Re: refreshAndPersist & filter 2.3.11

2005-11-30 Thread Howard Chu
Alexey Kravchuk wrote: Hi, syncrepl of slapd 2.3.11 with type = refreshAndPersist works only when the syncrepl filter allows to fetch all parent entries up to the base. Yet it worked fine in 2.2.13. That is if we specify searchbase="dc=example,dc=com", filter="(objectClass=organizationalPerson)

Re: gssapi service principal

2005-11-30 Thread Kurt D. Zeilenga
slapd(8) itself does not manage Kerberos tickets. This is managed by the GSSAPI mechanism code in Cyrus SASL. Kurt At 01:25 PM 11/30/2005, Alex Moore wrote: >Does slapd or sasl build the kerberos5 service principle? > >On Solaris, I am getting a service principal without the fully >qualified dom

Re: gssapi service principal

2005-11-30 Thread Alex Moore
On Wed, 30 Nov 2005 08:20:59 -0800 Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote: > I would imagine there is something wrong with your kerberos > configuration then. > > Mine are all correctly defined: I am sure there is some truth in that statement somewhere:> I have used kerberos for login, n

refreshAndPersist & filter 2.3.11

2005-11-30 Thread Alexey Kravchuk
Hi, syncrepl of slapd 2.3.11 with type = refreshAndPersist works only when the syncrepl filter allows to fetch all parent entries up to the base. Yet it worked fine in 2.2.13. That is if we specify searchbase="dc=example,dc=com", filter="(objectClass=organizationalPerson)" for syncrepl as in the

Search on 'member' attribute in dynamic group

2005-11-30 Thread Jason Lin
Does anyone know if there is a way to search on the 'member' result returned in a dynamic group? thanks. Jason

Re: gssapi service principal

2005-11-30 Thread Quanah Gibson-Mount
--On Wednesday, November 30, 2005 6:25 AM -0600 Alex Moore <[EMAIL PROTECTED]> wrote: Does slapd or sasl build the kerberos5 service principle? On Solaris, I am getting a service principal without the fully qualified domain name. Like ldap/[EMAIL PROTECTED], instead of ldap/[EMAIL PROTECTE

gssapi service principal

2005-11-30 Thread Alex Moore
Does slapd or sasl build the kerberos5 service principle? On Solaris, I am getting a service principal without the fully qualified domain name. Like ldap/[EMAIL PROTECTED], instead of ldap/[EMAIL PROTECTED] Alex --

RE: sql-backend - ldapadd fails

2005-11-30 Thread Pierangelo Masarati
BTW, let me note that the only really significant contribution in the SQL below is the stored procedure and its capability to create new entries, because the statements that you added to create attribute values are plain SQL and, as such, the could have been defined also with MySQL 3.X. The same w

RE: sql-backend - ldapadd fails

2005-11-30 Thread Pierangelo Masarati
I suggest you cook a version of servers/slapd/back-sql/rdbms_depend/mysql/testdb_metadata.sql (call it, say, testdb_metadata-5.X.sql) that resembles the example data provided in pgsql, so that MySQL can be used in OpenLDAP 2.3's back-sql tests. If this implies relevant changes in the other files