ase directories.
If you ldapmodify via cn=config the DB environment will be closed and
re-opened to make the new settings take effect.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
DT Piotr Wadas wrote:
Hello,
Is it possible with openldap, any version, to tune DB_CONFIG attributes
for selected context via cn=config ?
Every version since 2.3.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
ecause libldap doesn't do any thread initialization
for those other libraries.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
_CONFIG parameters. A 4-core system
sounds fairly modern, it generally shouldn't be going to disk...if
DB_CONFIG is not tuned accordingly, that would drastically affect
performance. You can get some ideas for DB_CONFIG tuning in the
FAQ-O-Matic and list archives.
--
-- Howard Chu
CTO, Sy
Michael Ströder wrote:
Howard Chu wrote:
Michael Ströder wrote:
But userCertificate has certificateExactMatch (2.5.13.34) defined as
equality matching rule. This is *not* the octetStringMatch (2.5.13.17)
matching rule.
It is legal to use an octet string for certificateExactMatch. In
OpenLDAP
string is simply parsed and turned into a certificate assertion value
and then matched as usual.
Probably the encoding of his filter value is just wrong. And of course, it
would be simpler to just use a certificate assertion value instead.
--
-- Howard Chu
CTO, Symas Corp. http:/
situations? How do others deal with cases like this?
It is of course possible. Read the slapd.access(5) manpage. Note that wadd and
wdel are separate privileges.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
ests should use the documented form.
"," is historical... The FAQ entry is all that needs fixing.
Since we normally use white space for other delimiters, I think "," is
actually the better choice here. Anything that requires additional quoting is
generally a bad idea...
-
-kerberos.so
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Michael Ströder wrote:
Kurt Zeilenga wrote:
On Apr 1, 2010, at 3:22 PM, Quanah Gibson-Mount wrote:
--On Thursday, April 01, 2010 12:58 PM -0700 Howard Chu wrote:
Michael Ströder wrote:
HI!
I have some doubts about ACLs containing "by users" and the term
"authenticated c
Quanah Gibson-Mount wrote:
--On Thursday, April 01, 2010 12:58 PM -0700 Howard Chu
wrote:
Michael Ströder wrote:
HI!
I have some doubts about ACLs containing "by users" and the term
"authenticated clients" used in the man pages: If I bind with
SASL/EXTERNAL (e.g. over LDA
try.
No. Such a restriction would prevent distributed authentication from ever
working.
I saw that slapd.access(5) also mentions "realusers" for the field but
using this instead of "users" makes no difference.
Obviously that's not what it means. The "real" prefix
st slapadding on both the provider and
the consumer.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Neil Dunbar wrote:
On 7 Mar 2010, at 23:28, Howard Chu wrote:
And while nssov is really cute, since it exists in the same process space as
slapd, it doesn't end up triggering the pcache, which does gets fired upon
incoming LDAP requests from an external process (nslcd). It's proba
ap from PAM/NSS and a lot of these
linking issues disappear.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
provide support any more, and then I'll just spend my time playing fiddle.
For some level of users, we're already there - plenty of people use it without
needing any help.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
s, *particularly*
Debian/Ubuntu. The reasons why this is the case have been hashed over
many, many times. Particularly, the use of GnuTLS which is horribly
broken being one of the major reasons. The fact that they are not kept
up to date with current stable releases is another.
--Quanah
--
Qua
Neil Dunbar wrote:
On 4 Mar 2010, at 10:03, Ryan Steele wrote:
Howard Chu wrote:
Ryan Steele wrote:
Hey folks,
In order to provide stability to my OpenLDAP clients in the event of a
network outage, I would like to implement some client-side caching.
I've done some research, and
5 that were fixed by
switching to db-4.8. Haven't seen the same situation on Linux.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
ode
searchbase="dc=example,dc=com"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Di
ver) is deprecated.
It only seems that most are using slapd.conf because cn=config is new and most
sites with existing slapd.conf deployments haven't migrated to cn=config yet.
For new installs, just use cn=config.
--
-- Howard Chu
CTO, Symas Corp. http://www.sym
seamless failover to work automatically, without any
manual intervention, both nodes must be configured identically.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
within the replication consumer
site.
<<<
It's only use is to give the slapd -c option something to reference. Nothing
else.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
cket data structure. Please
check the OpenSSL error code above against:
/usr/include/openssl/ssl until we err(3) support\n",rc,0,0);
Pointless, since all failures inside init_ctx already call tlso_report_error().
--
-- Howard Chu
CTO, Symas Corp. htt
NYMOUS, -1,
0) = 0xa2e7e000
read(0,
I am wondering if there are some problems with KVM that prevent this
operation to carry out successfully.
slapadd is not hung, it is clearly reading from stdin. I.e., it is waiting for
you to type in some LDIF.
--
-- Howard Chu
CTO, Symas Corp.
o
control this feature as well.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
that remains in my mind, then, is why keep
> more than one contextCSN per database? Aren't we only concerned with the
> last write made to it (in this case, SID 001's
> write)? Thanks again for the insight.
That's only true in single-master replication. (Which is why th
to create a
> contextCSN, how does the perl client tell the ldap server the rid to use in
> the contextCSN ?
>
> I can't see any mention of anything like a rid parameter on the perl client
> side.
providers don't care about RIDs. They are solely a convenience mechanism
Michael Ströder wrote:
> Howard Chu wrote:
>> Michael Ströder wrote:
>>> Howard Chu wrote:
>>>> Show the output with debugging enabled. Note that "localhost" is treated
>>>> specially, and will be replaced by the local hostname instea
anges to the master, also achieve exactly what is described in the
> mirror mode description ?
Without the mirrormode feature you won't get automatic failover and recovery
capabilities.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
itle ought to understand that. This is not
specific to OpenLDAP administration, this is the way computer systems work.
The VM case doesn't bear highlighting in the OpenLDAP docs.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Michael Ströder wrote:
> Howard Chu wrote:
>> Show the output with debugging enabled. Note that "localhost" is treated
>> specially, and will be replaced by the local hostname instead of being used
>> directly in the name comparison.
>
> Why that? I strongl
be replaced by the local hostname instead of being used
directly in the name comparison.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
27;re just about to release
2.4.21 in a couple days from now.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
. Thanks.
OpenLDAP uses BerkeleyDB's Transactional Data Store.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
ontend doesn't try to send any response to it
right away.
Any help, or pointer to help, even for only one of this point, would be
much appreciate!
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
ed to make that work?
Look at sock_print_conn() in result.c. You'll have to add appropriate flags
and keywords in the config and header files as well.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
Emmanuel Dreyfus wrote:
Howard Chu wrote:
How is it supposed to work?
Most likely it's not. Since almost nobody uses SASL OTP with OpenLDAP, it's
never gotten much attention.
What do people use, then?
DIGEST-MD5
As far as I understand, there needs to be
some code for the
do I hit a bug?
Look into chaining...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
works fine. For the rare problem cases, (e.g., using proxy
syncrepl) an option has been introduced in 2.4.20 to allow the contextCSN to
be stored in a dedicated subentry instead of in the suffix entry (See
ITS#6373). But if you're not using proxy syncrepl, there's nothing to worry ab
ds to
performance of
berkeleydb/openldap toolset ?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
though, if SASL library is not
recompiled with tcmalloc, but this can be solved by not building
openldap with -ltcmalloc but load libtcmalloc by an ld_preload
environment variable.
[...]
I only use LD_PRELOAD. Simplifies things when I want to test with other malloc
libraries/leak checkers/debugge
er loading is next)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Brett @Google wrote:
> On Thu, Nov 5, 2009 at 4:20 AM, Howard Chu <mailto:h...@symas.com>> wrote:
>
>
> > Out of interest, has the syncrepl UUID / CSN format changed much
> between
> > 2.4.16 stable and 2.4.19 stable ?
>
> There have been
efresh interval) because I just don't make changes often enough for it to
matter.
> I was always confused in the documentation, as it says: sncrepl is
> entirely a client side technology and then it says you have the option
> to either pull or push updates. Now this becomes a bit cle
ssages related to connect failures, retries, etc.
> 4. Could I for example manually ask a master (using some ldapsearch
> statement, pretending I was the consumer) what the master thinks which
> entries I would have to update?
Yes, use ldapsearch -E sync. See the ldapsearch(1) manpage.
--
-
y reproduce
and subsequently include in the test suite, then we can attack these problems
and move forward.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
that
people hold off another couple days before deploying a TLS reneg fix. At least
for OpenLDAP, since in this case the cure is worse than the actual problem.
http://groups.google.com/group/mailing.openssl.dev/browse_thread/thread/4c36ff4db820e37c#
--
-- Howard Chu
CTO, Symas Corp.
t for multimaster
>>> replication is just based on poor directory design.
>
> Dieter, I do not agree with that. You can't blame a user for using a
> feature. It is not marked as experimental anymore so people are going
> to use it. Once it fails you can't call them a "Poor Directory
> Designer" for using it.
>
> http://www.openldap.org/faq/data/cache/1240.html
If they have implemented MMR without reading all of the warnings, they are
certainly poor designers for not becoming fully informed of the topic before
deploying it. If they have implemented MMR after reading all of the warnings,
they made a conscious choice.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Emmanuel Lecharny wrote:
> Howard Chu wrote:
>> Ludovic Poitou wrote:
>>
>>> Howard,
>>>
>>> Our security expert at Sun consider that the attack could be applied to
>>> LDAP, although it will be more complex to achieve for all the good
>>
tack.
Hi Ludo, thanks for the note. Kurt and I were discussing this offline and he
has suggested a possible attack as well. I'm still not convinced of the
details but we'll continue to investigate.
> My 2 cents.
>
> Ludovic.
>
> On Nov 8, 2009, at 11:04 AM, Howard Chu w
or when decoding such an attempt, and will simply drop
the connection as it does for any improperly encoded messages it receives.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
ructions at
>>>
>>> http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master
>>>
>>> as our guidance and we are using OpenLDAP version 2.4.11.
>>
>> I suggest you go read the CHANGES log for what has been fixed between
>> 2.4.11 and the latest stable 2.4.19.
>>
>> --Quanah
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
ok.
>
> Out of interest, has the syncrepl UUID / CSN format changed much between
> 2.4.16 stable and 2.4.19 stable ?
There have been no format changes. You should have been able to run 2.4.19
directly on the original database. No idea what issue you ran into.
--
-- Howard Chu
host:9004 -b ou=adressbuch,o=avci,c=de
>
> a search with spaces
> ldapsearch -x -H ldap://localhost -b ou=adressbuch, o=avci,c=de
> will result in error code 34 invalid DN syntax
You've failed to take into account the shell's parsing behavior.
Use: -b "ou=adressbuch, o=avci
Dieter Kluenter wrote:
> Howard Chu writes:
>
>> Dieter Kluenter wrote:
>>> GnuTLS cannot handle the subjectAltName attribute, thus if eihter
>>> client and/or server are linked with libgnutls it will cause such
>>> problem.
>>
>> False.
&g
cause of the problem. And even if it was, slapd shouldn't just hang. But
>> thanks for looking carefully.
>
> GnuTLS cannot handle the subjectAltName attribute, thus if eihter
> client and/or server are linked with libgnutls it will cause such
> problem.
False.
--
-- Howar
; https://postlister.uninett.no/sympa/arc/dns-ldap/2009-10/
> thrd1.html#0
>
>
> I'd just like to know _when_ this 'new' API can be used. That
> is, from which version. Official and Unofficial numbers would
> be nice, thanx.
Check the CVS log.
slmech=gssapi
> mode=self
>
>
> ##
> # Server B
>
> overlay chain
> chain-tls start
> chain-max-depth 3
>
> chain-uri "ldap://serverC.example.com";
>
s done anything to close it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Ryan Steele wrote:
Gavin Henry wrote:
- "Howard Chu" wrote:
The key element of MirrorMode is that there is an external frontend
that
ensures that all writes are directed to a single server. Otherwise,
there is
no difference.
Should I change the docs for MM? We do writes t
o use two nodes in N-Way Multi-Master replication?
The key element of MirrorMode is that there is an external frontend that
ensures that all writes are directed to a single server. Otherwise, there is
no difference.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
D
ditions all over that code in OpenLDAP 2.2.
Still, it would probably be best to use that approach whenever using a
database with empty suffix.
I suggest this issue is noted in the documentation of the "push" syncrepl.
--
-- Howard Chu
CTO, Symas Corp. http://www.
"ldap:///ou=users,dc=futurs,dc=inria,dc=fr??sub?(uid=$1)
Is this intentional ?
The name you see here is the name that Cyrus SASL gave to slapd. To answer the
question "is this intentional" you will have to ask the authors of the Cyrus
SASL/GSSAPI plugin.
--
-- Howard Chu
LDAP server, and the value of that
attribute needs to come from "cn" attribute.
Is there a way to do this?
Any help is highly appricated.
Yes. Read slapo-rwm(5) and use attribute mapping.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
CL work at this fine-grained a level? I'm going over the 2.4
docs and the FAQ-o-matic, but not coming across anything. (Though I'm
certainly building a very nice "Ooo, I should do that way..."
list...)
Yes. Read slapd.access(5).
access to attrs=objectclass value=posixAccoun
futex:
Process 22740 attached - interrupt to quit
futex(0x56274bd8, FUTEX_WAIT, 22742, NULL
... then suddenly it starts to listen and answer queries.
What can slapd be waiting for?
Use gdb and find out.
http://www.openldap.org/faq/data/cache/59.html
--
-- Howard Chu
CTO, Symas
: demand
`
Still works for me. Have your certificates expired?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
correctly.
Your configuration is wrong, therefore no lock is performed.
24.09.09, 00:06, "Howard Chu":
Evgeniy wrote:
hello
OpenLdap 2.4.18.
Attribute "pwdAccountLockedTime" is set, but auth is still Ok . Why ? On
Ldap 2.3 it works normal - user don't a
and is fixed in 2.4.17 onward.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
olicy, but nothing
preventing
this from happening elsewhere/in other plugins).
I think you're barking up the wrong tree. The ppolicy overlay was originally
coded to not replicate any state attributes, by design.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Directo
nt writing an answer would be wasted; the
answer will obviously be misunderstood.
"static" and "dynamic" are clearly antonyms in this context but you have
conflated the two together and are asking why you aren't seeing the behavior
you expect. Since we can only communicate in
handle being told that my version is too old and is unsupported.
I just wish we could scale back a bit on the contempt while being told.
Yes, it's less than an uncommon request...
It's so common that someone already wrote a lengthy article about how to deal
with it. Learn.
--
-- H
on't add any number of entries to a
database, no matter how much time you give it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
apcat.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Ryan Steele wrote:
Howard Chu wrote:
autogroup isn't supposed to perform any expansion during searches.
That's not what it does.
So, you're saying that dynlist should perform the expansion, and autogroup
just allows you to filter it?
I'm quite certain I never said a
work
- autogroup doesn't generate any errors, but fails to perform any expansions
during ldapsearches
autogroup isn't supposed to perform any expansion during searches. That's not
what it does.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Dir
,"$attrs[2]" ]);
| filter => $filter,
| control => [ $sort, $vlv ],
| );
| $msg = $ldap->search( @args );
`
-Dieter
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
long time. We had submitted a number of
EBCDIC-compatibility patches for OpenSSL, which as far as I know have not all
been integrated into their distro yet. Most likely a plain OpenLDAP install
will work fine, but some extra patching will still be needed for OpenSSL.
--
-- Howard Chu
CTO
any API standard, and are subject to change without notice.
There is no libldap function for returning the cert expiration date; since the
OpenSSL library already does cert validation checks we've never needed a
function to pull this out on its own. To do anything else you'll have to us
p-de...@openldap.org
And it would be ignored. This is the right list for this question.
But the original poster appears to be confused. ldap_int_poll() clearly checks
for EINTR already.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http:/
beros, I believe) are in
the list archives and probably the FAQ-O-Matic.
No, that tells slapd to ask SASL to do a password check, typically using
sasldb. He wants to use in-directory SASL secrets, which is the opposite of
what you answered.
--
-- Howard Chu
CTO, Symas Corp.
about what it could be?
Go and re-read the ldif(5) manpage.
Spaces are not allowed in the attributename. You have "attributename
" and there should be no space before the colon.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Michael Ströder wrote:
Howard Chu wrote:
josh.mul...@cox.com wrote:
..."If the client does not send a certificate, it can still connect."
Does that mean that traffic is still encrypted if a certificate is not
used?
Yes. Certificates are only for authentication, not encrypting t
w
As far as I understand, if the client sends a certificate, then slapd
can use it to map client to a LDAP DN, like this:
authz-regexpcn=foo uid=foo,dc=example,dc=net
If the client does not send a certificate, it can still connect.
--
-- Howard Chu
CTO, Symas Corp. http:
onger occurs in 2.4.17. Your packet trace shows a few TCP
retries, so the remote server's network stack is not responding, and you
already said "this server is frozen." Naturally the client hangs waiting for a
reply, if you didn't specify any timeouts of your own.
-
Michael Ströder wrote:
Howard Chu wrote:
Michael Ströder wrote:
Philip Guenther wrote:
Does cyrus-sasl even provide a means to get the authentication ID used?
That's exactly the question...
Yes. sasl_getprop( sasl_context, SASL_USERNAME, ... )
libldap will already display this on s
SASL_QUIET option.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
CID, it is initialized to the first non-null environment variable of
USER / USERNAME / LOGNAME. AUTHZID is empty.
Both of them can be overriden by .ldaprc or LDAP_SASL env variables.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlands
with it. Only a moron (or someone with a vested
interest in selling more memory, newer CPUs, and newer network switches) would
promote its use.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Emmanuel Dreyfus wrote:
On Fri, Jul 31, 2009 at 02:24:43PM -0400, Ryan Steele wrote:
Is the autogroup overlay considered stable
In my experience, it does not work at all.
If you haven't applied the patch for ITS#6227 then that's not surprising.
--
-- Howard Chu
CTO,
king for obvious coding errors, but aside from that we make
no claims about its usability. Reporting your own testing results to the list
will certainly be helpful.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
C
lly adding with cn=config, you have to create this instance yourself.
See the later section of test022-ppolicy in the test suite for an example of
how this is done.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
poofed. At any rate, when linked with OpenSSL you should be able to
use any type of cert. Since you're on debian, and probably using GnuTLS, I'm
not so sure. GnuTLS is still mostly unreliable, in my experience.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Di
and we're stuck with them now.
The only sane thing to do now is avoid using uniqueMember / NameAndOptionalUID
syntax in LDAP...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
F5 in any way, such as by the VIP type
mentioned by John Morrissey, so that you can wave that in front of
management (and under the nose of the F5 saleman when negotiating your
next support renewal...)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
within a slapd configuration.
Whatever else you said is just confusing/extraneous.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
commandline has nothing to do with this
question whatsoever.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
columns.
Thanks for any pointers.
-Reinhard
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Aravind Gottipati wrote:
On Sun, Jul 12, 2009 at 10:53 PM, Howard Chu wrote:
Fix the real problem, not just the symptom. The approach you're pushing for
is just putting a bandaid on a problem, not fixing it. This may be how other
folks handle their software design problems, but it just do
1 - 100 of 1345 matches
Mail list logo
