Re: first time user

Kaveh, Am 27.06.2016 um 18:36 Uhr schrieb Kaveh Ehsani: I am using this for the first time so if there are protocols to follow please let me know. please, describte your problem in the subject as clear as possible! and try to run the same ldapmodify as: ldapmodify -H ldapi:/// -x -D

Re: chain-uri with a blank?

Am 18.02.2016 um 12:26 Uhr schrieb Michael Ströder: Marc Patermann wrote: Am 17.02.2016 um 19:03 Uhr schrieb Quanah Gibson-Mount: --On Wednesday, February 17, 2016 5:54 PM + Howard Chu <h...@symas.com> wrote: Marc Patermann wrote: should chain-uri work with an URI with a blank t

Re: chain-uri with a blank?

Am 17.02.2016 um 19:03 Uhr schrieb Quanah Gibson-Mount: --On Wednesday, February 17, 2016 5:54 PM + Howard Chu <h...@symas.com> wrote: Marc Patermann wrote: should chain-uri work with an URI with a blank the DIT path? like in: Spaces are never legal in URLs, LDAP or otherwise. In

chain-uri with a blank?

Hi, should chain-uri work with an URI with a blank the DIT path? like in: chain-uri "ldap://servername/ou=far bar,c=de" I'm getting a parsing error here with 2.4.43. Feb 17 18:35:01 slapd[1765]: /etc/openldap/slapd.conf: line 156 (chain-uri "ldap://servername/ou=foo bar,c=de") Feb 17

Re: how to add users to LDAP and test authentication?

Hi, Am 16.02.2016 um 17:42 Uhr schrieb Quanah Gibson-Mount: --On Tuesday, February 16, 2016 4:00 PM +0100 Marc Patermann <hans.mo...@ofd-z.niedersachsen.de> wrote: Am 16.02.2016 um 14:56 Uhr schrieb Mary Kao: I have very simple requirements for "users" e.g. representative

Re: how to add users to LDAP and test authentication?

Mary, Am 16.02.2016 um 14:56 Uhr schrieb Mary Kao: I have very simple requirements for "users" e.g. representative of user accounts with userid and password. a "user" for "authentication" in LDAP ist mostly an object you can bind to. The easiest way to bind to an LDAP server is "simple" bind,

Re: rebuilding the DIT

Timothy, Am 12.02.2016 um 02:14 Uhr schrieb Timothy Keith: I used this slapcat, I did not specific a config database. slapcat -v -l backup.ldif Do you know, if you use a config file (like /etc/openldap/slapd.conf) or the config backend (cn=config)? If not, read the admin guide about it!

Re: chaining for a single backend?

Am 08.02.2016 um 22:33 Uhr schrieb Quanah Gibson-Mount: --On Monday, February 08, 2016 4:50 PM +0100 Marc Patermann <hans.mo...@ofd-z.niedersachsen.de> wrote: Am 30.12.2015 um 11:49 Uhr schrieb Marc Patermann: I want to activate chaining for a single backend. The server is a repli

Re: chaining for a single backend?

Hi, Am 30.12.2015 um 11:49 Uhr schrieb Marc Patermann: I want to activate chaining for a single backend. The server is a replication consumer and has a few glued database backends. Only one is containing linux accounts with ppolicy overlay. This should use chaining to replicate the ppolicy

chaining for a single backend?

Hi, I want to activate chaining for a single backend. The server is a replication consumer and has a few glued database backends. Only one is containing linux accounts with ppolicy overlay. This should use chaining to replicate the ppolicy changes which otherwise stay local. Can this be

relax control

Hi, according to this list a change of a structural object class should work with: # ldapmodify -E relax OID of relax control is 1.3.6.1.4.1.4203.666.5.12, right? My servers do not advertise this control, do they? # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter:

Re: memberOf-overlay and custom schema (slapd.logs attched)

Dora, Am 01.12.2015 um 20:37 Uhr schrieb Dora Paula: #This modify operation seems to be ignored by memberOf-overlay: # cat << EOF | ldapmodify -x -H "ldap://localhost:2389/; -D "cn=admin,dc=example,dc=com" -w admin dn: cn=device,dc=example,dc=com changetype: modify add: objectClass objectClass:

Re: Atribute Tags [was: multi-value attribute virtual view of single attribute]

Hi, Am 27.10.2015 um 11:00 Uhr schrieb Howard Chu: Marc Patermann wrote: Am 24.10.2015 um 07:24 Uhr schrieb Howard Chu: Quanah Gibson-Mount wrote: --On Friday, October 23, 2015 1:15 PM -0700 Jason Whitener <jwhit...@pcc.edu> wrote: If I had a multi-valued attribute like cn: var0:va

Re: Atribute Tags [was: multi-value attribute virtual view of single attribute]

Howard, Am 24.10.2015 um 07:24 Uhr schrieb Howard Chu: Quanah Gibson-Mount wrote: --On Friday, October 23, 2015 1:15 PM -0700 Jason Whitener wrote: If I had a multi-valued attribute like cn: var0:value cn: var2:value cn: var3:value I think you're looking for the valsort

Re: Atribute Tags [was: multi-value attribute virtual view of single attribute]

Howard, Am 27.10.2015 um 11:00 Uhr schrieb Howard Chu: Marc Patermann wrote: Am 24.10.2015 um 07:24 Uhr schrieb Howard Chu: Quanah Gibson-Mount wrote: --On Friday, October 23, 2015 1:15 PM -0700 Jason Whitener <jwhit...@pcc.edu> wrote: If I had a multi-valued attribute like cn: var0

Re: Can a ppolicy be applied to a subtree?

Hi, Am 14.10.2015 um 16:06 Uhr schrieb Campbell, Courtney: I am curious if a ppolicy can be applied to a subtree so that it is added to a user account when newly created? Unfortunately not. I would like to have that too. As far as I know ppolicy overlay is a database setting. See man

Re: Ldap challenge

Hi, Andrew Findlay schrieb (27.04.2015 21:06 Uhr): On Mon, Apr 27, 2015 at 06:27:39PM +, Ross, Daniel B. wrote: All of my customers so far have chosen the parallel approach, as that allows the Unix LDAP to continue working if it loses access to AD. Ideally this includes installing a

Re: OpenLDAP permissions question

Igor, Igor Shmukler schrieb (20.03.2015 11:21 Uhr): Unfortunately, your email does not clear anything, FOR ME. It does not mean you are not 100% correct. I am just slow, I guess. Sorry. do simple things first! Do more complex things later! - Configure a rootdn with rootpw for each database.

Re: OpenLDAP permissions question

Igor, Igor Shmukler schrieb (20.03.2015 11:59 Uhr): - or make your first steps with ACLs and another user entry. What do I do here? read about ACL in the man pages and the admin guide!? Do you need multiple mappings? I understand that config database would allow me to have unto fifty

Re: OpenLDAP permissions question

Igor, Igor Shmukler schrieb (20.03.2015 07:24 Uhr): Indeed, slapacl(8) shows that I have read only access to DIT entries. I tried hijacking DIT databases, as in below: olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by dn=cn=admin,dc=ldap,dc=com write by

Re: OpenLDAP permissions question

Igor Shmukler schrieb (20.03.2015 13:43 Uhr): I need a way to alter records in any/every DIT database using another root - one that would work on ALL DITs. Use ACL! Makes sense. I just don't know how to get ACLs to work, nor does anyone else. be the first, read the docs!

Re: OpenLDAP permissions question

Igor, Igor Shmukler schrieb (20.03.2015 12:22 Uhr): I do have entries for each database. If my suffix is, for example dc=test,dc=org, administrator would be cn=admin,dc=test,dc=org Administrators have manage access to their databases. This part is working fine. I add and remove records as

Re: OpenLDAP Replication Issue

Tony, Tony S. Wu schrieb (23.01.2015 20:19 Uhr): please keep replies on the list. We kinda did this out of necessity. This is hell of an answer! :) Out ultimate goal is to remove 001, move web UI to 002, and move the replication hub role to 002. The reason we haven't done so is because of

Re: OpenLDAP Replication Issue

Tony, Tony S. Wu schrieb (21.01.2015 22:30 Uhr): We have 5 servers running OpenLDAP, 001 - 005. Server is CentOS 6.4, LDAP version is openldap-servers-2.4.23-32.el6_4.1.x86_64, current replication topology is: 001 = 002 001 = 003 001 = 004 001 = 005 001 is where the phpLDAPAdmin GUI is

Re: occasional user entry being deleted

Леонид Юрьев schrieb (20.01.2015 16:22 Uhr): This is the bug, which reproduced stably in our production environment. I plan fix it in our version (fork of OpenLDAP), immediatly after other crashes. See https://github.com/ReOpen/ReOpenLDAP/issues/3 how does patching your fork help anyone here?

Spam filter on this list [was: ***SPAM (score:7.3)*** resynchronizing partial replica after ACL change]

Hi, I was wondering what spam filter was working on this message and found this in the header: X-Spam-Report: Spam detection software, running on the system gauss.openldap.net, has identified this incoming email as possible spam. The original message has been attached to this so you can

Re: OpenLDAP incroyable!

Onno, Onno van der Straaten schrieb (26.11.2014 12:13 Uhr): Andanother one. Amazing. So hard to understand the OpenLDAP interface. Might just as well have been in Chinese. $ ldapmodify -h zimbra.server.com http://zimbra.server.com -p 389 -D cn=config -f olc_password_hash.ldif -W On

Re: adding VLV support to OpenLDAP 2.4.31

Igor, Igor Shmukler schrieb (12.11.2014 11:36 Uhr): I am guess making wild guesses... Could it be that I need to adjust the below line: dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config Should I perhaps replace cn=config with dc=nodomain or something else? No. With slapd.d config instead of

Re: Backing up openldap

Jerry, Jerry schrieb (08.11.2014 13:07 Uhr): Before changing over to mdb from bdb, I ran a script that used slapcat to generate an LDIF file every night. Since updating to mdb, that script fails if slapd is running. That is expected behavior from what I have been reading.

Re: Addressbook in LDAP ... should be simple right?

Adam, Adam Goryachev schrieb (08.07.2014 06:28 Uhr): PS, the context is to try and replace MS Outlook with Mozilla Thunderbird. With email in IMAP4, that works well. I can share the calendar from thunderbird to iphones/android phones with http://calendarserver.org/. Now I'm just trying to

Re: Promoting slave to master LDAP server

Bruno Furtado schrieb (27.06.2014 21:45 Uhr): can I promote a LDAP slave server to master? yes

mdb maxsize too big - no specific error message?

Hi, is there no specific error message if the mdb maxsize is too big (for the containing filesystem)? I used my ansible (great tool!) playbook to create an ldap server in a test VM. This was only 8 GB small. My initial slapadd failed and I did not why. (On my real hardware test machine this

chaining a subordinate database only?

Hello, http://www.openldap.org/doc/admin24/overlays.html#Chaining says: On each replica, add this near the top of the slapd.conf(5) file (global), before any database definitions - so chaining works as a global directive for all databases in the example. I get it to work this way. But I want

Re: OpenLDAP-2.4.23 on SUSE 11

Scott, Mulligan, Scott schrieb (20.05.2014 03:40 Uhr): I am running openldap-2.4.23 on SUSE 10 with no problems. After upgrading to SUSE 11, I cannot start slapd. I get an error that it can’t find libltdl.so.3. I noticed that libltdl.so.7 is in /usr/lib64. My question is: Will

SAML Identity Provider for OpenLDAP

Hi, I searching for proven extention to use my OpenLDAP directory data with an SAML identity provider. I found LemonLDAP:NG and OpenAM as possible candidates. Howtos and success stories are welcome! Marc

Re: Syncrepl Multi-Master with multiple BDB backends

Michael, Michael schrieb (27.03.2014 21:58 Uhr): I have two servers i'd like to setup to do MMR. I have several BDB backends that I would like to replicate. My question is do I need to create a replicate user for each BDB backend as well as a syncrepl statement under each BDB definition and

building SLES packages on openSuSE Build Service

Hi, I used to build newer versions of openldap on openSuSE Build Service derived from the ones at network:ldap (from Ralf Haferkamp; which is stuck at .33). I did this for 2.4.33, .34 and .35. When I tried to build 2.4.36 something changed (at the build service?) and now my builds - even

Re: Q: duplicate contextCSN; remove it?

Ulrich Windl schrieb (29.08.2013 09:48 Uhr): When I examine my slapcat of the config database (multi-master replication), I see a duplicate contextCSN; one of them seems obsolete: contextCSN: 20130722065709.189194Z#00#000#00 contextCSN: 20130729112421.079210Z#00#001#00

Re: One questions about nested gourp support of openldap

Jacky, ctosgh schrieb (09.08.2013 10:54 Uhr): To meet the following requirement: groupA contains user entries: cn=a,ou=users,dc=test,dc=com cn=b,ou=users,dc=test,dc=com groupB contains groupA I have following questions: 1 Which object classes should I use to implement above

Re: slow replication

Meike Stone schrieb (26.04.2013 14:34 Uhr): Is it possible to simulate the present phase with ldapsearch, to look if the provider needs so long and if, what part (entries updated or unchanged entry ) needs so long? look at # man ldapsearch for -E and sync=rp[/cookie][/slimit]

Re: Quick setup replica with openldap-2.4.33

Quanah, Quanah Gibson-Mount schrieb (26.03.2013 17:55 Uhr): --On Tuesday, March 26, 2013 5:20 PM +0100 Marc Patermann hans.mo...@ofd-z.niedersachsen.de wrote: But I think, this in not the case. How should the two servers know about each other? His question was if it is ok to copy

Re: Quick setup replica with openldap-2.4.33

Takashi, Takashi Komatsubara schrieb (26.03.2013 09:26 Uhr): This is my first time to post a question. Please forgive me if I am making miss-posting. I have a big ldap master which is based on openldap-2.4.33. The mdb file size is 50 GB. In order to setup an replica server quickly, can

Re: provider/consumer: entries have identical CSN

Walter, Walter Werner schrieb (15.03.2013 10:58 Uhr): I get a strange replication problem. After i didn't find a solution somewhere on internet i decided to post to this mailing-list. Probably i should describe my system settings. Both consumer and provider are running on suse 12.1. And i got

Re: Issues with deletes and syncrepl

Adam schrieb (13.03.2013 07:18 Uhr): mirrormode on overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE man slapo-syncprov: syncprov-nopresent TRUE | FALSE Specify that the Present phase of refreshing should be skipped. This value should only be

Re: S/Mime configuration

Jignesh, Jignesh Patel schrieb (11.03.2013 00:51 Uhr): How to configure s/mime with openldap 2.4.23? What do you think S/MIME - Secure/Multipurpose Internet Mail Extensions - is for and how is this related to openldap? Marc

Re: Can't contact server for syncrepl but can ldapsearch

Carlo, Carlo Santos schrieb (04.02.2013 09:02 Uhr): olcSyncRepl: {2}rid=002 provider=ldaps://ldap2.myorganization.org binddn=cn=admin,dc=myorganization,dc=org bindmethod=simple credentials=password searchbase=dc=myorganization,dc=org type=refreshOnly interval=00:00:05:00 retry=5 5 300 5

Re: How to get all attributes of a entry

Re: monitoring openldap 2.0.27 connections

santosh malavade schrieb (29.11.2012 07:46 Uhr): We are using openldap version 2.0.27 on RHEL AS 3 with Postfix 2.2.10 Don't touch things you see in a museum! ;) Marc

local password change in read-only replica?

Hi, from a central master/provider server we replicate to (a lot of) sync-repl slave/consumers. Which are then - of course - read-only. We have passwordpolicy turned on on all the servers. Now we have three accounts - each an another home replica - which have a newer modifyTimestamp value on

Re: OpenLDAP - how to correct invalid cn values

Craig, Whiteman, Craig schrieb (29.10.2012 11:59 Uhr): A bug in a PHP script http://www.linuxquestions.org/questions/showthread.php?p=4813771 has caused some entries in the LDAP database http://www.linuxquestions.org/questions/showthread.php?p=4813771 to have invalid values: by invalid you

Re: Trying make a replication

rodrigo, rodrigo tavares schrieb (02.08.2012 21:43 Uhr): binddn=cn=syncrepl,dc=defensoria,dc=mg,dc=gov,dc=br -D 'uid=syncrepl,ou=defensoria,dc=defensoria,dc=mg,dc=gov,dc=br' -W uid=syncrepl,ou=defensoria not equal to cn=syncrepl (under dc=defensoria,dc=mg,dc=gov,dc=br).

Re: Docs To Do list and other ideas. Please contribute

Hi, Michael Ströder schrieb (05.07.2012 21:57 Uhr): Gavin Henry wrote: On 5 July 2012 16:44, Gavin Henry gavin.he...@gmail.com wrote: On 5 July 2012 08:23, Michael Ströder mich...@stroeder.com wrote: xsun wrote: I don't remember if we talked about a wiki in the past but it's definitely a

Re: autogenerated/virtual attributes

Hi, Michael Ströder schrieb (21.04.2012 20:12 Uhr): b...@bitrate.net wrote: given an entry such as: dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com objectclass=mailgroup cn=abuse member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com i'd like the entry to also include an

Re: Lock table is out of available locks

Quanah, Quanah Gibson-Mount schrieb (08.05.2012 17:12 Uhr): --On Tuesday, May 08, 2012 3:41 PM +0200 Marc Patermann hans.mo...@ofd-z.niedersachsen.de wrote: while extending an object by adding a lot of maildrop values, slapd refused to MOD with err 80: Can anyone tell me what happens here

Re: Lock table is out of available locks

Hi, Quanah Gibson-Mount schrieb (09.05.2012 10:17 Uhr): --On May 9, 2012 9:45:52 AM +0200 Marc Patermann hans.mo...@ofd-z.niedersachsen.de wrote: Quanah Gibson-Mount schrieb (08.05.2012 17:12 Uhr): --On Tuesday, May 08, 2012 3:41 PM +0200 Marc Patermann hans.mo...@ofd-z.niedersachsen.de wrote

Lock table is out of available locks

Hi, while extending an object by adding a lot of maildrop values, slapd refused to MOD with err 80: May 4 15:31:57 rzhs720 slapd[27004]: conn=1007 op=3 MOD dn=ou=infogroup,ou=foo May 4 15:31:57 rzhs720 slapd[27004]: conn=1007 op=3 MOD attr=objectClass ou cn mail member maildrop May 4

Re: DEL don't get synced

Nick, Nick Milas schrieb (28.04.2012 21:06 Uhr): On 1/3/2012 6:32 μμ, Marc Patermann wrote: from a provider with pre 2.4.30 (from Feb. 21st) and four consumers with exact the same config (checked by md5sum), two with 2.4.26, one with pre 2.4.29 and one with the same pre 2.4.30 version, I

replicating and refint

Hi, on a master server overlay syncprov and overlay refint (refint_attributes member memberOf) are set. Now on object, which is in a group is deleted. Refint changes the group by deleting the member. The changed user object and the group are to be replicated. The user is. The group is not:

Re: ppolicy overlay doesn't apply

Cosmin, Cosmin Ciuraru schrieb (12.04.2012 08:07 Uhr): I am trying to use the ppolicy overlay with openldap, version 2.4.20, installed on a SLES 11 SP1 x64, as a package. I have made the following for a more recent version check out this repo:

Re: REL_ENG versions produce different libraries?

Nick, Nick Milas schrieb (30.03.2012 16:08 Uhr): On 30/3/2012 4:27 μμ, Howard Chu wrote: Test builds are not meant to be packaged. Even if it is so, in practice I use packaged builds for testing because in this way I can control better what happens to the system and manage versioning.

Re: Resync DEL

Hi, Howard Chu schrieb (24.02.2012 21:36 Uhr): Marc Patermann wrote: With this sorted out, this is what I get (both pre 2.4.30 code): - slapadd the provider with current data - slapadd the consumer with older data - present check, exact sync - ldap changes on provider - reset and slapadd

Re: daemon: bind(6) failed errno=98 (Address,already in use)

stefano, stefano schrieb (23.02.2012 10:40 Uhr): STATE B slapd is stopped run /etc/init.d/slapd start---it works checking pid pgrep slaps---2237 stopping slapd /etc/init.d/slapd stop--- slapd is stopped pgrep slapd---2237 -the process is still active- starting slapd /etc/init.d/slapd start

Resync DEL

Hi, due to the DEL don't get replicated issue, I have inconsistent data on the consumers. I set up a test pair with a provider with current master data and a consumer with current slave data. The data set differs in a few entries which DEL were not replicated. Is there any way to get the

Re: daemon: bind(6) failed errno=98 (Address,already in use)

stefano, stefano schrieb (22.02.2012 10:00 Uhr): i tryied to comment everything in ldap.conf and restart the ldap server but is failed. You can forget about all the ldap.conf things before you did not solved this: checking in syslog the error is daemon: bind(6) failed errno=98

Re: DEL don't get synced

Buchan, Buchan Milne schrieb (21.02.2012 11:38 Uhr): As far as I have read in changelogs and ITS, anything from OPENLDAP_REL_ENG_2_4 (including 2.4.29) before: commit 10c81e2a46c9b603ba1dfcf53422573d5068ba04 Author: Howard Chu h...@openldap.org Date: Sun Feb 12 21:07:25 2012 -0800

Re: DEL don't get synced

Buchan, Buchan Milne schrieb (21.02.2012 12:48 Uhr): On Tuesday, 21 February 2012 12:41:40 Marc Patermann wrote: Buchan Milne schrieb (21.02.2012 11:38 Uhr): As far as I have read in changelogs and ITS, anything from OPENLDAP_REL_ENG_2_4 (including 2.4.29) before: commit

Re: DEL don't get synced

Nick Milas schrieb (01.02.2012 11:03 Uhr): On 31/1/2012 10:16 μμ, Quanah Gibson-Mount wrote: If you'd like to test it, that would certainly help make its release be more towards the near future than the far future. I would surely like to test it. However, I haven't got a clue on building the

DEL don't get synced

Hi, under some circumstances DEL don't get replicated to the consumers (SyncRepl). I think this has to do with other changes at the some moment. I attached two logs excepts in sync.log. In the first except there is only a DEL Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=2 DEL

DEL don't get synced

Hi, under some circumstances DEL don't get replicated to the consumers (SyncRepl). I think this has to do with other changes at the some moment. I attached two logs excepts in sync.log. In the first except there is only a DEL Jan 31 09:16:01 ldapserver slapd[10641]: conn=79138 op=2 DEL

Re: DEL don't get synced

Hi, Howard Chu schrieb (31.01.2012 12:08 Uhr): Marc Patermann wrote: under some circumstances DEL don't get replicated to the consumers (SyncRepl). I think this has to do with other changes at the some moment. Already known, ITS#7052. Thanks. So this is fixed in 2.6.27 (and later

Re: DEL don't get synced

Howard, Howard Chu schrieb (31.01.2012 14:22 Uhr): Marc Patermann wrote: Howard Chu schrieb (31.01.2012 12:08 Uhr): Marc Patermann wrote: under some circumstances DEL don't get replicated to the consumers (SyncRepl). I think this has to do with other changes at the some moment. Already

Re: DEL don't get synced

Howard, Howard Chu schrieb (31.01.2012 14:22 Uhr): Marc Patermann wrote: Howard Chu schrieb (31.01.2012 12:08 Uhr): Marc Patermann wrote: under some circumstances DEL don't get replicated to the consumers (SyncRepl). I think this has to do with other changes at the some moment. Already

Re: memberOf and glued databases

Hi, Marc Patermann schrieb (16.01.2012 17:44 Uhr): short question first: Is overlay memberOf supposed to work with glued databases in any direction? Hm, nobody? Did I make a configuration error? Is it a bug? Is it worth a feature request? Will it never work that way? Marc

Re: memberOf and glued databases

Howard, Howard Chu schrieb (19.01.2012 18:14 Uhr): Marc Patermann wrote: Marc Patermann schrieb (16.01.2012 17:44 Uhr): short question first: Is overlay memberOf supposed to work with glued databases in any direction? Hm, nobody? Did I make a configuration error? Is it a bug? Is it worth

memberOf and glued databases

Hi, short question first: Is overlay memberOf supposed to work with glued databases in any direction? I tried with 2.4.28 and get the following results: slapd.conf with two databases 1. step --- This is simple. MemberOf overlay only in one database ou=groups,ou=foo,ou=bar

Re: Disabling SASL auth at server side

Angel, Angel L. Mateo schrieb (11.01.2012 13:37 Uhr): Is there any way to configure the openldap server to disable this mechanisms?, because I don't want any sasl authentication. Shouldn't this be done by the mech_list parameter in the SASL application config file (which is slapd.conf in your

Re: ACL question - minimum rights for Apache HTTP Server Bind User

Axel, Axel Birndt schrieb (14.12.2011 21:36 Uhr): apache.conf--- . AuthType basic AuthBasicProvider ldap AuthName LDAP-geschuetztes Verzeichnis AuthLDAPUrl ldap://localhost:389/ou=user,dc=2axels-company,dc=de?cn?sub; AuthLDAPBindDN

Re: memberof overlay deployment

Michael, Michael Ströder schrieb (01.12.2011 18:55 Uhr): masar...@aero.polimi.it wrote: slapo-memberof(5) does not support tool mode; in order to populate the memberOf attribute of an existing database you need to use ldapadd(1). You could, for example, dump your group entries, remove them,

Re: Syncrepl error causes consumers to freeze

Nick, Nick Milas schrieb (28.11.2011 11:04 Uhr): On 28/11/2011 11:37 πμ, Quanah Gibson-Mount wrote: Can I somehow run a (consumer) server in syncrepl debugging mode, in order to capture *in adequate detail* problems that MIGHT arise, despite a possible high debug logging volume (which would

Re: trigger script on change to db

Eli, E.S. Rosenberg schrieb (13.11.2011 17:13 Uhr): I was wondering is it possible to set a slapd syncprov consumer to trigger a script when it receives changes to the db (updates of specific attributes). I think you might be able to replicate to a server instance with back-perl or back-shell

Re: SyncRepl for subtree

sim123, sim123 schrieb (02.11.2011 20:59 Uhr): I am trying to setup syncrepl, and consumer needs only one subtree from provider and I want to create another subtrees in consumer side, something like this mentioned in this post:

Re: syncrepl provider not working after upgrade to 2.4.26

Nick, Nick Milas schrieb (18.10.2011 08:07 Uhr): # Load dynamic backend modules: modulepath /usr/local/openldap/lib64 could it be that you have to load some modules here? Look at the directory for what is in there. Marc

Re: Bind with attribute + RDN instead of DN

Hi, sim123 schrieb (12.09.2011 07:15 Uhr): Well, while browsing for solution I realized that I was misinterpreting RDN, so basically what I want is any third party application to authenticate against my ldap using attributes other then DN, I guess its the job of application to do a search

Re: Slapd-meta stop at the first unreachable candidate

Michel, Michel Gruau schrieb am 19.08.2011 13:13 Uhr: It have a slapd-meta configuration as follows: database meta suffix dc=com uri ldap://server1:389/dc=suffix1,dc=com uri ldap://server2:389/dc=suffix2,dc=com uri ldap://server3:389/dc=suffix3,dc=com so while the 3 server serve different

Re: TLS issue with SLES11

Hi, pradyumna dash schrieb am 27.08.2011 12:23 Uhr: I want to achieve ldaps, that means all the communication should use 636 port, i have changed the parameters in the /etc/openldap/sysconfig file, but no luck. I don't understand what you want, either. As you wrote netstat .lnap |grep ldap

Re: openldap syncrepl Provider with Slave(older version)

Rupesh, Rupesh Thakkar schrieb: #syncrepl Provider for primary db overlay syncprov syncprov-checkpoint 1000 60 # Let the replica DN have limitless searches limits dn.exact=umObjectGUID=218afb42cb5e11e09542001a64e587d4,ou=People,dc=Avaya time.soft=unlimited

Re: provider crash on high replication load

Howard, Howard Chu schrieb am 15.08.2011 23:20 Uhr: Marc Patermann wrote: Why does slapd crash here? This looks like the same trace as ITS#6892, but that was already patched/fixed in 2.4.26. # rpm -qa openldap2 openldap2-2.4.26-143.1 (the Ralf Haferkamp SLES rpms) Need a bit more info

Re: provider crash on high replication load

Howard, Howard Chu schrieb am 15.08.2011 23:20 Uhr: Marc Patermann wrote: Why does slapd crash here? This looks like the same trace as ITS#6892, but that was already patched/fixed in 2.4.26. Need a bit more info from the crash. E.g. print *ss print *ss-s_op Is this, what you

Re: provider crash on high replication load

Howard Chu schrieb am 15.08.2011 23:20 Uhr: Marc Patermann wrote: Why does slapd crash here? This looks like the same trace as ITS#6892, but that was already patched/fixed in 2.4.26. Need a bit more info from the crash. E.g. print *ss print *ss-s_op (gdb) print *ss No symbol ss

provider crash on high replication load

Hi, I have the following problem: On a sycrepl provider I have lots (100+) consumers in refresh and persist mode. After upgrading the provider from 2.3.x to 2.4.25 I can crash the server by a single mod on the root object of one database. Aug 15 14:18:37 trzs721boot kernel: [544888.798212]

Re: provider crash on high replication load

Marc Patermann schrieb am 15.08.2011 15:00 Uhr: I tried to create a core dump, but I could not get it work. I used this howto. The top example works, I get a core file for user ldap. With slapd it is not. sorry, I forgot the link: http://www.unix.com/security/55651-how-set-coredump-suse-10

Re: list of replics

Dmitriy, Dmitriy Kirhlarov schrieb am 11.08.2011 16:38 Uhr: Our company has some core ldap servers. Also we have many replicas from this core, all supported by different persons. I need to get the full list of these replicas. I supposed to find this information in slapd.log, with sync

Re: Alternate target for slapd-meta ?

Michel, michel.gruau schrieb am 02.05.2011 11:34 Uhr: I implemented a slapd-meta configuration with several backend directories. I would like to know whether slapd-meta is capable to switch requests to an « alternate target » when a given target is unavailable. Reading all the documentation,

Re: newbie slapd.conf VS slapd.d management ?

Oliver, Olivier schrieb am 18.04.2011 16:50 Uhr: OR SHOULD I EDIT DIRECTLY FILES IN SLAPD.D AND DEFINITIVELY REMOVE THE SLAPD.CONF FILE ? you do _not_ edit files unter slapd.d. You modify the cn=config backend (which in most cases is stored in slapd.d) with ldap. Marc

Re: Database meta does not have any root node

Michel, michel.gruau schrieb am 11.04.2011 17:22 Uhr: I am trying to configure an LDAP proxy towards 2 LDAP targets and I'm using the meta backend as follows: database meta suffix ou=A,o=B,c=C uri ldap://server1/ou=S1,ou=A,o=B,c=C uri ldap://server2/ou=S2,ou=A,o=B,c=C It is working fine

Re: access control for opattrs (memberof overlay)

Peter, Peter Schober schrieb am 06.04.2011 16:48 Uhr: How do I control access to operational attributes, in this case memberOf by the eponymous overlay? While I can put an index on 'memberOf' I can't seem to use it in an attrlist as part of an ACL: unknown attr memberOf in to clause I didn't

Re: LDAPCon?

Hi, Michael Ströder schrieb am 01.04.2011 08:35 Uhr: Yes, 3rd LDAPcon 2011 is organized by DAASI, October 10 – 11 in Heidelberg, Germany. see http://www.ldapcon.org Great! Marc

Re: user authentication on attributes

Simon, sim123 schrieb am 29.03.2011 23:47 Uhr: I have openLDAP server up and running and trying to integrate it with Confluence. My LDAP structure looks like [...] I guess I should be able to do LDAP_BIND with any attribute and LDAP should be able to search user's DN based on the attribute

Re: Efficient Searching for Groups its members

sim123, (no top posting, please!) sim123 schrieb am 24.03.2011 01:10 Uhr: On Wed, Mar 23, 2011 at 5:01 PM, Indexer inde...@internode.on.net mailto:inde...@internode.on.net wrote: On 24/03/2011, at 10:22, sim123 wrote: I am designing LDAP schema and the structure looks like :

Re: complex characters in UID attribute

Vinay, Vinay Kalkoti schrieb am 23.02.2011 09:10 Uhr: I wanted to know what all complex characters can be included for an UID attribute. I have the following user names (uid). Please let me know which which of the following uid's are invalid - test_user: IT (LOC) sup_12$ test_user:IT(LOC)

  1   2   >