y help me?
WBR
Dmitriy
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
her or not the new version fixes it, but I have built the new
version and am now running it on a test server.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
k over the documentation.
Are you sure? Howard suggested I use it in his response to ITS #4691 (which,
now that I have a failover site again, I may be able to reproduce again to
test this).
I probably missed whether you were using refreshOnly or refreshAndPersist...
--
-- Howard Chu
Lesley Walker wrote:
Howard Chu wrote:
This is most likely ITS#4813, fixed in 2.3.34. As noted in that ITS,
it's a bit tricky to manually reproduce the problem since it's quite
timing dependent.
Many thanks for the confirmation. Is the fix in the provider or the
consumer? Or b
rly soon.
In the meantime, I expect to finish merging GNUtls support in the next
few days so that we can release a 2.4 beta.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
ic proxyattrset, but i'm
curious about if this behaviour is the intended one or if I should
fill an ITS with a patch (the change in code would be minimal), what
do you think?
No, just delete the other proxyattrset directive, you don't need it at all.
--
-- Howard Chu
Chief Archi
Jean-Claude wrote:
Hello,
I found a very similar and recent post on the Mailing List but no solution.
May be I missed something.
The solution was in this post:
http://www.openldap.org/lists/openldap-software/200704/msg00129.html
--
-- Howard Chu
Chief Architect, Symas Corp. http
defined in LDAP only affect
Simple Binds.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
uld try out this package and see
if they can explain the behavior (or reproduce it at all, as the case
may be).
Thanks in advance
Johan Jönemo
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Archite
is a no-op, which is in full
compliance with the SSS spec.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
is certainly desirable, but pushing the SASL specification is really
outside the scope of LDAP. So yes, we are pushing for this, but have no
idea how long it will take.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com
ients seeing its subtree temporarily disappear.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
x27;s not marketing hype; we can prove every point. AMD
and Intel make a big deal about piddly 20% differences between their
products. We are over 300% faster than the next closest offering. Other
projects and vendors talk about how superior they are (or hope to be)
but it's pretty clear
Tony Earnshaw wrote:
Howard Chu skrev, on 03-05-2007 17:14:
For anyone curious, the slides from my presentation at the SambaXP
conference last week are now up on my web site.
http://highlandsun.com/hyc/SambaXP.pdf
Thanks, wish I could have been there - this is a real eye-opener
Guide is still being revised. Some overlay tech tips are
available here
http://www.connexitor.com/forums/viewforum.php?f=6&sid=fdfc1407c56063c929743b30e0079b2b
You can also examine the test scripts in the test suite to see how
various features are used.
--
-- Howard Chu
Chief Architec
subsearch invokes your overlay again, therefore the
callback exists twice in the callback stack so it runs twice. You need
to check earlier for this case and return if you're already inside your
subsearch.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Hi
onsidered modifying right now. So: yes, it's a
> missing feature, but it's known (and I think it's documented, although
> I'm unable to point you to the right docs right now).
It is implemented in 2.4. The changes will not be backported to 2.3.
-- Howard Chu
Chief
and a
decent regex library first. I use Henry Spencer's regex.
Thanks!
Joe
.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
7;t
fix/available at that time. Has this been fixed/ready now.
Replication of LDAP configuration is available in 2.4.
Is any one using it ? Comments ?
I think if you check the archives you'll see a couple people reporting
success with it. It works fine.
--
-- Howard Chu
Chief Architec
/regex/rxspencer-alpha3.8.g3.tar.gz
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
used in test020;
that test cannot succeed without it.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
="ldap://ldap.intelligraphics.com";
slapd.conf directives don't use "=" equal signs.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
known bugs in both. In the current OpenLDAP
releases we detect unclean shutdowns and recover automatically, among
other things.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
rms,
the resulting candidate list can only be zero or one entries long,
regardless of any other indexing. So in this case, you'd save memory and
update times by leaving the other attributes unindexed.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director,
ode
example on the end shows that '{v}' should be used. So what is the right way?
It looks like the manpage example is wrong.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Howard Chu wrote:
Szombathelyi György wrote:
Hi!
I'm developing kldap, a Qt wrapper for LDAP-functions. When I tested ber_scanf
and ber_printf functions, I found this strangeness:
Encode a sequence of octet strings via ber_printf
ber_printf(ber,"{v}",list_of_strings);
Bu
ld script. (Also I've only done this with VC6; VC8 will
probably require some more tweaks of its own. At this point there are so
many different MSVC CRT DLLs to keep track of it's just not worth the
effort any more.) I suspect the wgcc tool may work as well but I haven't
used it o
r slapd, and it's not just a warning, it's a fatal error.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
coming from a slaptest invocation in your init script.
Comment out the slaptest, or start slapd by hand.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
will hit every entry in the DB and fully prime the DN cache (and
the DN-related info in the IDL cache). It will cycle the full contents
of the dn2id and id2entry DBs through the BDB cache as well.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun
all the info about the entry cache. The bdb->bi_idl_*
fields records the info about the IDL cache. In 2.4 some of these
counters are exposed via back-monitor. We can add more to the monitor
entry as needed.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Hi
want...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
n't affect it at all.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Raphaël 'SurcouF' Bordet wrote:
Hi,
Can we use ppolicy with another attribut than userPassword,
userCertificate by example ?
Using userCertificate would make no sense. Currently the ppolicy code
only works with the userPassword attribute.
--
-- Howard Chu
Chief Architect,
and don't mess with any of it.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
?
Some ideia?
Could you please be a bit more verbose on the error? Something like
debugging -d-1 would probabely be of help.
-Dieter
Modifications to the cn=schema,cn=config entry are not allowed. To add new
schema elements you must create a new entry underneath that point.
--
-- Howard
ion-cascade failed (exit 1)
make[2]: *** [bdb-yes] Error 1
make[2]: Leaving directory `/home/Joe/openldap-2.3.35/tests'
make[1]: *** [test] Error 2
make[1]: Leaving directory `/home/Joe/openldap-2.3.35/tests'
make: *** [test] Error 2
[EMAIL PROTECTED] /home/Joe/openldap-2.3.35
$
----
displayed last. (project requirement is: last modified entries are
displayed first.)
That must be pure coincidence. Entries are returned in their order of creation,
not order of modification. There is no configuration that will change this
ordering.
--
-- Howard Chu
Chief Architect, Sy
changes, does anything get written to disk or
logged in any way when the checkpointing code wakes up?
A timestamp will be written to the transaction log files.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief
DB version
number, it's impossible to tell what the actual problem is.
Don't just throw out random guesses when you don't have enough information to
answer a question. Ask more questions and get the necessary info.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.c
, the LDAP_OPT_X_TLS option is deprecated and should
not be used at all.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
to control
my client options without the use of config files.
Go ahead and do that then. But don't waste time with options that don't
actually have any meaning.
Regards
Markus
----- Original Message -
From: "Howard Chu" <[EMAIL PROTECTED]>
To: "Markus Moel
g:bad certificate
TLS: unable to get peer certificate.
Successfully set up TLS protected connection to ldap server
w2k3.windows2003.home:389
So, this setting definitely does something !!
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp:/
pw are not
supported anymore.
No, that's just a warning. The real error is "symbol lookup error: ..." (note
the tell-tale presence of the word "error" in the message...) Unfortunately
that part of the message is cut off, so we have no idea what symbol it's h
early missing a large amount of data. The BDB transaction
support can't help you if your hardware fails to preserve the transaction log data.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect
ace multiple CA certs in a single
file, and you typically need to do this on clients anyway.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
entry has multiple
"cn" values, like
"cn=foo",
"cn=joe",
"cn=foobar",
"cn=foobarX",
"cn=bob",
"cn=nofoobar"
- is it possible to have "cn" returned, but only these values,
which actually matched the filter ? Or, i
ssword -H "ldap://hostname:port"; -b
"cn=config"):
Questions
=
- Has anyone come across this behaviour ?
- Any hints / suggestions / tips ?
No idea, but it works perfectly for me on 2.3.36.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
No support" means no support.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
pd[1342]: slap_ap_lookup:
str2ad(cmusaslsecretPLAIN): attribute type undefined
Jul 3 07:50:49 Hodgkin slapd[1342]: send_ldap_result: conn=5 op=1 p=3
Jul 3 07:50:49 Hodgkin slapd[1342]: send_ldap_result: err=0 matched=""
text=""
Jul 3 07:50:49 Hodgkin slapd[1342]: SAS
/ hard options, but it was never fully implemented. And then it was removed...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
still valid:
http://www.openldap.org/lists/openldap-devel/200701/msg2.html
but it's also worth looking into if you go that route.
Last I checked the 1.0.11 MSYS DLL has not yet been officially released, so
this is still valid.
--
-- Howard Chu
Chief Architect, Symas Corp. http
he internal workings of Sleepycat/Oracle, so can't
really say. They did apply the patch to later releases (it was found by
Howard).
Found/written by ...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
;re referring to affects all platforms. It's just that we first
discovered the problem on Linux.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
-compatible shell to run the scripts.
As has already been stated multiple times on this list - use MSYS.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
was designed to do.
It is exactly intended for this purpose.
Can anyone provide any hints, suggestions, or moral support on whether
we're heading in the recommended direction, or whether there's a better
way to obviate the need for our legacy suffix entry using some other
kind of r
at
is happening?
That's pretty unlikely. A userCertificate attribute requires its values to be
in raw DER form, not PEM.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
onfig.
In OpenLDAP 2.4 you can set ACLs on cn=config just like any other database.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
in the
OpenSSL tools.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
s URL basically
has to do so in one thread or process and do the timing out in a separate
thread or process.
(Or reimplement that part of the OpenLDAP API, I suppose.)
Philip Guenther
Sendmail, Inc.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland
eartext.
Is this expected? Is there a way to prevent this?
Yes it is expected.
I guess it's an unexpected consequence of how rootdn is implemented.
Access controls are applied to entries, and rootpw is not in an entry.
No. The rootdn always ignores ACLs.
--
-- Howard Chu
Chief Archit
ct some text fields to be encoded. Look
for the double colons (::) after the attribute name to indicate that
it's encoded.
The only reason for base64 encoding in the example the original poster sent is
that there must have been trailing whitespace on one of the input values.
--
-- Howar
x data. In that respect, it can
be painfully slow.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
is
obsolete and back-ldbm is known to spontaneously corrupt its indexes. Update to
OpenLDAP 2.3/bdb, period.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
enerally there should be no delay. Again, this is normal, and any "network
guru" should know that.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
and make sure they match up (since they clearly don't, above).
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Howard Chu wrote:
Quanah Gibson-Mount wrote:
Anyone have any idea what would cause this error?
You have a corrupted index. No idea how that happened. Delete the index files
and run slapindex...
=> key_change(ADD,5bf)
bdb_idl_insert_key: 5bf [0096defd]
=> bdb_idl_insert_key: c_
system (e.g. 'rpm -qf --qf "%{VERSION}\n"
/usr/lib64/libldap-2.3.so.0'). You shouldn't have any software
installed except by your package management system :-P.
All of this is basic system administration, nothing specific to OpenLDAP
Software.
re: shared library version n
ad the OpenSSL documentation and fix
your certificates.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Emmanuel Dreyfus wrote:
Howard Chu <[EMAIL PROTECTED]> wrote:
From what you've posted above, I'm pretty sure you're not using
"subjectAltName" correctly. It is not a component of the certificate's
subject, it is an X.509 certificate extension. Read th
Howard Chu wrote:
Emmanuel Dreyfus wrote:
Howard Chu <[EMAIL PROTECTED]> wrote:
From what you've posted above, I'm pretty sure you're not using
"subjectAltName" correctly. It is not a component of the certificate's
subject, it is an X.509 certificate exten
Dave Horsfall wrote:
On Thu, 19 Jul 2007, Howard Chu wrote:
What I am seeing is a timeout of a minute before switching to Server2.
That would be normal when trying to contact a nonexistent host, and
depends entirely on your kernel's TCP stack/connection timeouts. As
already noted, yo
Emmanuel Dreyfus wrote:
Howard Chu <[EMAIL PROTECTED]> wrote:
That is definitely something we consider to be application-specific. Building
the setting into your app is the correct solution.
In general, settings in the config file must always be overridable, so a new
config option woul
10.2. Since you've just started testing, you should really be using the most
recent release. 2.3.32 is quite old already.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDA
quirements in the SASL
layer, allowing all insecure mechanisms to be used. A rather big mistake, after
you've gone to the trouble of enabling secure authentication with certificates.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Emmanuel Dreyfus wrote:
On Mon, Jul 23, 2007 at 09:58:37PM -0700, Howard Chu wrote:
# Cannot get this working!
#TLS_CRLCHECK peer
This only works with recent OpenSSL 0.9.8 releases. You didn't mention
which version of OpenSSL you're using. And since this entire subject is
purely
d any other implementor that wanted to claim that their LDAP product was
fully IETF-compliant.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
st add it to
Faq-O-Matic?
Yes, anybody can add entries to the FAQ (hasn't that been said enough times
already?), and you're welcome to add your corrected writeup there.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlan
Emmanuel Dreyfus wrote:
Howard Chu <[EMAIL PROTECTED]> wrote:
Though I suspect that in the 7
or so years that OpenLDAP has supported OpenSSL, many people have been
confronted with this problem, read the docs, and implemented the solution and
moved on to the next thing, without any fuss
Emmanuel Dreyfus wrote:
Howard Chu <[EMAIL PROTECTED]> wrote:
This is getting rude. :-/
It seems to me that you cannot read what is plainly in front of your face, for
whatever reason.
While I acknowledge the quality of your work on the OpenLDAP project, I
suspect you still hav
it's a general problem, then we're going to need to re-shuffle the layout of
the cn=config tree so that global directives are processed after any modules
are loaded. But I think password mechs are the only item that can be registered
at runtime that currently have a problem.
--
-- Ho
Pierangelo Masarati wrote:
Howard Chu wrote:
Pierangelo Masarati wrote:
That sounds like a bug. In fact, {K5KEY} is loaded by smbk5pwd, so if
in slapd.conf you correctly load the module __before__ using
password-hash things work as expected. However, when the configuration
is loaded from the
million
DNs. Unfortunately there is no way to control the size of the DN cache in
OpenLDAP 2.3, it simply grows without bound. A config keyword for the DN cache
will be in OpenLDAP 2.4.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp
matthew sporleder wrote:
On 8/11/07, Howard Chu <[EMAIL PROTECTED]> wrote:
Sumith Narayanan wrote:
Hi Group,
We have a coorporate openldap database in production which has more
than 4 million entries. The slapd process serves three different
physical dabases of sizes 4 GB , 12 GB and
documentation regarding
Linux. What about the case I explained, that we have clients that do
read/write, how to send the writes to the masters and reads to slaves
without having the clients chase referrals ?
Use the chaining overlay. See test017 for an example configuration.
--
-- Howard Chu
Chief
l back to
file based data. Please carefully check the logs of your server before
proceeding any further. It seems clear, from the little info you
posted, that basic authentication (LDAP simple bind) is not working with
the credentials you stored in your directory.
--
-- Howard Chu
Chief Arc
n you choose is going to require your clients to be modified to
adapt to the solution.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
s own authentication checks. As
pointed out in the FAQ http://www.openldap.org/faq/index.cgi?file=1041 if
you're using OpenSSL it's very likely that you've got the wrong one.
Thanks
-Original Message-----
From: Howard Chu [mailto:[EMAIL PROTECTED]
Sent: Monday, August 13, 20
it.
Having to require client modification might be the big reason to not
having it implemented, I guess.
在 2007-08-14二的 02:01 -0700,Howard Chu写道:
Zhang Weiwu wrote:
Hello.
I deployed an LDAP system and a set of applications around it that is
highly sensitive to the order of values, e.g first telep
Zhang Weiwu wrote:
在 2007-08-14二的 10:30 -0700,Howard Chu写道:
Zhang Weiwu wrote:
One dump question, the draft you composed expires at end of 2006, does
that mean this draft will no longer become RFC and (thus?) have no
implementation yet?
The draft is intended to document what we've al
he main
server.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
ensive and/or CPU
intensive. There's no good way to do this without sacrificing one or both.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
pper Server-Edition.
Looking forward to your answer!
Thanks,
Fabian
P.S. We are using self-signed certificates of our own CA.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Frankly the mention of slapd group caching here is bogus, since
group caching only benefits ACL performance when processing multiple responses
in a Search operation.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hy
ggest usable alternatives.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
ing
seems pretty unrealistic to me.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
uld not be generating integer values
with leading zeroes. If you don't like this, you have to change the LDAP spec
first.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://w
Howard Chu wrote:
So - to comply with the spec, clients should not be generating integer values
with leading zeroes. If you don't like this, you have to change the LDAP spec
first.
Never mind, the Integer definition comes from ASN.1, and it's defined there
with leading zeroes pro
omment the "TLSVerifyClient never" directive here to work around this
problem.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sunhttp://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
501 - 600 of 1345 matches
Mail list logo
