Hi,
I'm installing an OpenLDAP directory server at a customer and we're also
implementing password policies. We do have set the pwdMustChange attribute to
true in our policy.
During the tests I was a bit surprised that a user for which I've set the
password did not require to change his
Am Tue, 07 May 2013 09:36:45 +0400
schrieb Jephte Clain jephte.cl...@univ-reunion.fr:
hello all,
I have a weird perf problem with a dynamic group. I wonder if it is
normal, and if I can improve the situation. jump to the line marked
- for the impatients, JUMP HERE :-) if you
Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to
store our devs public keys in OpenLdap, which would give us the ability to
control who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to
control access.
Do I just need
Stuart Watson wrote:
Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to store
our devs public keys in OpenLdap, which would give us the ability to control
who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to control
1.) If you had a config parameter like search filter in your
application you could use that to make unwanted users invisible
for the application. But this means you can't use group entries ,
but dynamic groups, i.e. a group is an ldapfilter, e.g.
We have several applications and we are able to integrate LDAP
successfully.
In application we have given base dn as ou=People,dc=geo,dc=com and
the user dn: uid=geo_pc,ou=People,dc=geo,dc=com can able to login to
the application successfully.
Now we created an alias as follows:
dn:
Hi,
Your plan sounds accurate:
1. Yes
2. Yes
3. If you want your users to connect to the OpenLDAP server via ssh, then
yes, you need to install ssh server on that box
4. Yes
What have you done so far? Which distro are you using?
Cheers!
--
Dan
On Tue, May 7, 2013 at 4:21 AM, Stuart Watson
At the moment this is still in the planning stage. It's all Ubuntu 10.04
LTS onwards.
Is it possible to do this without install openssh server on the OpenLDAP
server?
On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena informa...@gmail.com wrote:
Hi,
Your plan sounds accurate:
1. Yes
2. Yes
After a second look, I must say that
solution 2a is not doable. Complex ACL definitions with groups or
sets can only be done on the who part of an ACL and not on
the what part which would have been needed for 2a.) sorry.
Thus you can only go with dynamic
Hi,
Yes, you would only need to install openssh server on the OpenLDAP server
if you want your users to connect to this server via ssh.
Cheers!
--
Dan
On Tue, May 7, 2013 at 9:42 AM, Stuart Watson strtw...@gmail.com wrote:
At the moment this is still in the planning stage. It's all Ubuntu
Geo P.C. wrote:
We have several applications and we are able to integrate LDAP
successfully.
In application we have given base dn asou=People,dc=geo,dc=com and the
userdn:uid=geo_pc,ou=People,dc=geo,dc=com can able to login to the application
successfully.
Now we created an alias as
I think here User Information will be fetched from ldap. Openssh
will use library
calls for getting ldap user information same as it do for users in
/etc/passwd. Key based authentication will work in normal way but
interested to see if key can be stored on ldap server.
Regards,
Vishesh Kumar
On Tue, 7 May 2013, Vishesh kumar wrote:
I think here User Information will be fetched from ldap. Openssh will
use library calls for getting ldap user information same as it do for
users in /etc/passwd. Key based authentication will work in normal way
but interested to see if key can be
Yes, ssh public key can be stored in OpenLDAP and then when a user attempts
to login to a server using ssh + ldap authentication, the server will query
ldap for the users private key and pair it up with the users public key.
Cheers!
--
Dan
On Tue, May 7, 2013 at 11:05 AM, Vishesh kumar
--On Tuesday, May 07, 2013 11:11 AM +0530 Geo P.C. pcge...@gmail.com
wrote:
Please let me know is it possible to implement this idea?. Also please
let me know your thoughts.
It is trivial as long as your application has an application specific bind
dn. If it does, then you can restrict
--On Tuesday, May 07, 2013 9:36 AM +0400 Jephte Clain
jephte.cl...@univ-reunion.fr wrote:
It needs more than 30 seconds to build the dynamic group! and this is the
case every time I do the search
For the sake of it, I made a static group with 45000 member, and it takes
0.037 seconds for the
I have an application vendor that attempts schema validation incorrectly
and fails. This failure prevents us from being able to configure the
application to connect to our OpenLDAP implementation. I have identified
the issue and have a case open with the software vendor to get it fixed.
The
jckid...@aep.com wrote:
to LDAP once the vendor fixes the code. I'm in a very tough spot where I'm
trying to avoid this. To get past the broken schema validation I need
cn=Subschema to appear as cn=schema.
Old static configuration slapd.conf(5) style:
schemadn dn
Specify the distinguished
18 matches
Mail list logo
