'Re: [nssldap] 8 principal limitation in nssldap'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nssldap
Subject:    Re: [nssldap] 8 principal limitation in nssldap
From:       Srivatsav M <srivatsav.mudumba () gmail ! com>
Date:       2011-03-27 17:56:10
Message-ID: AANLkTik3ee5gAh515mPxqrio6hHmF=99G7SR+JG=5OQ7 () mail ! gmail ! com
[Download RAW message or body]

Hi

Thanks for the response, sorry I meant RDN's

yes we have tried adding the base to the /etc/ldap.conf but the idea is to
provide more than 7 nss_base_xxxx support.

# The distinguished name of the search tree.
base DC=someplace,DC=myarea,DC=compname,DC=parentcompname

7 being a small number, customers are not scale up the number of RDN's.
 Since it is not documented or expressed as a known issue/bug, I am kind of
stuck on this

Please provide any pointers/info related to this.

Thanks
Ramakanth

On 27 March 2011 07:13, Douglas E. Engert <deengert@anl.gov> wrote:

>
>
> On 3/26/2011 8:37 AM, rammie2 wrote:
>
>>
>> Hi,
>>
>> We are using nss_ldap for authenticating users registered in a LDAP server
>> (Open LDAP, Active Directory). After adding 8 principals (/etc/ldap.conf),
>> none of the users registered in the /etc/ldap.conf file are able to login.
>>
>
> principals? Principals are not added to the /etc/ldap.conf  Or do you mean
> RDN?
>
>  The LDAP API references an LDAP object by its distinguished name (DN).
>  A DN is a sequence of relative distinguished names (RDN) connected by
> commas.
>
>  An RDN is an attribute with an associated value in the form
> attribute=value;
>  normally expressed in a UTF-8 string format. The following table lists
> typical
>  RDN attribute types.
>
>
>
>> nss_base_passwd
>>
>> OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname
>> nss_base_shadow
>>
>> OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname
>> nss_base_group
>>
>> OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname
>>
>>
> Have you tried using something like:
> base DC=someplace,DC=myarea,DC=compname,DC=parentcompname
>
> nss_base_passwd OU=engg,DC=mycompany,DC=region,
> nss_base_shadow OU=engg,DC=mycompany,DC=region,
> nss_base_group OU=engg,DC=mycompany,DC=region,
>
> Don't know it it will help or not.
>
>
>
>
>
>> Can you please share the reason for this 7 limitation in the nss_ldap
>> library. or how I can fix this issue. I am looking for the header file in
>> the source files whhich has this constant or limitation defined.
>>
>>  Tried googling, but it appears that no one has encountered this issue.
>> Some
>> customers of our product are running into this issue and it has become a
>> severity 1 issue to fix. Appreciate any help on this
>>
>> Thanks
>> Ramakanth
>>
>
> --
>
>  Douglas E. Engert  <DEEngert@anl.gov>
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444
>

[Attachment #3 (text/html)]

Hi<div><br></div><div>Thanks for the response, sorry I meant \
RDN&#39;s</div><div><br></div><div>yes we have tried adding the base to the \
/etc/ldap.conf but the idea is to provide more than 7 nss_base_xxxx support. \
</div><div> <br></div><div><div># The distinguished name of the search \
tree.</div><div><span class="Apple-style-span" style="border-collapse: collapse; \
font-family: arial, sans-serif; font-size: 13px; ">base \
DC=someplace,DC=myarea,DC=compname,DC=parentcompname</span></div> </div><div><span \
class="Apple-style-span" style="border-collapse: collapse; font-family: arial, \
sans-serif; font-size: 13px; "><br></span></div><div>7 being a small number, \
customers are not scale up the number of RDN&#39;s.  Since it is not documented or \
expressed as a known issue/bug, I am kind of stuck on this</div> \
<div><br></div><div>Please provide any pointers/info related to \
this.</div><div><br></div><div>Thanks</div><div>Ramakanth</div><br><div \
class="gmail_quote">On 27 March 2011 07:13, Douglas E. Engert <span dir="ltr">&lt;<a \
href="mailto:deengert@anl.gov">deengert@anl.gov</a>&gt;</span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex;"><div class="im"><br> <br>
On 3/26/2011 8:37 AM, rammie2 wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <br>
Hi,<br>
<br>
We are using nss_ldap for authenticating users registered in a LDAP server<br>
(Open LDAP, Active Directory). After adding 8 principals (/etc/ldap.conf),<br>
none of the users registered in the /etc/ldap.conf file are able to login.<br>
</blockquote>
<br></div>
principals? Principals are not added to the /etc/ldap.conf  Or do you mean RDN?<br>
<br>
  The LDAP API references an LDAP object by its distinguished name (DN).<br>
  A DN is a sequence of relative distinguished names (RDN) connected by commas.<br>
<br>
  An RDN is an attribute with an associated value in the form attribute=value;<br>
  normally expressed in a UTF-8 string format. The following table lists typical<br>
  RDN attribute types.<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <br>
nss_base_passwd<br>
OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname<br>
 nss_base_shadow<br>
OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname<br>
 nss_base_group<br>
OU=engg,DC=mycompany,DC=region,DC=someplace,DC=myarea,DC=compname,DC=parentcompname<br>
 <br>
</blockquote>
<br></div>
Have you tried using something like:<br>
base DC=someplace,DC=myarea,DC=compname,DC=parentcompname<div class="im"><br>
nss_base_passwd OU=engg,DC=mycompany,DC=region,<br></div><div class="im">
nss_base_shadow OU=engg,DC=mycompany,DC=region,<br></div><div class="im">
nss_base_group OU=engg,DC=mycompany,DC=region,<br>
<br></div>
Don&#39;t know it it will help or not.<div><div></div><div class="h5"><br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <br>
Can you please share the reason for this 7 limitation in the nss_ldap<br>
library. or how I can fix this issue. I am looking for the header file in<br>
the source files whhich has this constant or limitation defined.<br>
<br>
  Tried googling, but it appears that no one has encountered this issue. Some<br>
customers of our product are running into this issue and it has become a<br>
severity 1 issue to fix. Appreciate any help on this<br>
<br>
Thanks<br>
Ramakanth<br>
</blockquote>
<br>
-- <br>
<br></div></div><font color="#888888">
 Douglas E. Engert  &lt;<a href="mailto:DEEngert@anl.gov" \
target="_blank">DEEngert@anl.gov</a>&gt;<br>  Argonne National Laboratory<br>
 9700 South Cass Avenue<br>
 Argonne, Illinois  60439<br>
 (630) 252-5444<br>
</font></blockquote></div><br>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic