We are in the midst of migrating from `shadowAccount` objects to the
password policy overlay. Everything seems to be working so far, but I
have been unable to migrate the data from `shadowLastChange` to
`pwdChangedTime`. In particular, once I have the desired value for
`pwdChangedTime`, I don't
Jonathon Anderson wrote:
We are in the midst of migrating from `shadowAccount` objects to the
password policy overlay. Everything seems to be working so far, but I
have been unable to migrate the data from `shadowLastChange` to
`pwdChangedTime`. In particular, once I have the desired value for
Jeffrey Crawford wrote:
Hello Everyone,
I'm having trouble enforcing our password policy for login attempts
within a particular time frame. After looking into the issue a little
further it seems to stem from the fact that the operational attribute
pwdFailureTime can only resolve time down to
Ronie Gilberto Henrich wrote:
Hello,
I need to be able to restrict ldap ou's access based on the ldaps://FQDN used
to query the ldap server.
Let say I have the following in my ldap server:
ou=domain
ou=raincoatcompany.com
ou=umbrellacompany.com
Considering that both
Can't SNI support be added?
--
Erwann.
Le 14 janv. 2012 13:08, Howard Chu h...@symas.com a écrit :
Ronie Gilberto Henrich wrote:
Hello,
I need to be able to restrict ldap ou's access based on the ldaps://FQDN
used to query the ldap server.
Let say I have the following in my ldap server:
Erwann Abalea wrote:
Can't SNI support be added?
Perhaps. It depends on which version of TLS library is being used.
--
Erwann.
Le 14 janv. 2012 13:08, Howard Chu h...@symas.com mailto:h...@symas.com a
écrit :
Ronie Gilberto Henrich wrote:
Hello,
I need to be able to restrict
A quick addition: SNI was defined to solve a problem not encountered with
LDAP (name virtual hosting on a unique IP address). It also requires the
client to be cooperative and announce the desired hostname in an extension
(Server Name Indication) during TLS negotiation.
Not supporting it in an
Howard Chu wrote:
Ronie Gilberto Henrich wrote:
Hello,
I need to be able to restrict ldap ou's access based on the ldaps://FQDN
used to query the ldap server.
Let say I have the following in my ldap server:
ou=domain
ou=raincoatcompany.com
ou=umbrellacompany.com
Considering
Is it possible to allow access to a specific dn only by a specific client
IP address?
ie:
access to dn.exact=ou=domain,ou=raincoatcompany.com
by clientIP=200.200.0.117 read
Yes. See peername who clause in slapd.access(5).
p.
Ronie Gilberto Henrich wrote:
Is it possible to allow access to a specific dn only by a specific client IP
address?
ie:
access to dn.exact=ou=domain,ou=raincoatcompany.com
by clientIP=200.200.0.117 read
See the man page slapd.access(5), especially
peername[.peernamestyle]=peername.
Tianyin Xu writes:
I'm trying to understand the internal workflow of the attribute type
checking and syntax validation in OpenLDAP.
See the comments in servers/slapd/schema_init.c, in git master or in
OpenLDAP 2.4.24 or later.
--
Hallvard
11 matches
Mail list logo