Tuesday, September 11, 2012

NETASQ: LDAP migrer vers le format bdb


voici comment migrer le format de fichier indexé vers BDB:

# Arrêt du service ldap
nstop ldap

# Export au format ldif de la base de donnée
slapd -T cat -f /var/ldap/slapd.conf > /log/export.ldif

# Copie de backup de la base ldap
mv /data/Main/Ldapbase /log/Ldapbase.old

# Crration du dossier pour la base
mkdir /data/Main/Ldapbase

# Tunning de la configuration, afin d'utiliser le nouveau format
setconf ~/ConfigFiles/ldap Server DBBackend bdb

# Creation du fichier DB_CONFIG spécifique au nouveau format
echo "set_lg_max 1000000" >/data/Main/Ldapbase/DB_CONFIG
echo "set_flags DB_LOG_AUTOREMOVE" >>/data/Main/Ldapbase/DB_CONFIG

# Import Complet des données
slapd -T add -f /var/ldap/slapd.conf -l /log/export.ldif

# Démarrage du service
nstart ldap

Et voici les étapes de vérifications:

# Listing du dossier LdapBase afin de valider le nouveau format:
ls /data/Main/Ldapbase
DB_CONFIG       __db.002        __db.004        dn2id.bdb       log.0000000001  uid.bdb
__db.001        __db.003        __db.005        id2entry.bdb    objectClass.bdb

# Verification du service ldap
dstat |grep ldap
ldap      : /var/supervise/ldap: up (pid 33177) 347 seconds

# Validation du service ldap
nsrpc admin@

user list
101 code=00f01100 msg="User List:"
100 code=00a00100 msg="Ok"

Tuesday, September 4, 2012

NETASQ: Using External tools inside the FW

Hi folks,

so i need some tools on my unix FW, netasq comes with some, but lacks a lot of others. Great example is : wget.

So you need to figure it out which freebsd version you're netasq is running on:

Normaly for a V9, it is a Freebsd 7.3:

# uname -a
NS-BSD VUXXXA1GXXXXXX 9.0.3- NS-BSD 9.0.3- #0: Mon Apr  2 21:15:37 CEST 2012     build@buildmajclipp.netasq.com:/usr/home/build/fw-9.0.3/sys-7.3/work/sys/i386/compile/NETASQ.XL.FULLVIRT.RELEASE  i386

For a v8, it is a 6.3:

# uname -a
NS-BSD V50XXA0A0000001 8.1.0- NS-BSD 8.1.0- #0: Wed Mar 31 13:14:10 CEST 2010     build@81maj.netasq.com:/usr/home/build/fw-8.1.0/sys-6.3/work/sys/i386/compile/NETASQ.M.FULLVIRT.RELEASE  i386

In the following command:

root@linux$ Is the Prompt of the Linux Host ( yes, sure ! :- )
VUXXXXXX0000000>Is the Prompt of the Netasq FW ( huh ?? )

Download the packages from a Distribution server, for wget you will need:

Wget : http://ftp.stu.edu.tw/FreeBSD/ports/i386/packages-7.3-release/All/wget-1.12.tbz

gettext: http://ftp.stu.edu.tw/FreeBSD/ports/i386/packages-7.3-release/All/gettext-0.17_1.tbz

libiconv : http://ftp.stu.edu.tw/FreeBSD/ports/i386/packages-7.3-release/All/libiconv-1.13.1_1.tbz

unpack the files in a directory:

root@linux$ tar -jxvf wget-1.12.tbz

root@linux$ tar -jxvf gettext-0.17_1.tbz

root@linux$ tar -jxvf libiconv-1.13.1_1.tbz

So you have the tool, somes libs that will be used later on, now, transfer the wget binary from bin/wget to a netasq fw, in /log/wget-bsd73 for example:

VUXXXXXX0000000> mkdir /log/wget-bsd73

root@linux$ scp bin/wget mynetasqfw:/log/wget-bsd73

We'll test if all the shared libs are available

VUXXXXXX0000000>ldd wget
        libssl.so.5 => not found (0x0)
        libcrypto.so.5 => not found (0x0)
        libiconv.so.3 => not found (0x0)
        libintl.so.8 => not found (0x0)
        libc.so.7 => /lib/libc.so.7 (0x280cc000)

Well.... we miis a lot ? In fact no, we just miss 2 libs: libiconv.so and libintl.so.

Transfer the 2 libs:

root@linux$ scp lib/libiconv.so.3 mynetasqfw:/log/wget-bsd73

 root@linux$ scp lib/libintl.so.8 mynetasqfw:/log/wget-bsd73

For the rest we just need to create symlinks:

ln -s /usr/lib/libcrypto.so /usr/lib/libcrypto.so.5

ln -s /usr/lib/libssl.so /usr/lib/libssl.so.5

ln -s $PWD/libiconv.so.3 /usr/lib/libiconv.so.3

ln -s $PWD/libintl.so.8 /usr/lib/libintl.so.8

So, check again the shared libs:

VUXXXXXX0000000>ldd wget
        libssl.so.5 => /usr/lib/libssl.so.5 (0x280cc000)
        libcrypto.so.5 => /usr/lib/libcrypto.so.5 (0x2811d000)
        libiconv.so.3 => /usr/lib/libiconv.so.3 (0x28288000)
        libintl.so.8 => /usr/lib/libintl.so.8 (0x2837e000)
        libc.so.7 => /lib/libc.so.7 (0x28387000)

Everything is here !

To end this proc, just copy the wget binary to the  /usr/Firewall/sbin/ directory:

VUXXXXXX0000000>cp wget /usr/Firewall/sbin/wget


Now we can test the wget:

--2011-09-04 10:14:42--
Connecting to connected.
HTTP request sent, awaiting response... 200 OK
Length: 72 [application/octet-stream]
Saving to: `na_pack_updates_kasperskyStandard.md5'

100%[===========================================================================>] 72          --.-K/s   in 0s

2011-09-04 10:14:43 (1.05 MB/s) - `na_pack_updates_kasperskyStandard.md5' saved [72/72]

That's all Folks !








Monday, September 3, 2012

NETASQ: ldap export / import without external tools (ie: Ldap Browser)

Hi Folks,

so, everytime you need to manipulate the ldap db you'll find a kb, a mail, a tips saying:

Hey you need and ldap browser tool .


Wrong !


The netasq have everything inside to do this!

lets see how:


where is the conf file:


Stop the ldap server:

nstop ldap

Export the db in an ldif format:

slapd -4 -T cat -f /var/ldap/slapd.conf > /tmp/export.ldif

Modify it:

vi /tmp/export.ldif

Move the old db:

cd /data/Main/

mv Ldapbase Ldapbase.old

mkdir Ldapbase

Recreate the DB:

slapd -T add -f /var/ldap/slapd.conf -l /tmp/export.ldif
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
=> bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996)
=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
slapadd: could not add entry dn="o=jnprlabs,dc=cons165.magirus.com" (line=1): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
_##                    11.06% eta   none elapsed            none spd 368.9 k/s
Closing DB...

Start the ldap server:

nstart ldap

Lets see if the modif is here:

slapd -4 -T cat -f /var/ldap/slapd.conf

Taht's all !!!