ldapsearch command examples with advanced options

1 Comment Linux 1 Comment

The ldapsearch command used to query the required information from LDAP databases. The ldapsearch command can be used on many occasions with different filter statement. Various ldapsearch command examples and use cases with advanced options discussed here.

Note: Replace the password ($PASS) and ROOTDN with your server values. You may need to specify LDAP URI and authentication methods depend upon configuration. Here i am working from LDAP server.

Filter user with UID

Look for the users with given UID value. This command list the users whoever UID set to 20005. Continue reading “ldapsearch command examples with advanced options”


Network interface name changed to “renamex”

Leave a comment Linux , Leave a comment

On VMware virtual machine hot added new virtual network interface (NIC). The newly added network interface is of VMXNET3 type. Initially kernel named the new network interface as “eth0”. Post server reboot network interface device name changed from “eth0” to “rename2”. But the other existing network interface name remains same as “eth1”.

[    3.582159] eth0: NIC Link is Up 10000 Mbpsvmware-suse-guest-vmxnet3-nic
[    3.598345] eth1: NIC Link is Up 10000 Mbps
[    3.741375] udev: renamed network interface eth0 to rename2
[  130.435772] bonding: bond0: Adding slave eth1.

Continue reading “Network interface name changed to “renamex””


Openldap migrate to TLS/SSL communication

Leave a comment Linux Leave a comment

Q. My ldap server currently configured to accept only non-encrypted connections. The server listens to port 389. I want to make my server to accept only TLS/SSL encrypted connections. How to migrate to TLS/SSL communication with very minimal downtime window? Most important is current LDAP directory data should not be disturbed.

Benefits

By upgrading to TLS/SSL encrypted communication we ensure data transferred between LDAP client and server will be encrypted. This is most important when the data travel through untrusted or public network. The normal LDAP communication over TLS/SSL channel specified as “ldaps” (same like https) in URI. Continue reading “Openldap migrate to TLS/SSL communication”


LDAP TLS negotiation failure error

1 Comment Linux 1 Comment

Q. I am trying to configure LDAP client. Have copied the certificate to client and enabled TLS in pam_ldap.conf. Still the client failed to communicate with LDAP server. At server end found TLS negotiation failure error. How to fix it?

Sep 11 10:35:12 rhel4 slapd[5241]: conn=1130 fd=12 ACCEPT from IP=10.20.31.140:37309 (IP=0.0.0.0:636)
Sep 11 10:35:12 rhel4 slapd[5241]: conn=1130 fd=12 closed (TLS negotiation failure)

Continue reading “LDAP TLS negotiation failure error”


Openldap configuration files and usage

Leave a comment Linux Leave a comment

How to identify the Openldap configuration files? What is the importance and usage of each file/directory? The Openldap configuration files are same in any distribution but the location may vary.

This image illustrate how the configuration files are used by Openldap service. Followed by the brief description about each component. Continue reading “Openldap configuration files and usage”


fix network connection slowness

Leave a comment Linux , Leave a comment

Network connection slowness is one of the interesting scenarios I came across. It might help someone.

My application servers are placed in one VLAN. And backup server placed in another VLAN. Since it is LAN bandwidth supposed to be 40-50 Mbps. But the connection between both application and backup server were at ~100KBPs transfer rate. I have checked router, firewall and VLAN settings. Everything looks good. No ware bandwidth limit identified.  So, how do I fix network connection slowness issue? Continue reading “fix network connection slowness”


delegate access control in Openldap

1 Comment Linux 1 Comment

I have an OU (organizational unit) named “vendor”. How to delegate access control management to one user for this OU alone? Is it possible like windows AD?

Yes, using Openldap access control rules you can create fine grained access control policies. Have tested personally and discussed here. In two places you must need this.

  1. It will be useful in organizations where multiple parties involved but using common authentication system. Because other third parties no need to depend on LDAP admin for password reset stuff.
  2. Another massive usage is for organizations with large or medium number of users. For delegating password reset task to service desk team.

Continue reading “delegate access control in Openldap”


Configure password quality check – Openldap

5 Comments Linux 5 Comments

Topics

1.  Password quality check options – Openldap

2.  Configure password quality check – Openldap

How to implement password quality (complexity) enforcement rules? How to test the functionality?

In my previous discussion explained about various options available to implement password quality (complexity) check. Now I am going to demonstrate enforcing password complexity rules using “pqchecker” library. Continue reading “Configure password quality check – Openldap”