This is my first experience with openldap.
server Ubuntu 14.04
when i run hostname -f
i get name.org.test.
When i give the next command
ldapsearch -x -LLL -H ldap:/// -b dc=name,dc=org,dc=test dn.
I get
No such object (32)
Matched DN: dc=org,dc=test.
How can i get:
dn:cn=name,cn=org,cn=test
So when i create a ou people i get:
ou=people,dc=name,dc=org,dc=test
grts
Related
Please we're facing some issues when installing Varnish 6.0.8 on ubutnu 18.04.6 OS, it doesn't create the secret file inside the /etc/varnish dir as shown below:
enter image description here
we use the following script to for installation :
curl -s https://packagecloud.io/install/repositories/varnishcache/varnish60lts/script.deb.sh | sudo bash
can someone please help ?
PS: we tried to install later versions (6.6 and 7.0.0) and we got the same issue.
Form a security point of view, remote CLI access is not enabled by default. You can see this when looking at /lib/systemd/system/varnish.service:
[Unit]
Description=Varnish Cache, a high-performance HTTP accelerator
After=network-online.target nss-lookup.target
[Service]
Type=forking
KillMode=process
# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072
# Locked shared memory - should suffice to lock the shared memory log
# (varnishd -l argument)
# Default log size is 80MB vsl + 1M vsm + header -> 82MB
# unit is bytes
LimitMEMLOCK=85983232
# Enable this to avoid "fork failed" on reload.
TasksMax=infinity
# Maximum size of the corefile.
LimitCORE=infinity
ExecStart=/usr/sbin/varnishd \
-a :6081 \
-a localhost:8443,PROXY \
-p feature=+http2 \
-f /etc/varnish/default.vcl \
-s malloc,256m
ExecReload=/usr/sbin/varnishreload
[Install]
WantedBy=multi-user.target
There are no -T and -S parameters in the standard systemd configuration. However, you can enable this by modifying the systemd configuration yourself.
Just run sudo systemctl edit --full varnish to edit the runtime configuration and add a -T parameter to enable remote CLI access.
Be careful with this and make sure you restrict access to this endpoint via firewalling rules.
Additionally you'll add -S /etc/varnish/secret as a varnishd runtime parameter in /lib/systemd/system/varnish.service.
You can use the following command to add a random unique value to the secret file:
uuidgen | sudo tee /etc/varnish/secret
This is what your runtime parameters would look like:
ExecStart=/usr/sbin/varnishd \
-a :6081 \
-a localhost:8443,PROXY \
-p feature=+http2 \
-f /etc/varnish/default.vcl \
-s malloc,2g \
-S /etc/varnish/secret \
-T :6082
When you're done just run the following command to restart Varnish:
sudo systemctl restart varnish
For Example,
I have two servers namely A and B. I want to use a grep command in either A or B, which will search in both A and B servers and display the match.
You could use parallel ssh (pssh) for that.
See this command:
parallel-ssh -P -v -l root -A -H "192.168.1.1 192.168.1.2 192.168.1.3" "hostname"
Where hostname is the command to execute on each of the hosts. -P means print the output of the command, -l root means login with the user root, -A ask for the password and -H provides the list of hosts.
The output might look similar to this:
192.168.140.193: hostname1
192.168.140.194: hostname2
192.168.140.195: hostname3
[1] 11:18:17 [SUCCESS] 192.168.140.193
[2] 11:18:17 [SUCCESS] 192.168.140.194
[3] 11:18:17 [SUCCESS] 192.168.140.195
For those without access to parallel-ssh, try this:
#!/bin/bash
remotehost='hostnameA'
if [ `hostname` == 'hostnameA' ]
then
remotehost='hostnameB'
fi
{
grep whatever
ssh $remotehost grep whatever
}
The first part figures out what host you're on and which it needs to ssh into. The second part performs the command on both hosts and groups the output together.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'm running OpenLDAP 2.4-28 on XUBUNTU 12.04.
I'm reading "Mastering OpenLDAP" and configuring along with the book.
When I try to perform the following search (page 47):
$ ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base
I am prompted for the password. Then I enter "secret" but I get the following error:
ldap_bind: Invalid Credentials (49).
The following is my slapd.conf:
# slapd.conf - Configuration file for LDAP SLAPD
##########
# Basics #
##########
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
# modulepath /usr/local/libexec/openldap
moduleload back_hdb
##########################
# Database Configuration #
##########################
database hdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass,cn eq
########
# ACLs #
########
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to *
by self write
by * none
and here is the ldap.conf:
# LDAP Client Settings
URI ldap://localhost
BASE dc=example,dc=com
BINDDN cn=Manager,dc=example,dc=com
SIZELIMIT 0
TIMELIMIT 0
I don't see an obvious problem with the above.
It's possible your ldap.conf is being overridden, but the command-line options will take precedence, ldapsearch will ignore BINDDN in the main ldap.conf, so the only parameter that could be wrong is the URI.
(The order is ETCDIR/ldap.conf then ~/ldaprc or ~/.ldaprc and then ldaprc in the current directory, though there environment variables which can influence this too, see man ldapconf.)
Try an explicit URI:
ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base -H ldap://localhost
or prevent defaults with:
LDAPNOINIT=1 ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base
If that doesn't work, then some troubleshooting (you'll probably need the full path to the slapd binary for these):
make sure your slapd.conf is being used and is correct (as root)
slapd -T test -f slapd.conf -d 65535
You may have a left-over or default slapd.d configuration directory which takes preference over your slapd.conf (unless you specify your config explicitly with -f, slapd.conf is officially deprecated in OpenLDAP-2.4). If you don't get several pages of output then your binaries were built without debug support.
stop OpenLDAP, then manually start slapd in a separate terminal/console with debug enabled (as root, ^C to quit)
slapd -h ldap://localhost -d 481
then retry the search and see if you can spot the problem (there will be a lot of schema noise in the start of the output unfortunately). (Note: running slapd without the -u/-g options can change file ownerships which can cause problems, you should usually use those options, probably -u ldap -g ldap )
if debug is enabled, then try also
ldapsearch -v -d 63 -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base
Based on this link https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/blob/master/OpenStack_Folsom_Install_Guide_WebVersion.rst#openstack-folsom-install-guide , I tried running these scripts but it fails despite me setting the HOST_IP & EXT HOST_IP.
./keystone_basic.sh
./keystone_endpoints_basic.sh
Below is the error log received:-
-keystone:error:unrecognized arguments: service id of 18ea5916544429bed2c84af0303077
I have provide the information such as tenant_name, tenant_id and so on in a source file but it happens to be the script provided does not get recognized by the system. Below are the details of the OS I use.
I created VMs instead of using physical machines. Installed with Ubuntu 12.04 LTS.
Please advice on how to tackle this issue.
Thanks.
I had the same problem. I am using Ubuntu 12.04 LTS. After running:
keystone help user-create tenant id appears as follows:
Optional arguments:
...
--service_id <service-id>
Change --service-id to --service_id with a global replace
[Using command line]
# sed -i 's/--service-id/--service_id/g' /path/to/script.sh
restart keystone & It's database entries
mysql -u root -ppassword -e "drop database keystone"
mysql -u root -ppassword -e "create database keystone"
mysql -u root -ppassword -e "grant all privileges on keystone.* TO 'keystone'#'%' identified by 'password'"
mysql -u root -ppassword -e "grant all privileges on keystone.* TO 'keystone'#'localhost' identified by 'password'"
service keystone restart
keystone-manage db_sync
I'm using plink to run a command on a Unix remote machine.
The command is:
ls -1trd testegrep.txt |tail -1 |xargs tail -f| grep 's';
The way I'm sending this command is by using a file with a set of commands like:
plink.exe -ssh -t -l user -pw pwd tst.url.pt -m commands.out
When I run the command this way the plink does not receive any input. It seems that is waiting for input.
But if I run:
plink.exe -ssh -t -l user -pw pwd tst.url.pt "ls -1trd testegrep.txt |tail -1 |xargs tail -f| grep 's';"
I get the expected result.
I'm not using the plink with a file with the command because I choose so. I'm using a test automation software that allows me to run tests on remote hosts and this is the way the tool works.
Any thoughts on what is going wrong?
I tested the command you provided and it worked without problems.
Maybe the problem is related to:
The server's host key is not cached in the registry.
The path to the file is not correct.
The file is empty.
include server hostkey
most importantly, you need to include the unix profile using the -m paramater
You can include all your commands in the same file where the profile is kept also.
$Output = ((plink.exe -hostkey hostkey -l UNAME -i SSHKEY -P 22 -ssh server -batch -m PROFILE) | ? {$_ -ne ""})