Hello All,
I've got a bit of a problem Management chose a software product that
depends on OpenLDAP's SLAPD service and had us put it into production
without our quite understanding the software well enough to be clueful.
The deployment is across virtual and real servers, the virtual servers
Dump:
slapcat -l [ldif file]
Add from dump, with slapd off:
slapadd -l [ldif file]
If you're using BDB (typical backend), you can move the contents of the dbdir
specified by your config first.
- chris
Chris Jacobs, Systems Administrator
Apollo Group | Apollo Marketing | Aptimus
2001 6th Ave
Thank you, that did it. I was under the impression that you didn't need to
specify ldaps because the ssl on and start_tls directives took care of that.
Thanks again.
-Mike
Date: Thu, 6 Jan 2011 19:43:11 -0800
From: li...@aarcane.org
To: openldap-technical@openldap.org
Subject: Re: Strange
2011/1/4 bluethundr bluethu...@gmail.com:
Hi list,
It's been a few days and I just wanted to check back to see if anyone
had any troubleshooting tips that might help to solve this situation
that I'm dealing with as I'm still a relatively new LDAP admin. I
really appreciated your advice in
The constant is BDB_IDL_LOGN in back-bdb/idl.h. Incrementing it by 1 will
double the range of an index slot before it loses precision. It will also
double the amount of memory used by all of the indexing functions. I think
you can safely double the current value without overrunning the default
On Friday 07 January 2011 04:18:40 Michael Starling wrote:
#TLS settings
ssl start_tls
ssl on
That should be either ssl start_tls OR ssl on, not both. If you
specify ssl start_tls then you should use the ldap:// URL schema, if
you specify ssl on then you should use ldaps://.
Andreas
On Fri, 7 Jan 2011, Chris Jacobs wrote:
Dump:
slapcat -l [ldif file]
Add from dump, with slapd off:
slapadd -l [ldif file]
If you're using BDB (typical backend), you can move the contents of the dbdir
specified by your config first.
- chris
THANK YOU, Chris.
However, I can't login
Yeah, that's the trick though. The OP indicated if they used uri
ldap://[hostname] StartTLS doesn't work.
- chris
-Original Message-
From: openldap-technical-boun...@openldap.org
[mailto:openldap-technical-boun...@openldap.org] On Behalf Of Andreas Ntaflos
Sent: Friday, January 07,
On 1/7/11 8:17 PM, Richard Troy wrote:
On Fri, 7 Jan 2011, Chris Jacobs wrote:
Dump:
slapcat -l [ldif file]
Add from dump, with slapd off:
slapadd -l [ldif file]
If you're using BDB (typical backend), you can move the contents of the dbdir
specified by your config first.
- chris
THANK
SSH login:
Sounds like local console access will be required then - and hope you can login
as root. You don't mention if the LDAP server is a VM or not - if it is, then
local console access /should/ be trivial.
If all else fails, as long as you have console access, then you can boot to
single
I see now. Thank you for explaining.
-Mike
From: d...@pseudoterminal.org
To: openldap-technical@openldap.org
Subject: Re: Strange behavior with TLS with self-signed certs
Date: Fri, 7 Jan 2011 19:45:46 +0100
On Friday 07 January 2011 04:18:40 Michael Starling wrote:
#TLS settings
ssl
Ok..I implemented what you explained for testing purposes and found the
following to be true:
If I use ssl start_tls with the ldap:// URL schema then my client connects to
my LDAP server on port 389.
If I use ssl on with ldaps://. then my client connects on port 636.
I think i remember
Equipment limitation: Our old load balancers could load balance StartTLS, not
SSL. Our new ones can load balance SSL, not StartTLS.
Paranoia: If you wish to encrypt the entire session, from the very beginning,
use SSL.
Firewall limits you to port 389 (corp policy, difficult network/firewall
Further thoughts? Can I harness the ability to connect to get the
data out
even when I don't know the first thing about the data I want to
fetch,
similar to the slapcat command above?
*if* you can connect to the LDAP server, then you can also fetch all
the
Data as LDIF. You just have
Ahh.. Thanks for the explanations.
-Mike
From: chris.jac...@apollogrp.edu
To: mlstarlin...@hotmail.com; d...@pseudoterminal.org;
openldap-technical@openldap.org
Date: Fri, 7 Jan 2011 12:55:57 -0700
Subject: RE: Strange behavior with TLS with self-signed certs
Equipment limitation:
Hi,
We are currently trying to use OpenLDAP as the database for Kerberos in our
lab.
We installed OpenLDAP in Ubuntu 10.04 and is working without any problem
(i,e. queries are showing the correct results)
But we are not able to get Kerberos authenticate via OpenLDAP.
For authenticating via
I am trying to install OpenLDAP in GNU/Linux:
uname -a
Linux jupnms1 2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64 x86_64
x86_64 GNU/Linux
I downloaded openldap version 2.4.23
I also installed BerkelyDB version 5.1.19 . Since the location of this db is
not the default I set the
Maybe I¹m just being delusional in thinking that this should work... I¹m
running OpenLDAP 2.4.23 on IBM AIX for authentication on a variety of AIX,
Linux and web applications.
As we need to use both Posixgroup and groupOfNames objects with the same
membership, the dynamic list overlay seems like
--On Friday, January 07, 2011 9:22 PM +0530 sarathkrishn...@gmail.com wrote:
We think adding this in slapd.conf should serve the purpose. Any
suggestions/help is highly appreciated.
Use slaptest to convert your slapd.conf file to the slapd-config format,
and read what it does for the authz
--On Friday, January 07, 2011 11:43 AM -0500 Maria Sanchez
maria.sanc...@hughes.com wrote:
I am trying to install OpenLDAP in GNU/Linux:
uname -a
Linux jupnms1 2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64
x86_64 x86_64 GNU/Linux
I downloaded openldap version 2.4.23
I also
Quanah Gibson-Mount wrote:
--On Friday, January 07, 2011 9:22 PM +0530 sarathkrishn...@gmail.com wrote:
We think adding this in slapd.conf should serve the purpose. Any
suggestions/help is highly appreciated.
Use slaptest to convert your slapd.conf file to the slapd-config format,
and read
21 matches
Mail list logo