How do I search on a name value that has a parens in it?
How do I search on a name value that has a parens ["("] in it?
You have to escape both parens characters in the LDAP search filter.
“(givenname=stephan \(IT\))”
why? Because the parens is what LDAP uses to determine where the filter begins and ends!
Just another reason never to let anyone store parens or other non-alphabet characters in [...]
Remote administration of VMware Server 2
VMware Server 2.0 implements the new (well, for free Server users at least — ESX and ESXi have had it for ages) web interface for administration. When you install the server the listener for this is configured for ports 8222 and 8333. The former is only reachable if you’re coming in locally. Remote users have [...]
nsaccountlock
Just a note to self:
To lock a user’s account on Sun Directory Server, add the key/value pair “nsaccountlock: TRUE” to their entry.
dn: uid=someuser,ou=people,dc=example,dc=com
changetype: modify
add: nsaccountlock
nsaccountlock: TRUE
To unlock, change value of nsaccounlock to “FALSE” or delete the entire attribute.
fun with iptables
One of the shortcomings of Apache DS that I’ve discovered is it can’t run on port 389 (LDAP) or 636 (LDAPS) as anything other than the system root user. The developers claim this is because there’s no mechanism in Java that allows them to switch user privileges once the service has started. That’s an assertion [...]
Apache Directory Studio, Part 2
After putting it aside for awhile, I decided to take a more serious look at Apache Directory Studio (ADS).
My main motivation was the disappearance of all free links to Jarek Gawor’s LDAP Browser/Editor tool, and my resulting inability to recommend it to others. A secondary, but still important, motivation was to find something a bit [...]
LDAP Browser and SSL
For the most part getting Jarek Gawor’s LDAP Browser-Editor (LBE) to work with SSL-enabled LDAP, or LDAPS, is no big deal. Most of the time it will simply retrieve the server’s SSL certificate and then import it into a hidden keystore.
Sometimes, however, you’ll get this error when trying to connect over LDAPS:
“CA certificate is not [...]
Enabling LDAPS over LDAP in OpenLDAP
I found getting LDAPS enabled in the latest OpenLDAP packages a bit more complicated than it should have been. The main reason for this is that, starting with 8.04 LTS, the Ubuntu developers decided to begin compiling OpenLDAP’s slapd using the gnutls libraries instead of the intergalactic standard, openssl. I will refrain from my usual [...]