Ok, I've changed the password:
ldapmodify -D cn=username,dc=domain,dc=tld -W
dn: cn=username,dc=domain,dc=tld
changetype: modify
replace: userPassword
userPassword: TheNewValue
then i tried to change the password using ldappasswd:
ldappasswd -D cn=username,dc=domain,dc=tld -S -W
New password:
Marco Weber wrote:
Ok, I've changed the password:
ldapmodify -D cn=username,dc=domain,dc=tld -W
dn: cn=username,dc=domain,dc=tld
changetype: modify
replace: userPassword
userPassword: TheNewValue
then i tried to change the password using ldappasswd:
ldappasswd -D
I've used slapppasswd. The password was something like: {SSHA}
Some time ago, before having applied the password policy settings, i've changed
the olcPasswordHash FROM {MD5} to {SSHA}.
Almost all users should now have {SSHA} passwords.
-Original Message-
From: Michael
Johan Jakus writes:
And, in the new version, I can no longer use :
AttributeName* attName = op-oq_search.rs_attrs;
int iAtt;
for( iAtt=0; attName[iAtt].an_name.bv_val != NULL; iAtt++ )
{
if ( attName[iAtt].an_name.bv_val[0] == dupPp-pp_symbol[0] )
...
Because when there is a symbol ( _,
Thanks for you answer!
Hallvard B Furuseth wrote:
I don't understand what you mean with ( _, §, £, ...), but:
To set what attributes needs to be looked up by the overlay I simply use a
symbol before them,
and I leave the possibility for the users to chose what symbol they want to
use (default
On 11-10-26 11:28 PM, Dan White wrote:
On 26/10/11 22:53 -0400, Braden McDaniel wrote:
I am trying to get OpenLDAP (2.4.24) working with NSS on Fedora 15. In
cn=config.ldif I have:
olcTLSCACertificatePath: /etc/pki/nssdb
olcTLSCertificateFile: endoframe
I have used certutil to
On Wed, 2011-10-26 at 22:28 -0500, Dan White wrote:
On 26/10/11 22:53 -0400, Braden McDaniel wrote:
I am trying to get OpenLDAP (2.4.24) working with NSS on Fedora 15. In
cn=config.ldif I have:
olcTLSCACertificatePath: /etc/pki/nssdb
olcTLSCertificateFile: endoframe
[snip]
I solved my problem by using a string before the attribute.
Instead of a _ I now use ops-.
For the debugs,
I made my overlay very chatty because for my project I needed to show the
overlay worked.
And It was easier to have everything in the same debug file.
Those debugs aren't essential, but they
Johan Jakus writes:
Hallvard B Furuseth wrote:
I don't understand what you mean with ( _, §, £, ...), but:
To set what attributes needs to be looked up by the overlay I simply
use a symbol before them, and I leave the possibility for the users to
chose what symbol they want to use (default
On Thu, 2011-10-27 at 10:23 -0400, Daniel Qian wrote:
[snip]
There is a control file on Fedora 15 for ldaps or tls
cat /etc/sysconfig/ldap
Thanks... I did find that and I changed SLAPD_LDAPS to yes.
--
Braden McDaniel bra...@endoframe.com
On Thu, 2011-10-27 at 08:44 -0600, Rich Megginson wrote:
[snip]
What is your /etc/openldap/ldap.conf?
That question led me to a bogus setting for TLS_CACERTDIR. First, I
tried simply commenting the line out, figuring the value of
olcTLSCACertificatePath in cn=config.ldif would be used. That
On 11-10-27 2:05 PM, Braden McDaniel wrote:
On Thu, 2011-10-27 at 08:44 -0600, Rich Megginson wrote:
[snip]
What is your /etc/openldap/ldap.conf?
That question led me to a bogus setting for TLS_CACERTDIR. First, I
tried simply commenting the line out, figuring the value of
Hello,
I got openldap running as user db for samba, now I want to use it also
as database for radius, I think it should be possible to use it without
big modifications or?
Thanks
On Thu, 27 Oct 2011, Andreas Rudat wrote:
I got openldap running as user db for samba, now I want to use it also
as database for radius, I think it should be possible to use it without
big modifications or?
Sure; odds are you probably won't need to write any code or even
recompile. (What's
On Oct 27, 2011, at 2:27 PM, Daniel Qian wrote:
why don't you simply try
TLS_CACERT /etc/pki/nssdb/filename
instead of
TLS_CACERTDIR /etc/pki/nssdb
Because the cert isn't in a text file; it's in the NSS database.
--
Braden McDaniel
e-mail/Jabber IM: bra...@endoframe.com
Tail –f /var/log/messages
Has most of the ldap messages,
You also may have a :
/var/log/localmessages
If you are running a client on the server machine, the client info will be
mixed in with the server info on
/var/log/messages.
I believe you will only get the server [slapd] on localmessages
HI!
Does back-config support the Post Read Control? That would be handy for
retrieving the renumbered DN after an Add or Modify request.
Ciao, Michael.
On 11-10-27 3:41 PM, Braden Northington McDaniel wrote:
On Oct 27, 2011, at 2:27 PM, Daniel Qian wrote:
why don't you simply try
TLS_CACERT /etc/pki/nssdb/filename
instead of
TLS_CACERTDIR /etc/pki/nssdb
Because the cert isn't in a text file; it's in the NSS database.
I saw similar
Michael Ströder wrote:
Does back-config support the Post Read Control? That would be handy for
retrieving the renumbered DN after an Add or Modify request.
Hmm, experiments shows that this does work. Server returns:
Critical extension is unavailable: critical control unavailable in context
Daniel Qian wrote:
On 11-10-27 3:41 PM, Braden Northington McDaniel wrote:
On Oct 27, 2011, at 2:27 PM, Daniel Qian wrote:
why don't you simply try
TLS_CACERT /etc/pki/nssdb/filename
instead of
TLS_CACERTDIR /etc/pki/nssdb
Because the cert isn't in a text file; it's in the NSS database.
Michael Ströder wrote:
Does back-config support the Post Read Control? That would be handy for
retrieving the renumbered DN after an Add or Modify request.
Hmm, experiments shows that this does work. Server returns:
Critical extension is unavailable: critical control unavailable in
context
masar...@aero.polimi.it wrote:
Michael Ströder wrote:
Does back-config support the Post Read Control? That would be handy for
retrieving the renumbered DN after an Add or Modify request.
Hmm, experiments shows that this does work. Server returns:
Critical extension is unavailable: critical
Hi All,
I have an LDAP server running with all users and respective groups say (
a.example.net). I was wondering if there is any way I could separate user
subtree into another OpenLDAP server (b.example.net) and still be able to
define those users as member of groups in a.example.net (for a new
23 matches
Mail list logo
