Hans Moser wrote:
Hi!
Coming back to this -
http://www.openldap.org/lists/openldap-software/200501/msg00375.html
where Howard Chu said:
In practice this requirement is of little value and is contrary to
one of syncrepl's other design points - the provider is not supposed
to need
library or
the OpenLDAP code. It merely allows the library to release the
transaction log files without requiring slapd to shutdown, so that you
can use db_archive or DB_LOG_AUTOREMOVE.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com
the K5 salt.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
up any statements to this effect for me.
Wherever you read that, ignore it. The password-hash should be {K5KEY}
if you want the Kerberos key to be used.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
annuaire slapd[19523]: conn=7554 fd=12 ACCEPT
from IP=10.5.1.4:35305 (IP=0.0.0.0:389) Jul 4 13:50:03
annuaire slapd[19523]: conn=7552 fd=18 closed Jul 4 13:50:03
annuaire slapd[19523]: connection_read(18): no connection!
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland
when doing ACL
evaluation.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
the current
(default) settings are working well or not.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
works well.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
Controls
The ldap.h file does not list those controls. It also
says some of the controls are in progress and not
yet formalized.
I would appreciate if someone throughs some light into this.
I am particularly interested in the password controls.
Thanks a million.
Neo
--
-- Howard Chu
Chief
you should file an ITS for this.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
or on reload?
Not in OpenLDAP 2.2, since that release is feature-frozen now and going
into end-of-life soon. If you want dynamic index management use OpenLDAP
2.3.
Regards, Graham --
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com
Tomasz Chmielewski wrote:
Howard Chu schrieb:
Quanah Gibson-Mount wrote:
--On Wednesday, July 13, 2005 2:49 PM +0200 Tomasz Chmielewski
[EMAIL PROTECTED] wrote:
Recently, when planning to deploy a directory server, I was
confronted with someone claiming that OpenLDAP performs poorly
and build the code.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
all these errors? Am I using the wrong
version of db_recover? Or is the home directory supposed to be
different when running db_recover under the OpenLDAP folder?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
Samuel Tran wrote:
Howard Chu wrote:
Samuel Tran wrote:
Hi All,
I am currently testing OpenLDAP 2.3.4. After successfully building it
I am now trying to configure slapd using the new style
(http://www.openldap.org/doc/admin23/slapdconf2.html).
However when I try to run: /usr/local
system resources.
slapd stopped.
connections_destroy: nothing to destroy.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
:
http://groups-beta.google.com/group/comp.std.internat/msg/24fc32228689a620?dmode=source
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
of OpenLDAP 2.1 releases we stated quite
clearly that you need to read the Sleepycat documentation and understand
it in order to get the best use of it. People who deployed incorrectly
have only themselves to blame for not reading and following directions.
--
-- Howard Chu
Chief Architect
a
checkpoint before closing the database environment. If slapcat was
running as root, and the checkpoint caused a new log file to be created,
it would be created/owned by root, and other processes would be unable
to write to the log. This was ITS#3703.)
--
-- Howard Chu
Chief Architect
/directory/openldap/configuration/bdb-build-42.html
No need to go surfing the web; in OpenLDAP 2.3 the patch is in
./build/BerkeleyDB42.patch in the source tree.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
cn=Manager,o=stepping-stone,c=ch
rootpw gugus
directory /var/lib/openldap-hdb/stepping-stone
I know, it doesn't really answer your question, but it works.
Kind regards, Michael
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun
will not be able to db_recover it; if
you're doing a lot of incremental slapadds over a course of time you
probably shouldn't risk -q...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp
is meaningless in slapd, as slapd doesn't use ldapdb. See the
SASL docs (options.html); it specifically says the ldapdb plugin is not
for use with slapd.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Team
do you mean by user can't authenticate ? Certainly they should
still be able to Bind.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
:
uid=test* : 0.007 seconds
# numEntries: 100
uid=*est222* : 0.048s
# numEntries:
Quite good.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
specify that when
converting the config format. Are the permissions in slapd.d correct?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and
blind faith, the imagination. -- Ursula K. Le Guin
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
were not read in properly, which
is why I asked if the permissions on slapd.d were correct.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
/core.schema
structuralObjectClass: olcIncludeFile
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
olcSizeLimit: 5000
olcSockbufMaxIncoming: 524288
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem
olcTLSCRLCheck: none
olcTLSVerifyClient: never
structuralObjectClass: olcGlobal
--
-- Howard Chu
Chief Architect, Symas Corp. http
CPUs. This is very general advice, you need
to look at what pthread_set_concurrency really means on your platform
(assuming you're using POSIX threads).
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core
.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
.
Thanks,
Shawn
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
your test environment
(including writing a test client in Java with JNDI) just to see what
you're talking about.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org
when the password is changed.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
Shawn McKinney wrote:
--- Howard Chu [EMAIL PROTECTED] wrote:
The current revision in CVS HEAD makes the
pwdAccountLockedTime user
modifiable again (undoing the draft-9 change for
now) and also deletes
the attribute automatically when the password is
changed.
I've verified
with the rest of the JLDAP
reports, but it hasn't disappeared.
Jon Roberts www.mentata.com
... forthwith donning my flame-retardant assflaps
Speaking as a C programmer, I can only say somebody needs to get their
act together. I don't know who that somebody is though.
--
-- Howard Chu
Chief
referrals are
precisely the correct feature needed to implement these references.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
BSD admin/developer at large
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
Dave Horsfall wrote:
On Tue, 13 Sep 2005, Howard Chu wrote:
createTimestamp
creatorsName
modifiersName
modifyTimestamp
[...]
Depends on your syncrepl consumer configuration, since you explicitly specify
which attributes to replicate there.
So attrs=* replicates
in OpenLDAP 2.3 your question is somewhat meaningless since a
slapd.conf keyword has been added for controlling settings in DB_CONFIG.
(See the slapd-bdb(5) manpage in OpenLDAP 2.3)
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp
the schema definition in memory.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
, resetting the password automatically
unlocks the account.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
now in HEAD, try applying the patch in
slapd/saslauthz.c -r1.158 to your source.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
-sessionlog 100
Thanks a lot for anwsers.
[EMAIL PROTECTED]
with the suffix o=my-company
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org
) for
the database, just as you would for any other database.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
Michael Ströder wrote:
Howard Chu wrote:
You must initialize the database, the accesslog overlay doesn't do it
for you. That is, you must create the suffix entry (cn=accesslog) for
the database, just as you would for any other database.
Played with it:
Subordinate eEntries
rid
of the trailing spaces, then it would just display it without base64
encoding.
As usual - garbage in, garbage out.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp
by users set.regex=(user/x2xTenant[$1]) read
to get this working in 2.2.
By the way, 2.2.28 is the latest 2.2 release. Since you're upgrading
anyway, you definitely should not be using something as old as 2.2.5.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director
a number of
times on the list in the past couple days.
Better still - this message means you need to upgrade to OpenLDAP 2.3...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp
to explicitly #undef it
first to remove the default value that glibc uses.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
this if that were true. You probably need to run db_recover.
Switching up to 2.3 would be a good move, since none of this particular
code exists any more in 2.3.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
users on the intervening networks. What if a malicious
user intercepts the message from the master that signals the slave to
create the VPN?
Why use a VPN at all, why not just use TLS?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp
Buchan Milne wrote:
On Monday, 10 October 2005 19:34, Howard Chu wrote:
errno 38 is ENOSYS, it seems the epoll_ctl system call is not
implemented on your target kernel. You say that running make test
works though?
On the build host, which has a 2.6 kernel. The kernel on the target
?
Sounds like ITS#4021. The fix was released in 2.3.8, and was not
backported to 2.2. The patch is simple, you can get it from CVS
libraries/liblutil/passwd.c r1.103
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
. The nature of this misbehaviour seems to be a little bit deeper,
so I didn't investigate this.
I don't believe you should be using the rwm overlay as a global overlay
since the relay backend automatically invokes it itself.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
of slapd.conf, the rest of its
configuration (including TLS parameters) must be set via ldap.conf.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
working on that
O'Reilly book ever contacted anyone on the OpenLDAP project re:
reviewing its content. (And yes, we have done so when asked by other
authors in the past.) As such, the book's technical accuracy and
best-practice suggestions are somewhat questionable.
--
-- Howard Chu
Chief
happening?)
You can see what's happening without using any external network
debugging tools. Just make sure debug level 2 is included in your debug
flags. E.g., run slapd -d2, slurpd -d2, -d3, -d7, etc...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun
| slapd destroy: freeing system resources.
| slapd stopped.
`
any hints?
-Dieter
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
discussed in that ITS have already been resolved.)
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
tell it to.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
to understand.
The slapo-glue man page has been removed from the distribution. See the
slapd.conf(5) man page instead, look up the subordinate keyword.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Team
are seen as purely informational.
ITS#4046 doesn't seem to be the right number.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
. 4.3.27 appeared to work. I haven't
tested the current (4.3.29) yet.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
* of creating
and deleting the data. Clearly in such a situation you have *no*
coherent security policy, which in my book is equivalent to having no
security. *That's* scary.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
,
Buchan
--
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI74592)
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
to implement this feature you desire rests on
the application side.
When you take the time to think through the actual flow of information
and steps needed to process it, it's all pretty obvious. No need to wonder.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
would probably have defaulted to using test-and-set mutexes. If you're
on 2.6 with NPTL it would most likely default to using POSIX mutexes.
It's worth double-checking your BerkeleyDB build to see exactly how it
was configured.
--
-- Howard Chu
Chief Architect, Symas Corp. http
the domain controller.
Any ideas on what I might have missed?
See ITS#4102.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
database into the foreign database.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
then? Whining on the discussion list doesn't get
problems resolved. If you've identified a specific weakness, but don't
report it, you shouldn't be surprised that it doesn't get fixed sooner.
You have only yourself to blame, for not filing the report.
--
-- Howard Chu
Chief Architect, Symas
: 864000
pwdMinLength: 5
pwdGraceAuthNLimit: 5
pwdAllowUserChange: TRUE
pwdMustChange: FALSE
pwdMaxFailure: 3
pwdFailureCountInterval: 120
pwdSafeModify: FALSE
structuralObjectClass: device
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp
to directives, but I don't see any samples
of how this can be done programmatically.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
listening (before main.c/slapd_daemon()
Out of curiosity, *why* do you want to do this?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
flawed?
No, the current design of the translucent overlay does not allow totally
local entries to exist. I.e., there must be a corresponding remote
entry. Also, it expects the local and remote DB to have the same suffix.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Pierangelo Masarati wrote:
On Sat, 2005-11-12 at 17:23 -0800, Howard Chu wrote:
Pierangelo Masarati wrote:
Is local addition intended to be supported? Yes, apparently, according
to the man page; but I note this case is not tested in test034. So my
question is: does my approach make
annoying.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
for; the overhead for maintaining ACID would
drop write throughput to a few operations per second on a moderate sized
network.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp
-bdb.
But that's probably OK, since the pagedResults feature properly belongs
in the frontend as well.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
a SIZELIMIT_EXCEEDED result to the caller when appropriate. Then no
callers (backends or overlays) need to worry about testing the limit,
they just need to handle the non-success return codes. (Which they do
already.)
At 03:14 PM 11/23/2005, Howard Chu wrote:
Eric Irrgang wrote:
I'm sorry
of the message and what to do to fix it ?
I use openldap 2.3.11.
This is not a fatal error and does not need fixing. Read the Sleepycat
documentation.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Team
looking for, you can't expect quality information.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
)
for syncrepl as in the LDAP Sync Replication config example from the Doc,
but set type = refreshAndPersist instead of type=refreshOnly
then syncing does not work.
Please submit this information to the ITS, otherwise it will be ignored.
--
-- Howard Chu
Chief Architect, Symas Corp. http
the syncrepl client multi-threaded
to address this shortcoming.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
/local/BerkeleyDB.4.4.
How do I get OpenLDAP to link with the bdb 4.4?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
?
You need at least version 2.2.24 to accept replication updates from a
2.3 master. You need at least version 2.3.12 to accept replication
updates from any previous release.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com
Howard Chu wrote:
Alexey Kravchuk wrote:
Hi,
syncrepl of slapd 2.3.11 with type = refreshAndPersist works
only when the syncrepl filter allows to fetch all parent entries up
to the
base.
Yet it worked fine in 2.2.13.
That is if we specify searchbase=dc=example,dc=com,
filter=(objectClass
with each other, and by doing so we all
naturally help each other as a result.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org/project/
if i can use
slave database to export the missing entries to an ldiff file and then
use the ldiff file to populate the master database. I also don't know
how to find what entries are missing in the master ldap.
thanks
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
servers you'll need the ldapdb module, which used to be in OpenLDAP
contrib but is now part of Cyrus SASL.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc
OpenLDAP Core Teamhttp://www.openldap.org
:/etc/openldap/cacerts. In /etc/openldap/ldap.conf I have tried:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/cacert.pem
Any suggestions would be greatly appreciated.
Grant
--
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
consider critical. ;) Which reminds me I need to get some of the
newer patches up on my site...
At this stage, CVS HEAD and 2.3 are close enough that anyone can just
pull the necessary patches out of HEAD.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland
Aaron Richton wrote:
Quite honestly, I have no idea. Use the source...
On Thu, 15 Dec 2005, [UTF-8] Micha�^B Kasperczyk wrote:
Does syncrepl calls overlays while adding new objects to slave LDAP?
Yes it does.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
and then generates the
hash later. As such, quality checking can always be performed when using
the exop.
Thanks,
Jim
*/Howard Chu [EMAIL PROTECTED]/* wrote:
Kurt D. Zeilenga wrote:
At 11:57 AM 12/19/2005, Jim Boden wrote:
Is there a way to force openldap to hash the userPassword entry
1 - 100 of 1091 matches
Mail list logo