Openldap configuration files and usage

Leave a comment Linux Leave a comment

How to identify the Openldap configuration files? What is the importance and usage of each file/directory? The Openldap configuration files are same in any distribution but the location may vary.

This image illustrate how the configuration files are used by Openldap service. Followed by the brief description about each component. Continue reading “Openldap configuration files and usage”

fix network connection slowness

Leave a comment Linux , Leave a comment

Network connection slowness is one of the interesting scenarios I came across. It might help someone.

My application servers are placed in one VLAN. And backup server placed in another VLAN. Since it is LAN bandwidth supposed to be 40-50 Mbps. But the connection between both application and backup server were at ~100KBPs transfer rate. I have checked router, firewall and VLAN settings. Everything looks good. No ware bandwidth limit identified.  So, how do I fix network connection slowness issue? Continue reading “fix network connection slowness”

delegate access control in Openldap

1 Comment Linux 1 Comment

I have an OU (organizational unit) named “vendor”. How to delegate access control management to one user for this OU alone? Is it possible like windows AD?

Yes, using Openldap access control rules you can create fine grained access control policies. Have tested personally and discussed here. In two places you must need this.

  1. It will be useful in organizations where multiple parties involved but using common authentication system. Because other third parties no need to depend on LDAP admin for password reset stuff.
  2. Another massive usage is for organizations with large or medium number of users. For delegating password reset task to service desk team.

Continue reading “delegate access control in Openldap”

Configure password quality check – Openldap

7 Comments Linux 7 Comments


1.  Password quality check options – Openldap

2.  Configure password quality check – Openldap

How to implement password quality (complexity) enforcement rules? How to test the functionality?

In my previous discussion explained about various options available to implement password quality (complexity) check. Now I am going to demonstrate enforcing password complexity rules using “pqchecker” library. Continue reading “Configure password quality check – Openldap”

Fix insufficient access (50) error – Openldap

4 Comments Linux 4 Comments

Are you trying to update Openldap global or config database configuration? Getting insufficient access error (50)?

So, What is the BIND dn (i.e username) you are using? The error simply says that BIND dn authentication successful but it does not have write access to database you are trying to modify.

# ldapmodify –axw ppsswwdd -D "cn=manager,dc=sunt,dc=com" -f db.ldif
modifying entry "olcDatabase={2}bdb,cn=config"
ldap_modify: Insufficient access (50)

Continue reading “Fix insufficient access (50) error – Openldap”

Restrict ‘su’ command – SUSE

Leave a comment Linux , Leave a comment

By default all user has access to command “su”. This command allows login to other user from current shell. Of course they should know target user password. The problem is you cannot have control/log of users once they switched successfully. What happens if the user by chance able to switch as root?

Desired secure method to switch across user is restrict “su” command. Enforce them to use “sudo” instead. Continue reading “Restrict ‘su’ command – SUSE”

Avoid cluster filesystem entering read-only mode

Leave a comment Linux , Leave a comment

Linux kernel remounts the filesystem into read-only mode whenever it cannot process I/O. This might happen due to various reasons such as disk failure, SAN connectivity issue, disk with bad blocks etc. On Virtual machine and SAN based storage environment even the high latency may lead to I/O hung and result in read-only mode. Continue reading “Avoid cluster filesystem entering read-only mode”

debug pacemaker cluster easily

Leave a comment Linux , Leave a comment

Debugging pacemaker cluster through logs will be much more easier post reading this article. This would help you in either troubleshooting or root cause analysis. It does not need any additional tools except your attention. Have reproduced and collected logs from various scenario to present here as example. I used SUSE 11 with HAE system for testing.

The first thing to do is look in system log for the terms ERROR and WARN.

#grep -e ERROR -e WARN /var/log/messages Continue reading “debug pacemaker cluster easily”