MDB resizing

2013-06-28 Thread Liam Gretton
I'm evaluating upgrading our LDAP services and moving from hdb to mdb. I don't seem to be able to get my MDB database to resize by changing the value of maxsize, whether increasing it or decreasing it. I'm using slapd.conf, so changes to the config require a restart. Looking at debug output

ACL - grant access to subtree by regex

2013-06-28 Thread Ole
Hi, I'm really new to OpenLDAP and try to grant domain-admins access to their domain-subtree in our historicaly grown LDAP Structure. The Structure is like this: ou=somedomain.tld,ou=mail,dc=example,dc=tld ou=admins,ou=somedomain.tld,ou=mail,dc=example,dc=tld

LB health check during syncrepl refresh

2013-06-28 Thread Michael Ströder
HI! Inspired by ITS#7616 and looking at our monitoring: If I bring up a syncrepl consumer with empty DB it seems contextCSN attribute is missing in DB base entry during refresh phase. This is nice because we could use that in the load-balancer health check to prevent clients to connect to this

Re: Unable to edit cn=config

2013-06-28 Thread Michael Roth
I tried adding the olcRootDN manually but slapd would not start. So I can't add this in manually. I tried loading it in this way: http://www.openldap.org/lists/** openldap-technical/201211/**msg00195.htmlhttp://www.openldap.org/lists/openldap-technical/201211/msg00195.html But I'm unable to load

Re: Types of Groups, Structural objects and Inheritance

2013-06-28 Thread Michael Ströder
Brendan Kearney wrote: As a caveat to my ACLs, most of my groups are the posixGroup class. from what i understand, that means i need to use set ACLs, instead of group ACLs. I guess you're talking about RFC2307 vs. RFC2307bis posixGroup definition. In my searching, i have found an explicit

Openldap-2.4.35 TLS/SSl

2013-06-28 Thread Darouichi, Aziz
Hi, I am trying to configure TLS/SSL and I have a Cert from Geotrust . I configure slapd.conf with the followings: # TLS/SSL information # TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /opt/local/etc/openldap/GeoTrust_Global_CA.cer TLSCertificateFile

Re: Openldap-2.4.35 TLS/SSl

2013-06-28 Thread Vishesh kumar
Do the Certificate CN matching to servername ? Thanks On Sat, Jun 29, 2013 at 12:31 AM, Darouichi, Aziz adaro...@post03.curry.edu wrote: Hi, ** ** ** ** I am trying to configure TLS/SSL and I have a Cert from Geotrust . I configure slapd.conf with the followings: ** ** #

Re: LB health check during syncrepl refresh

2013-06-28 Thread Howard Chu
Michael Ströder wrote: HI! Inspired by ITS#7616 and looking at our monitoring: If I bring up a syncrepl consumer with empty DB it seems contextCSN attribute is missing in DB base entry during refresh phase. This is nice because we could use that in the load-balancer health check to prevent