Meta backend to return one result
I have configured OpenLDAP to act as a proxy server via meta backend to do remote queries to two different companies' Active Directory servers. Everything works correctly in terms of pulling ...
- 21
2
votes
0
answers
162
views
Can OpenLDAP deliver operational attributes by default?
I have configured OpenLDAP with the memberOf overlay and everything works as expected for me. I can see the group memberships in the operational attributes of an object.
Now i am running into the ...
- 21
2
votes
0
answers
542
views
Last login a user in OpenLdap
I am running openldap 2.4.45. Is there anyway I can get the last login time of a user using authtimestamp or any other attribute?
1
vote
1
answer
1k
views
OpenLDAP limit max sessions per user
I have a slapd LDAP server and need to limit the number of active sessions per user. Is there a configuration parameter I can change to achieve this?
- 113
1
vote
1
answer
8k
views
Best / Safest way to stop and start slapd
Im running OpenLDAP: slapd 2.4.25.
What is the best way to stop and start it ?
I want to copy the LDAP database and have read I need to stop slapd first.
Distro used is Ubuntu 11.04.
- 31
1
vote
2
answers
2k
views
SLES 11 - slapd is spamming the syslog
How do I get slapd to quiet down?
Every second it's writing the same five lines to the /var/log/messages file.
May 24 13:16:09 servername slapd[21299]: conn=5866 op=15204 SRCH base="" scope=0 deref=2 ...
- 532
1
vote
2
answers
2k
views
Use bcrypt password hashing with OpenLDAP (slapd)
I have an OpenLDAP LDAP server on Debian 9 (through the slapd package, v2.4.44). We use crypt for password authentication. Currently the scheme is SHA512: $5$....
The setup is pretty much as described ...
- 193
1
vote
1
answer
4k
views
openldap migration - slapd wont start "olcDbDirectory: value #0: invalid path: Permission denied"
I have migrated my old slapd DB to a new server, these are the steps I took:
On old server run:
slapcat -n 0 -l config.ldif
slapcat -n 2 -l data.ldif
I had to run slapcat -n 2 because with -n 1 I ...
- 111
1
vote
1
answer
8k
views
Export LDAP schema without data
For testing purposes, I need a copy of our LDAP server without any personal data.
What is the best way, to export this from an existing OpenLDAP server?
I tried ldapsearch and Apache Directory ...
- 952
1
vote
1
answer
2k
views
ldap fail after ubuntu upgrade to 12.04
I have upgraded ubuntu from 10.4 to 12.04. After it's done, ldap service is stopped and failed to start again! Now none of other services function! :(
I checked error logs and found this:
Feb 22 11:...
- 31
1
vote
1
answer
24
views
Questions about Debian OpenDLAP configuration
I have the slapd/stable,now 2.4.57+dfsg-3 amd64 Debian 11 package. I read the official OpenLDAP documentation and Debian article.
But I cannot understand the difference between the multiple ...
user942938
1
vote
1
answer
258
views
Debian 10, OpenLDAP, LetsEncrypt, Error 80 trying to add
...I have never had so much trouble enabling secure communications.
I believe this to be a valid CA cert chain for Let's Encrypt
The contents of /etc/ssl/le/ca-chain.pem
-----BEGIN CERTIFICATE-----
...
1
vote
1
answer
364
views
slapd receives unexpected shutdown after CentOS 7.7 upgrade
After upgrading from CentOS 7.6 to 7.7 the slapd process receives a shutdown request a few seconds after its start. Where do I have to enable logging to get more information?
I'm using OpenLdap on ...
- 11
1
vote
1
answer
1k
views
How to migrate users between two different versions of OpenLDAP?
I need to export and import users between Two different versions of OpenLDAP, Old openldap version is 2.42 and new one has version 2.44. Both the openldap servers are setup on Ubuntu.
In this answer ...
- 215
1
vote
1
answer
2k
views
OpenLDAP Give Group Write Access
Our openldap has multiple groups: useradmins, agt, ib, iss, itt
The "useradmins" group has always had permissions to edit (write) to all of the groups. I recently performed a simple 'yum update' and ...
- 347
1
vote
2
answers
123
views
Will adding a new objectClass in ldap get replicated?
I have a ldap setup with one master and two replicas created using this tutorial https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-server-replication .
If I add a new/custom ...
- 75
1
vote
1
answer
774
views
slapd 2.4.23 hangs on ldaps connections
New install of CentOS 6.3, openldap-servers-2.4.23. Generated a new certificate request, signed the cert, started slapd. ldapsearch responds on ldapi:/// and ldap:///. However, as soon as a request is ...
- 31
1
vote
0
answers
269
views
LDAP: Why does slapcat truncate my slapd.log file?
I have an OpenLDAP 2.4 server running on Ubuntu 18.04 LTS. Everytime I run
# slapcat -l test.ldif
my slapd.log file gets truncated (i. e. previous log messages are deleted and new ones are written at ...
- 11
1
vote
0
answers
474
views
OpenLDAP migration from old Debian 4 to current Debian 11
I want completely migrate whole database with conf, schema, ( everything ) from very old Debian 4 ( etch ) instance to new Debian 11 ( bullseye ).
Source system is running slapd 2.3.30 and destination ...
- 271
1
vote
0
answers
245
views
OpenLDAP authentication stopped working. Where to look for clues if ldapsearch works fine?
Authentication against an LDAP Server stopped on several different web and workstation clients, for which i assume the host is at fault.
However ldapsearch -x uid=user -LLL -H ldap://ldap.host.de -b ...
1
vote
0
answers
586
views
OpenLDAP with LDAPS and N-Way Multi-master replication
We have the following setup:
Two OpenLDAP servers - openldap1, openldap2
They are to be set up as N-Way multi-master
Certificates are all set up correctly with alternate names etc and trust each ...
- 11
1
vote
0
answers
1k
views
Debugging slapd error 52 (LDAP_UNAVAILABLE)
I have a server running slapd. When I reboot the server, I am able to perform ldapsearches from the server to itself and receive correct responses for a couple of minutes. But after a couple minutes ...
- 121
1
vote
0
answers
2k
views
Why does slapd say "bdb_equality_candidates: (objectClass) not indexed" when the indices actually exist?
I have slapd 2.4.31-1+nmu2ubuntu8.3 installed on Ubuntu 14.04 and running as master to a secondary sync. It works well for all things LDAP, but I notice these errors in /var/log/debug every so often:
...
- 3,734
1
vote
1
answer
858
views
Yum Update Now SLAPD Will Not Start
I'll preface with saying I have used *nix, regularly, for >20 years; however, I have minimal experiene with openldap. I had openldap (slapd) running on a server that has been working for years. ...
- 347
1
vote
1
answer
654
views
slapd configuration for back-sql: how to traslate examples from slapd.conf to slapd.d
I'm trying to configure slapd with back-sql (specifically postgresql backend). All documents I found (Postgresq LDAP Howto seems to be more complete) are related to old configuration that use slapd....
1
vote
1
answer
882
views
Dovecot + OpenLDAP
I am trying to get dovecot 2.0.19 authenticate users via LDAP (OpenLDAP 2.4.28) and using Wireshark to debug the process. It looks like the basic configuration of dovecot is fine, but it doesn't pull ...
- 111
1
vote
0
answers
583
views
How to create LDAP bind account in Centos/RedHat that allows me to search by [email protected]
I am creating an LDAP directory and searching by the full DN shows the proper results.
$ ldapsearch -x -D "cn=ldapbind,dc=server,dc=com" -w bind
I want / need to be able to search using the email ...
- 306