ldapsearch command examples with advanced options

The ldapsearch command used to query the required information from LDAP databases. The ldapsearch command can be used on many occasions with different filter statement. Various ldapsearch command examples and use cases with advanced options discussed here.

Note: Replace the password ($PASS) and ROOTDN with your server values. You may need to specify LDAP URI and authentication methods depend upon configuration. Here i am working from LDAP server.

Filter user with UID

Look for the users with given UID value. This command list the users whoever UID set to 20005.

Read More


Network interface name changed to “renamex”

On VMware virtual machine hot added new virtual network interface (NIC). The newly added network interface is of VMXNET3 type. Initially kernel named the new network interface as “eth0”. Post server reboot network interface device name changed from “eth0” to “rename2”. But the other existing network interface name remains same as “eth1”.

[    3.582159] eth0: NIC Link is Up 10000 Mbpsvmware-suse-guest-vmxnet3-nic
[    3.598345] eth1: NIC Link is Up 10000 Mbps
[    3.741375] udev: renamed network interface eth0 to rename2
[  130.435772] bonding: bond0: Adding slave eth1.

Read More


Openldap migrate to TLS/SSL communication

Q. My ldap server currently configured to accept only non-encrypted connections. The server listens to port 389. I want to make my server to accept only TLS/SSL encrypted connections. How to migrate to TLS/SSL communication with very minimal downtime window? Most important is current LDAP directory data should not be disturbed.

Benefits

By upgrading to TLS/SSL encrypted communication we ensure data transferred between LDAP client and server will be encrypted. This is most important when the data travel through untrusted or public network. The normal LDAP communication over TLS/SSL channel specified as “ldaps” (same like https) in URI.

Read More


LDAP TLS negotiation failure error

Q. I am trying to configure LDAP client. Have copied the certificate to client and enabled TLS in pam_ldap.conf. Still the client failed to communicate with LDAP server. At server end found TLS negotiation failure error. How to fix it?

Sep 11 10:35:12 rhel4 slapd[5241]: conn=1130 fd=12 ACCEPT from IP=10.20.31.140:37309 (IP=0.0.0.0:636)
Sep 11 10:35:12 rhel4 slapd[5241]: conn=1130 fd=12 closed (TLS negotiation failure)

Read More


Users unable to login – Openldap

Q. All the LDAP users unable to login and getting access denied error. How to fix without losing any of user information?

First check whether the user’s password expired or locked

Step1

1. This command retrieve user password status related ppolicy. The password expired/locked will be notified.

Read More


Openldap configuration files and usage

How to identify the Openldap configuration files? What is the importance and usage of each file/directory? The Openldap configuration files are same in any distribution but the location may vary.

This image illustrate how the configuration files are used by Openldap service. Followed by the brief description about each component.

Read More


fix network connection slowness

Network connection slowness is one of the interesting scenarios I came across. It might help someone.

My application servers are placed in one VLAN. And backup server placed in another VLAN. Since it is LAN bandwidth supposed to be 40-50 Mbps. But the connection between both application and backup server were at ~100KBPs transfer rate. I have checked router, firewall and VLAN settings. Everything looks good. No ware bandwidth limit identified.  So, how do I fix network connection slowness issue?

Read More


delegate access control in Openldap

I have an OU (organizational unit) named “vendor”. How to delegate access control management to one user for this OU alone? Is it possible like windows AD?

Yes, using Openldap access control rules you can create fine grained access control policies. Have tested personally and discussed here. In two places you must need this.

  1. It will be useful in organizations where multiple parties involved but using common authentication system. Because other third parties no need to depend on LDAP admin for password reset stuff.
  2. Another massive usage is for organizations with large or medium number of users. For delegating password reset task to service desk team.

Read More


Configure password quality check – Openldap

Topics

1.  Password quality check options – Openldap

2.  Configure password quality check – Openldap

How to implement password quality (complexity) enforcement rules? How to test the functionality?

In my previous discussion explained about various options available to implement password quality (complexity) check. Now I am going to demonstrate enforcing password complexity rules using “pqchecker” library.

Read More