Hi,
I've been trying to script database creation via cn=config.
Creating the HDB database works fine, but when I try to add the LDIF for
the root node, I get:
# ldapadd -YEXTERNAL -H ldapi:/// -f ./bootstrap.ldif
SASL/EXTERNAL authentication started
SASL username:
Hey folks,
I'm trying to debug the cause of faulty module behavior (autogroup) which has
eluded both strace and 'slapd -d 16383'
(and, just as a point of reference, it's slapd 2.4.18 and autogroup 1.8 on
Ubuntu 8.04). So, I'd like to use gdb to
figure out what's going on, but I'm not quite sure
Peter Mogensen wrote:
Hi,
I've been trying to script database creation via cn=config.
Creating the HDB database works fine, but when I try to add the LDIF for
the root node, I get:
# ldapadd -YEXTERNAL -H ldapi:/// -f ./bootstrap.ldif
SASL/EXTERNAL authentication started
SASL username:
Pierangelo Masarati writes:
Peter Mogensen wrote:
PS: As you can probably see, all access goes through SASL EXTERNAL. UNIX
root maps to cn=config via ldapi:///,
...plus authz-regexp, I assume
remote access uses x509 certificates.
Add an ACL (either global, if there aren't any in that
Dawei Wang wrote:
2009/9/15 Michael Ströder mich...@stroeder.com
mailto:mich...@stroeder.com
= I'd strongly recommend to update to 2.4.18 and syncrepl-based
replication.
This is our production env, upgrade is the last considered.
I expected exactly this answer.
Many fixes went in
Peter Mogensen writes:
Hallvard B Furuseth wrote:
Or (temporarily?) change rootdn for the HDB database to cn=config,
Isn't the rootdn required to be under the database suffix?
No, use of rootpw requires rootdn to be under the database suffix.
Our site's slapd.conf uses authz-regexp to
Hallvard B Furuseth writes:
Our site's slapd.conf uses authz-regexp to rewrite the root ldapi:// DN
to cn=admin. Works fine.
I mean it rewrites unix root to cn=admin, which is rootdn for the
databases.
--
Hallvard
Pierangelo Masarati wrote:
Add an ACL (either global, if there aren't any in that database, or
local) that allows the identity you trust to write to that database.
Global ACLs was probably a solution. (didn't know you could that).
So if I give cn=config write access to children attribute of
Hallvard B Furuseth wrote:
Or (temporarily?) change rootdn for the HDB database to cn=config,
Isn't the rootdn required to be under the database suffix?
Or has than been relaxed (or do I remember wrong)
/Peter
--On Wednesday, September 16, 2009 2:08 PM +0200 Peter Mogensen
a...@mutex.dk wrote:
Hallvard B Furuseth wrote:
Or (temporarily?) change rootdn for the HDB database to cn=config,
Isn't the rootdn required to be under the database suffix?
Or has than been relaxed (or do I remember wrong)
Hello.
This is a kind of follow-up on my previous message Trouble with
slapd-ldap in various scenarios (LdarErr: DSID-0C090627) sent to
OpenLDAP-Technical. I did more research on topic including a code
debugging. I finally found the reason why it doesn't work and fixed the
code.
I have to
On Tue, 15 Sep 2009, Ronie Gilberto Henrich wrote:
I think you mean slapacl -D
No, I mean slapd -d acl, not to say that slapacl isn't useful too. The
key to slapacl is knowing what the proper input should be, and history has
shown that slapd -d acl often proves enlightening to discovering
On Wed, 16 Sep 2009, omall...@msu.edu wrote:
The ISCA answer is:? You might try run everything under Valgrind instead of gdb
as it might be easier.
You can try that, but unless the fault is a memory error of some sort, I
don't know that valgrind has the right tools for it (or maybe I just
I haven't looked in detail to your message (yet, as I'm short of time
right now), but it seems that your patches make sense by themselves. I
suggest you submit your message to the ITS http://www.openldap.org/its,
uploading your patches according to instructions at
Ryan Steele wrote:
Hey folks,
I'm trying to debug the cause of faulty module behavior (autogroup) which
has eluded both strace and 'slapd -d 16383'
(and, just as a point of reference, it's slapd 2.4.18 and autogroup 1.8 on
Ubuntu 8.04). So, I'd like to use gdb to
figure out what's going on,
Ryan Steele wrote:
Howard Chu wrote:
autogroup isn't supposed to perform any expansion during searches.
That's not what it does.
So, you're saying that dynlist should perform the expansion, and autogroup
just allows you to filter it?
I'm quite certain I never said any such thing.
The
16 matches
Mail list logo