Skip to content

LDAPCon 2009 Call For Papers

OpenLDAPOpen SourceSuretec The International Conference on LDAP[?] is a technical forum for IT professionals interested in LDAP and related topics like directory servers, directory management applications, directory integration, identity and access management, and meta directories.

It focuses on implementation and integration of LDAP servers and LDAP-enabled client applications. The event will bring together vendors, developers, active and prospective LDAP practitioners to share their experiences about deployment strategies, service operations, interoperability, discuss LDAP usage in new projects and learn about upcoming trends and developments.
Topics

You are involved with LDAP in interesting projects?

- You do LDAP client development?
- You have used LDAP like no-one before?
- You have innovative concepts in LDAP Integration?

Why not share your experiences, good and bad, with others?

We look for speakers who ae willing to talk about:

Continue reading "LDAPCon 2009 Call For Papers"

OpenLDAP build farm

OpenLDAPOpen SourceSuretec Dear all,

Just a quick update to say things are moving forward on the OpenLDAP build farm and very soon (after more testing) you'll be able to submit your desired platform for testing and upload your build results!

More later (next month),

Gavin.

OpenLDAP Replication Strategies

OpenLDAPOpen SourceSuretec At this years UKUUG's annual Large Installation Systems Administration (LISA) conference I gave a talk on OpenLDAP Replication Strategies. You can grab theOpenLDAP Replications Strategies PDF or SlideShare version.

Other presentations regarding OpenLDAP that day (including one from Howard, the Projects Chief Architect and Symas CTO), OpenLDAP and MySQL: Bridging the Data Model Divide and Andrew Findlays Writing Access Control Policies for LDAP[?]

Gavin.

OpenLDAP Quick Tips: Replication Strategies

OpenLDAPOpen SourceSuretec Hi All,

Here's the 22nd tip in the "OpenLDAP Quick Tips" series:

"You are not sure what type of OpenLDAP replication to use, but you know you need to".

This tip won't actually go into the technical setup (and isn't very quick ;-) ) of the different replication types, we'll leave that for another set of tips. You can always read up on them yourself in the Replication section of the OpenLDAP 2.4 Administrator's Guide. Or if you're coming to the UKUUG's annual Large Installation Systems Administration (LISA) you'll be able to hear Howard Chu and myself give our talks:

- OpenLDAP Replication Strategies - Gavin Henry (Suretec Systems & OpenLDAP project)
- OpenLDAP and MySQL: Bridging the Data Model Divide - Howard Chu (Symas Corp. & OpenLDAP project).

Andrew Findlay (Skills 1st), another respected authority on LDAP[?] will also be giving a talk on Writing Access Control Policies for LDAP.


Anyway, on to the strategies.

Continue reading "OpenLDAP Quick Tips: Replication Strategies"

OpenLDAP Quick Tips: Interacting with LDAP from shell scripts by Vincent van Gelder

OpenLDAPOpen SourceSuretec Hi All,

Here's the 21st tip in the "OpenLDAP Quick Tips" series kindly contributed by Vincent van Gelder.

"You need to carry out LDAP[?] operations using shell scripts".

The following is an example sent in by Vincent van Gelder (you can e-mail your tip to us too):

------------------------
The following script I use when interacting with ldap[?] from shell scripts:


http://members.tripod.com/vgoenka/unixscripts/unldif.sed.txt


Sample script:

CODE:
###################################### #!/bin/bash PHOTO=/tmp/tux.jpg IFS=$'\n' for dn in $(ldapsearch -ZZ -LLL -A -b 'ou=Users,ou=Intranet,o=Company,c=NL' -s one '(&(!(jpegPhoto=*))(objectClass=inetOrgPerson))' jpegPhoto \  | unldif  | grep '^dn' ) do     echo $dn     echo "changetype: modify"     echo "add: jpegPhoto"     echo "jpegPhoto::$(openssl base64 -in $PHOTO | sed 's/^/ /')"     echo done ######################################


The sample script fetches users from ldap whithout a photo and adds a
default photo. Output is a ldif.

It also demonstrates how to add binary attributes from shell using
openssl tool.

The unldif script makes sure the dn is always just one line.

--
Met vriendelijke groet,

Vincent van Gelder
------------------------


Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Source vs Symas OpenLDAP

Open SourceSuretec We've just published two comparisons of OpenLDAP source management versus Symas OpenLDAP Packages:

Nothing special, just a quick comparison.

Suretec®

OpenLDAP Quick Tips: Enable in Directory Monitoring

OpenLDAPOpen SourceSuretec Hi All,

Here's the 20th tip in the "OpenLDAP Quick Tips" series:

"You need to obtain information regarding the current state of your slapd instance":

slapd(8) supports an optional LDAP[?] monitoring interface you can use to obtain information regarding the current state of your slapd instance. For instance, the interface allows you to determine how many clients are connected to the server currently. The monitoring information is provided by a specialized backend, the monitor backend. A manual page, slapd-monitor(5) is available.


At the end of your slapd.conf file add:

CODE:
database monitor


and restart.

You'll now be able to query information like the following and use it in your monitoring tools:

CODE:
dn: cn=Total,cn=Connections,cn=Monitor structuralObjectClass: monitorCounterObject monitorCounter: 4 entryDN: cn=Total,cn=Connections,cn=Monitor subschemaSubentry: cn=Subschema hasSubordinates: FALSE



Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Encrypt your Oracle Berkeley DB if necessary

OpenLDAPOpen SourceSuretec Hi All,

Here's the 18th tip in the "OpenLDAP Quick Tips" series:

"You need to encrypt the raw bdb files":

This might be useful various reasons:

It may actually provide some value to sites that do regular backups of their raw DB files. It may actually be useful in some cases where you provide an encryption key on separate removable media (e.g. a USB flash drive). It might actually prevent a news article down the road on how some organization lost their 5 million record customer database and now all that unprotected data is now being exploited by criminals.

I doubt it, of course. It exacts a performance penalty on every DB operation, so I don't think anyone will be able to use this long-term. For the off-site backup scenario, it makes more sense to just encrypt the backup images (tar format or whatever backup utility is used). That way you only spend cycles on encryption once, at backup time. Any site that's savvy enough to do automated backups can certainly figure out how to protect those backups with encryption.


Continue reading "OpenLDAP Quick Tips: Encrypt your Oracle Berkeley DB if necessary"

OpenLDAP Quick Tips: Always 'make test'

OpenLDAPOpen SourceSuretec Hi All,

Here's the 17th tip in the "OpenLDAP Quick Tips" series:

"You've successfully built your own instance of OpenLDAP but want to make sure you've done it right":

So, you've grabbed the latest version, compiled it and want to get started straight way, but stop! Hours and hours have been spent writing test scripts for OpenLDAP, so please, please, please run:

CODE:
make test


before

CODE:
su -c "make install"


and save the OpenLDAP Issue Tracking System from getting full with silly reports!

Also, see our installation section of the FAQ.

If this is too much, why not get supported, prepackaged versions of OpenLDAP: Symas™ OpenLDAP™ Directory Services™

Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Auditing - who modified what at what times?

OpenLDAPOpen SourceSuretec Hi All,

Here's the 16th tip in the "OpenLDAP Quick Tips" series (as requested by Bronius Motekaitis):

"You want to audit OpenLDAP for changes: who modified what at what times?":

Apart from normal logging via syslog there are two options for this; file based audit logging or LDAP[?] based logging (in directory).

For file based see Audit Logging and related man page slapo-auditlog:

The Audit Logging overlay can be used to record all changes on a given
backend database to a specified log file. Changes are logged as stan-
dard LDIF, with an additional comment header giving the timestamp of
the change and the identity of the user making the change.


For in directory logging see Access Logging and related man page slapo-accesslog:

The Access Logging overlay can be used to record all accesses to a
given backend database on another database. This allows all of the
activity on a given database to be reviewed using arbitrary LDAP
queries, instead of just logging to local flat text files.


Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Change loglevels on the fly!

OpenLDAPOpen SourceSuretec Hi All,

Here's the 15th tip in the "OpenLDAP Quick Tips" series:

"You want to change your OpenLDAP loglevel to get more information, but can't take your directory server offline":

If you've been following the OpenLDAP Quick Tips series, you would have already read Switch to the dynamic config backend (cn=config) and will now have a live slapd dynamic backend configured. If not, go back and read it over ;-)
Continue reading "OpenLDAP Quick Tips: Change loglevels on the fly!"

OpenLDAP Quick Tips: OpenLDAP Logfile analysis

OpenLDAPOpen SourceSuretec Hi All,

Here's the 14th tip in the "OpenLDAP Quick Tips" series and today it comes from "Pablo Chamorro":

"You want to analyse your OpenLDAP logfile":

There are various ways to do this yourself by hand, but the have community already done the work for you and written the:

OpenLDAP Logfile analysis utility:

ldap[?]-stats.pl is a Perl program that can be used to analyze and report on OpenLDAP logfiles. The available reports include: operations (e.g., Connect, Bind, Unbind) performed per host, unindexed searches, attributes requested, search filters used, total operations per server, and operation breakdowns by day, hour and month.


A short sample output would look like:
Continue reading "OpenLDAP Quick Tips: OpenLDAP Logfile analysis"

OpenLDAP Quick Tips: Use the FAQ!

OpenLDAPOpen SourceSuretec Hi All,

Here's my 13th tip in the "OpenLDAP Quick Tips" series:

"You have a question, but you're sure someone has been there before":

That's what our FAQ-O-Matic is for!

Search it, browse it and check the common areas:

  1. Installation

  2. Configuration

  3. Integration

  4. Maintenance

  5. Common Errors

  6. When all else fails...


When all else fails, join our mailing lists.

Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Switch to the dynamic config backend (cn=config)

OpenLDAPOpen SourceSuretec Hi All,

Here's my 12th tip in the "OpenLDAP Quick Tips" series:

"You want to switch from slapd.conf to the configuration backend to slapd":

The config backend is backward compatible with the older slapd.conf(5)
file but provides the ability to change the configuration dynamically
at runtime. If slapd is run with only a slapd.conf file dynamic changes
will be allowed but they will not persist across a server restart.
Dynamic changes are only saved when slapd is running from a slapd.d
configuration directory.



The following should be getting you very excited:

provides the ability to change the configuration dynamically
at runtime.
Continue reading "OpenLDAP Quick Tips: Switch to the dynamic config backend (cn=config)"

Community Request: Real World OpenLDAP Deployments

OpenLDAPOpen SourceSuretec Dear All,

I'd like to get some examples written up for:

http://www.openldap.org/doc/admin24/appendix-deployments.html

If anyone is interested and allowed to share some information, I'd
love to hear from you.

The more strange the setup the better!

Many thanks,

Gavin.

P.S. This has also been sent to the openldap-technical@openldap.org mailing list, so if you are a subscriber please reply to that email. Thanks.
tweetbackcheck