Re: Should I use OpenLDAP or PostgreSQL for this?

e used by a lot of governments, there's > also http://marmotta.apache.org/ > > -Original Message- > From: openldap-technical [mailto:openldap-technical-boun...@openldap.org] On > Behalf Of Howard Chu > Sent: Friday, August 19, 2016 5:24 PM > To: John Lewis; openldap-

Re: Documentation Request

I am going to second this. On 09/01/2016 05:40 AM, Tom Jay wrote: > Hello, > > Can I make a request that certain features of the access control > documentation are emphasized? I've wasted quite a lot of time on this > and some simple rules (which already exist in the documentation) would > have

Does everybody end up writing their own directory management programs?

Right now I am trying to weigh my options for maintaining my POSIX accounts on an OpenLDAP tree. I learned today that ldap templates in ldapscripts really don't work, so if I want to go on using ldapscripts, I would have to run ldapmodify after every account is created to get the gecos configured

Re: Does everybody end up writing their own directory management programs?

and one command. It probably isn't a good idea to reduce it any further because it probably would have been done already by now. On 09/18/2016 03:25 PM, John Lewis wrote: > Right now I am trying to weigh my options for maintaining my POSIX > accounts on an OpenLDAP tree. > > I learned tod

Re: nslcd listing users and groups twice

I figured it out. I had a duplicate search base in the nslcd.conf. On 08/15/2016 07:38 PM, John Lewis wrote: > I don't use netgroups. I actually never seen net groups in use. > > > On 08/15/2016 03:55 PM, Dan White wrote: >> On 08/15/16 14:50 -0400, John Lewis wrote: >&

Re: Openldap Password Reset Portal

On Fri, 2017-12-15 at 08:50 +0100, Clément OUDOT wrote: > 2017-12-14 18:56 GMT+01:00 Douglas Duckworth >: > > > 2) Has anyone found other solutions besides PWM that do the same > > thing? > > > Hello, > > I am the developer of LTB Self Service Password: > *

Re: One account for modifying directory and wiki

On Fri, 2017-11-17 at 12:51 +1000, William Brown wrote: > On Thu, 2017-11-16 at 11:26 -0500, John Lewis wrote: > > I want to have one account for modifying both a LDAP directory and > > a > > Mediawiki. What tactic would you you use to do it? > > I'm not sure this i

One account for modifying directory and wiki

I want to have one account for modifying both a LDAP directory and a Mediawiki. What tactic would you you use to do it?

Re: One account for modifying directory and wiki

On Mon, 2017-11-20 at 12:28 +0100, William Brown wrote: > What do you mean by this? As in "make it so anyone can login to the > wiki"? Just don't add access controls IE group membership or filter > tests in the media wiki ldap config. Then "anyone with a valid ldap > account" can login, with NO

Is existing documentation kind of vague?

Hello Everyone. I was trying to implement uidNumber Attribute Auto-Incrementing Method and I read http://www.rexconsulting.net/ldap-protocol-uidNumber.html . I specifically want to point to this line here. > Create a “uidNext” entry (objectClass: uidNext) at an specific > location in the

Re: uidNumber for Service Accounts?

On Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote: > Hi > > Do I need uidNumber for Service Accounts used for application / > server binding if this user won't actually be resolved by sssd or > nslcd?   > > I set a very high uidNumber but eventually this will conflict with > users as in

How do internet-facing, multi-domain ldap servers handle TLS?

How do internet-facing, multi-domain ldap servers handle TLS? Do they go multi-port or do they use one TLS certificate that covers all of the domains, or do they get more IP addresses that are all on different domains?

Directory management best practices?

Are there any best practices on managing directories? For Instance, I want to authenticate trusted UNIX users and untrusted Django users in the same directory? What if I made completely different directory to manage contact information, but I want to replicate shards of it and give priority

Re: How do I allow root to edit mdb database?

On 08/02/2016 05:15 AM, Dieter Klünter wrote: > Am Tue, 2 Aug 2016 00:37:58 -0400 > schrieb John Lewis <oflam...@gmail.com>: > >> How do I allow root aka >> to edit >> olcDatabase={1}mdb,cn=config. I am trying to configure ldapscripts >> <http

Re: How do I allow root to edit mdb database?

On 08/02/2016 08:29 AM, John Lewis wrote: > On 08/02/2016 08:17 AM, Hallvard Breien Furuseth wrote: >> On 02. aug. 2016 13:15, John Lewis wrote: >>> If I wanted to map the permissions from >>> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to my >>

Re: How do I allow root to edit mdb database?

On 08/02/2016 08:17 AM, Hallvard Breien Furuseth wrote: > On 02. aug. 2016 13:15, John Lewis wrote: >> If I wanted to map the permissions from >> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to my >> olcRootDN: which I will call cn=Manager,dc=example,dc=com whic

How do I allow root to edit mdb database?

How do I allow root aka dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to edit olcDatabase={1}mdb,cn=config. I am trying to configure ldapscripts , but the idea of having a password in the clear is just disturbing. Ldapscripts is in sbin

nslcd listing users and groups twice

This is surprisingly non-trivial especially when the nis schema for openldap is more documented than the samba one when I use to run samba-ad-dc. I have the nslcd.conf attatched. # /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run

Do you have any recommendations of utilities for manipulating rfc2307 attributes?

I would like to manipulate the attributes described in in rfc2307 https://www.ietf.org/rfc/rfc2307.txt. Do you have any recommendations of utilities that do that?

Re: How do I allow root to edit mdb database?

On 08/02/2016 11:43 AM, Ryan Tandy wrote: > On Tue, Aug 02, 2016 at 12:37:58AM -0400, John Lewis wrote: >> How do I allow root aka >> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to edit >> olcDatabase={1}mdb,cn=config. > > Besides olcAuthRegex mentioned b

Re: How do I allow root to edit mdb database? [SOLVED]

On 08/05/2016 07:42 AM, John Lewis wrote: > On 08/02/2016 11:43 AM, Ryan Tandy wrote: >> On Tue, Aug 02, 2016 at 12:37:58AM -0400, John Lewis wrote: >>> How do I allow root aka >>> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external to edit >>> olcD

Re: How do I allow root to edit mdb database? [SOLVED]

On 08/05/2016 09:08 AM, Frank Swasey wrote: > Today at 8:10am, John Lewis wrote: > >> olcAccess: {0}to * by >> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage >> by * break >> olcAccess: {1}to dn.base="" by * read >> olcAcces

Re: nslcd listing users and groups twice

s ldap rpc:files ldap netgroup: files ldap automount: files ldap sudoers:files ldap On 08/15/2016 09:39 AM, Dan White wrote: > On 08/14/16 13:50 -0400, John Lewis wrote: >> Subject: nslcd listing users and groups twice >> >> This is surprisin

Has anybody benchmarked OpenLDAP as an Object Storage Service?

I am wondering if anybody has benchmarked OpenLDAP as a generic network object storage service. I know Networked Key Value Databases are getting more popular because they seem to scale laterally better. Most of the so called NoSQL databases use some kind of JSON over HTTPS network transport. I

Re: nslcd listing users and groups twice

I don't use netgroups. I actually never seen net groups in use. On 08/15/2016 03:55 PM, Dan White wrote: > On 08/15/16 14:50 -0400, John Lewis wrote: >> The commands return duplicate data is getent passwd and getent group, if >> I don't add a specific user as a parameter

Should I use OpenLDAP or PostgreSQL for this?

I want to start a project to document my local government starting at the municipal level and going upwards from there. I want to build an interface to allow people to look up their representatives and their public servants by issue and geographic area or issue and get their contact information

Re: Public LDAP server, what do I need to know?

On 10/17/2016 11:43 AM, Quanah Gibson-Mount wrote: > --On Sunday, October 16, 2016 3:29 PM -0400 John Lewis > <oflam...@gmail.com> wrote: > >> I want to host a LDAP server that contains a directory that contains the >> offices of local Representatives and

Public LDAP server, what do I need to know?

I want to host a LDAP server that contains a directory that contains the offices of local Representatives and Public Servants, the issues they are responsible for, and their names. I would like anyone who wants to to browse it or put up front ends. Is there anything in particular that I should

Re: Is there directory schema for storing information on States and Corporations?

continue, when that messgae > appears. I'm putting this back on the list. > > John Lewis <oflam...@gmail.com> wrote: > > > I am bouncing around a couple of projects that involve collecting and > > storing information about Corporations and States. > > > >

Is there anything in LDAP that works similar to HTTP's virtual hosting.

I am reading in the LDAP spec https://tools.ietf.org/html/rfc4511 about naming contexts and I am looking at my RootDSE. Since my DIT mirrors DNS https://tools.ietf.org/html/rfc2247, there must be some way to route someone to the correct naming context based on the DNS they were using to access

Is there directory schema for storing information on States and Corporations?

I am bouncing around a couple of projects that involve collecting and storing information about Corporations and States. Is there a already existing schema that will kind of fit this data in general? Of hand, the closest one I can think of is inetOrgPerson is the closest thing, but it is

Re: Configuring OpenLDAP with a custom schema instead of default schemas

On Fri, 2017-07-14 at 14:48 +, Jon Smark wrote: > Hi, > > > > I'm new to OpenLDAP and I'm finding it hard to perform the initial > > configuration (a lot of the information I find online seems to   > pertain only to old versions of OpenLDAP, which used a different > > configuration

Re: Limit which database is reachable on which port (slapd is listening on)?

On Mon, 2017-06-19 at 16:46 +0200, Karsten Heymann wrote: > Hi Howard, > > perfect, thank you. I missed that one, I searched the documentation > for "port", "listen" and "limit" but didn't think about the socket > term. I guess for urls it's sockurl, sockname seems to be ment for the > socket

Re: Limit which database is reachable on which port (slapd is listening on)?

On Tue, 2017-06-20 at 08:23 +0200, Karsten Heymann wrote: > Hi John, > > 2017-06-20 2:02 GMT+02:00 John Lewis <oflam...@gmail.com>: > > On Mon, 2017-06-19 at 16:46 +0200, Karsten Heymann wrote: > >> 2017-06-19 15:48 GMT+02:00 Howard Chu <h...@symas.com>: >

Re: Limit which database is reachable on which port (slapd is listening on)?

On Tue, 2017-06-20 at 14:56 +0200, Karsten Heymann wrote: > Hi John, > > 2017-06-20 14:18 GMT+02:00 John Lewis <oflam...@gmail.com>: > > I know that, but can DNS influence LDAP or are they completely > > independent and all of the name redirection all the clients > &

Re: Why didn't rfc2307bis supersede rfc2307?

On Tue, 2017-06-27 at 11:01 +0200, Michael Ströder wrote: > John Lewis wrote: > > https://tools.ietf.org/html/draft-howard-rfc2307bis-02 > > > > They only thing that jumps at me is the name. It doesn't follow rfc > > norms. > > Naming is fine because

Re: Why didn't rfc2307bis supersede rfc2307?

On Tue, 2017-06-27 at 09:02 -0700, Ludovic Poitou wrote: > Hi, > > > As far as I remember, since this happened more than 10 years ago, Luke > working with people at HP started to revise RFC2307 (which is > experimental i.e. not even close to a standard). Sun and HP > implemented some of the

Why didn't rfc2307bis supersede rfc2307?

https://tools.ietf.org/html/draft-howard-rfc2307bis-02 They only thing that jumps at me is the name. It doesn't follow rfc norms. Normally a new standard would be rfc and then the next number available. This one deviated, It used the same number as the old one and appended text. The standard

How wold you go about writing a new OpenLDAP backend?

What if I wanted to write a OpenLDAP backend for a systemd journal file or Elasticsearch so I can present my logs as an LDAP subtree so I can use my LDAP tools to filter my logs? Should I use back-shell for prototyping? If so, what is the usual work flow?

Directory Sever Gateway for OpenLDAP

Is there something like 389 Directory Server Gateway (389-dsgw) for OpenLDAP? Is there some way to borrow 389-dsgw itself and run it standalone and aim it at OpenLDAP? I am looking for some kind of service I can run to get a phonebook, orgchart, advanced search interface, and DSML gateway. Having

Re: How wold you go about writing a new OpenLDAP backend?

On Fri, 2017-06-02 at 13:19 -0400, Prentice Bisbal wrote: > Fair enough answer. How would you store and retrieve your results? Are > you creating/using a schema specifically for this? If so, what does it > look like. > > I'm still having trouble seeing the performance benefits, though. The >

Re: How wold you go about writing a new OpenLDAP backend?

On Wed, 2017-05-31 at 15:07 -0400, Prentice Bisbal wrote: > On 05/31/2017 02:55 PM, Howard Chu wrote: > > Prentice Bisbal wrote: > >> On 05/31/2017 12:37 AM, John Lewis wrote: > >> > > > >> This sounds like the wrong tool for this job. > > >

Re: How wold you go about writing a new OpenLDAP backend?

I'm glad both of you already knew where I was going with this. Yes, I did want to write it in python Michael. Yes, I also think OpenLDAP is faster than ElasticSearch Howard. On Wed, 2017-05-31 at 14:43 +0100, Howard Chu wrote: > Michael Ströder wrote: > > Howard Chu wrote: > >>

Re: Migration from ApacheDS to OpenLDAP

On Tue, 2017-05-30 at 12:00 +0200, Hongfu Huang wrote: > Hi all, > > Is there an easy way to migrate an ApacheDS to an OpenLDAP? > > Can just export everything in an ldif file from ApacheDS and then import > it into an OpenLDAP? > > Or what should I definitely take care of here? For example,

Re: Olc deployment vs slapd.conf based deployment

On Thu, 2017-09-14 at 14:15 -0700, Quanah Gibson-Mount wrote: > --On Thursday, September 14, 2017 3:06 PM -0700 rammohan > ganapavarapu  > wrote: > > > > > Hi, > > > > > > I am trying to see what is the best and recommended way of > > deploying/starting ldap, OLC or

Re: Instructions for Open LDAP library?

On Mon, 2017-09-18 at 14:31 +1200, Martin van den Nieuwelaar wrote: > Hi People, > > I'm writing an application using Qt and wish to use the openldap > library  > within my program to query an LDAP server.  I have been searching > for  > instructions on using the library from a client point of

What is the current OLC way to replace the nis schema with the rfc2307bis schema?

What is the current OLC way to replace the nis schema with the rfc2307bis schema?  There are hacks published, but I couldn't find a document that takes advantage of OLC, removes the nis schema, and installs the rfc2307bis schema. It feels like something that I would do often enough that I would

Email based self registration

Is there an application that supports both email based self registration and OpenLDAP storage of the account data?

Re: LDAPCon 2017 programme now online

On Fri, 2017-08-11 at 13:43 +0100, Andrew Findlay wrote: > The programme for the 2017 LDAP Conference has just been published: > > https://ldapcon.org/2017/conference-program/ > > It's looking good, so get your booking in quickly to get early-bird > tickets and start thinking about where you

Re: RedHat dropping OpenLDAP server support

On Mon, 2017-08-28 at 21:26 +0100, Howard Chu wrote: > RedHat is supporting their commercial server, RedHat Directory > Server. It's  > the commercial version of 389DS, derived from the old Netscape LDAP > server.  > Worth noting that that lineage of code has been abandoned by everyone > else  >