openldap interview questions
Top openldap frequently asked interview questions
Can anyone let me know if querying Active Directory server using ldapsearch, ldapadd, ldapdelete, etc. utilities is possible or not?
Source: (StackOverflow)
I'm installing OpelLdap on a RHEL 5; I used instructions found at http://www.linux.com/archive/feature/113607.
All went well, until running './configure' for OpenLDAP - the following error was recorded:
*<earlier output snipped>*
checking for gethostbyaddr_r... yes
checking number of arguments of ctime_r... 2
checking number of arguments of gethostbyname_r... 6
checking number of arguments of gethostbyaddr_r... 8
checking db.h usability... yes
checking db.h presence... yes
checking for db.h... yes
checking for Berkeley DB major version in db.h... 5
checking for Berkeley DB minor version in db.h... 1
checking if Berkeley DB version supported by BDB/HDB backends... yes
**checking for Berkeley DB link (default)... no
configure: error: BDB/HDB: BerkeleyDB not available**
I have Googled like a maniac but have been unsuccessful to find a resolution - any tips on areas to explore?
Thanks
Source: (StackOverflow)
I have an app running using django.
Now i want only users that are authenticated via an openldap server to see "their view" (therefore i only need their uid after successfull authentication)
How can i achieve that?
I guess django-auth-ldap is the way to go, so i tried the whole day to get to know where the authentication actually takes place and how i can get the uid of the user requesting a view.
I used the documentation for the settings.py but i could not find out how to "actually use" it. Maybe someone can point me in the right direction?
settings.py:
import ldap
AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)
AUTH_LDAP_SERVER_URI = "ldap://123.60.56.61"
AUTH_LDAP_BIND_DN = ""
AUTH_LDAP_BIND_PASSWORD = ""
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,dc=rd,dc=corpintra,dc=net"
(By the way: i already can perform ldap-searche with python-ldap and get results like ldapsearch on the command line, so everything else works just fine...)
What do i need in my views?
Thanks for your help!
Source: (StackOverflow)
I have a sample program here that is trying to connect to LDAP server on the secured port (ldaps://) However, the sample program is not able to bind to the server.
#define LDAP_DEPRECATED 1
#include <stdio.h>
#include <ldap.h>
#define BIND_DN "dc=example,dc=com"
#define BIND_PW "secret"
int main() {
LDAP *ld;
int rc;
int reqcert = LDAP_OPT_X_TLS_NEVER;
int version = LDAP_VERSION3;
int ret(0);
if (ldap_initialize (&ld, "ldaps://192.168.1.51:10636")) {
perror("ldap_init"); /* no error here */
return(1);
}
ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version);
ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
rc = ldap_bind_s(ld, BIND_DN, BIND_PW, LDAP_AUTH_SIMPLE);
if( rc != LDAP_SUCCESS )
{
fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc) );
return( 1 );
}
printf("Initial Authentication successful\n");
ldap_unbind(ld);
}
However, with START_TLS the sample program successfully binds to LDAP server running on port 10389. ldapsearch client is able to connect to the server ans search the user base tree. But the sample program above does not.
To get it working with START_TLS:
Here is what I have added:
ldap_set_option (ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &reqcert);
rc = ldap_start_tls_s(ld, NULL, NULL);
if (rc != LDAP_SUCCESS) {
printf("ldap_start_tls() %s",ldap_err2string(ret));
}
Can someone point out what I am missing here for binding to LDAP server via ldaps://??
Source: (StackOverflow)
I looked everywhere for a solution to my problem but still didn't find it.
I have these two simple files as sladp.conf and mytree.ldif and when i try to add something to mytree.ldif it keeps asking me for a password (which i believe is roopw defined in slapd.conf) but it doesn't work.
I really need help with this.
These are my files:
slapd.conf
database dbd
suffix "dc=ers,dc=uminho,dc=pt"
rootdn "cn=Manager,dc=ers,dc=uminho,dc=pt"
rootpw ersadmin
directory /usr/local/var/openldap-data
mytree.ldif
dn: dc=ers, dc=uminho, dc=pt
objectclass: dcObject
objectclass: organization
o: ERS
dc: ers
dn: cn=Manager,dc=ers,dc=uminho,dc=pt
objectclass: organizationalRole
cn: Manager
And this is what i'm trying to do and my response:
sudo ldapadd -x -D "cn=Manager,dc=ers,dc=uminho,dc=pt" -W -f /etc/ldap/mytree.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I already tried to encrypt the password using
slappasswd -h {SHA} -s ersadmin
and changing my slapd.conf file
password-hash {SHA}
rootpw {SHA}pLEBIPx4rW3eebpwACBGAZkNH4CVBRGW
but it didn't work. Thanks in advance.
Source: (StackOverflow)
I am using Openldap 2.4.11 in Fedora Core 13.
I am trying to create a password policy:
dn: cn=default,ou=policies,dc=estream,dc=com,dc=my
objectClass: person
objectClass: pwdPolicy
objectClass: top
cn: default
pwdAttribute: 2.5.4.35
sn: test
If I specify pwdAttriute to "userPassword", I get an error
LDAP: error code 21 - pwdAttribute: value #0 invalid per syntax
Instead, I force to use OID for pwdAttribute:
pwdAttribute: 2.5.4.35
Is that possible to use "userPassword" instead of "2.5.4.35" for pwdAttribute?
I attempt to configure openldap to load module ppolicy.la in cn=config, but it doesn't seems to work too after restart slapd service for few times:
dn: cn=module{0},cn=config
objectClass: olcConfig
objectClass: olcModuleList
objectClass: top
cn: module{0}
olcModuleLoad: {0}/usr/lib64/openldap/ppolicy.la
Source: (StackOverflow)
Since the below got a bit long: Here's the tl;dr; version: Is there an existing key/value best-practice for fast key and value lookup, something like a hash-based set with persistent indices?
I'm interested in the world of key-value databases and have so far failed to figure out how one would efficiently implement the following use-case:
Assume we want to serialize some data and reference them somewhere else by a persistent, unique integer index. Thus e.g.: Key = unsigned int, Value = MyData.
The database should have fast key lookup and ensure that MyData is unique.
Now, when I insert a new value into my the database, I could assign it a new index key, e.g. the current size of the database or to prevent clashes after removing items, I could keep some counter externally.
But how would I ensure that I do not insert the same MyData value into my database? So far, it looks to me as if this is not efficiently possible with key-value databases - is this correct? I.e. I do not want to iterate over the whole database just to ensure MyData value is not in there already...
What is the best pratice to implement this, then?
For background: I work on KDevelop where we use the above for our code analysis cache. We actually have a custom implementation of the above use-case 1. Search for Bucket and ItemRepository if you are interested in the internals, and see 2 for an examplatory usage of the ItemRepository.
But you will probably agree, that this code is quite hard to understand and thus hard to maintain. I want to compare its performance to alternative solutions which might result in simpler code - but only if it does not incur a severe performance penalty. Considering the hype around the performance of key-value storages such as OpenLDAP MDB, Kyoto Cabinet and LevelDB, this is where I wanted to start.
What we have in KDevelop - as far as I figured out - is basically a sort of hybrid on-disk/in-memory hash map which gets saved to disk periodically (which of course can result in major data corruption in case of crashes etc.). Items are stored in a location based on their hash value which then of course also allows relatively fast value lookups as long as the hash function is fast. The added twist is that you also get some sort of persistent database index which can be used to lookup the items quite efficiently.
So - long story short - how would one do that with a key/value database such as LevelDB, Kyoto Cabinet, OpenLDAP MDB - you name it?
Source: (StackOverflow)
I almost been stuck a day on the following issue,
I installed LDAP using: apt-get install slapd
and use the following configuration:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
loglevel 0
moduleload back_sbdb.la
database bdb
suffix "dc=test,dc=nl"
rootdn "cn=Directory Manager,dc=test,dc=nl"
rootpw test
directory /var/lib/ldap
index objectClass eq
index userPassword eq,pres
index givenName,mail,mobile,sn,title,cn,description eq,sub,pres
index displayName eq,sub,pres
index postalAddress,facsimileTelephoneNumber pres
access to *
by self write
by * read
and I then try to bind using
ldapsearch -D cn=Directory Manager,dc=test,dc=nl -w test
but I still recieve the error ldap_bind: Invalid Credentials (49)
Anyone has any idea or clues what this could be?
Thanks in forward
Source: (StackOverflow)
I'm changing deprecated ldap functions to non-deprecated functions. But I am having problems with ldap_sasl_bind_s. It returns error code 49, which means invalid credentials. But I'm sure that the credentials are valid. Otherwise I added
TLS_REQCERT never
TLSVerifyClient never
to /etc/openldap/ldap.conf. Still I get the error.
ldap_simple_bind_s(q->ld, binddn, creds.bv_val); //works well
ldap_sasl_bind_s(q->ld, binddn, LDAP_SASL_SIMPLE , &creds, NULL, NULL, NULL); //returns ldap error code 49 but continues working
The main problem is that : When i m using ldap_sasl_bind_s, it doesnt bind all attrbiutes, that i got in my ldap architecture. Also when i m searching an existing attribute, it returns NOSUCH error.
Any help would be appreciated.
Source: (StackOverflow)
What are the main diffrences between these two implementations of LDAP protocol? Which is better for heterogenous environment? Any good websites about this topic?
Source: (StackOverflow)
I have an python error AttributeError: 'module' object has no attribute 'initialize'
I am running Python 2.6.2 on Solaris 10 UNIX and recently installed the pythonldap 2.3.9. The script is very basic, only has these 2 lines. Can anyone tell me why?? Traceback error below.
#!/usr/local/bin/python
import ldap, sys
con = ldap.initialize('ldap://localhost')
Traceback (most recent call last):
File "./myldap.py", line 5, in
con = ldap.initialize('ldap://localhost')
AttributeError: 'module' object has no attribute 'initialize'
Regards,
Jenny
Source: (StackOverflow)
I am using openldap 1.2.2 and php 5.5 here is error i am getting. I am new to these things and i m following this tutorial.
Error trying to get a non-existent value (appearance, password_hash) enter code here
PHP Debug Backtrace
File /usr/share/phpldapadmin/lib/functions.php (444)
Function error (a:5:{i:0;s:67:"Error trying to get a non-existant ...)
File /usr/share/phpldapadmin/lib/ds.php (81)
Function debug_dump_backtrace (a:2:{i:0;s:67:"Error trying to get a non-existant ...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (2469)
Function getValue (a:2:{i:0;s:10:"appearance";i:1;s:13:"password_hash...)
File /usr/share/phpldapadmin/lib/TemplateRender.php ()
Function drawDefaultHelperPasswordAttribute (a:2:{i:0;O:17:"PasswordAttribute":34:{s:4:"name";s...)
File /usr/share/phpldapadmin/lib/Visitor.php (58)
Function call_user_func_array (a:2:{i:0;a:2:{i:0;O:14:"TemplateRender":9:{s:24:"...)
File /usr/share/phpldapadmin/lib/PageRender.php (1006)
Function __call (a:2:{i:0;s:4:"draw";i:1;a:3:{i:0;s:13:"DefaultHelp...)
File /usr/share/phpldapadmin/lib/PageRender.php (1006)
Function draw (a:3:{i:0;s:13:"DefaultHelper";i:1;O:17:"PasswordAt...)
File /usr/share/phpldapadmin/lib/PageRender.php ()
Function drawFormReadWriteValuePasswordAttribute (a:2:{i:0;O:17:"PasswordAttribute":34:{s:4:"name";s...)
File /usr/share/phpldapadmin/lib/Visitor.php (58)
Function call_user_func_array (a:2:{i:0;a:2:{i:0;O:14:"TemplateRender":9:{s:24:"...)
File /usr/share/phpldapadmin/lib/PageRender.php (597)
Function __call (a:2:{i:0;s:4:"draw";i:1;a:3:{i:0;s:18:"FormReadWri...)
File /usr/share/phpldapadmin/lib/PageRender.php (597)
Function draw (a:3:{i:0;s:18:"FormReadWriteValue";i:1;O:17:"Passw...)
File /usr/share/phpldapadmin/lib/PageRender.php ()
Function drawFormValueAttribute (a:2:{i:0;O:17:"PasswordAttribute":34:{s:4:"name";s...)
File /usr/share/phpldapadmin/lib/Visitor.php (58)
Function call_user_func_array (a:2:{i:0;a:2:{i:0;O:14:"TemplateRender":9:{s:24:"...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (2159)
Function __call (a:2:{i:0;s:4:"draw";i:1;a:3:{i:0;s:9:"FormValue";i...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (2159)
Function draw (a:3:{i:0;s:9:"FormValue";i:1;O:17:"PasswordAttribu...)
File /usr/share/phpldapadmin/lib/TemplateRender.php ()
Function drawValueAttribute (a:2:{i:0;O:17:"PasswordAttribute":34:{s:4:"name";s...)
File /usr/share/phpldapadmin/lib/Visitor.php (58)
Function call_user_func_array (a:2:{i:0;a:2:{i:0;O:14:"TemplateRender":9:{s:24:"...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (1828)
Function __call (a:2:{i:0;s:4:"draw";i:1;a:3:{i:0;s:5:"Value";i:1;O...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (1828)
Function draw (a:3:{i:0;s:5:"Value";i:1;O:17:"PasswordAttribute":...)
File /usr/share/phpldapadmin/lib/TemplateRender.php ()
Function drawTemplateValuesAttribute (a:1:{i:0;O:17:"PasswordAttribute":34:{s:4:"name";s...)
File /usr/share/phpldapadmin/lib/Visitor.php (58)
Function call_user_func_array (a:2:{i:0;a:2:{i:0;O:14:"TemplateRender":9:{s:24:"...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (1817)
Function __call (a:2:{i:0;s:4:"draw";i:1;a:2:{i:0;s:14:"TemplateVal...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (1817)
Function draw (a:2:{i:0;s:14:"TemplateValues";i:1;O:17:"PasswordA...)
File /usr/share/phpldapadmin/lib/TemplateRender.php ()
Function drawTemplateAttribute (a:1:{i:0;O:17:"PasswordAttribute":34:{s:4:"name";s...)
File /usr/share/phpldapadmin/lib/Visitor.php (58)
Function call_user_func_array (a:2:{i:0;a:2:{i:0;O:14:"TemplateRender":9:{s:24:"...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (1602)
Function __call (a:2:{i:0;s:4:"draw";i:1;a:2:{i:0;s:8:"Template";i:...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (1602)
Function draw (a:2:{i:0;s:8:"Template";i:1;O:17:"PasswordAttribut...)
File /usr/share/phpldapadmin/lib/TemplateRender.php (1527)
Function drawShownAttributes (a:0:{})
File /usr/share/phpldapadmin/lib/TemplateRender.php (644)
Function drawStepForm (a:1:{i:0;i:1;})
File /usr/share/phpldapadmin/lib/TemplateRender.php (84)
Function visitEnd (a:0:{})
File /usr/share/phpldapadmin/htdocs/template_engine.php (55)
Function accept (a:0:{})
File /usr/share/phpldapadmin/htdocs/cmd.php (59)
Function include (a:1:{i:0;s:50:"/usr/share/phpldapadmin/htdocs/temp...)
Source: (StackOverflow)
I know this is more like a serverfault question than a stackoverflow question, but since serverfault isn't up yet, here I go:
I'm supposed to move an application from one redhat server to another, and without very good knowledge of the internal workings of the application, how would I move the OpenLDAP database from the one machine to the other, with schemas and all.
What files would I need to copy over? I believe the setup is pretty standard.
Source: (StackOverflow)
I would like to use Zend Framework 2 with Doctrine 2 and openLDAP. My goal is to create a persistence for my LDAP. How can I accomplish this in ZF2?
I noticed that we can get objects from LDAP with Zend\Ldap\Node.
Can anyone show me an example of how to make a search from a LDAP and convert the results into nodes and/or maybe into a Collection of Nodes?
I'd like to have objects to work on after the search.
Thanks
Source: (StackOverflow)