Quanah Gibson-Mount qua...@zimbra.com schrieb am 05.09.2013 um 22:58 in
Nachricht 0FCBC02976FFDC0CF5D9A489@[192.168.1.22]:
--On Thursday, September 05, 2013 10:58 PM +0300 Покотиленко
Костик cas...@meteor.dp.ua wrote:
[...]
OS: Ubuntu 12.04.2 LTS
Slapd: 2.4.28-1.1ubuntu4.3
Ugh, ancient.
Hello,
I am writing to to submit a case that has been happening in the last 2 weeks in
our infrastructure. This is structured as follows:
1 provider: Solaris 9 SPARC - Sun Fire V490 - last OS patch level
CPU: 4-1500 Mhz
RAM: 32 GB
OpenLDAP version used: Berkeley DB 2.4.23 and 4.8.30 (with
Hi all,
I have a problem with overlay accesslog.
Here is my overlay configuration:
overlay accesslog
logdb dc=log,dc=ciccio.it
logops all
logold (objectclass=inetOrgPerson)
logpurge 10+00:00 08:00
logsuccess FALSE
If I try: ldapwhoami -H ldap://myserver -D uid=myuser,ou=People,dc=
ciccio.it -W
I
Hello all,
Thanks first for the patch, i have applied it on my own build of 2.4.36 but i
have now a strange behavior, the slapd do not crash but it refused operations.
First here is the diff after applying the patch :
$ diff ../BUILD/openldap-2.4.36/servers/slapd/bconfig.c
POISSON Frédéric wrote:
Hello all,
Thanks first for the patch, i have applied it on my own build of 2.4.36 but i
have now a strange behavior, the slapd do not crash but it refused operations.
First here is the diff after applying the patch :
$ diff
Ulrich Windl wrote:
Quanah Gibson-Mount qua...@zimbra.com schrieb am 05.09.2013 um 22:58 in
Nachricht 0FCBC02976FFDC0CF5D9A489@[192.168.1.22]:
--On Thursday, September 05, 2013 10:58 PM +0300 Покотиленко
Костик cas...@meteor.dp.ua wrote:
[...]
OS: Ubuntu 12.04.2 LTS
Slapd:
В Птн, 06/09/2013 в 08:15 +0200, Ulrich Windl пишет:
Quanah Gibson-Mount qua...@zimbra.com schrieb am 05.09.2013 um 22:58 in
Nachricht 0FCBC02976FFDC0CF5D9A489@[192.168.1.22]:
--On Thursday, September 05, 2013 10:58 PM +0300 Покотиленко
Костик cas...@meteor.dp.ua wrote:
[...]
OS: Ubuntu
В Птн, 06/09/2013 в 04:42 -0700, Howard Chu пишет:
Ulrich Windl wrote:
Quanah Gibson-Mount qua...@zimbra.com schrieb am 05.09.2013 um 22:58 in
Nachricht 0FCBC02976FFDC0CF5D9A489@[192.168.1.22]:
--On Thursday, September 05, 2013 10:58 PM +0300 Покотиленко
Костик cas...@meteor.dp.ua wrote:
В Чтв, 05/09/2013 в 13:58 -0700, Quanah Gibson-Mount пишет:
--On Thursday, September 05, 2013 10:58 PM +0300 Покотиленко
Костик cas...@meteor.dp.ua wrote:
В Чтв, 05/09/2013 в 11:35 -0700, Quanah Gibson-Mount пишет:
--On Thursday, September 05, 2013 9:05 PM +0300 Покотиленко
Костик
??? ??cas...@meteor.dp.ua schrieb am 06.09.2013 um 14:05 in
Nachricht 1378469133.18073.55.ca...@casper-hp.friendin.net:
В Птн, 06/09/2013 в 04:42 -0700, Howard Chu пишет:
Ulrich Windl wrote:
Quanah Gibson-Mount qua...@zimbra.com schrieb am 05.09.2013 um 22:58
in
Nachricht
Покотиленко Костик wrote:
В Птн, 06/09/2013 в 04:42 -0700, Howard Chu пишет:
Ulrich Windl wrote:
Quanah Gibson-Mount qua...@zimbra.com schrieb am 05.09.2013 um 22:58 in
Nachricht 0FCBC02976FFDC0CF5D9A489@[192.168.1.22]:
--On Thursday, September 05, 2013 10:58 PM +0300 Покотиленко
Костик
POISSON Frédéric wrote:
Hello,
I'm testing the latest release of OpenLDAP 2.4.36 and my slapd stop while i'm
doing a change on cn=config.
My tests are with my own compilation of OpenLDAP on a RHEL6 server but i see
the same problem with LTB project RPMs
When I myself face such a problem, I usually pstack the process a few times to
very quickly know what the guy is doing.
And that usually gives me a good clue.
++Cyrille
From: openldap-technical-boun...@openldap.org
[mailto:openldap-technical-boun...@openldap.org] On Behalf Of Luca Polidoro
Hi, I have already done these tests, but the result provides little
information, none of which is useful for directing the analysis.
2013/9/6 Maucci, Cyrille cyrille.mau...@hp.com
When I myself face such a problem, I usually pstack the process a few
times to very quickly know what the guy is
Statistically, that should be relevant. I mean, I usually do.
i=0; while [ $i -lt 100 ]; do pstack MYPID pstack.$i; (( i+=1 )); done;
Yes no sleep, just a burst of pstacks. That is statistically as correct as any
sampling based profilers would tell, without the complexity of having to
install
Old, Please disregard.
Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
From: espe...@oreillyauto.com
To: openldap-technical@openldap.org
Date: 09/06/2013 06:35 AM
Subject:Fw: SyncRepl Chaining
Sent by:openldap-technical-boun...@openldap.org
Bumping.
Eric
On Sep 6, 2013, at 14:05, Покотиленко Костик cas...@meteor.dp.ua wrote:
В Птн, 06/09/2013 в 04:42 -0700, Howard Chu пишет:
It is Project policy to only investigate issues in the current release.
There
is no sense in tracing back thru old code whose bugs have already been fixed.
This
--On Friday, September 06, 2013 2:16 PM +0200 Ulrich Windl
ulrich.wi...@rz.uni-regensburg.de wrote:
Hi!
Actually I don't know which distributors are back-porting fixes, but
from my personal experience distributors don't trust the latest release
either (and thus keep what they have) ;-)
I
--On Monday, August 26, 2013 1:31 PM +0200 gottabogh gottab...@gmail.com
wrote:
How can I get around this problem? Can I modify generation of entrydn in
the dblog? For example compose it in this way:
reqStart=,reqType=,dc=log,dc=ciccio.it
File a bug?
https://www.openldap.org/its/
В Птн, 06/09/2013 в 15:24 +0200, Jens Vagelpohl пишет:
On Sep 6, 2013, at 14:05, Покотиленко Костик cas...@meteor.dp.ua wrote:
В Птн, 06/09/2013 в 04:42 -0700, Howard Chu пишет:
It is Project policy to only investigate issues in the current release.
There
is no sense in tracing back
В Птн, 06/09/2013 в 06:55 -0700, Quanah Gibson-Mount пишет:
--On Friday, September 06, 2013 2:16 PM +0200 Ulrich Windl
ulrich.wi...@rz.uni-regensburg.de wrote:
Hi!
Actually I don't know which distributors are back-porting fixes, but
from my personal experience distributors don't trust
--On Monday, August 19, 2013 9:46 AM -0500 espe...@oreillyauto.com wrote:
I believe we are very close to our goal of a master/slave syncrepl
configuration. I have a master that through refreshAndPersist instantly
updates the slave servers. The issue I am having is is passing on updates
to
Following Quanah's advise tried to build 2.4.36 from sources:
# ./configure
# make depend
# make
...
test failed - server 1 and server 2 databases differ
test050-syncrepl-multimaster failed for mdm
(exit 1)
How bad is this?
--On Friday, September 06, 2013 7:05 PM +0300 Покотиленко
Костик cas...@meteor.dp.ua wrote:
I'm not complaining. I'm looking for a better way of upstream -
end-user.
What I was trying to tell was: if openldap team could backport fixes
(without new features) to old versions - then distributors
--On Friday, September 06, 2013 11:35 AM -0500 espe...@oreillyauto.com
wrote:
Here is the olcAcces from the slapcat on the database. Rule {0} should
what it is using but becaus eof it not authenticating rule {2} is being
applied instead.
Did you mean to paste your rules in here and forget?
From: Quanah Gibson-Mount qua...@zimbra.com
To: espe...@oreillyauto.com
Date: 09/06/2013 10:42 AM
Subject:Re: SyncRepl Chaining
--On Friday, September 06, 2013 10:39 AM -0500 espe...@oreillyauto.com
wrote:
root@tntest-ldap-3:~# ldapwhoami -d -1 -Wx -D
From: Quanah Gibson-Mount qua...@zimbra.com
To: espe...@oreillyauto.com
Cc: openldap-technical@openldap.org
Date: 09/06/2013 11:45 AM
Subject:Re: SyncRepl Chaining
--On Friday, September 06, 2013 11:35 AM -0500 espe...@oreillyauto.com
wrote:
Here is the olcAcces from
--On Friday, September 06, 2013 11:52 AM -0500 espe...@oreillyauto.com
wrote:
From: Quanah Gibson-Mount qua...@zimbra.com
To: espe...@oreillyauto.com
Cc: openldap-technical@openldap.org
Date: 09/06/2013 11:45 AM
Subject:Re: SyncRepl Chaining
--On Friday, September 06,
--On Friday, September 06, 2013 7:19 PM +0300 Покотиленко
Костик cas...@meteor.dp.ua wrote:
Following Quanah's advise tried to build 2.4.36 from sources:
# ./configure
# make depend
# make
...
test failed - server 1 and server 2 databases differ
test050-syncrepl-multimaster failed for mdm
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95N
--On Friday, September 06, 2013 8:07 PM +0300 Покотиленко
Костик cas...@meteor.dp.ua wrote:
What is mdm?
Typo, correct is mdb
Then I would look at the logs from the test and see why it failed. It's
never failed for me across 50 or so builds of 2.4.36 so far on various
Linux OSes.
From: Quanah Gibson-Mount qua...@zimbra.com
To: espe...@oreillyauto.com
Cc: openldap-technical@openldap.org
Date: 09/06/2013 11:56 AM
Subject:Re: SyncRepl Chaining
--On Friday, September 06, 2013 11:52 AM -0500 espe...@oreillyauto.com
wrote:
From: Quanah
В Птн, 06/09/2013 в 09:55 -0700, Quanah Gibson-Mount пишет:
--On Friday, September 06, 2013 7:19 PM +0300 Покотиленко
Костик cas...@meteor.dp.ua wrote:
Following Quanah's advise tried to build 2.4.36 from sources:
# ./configure
# make depend
# make
...
test failed - server 1 and
--On Friday, September 06, 2013 12:21 PM -0500 espe...@oreillyauto.com
wrote:
add: olcAccess
olcAccess: {0}to *
by dn.base=uid=syncrepl,ou=System,dc=oreillyauto,dc=com read
by dn.base=uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com read
by
Покотиленко Костик wrote:
The reason is that openldap's PATCH component includes new features
(that by itself introduces new bugs) rather than only FIXES to existing
features. This breaks disto's policy and this is the point.
Distribution policy does not matter here.
What matters is continous
--On Friday, September 06, 2013 1:46 PM -0500 espe...@oreillyauto.com wrote:
From: Quanah Gibson-Mount qua...@zimbra.com
To: espe...@oreillyauto.com
Cc: openldap-technical@openldap.org
Date: 09/06/2013 12:29 PM
Subject:Re: SyncRepl Chaining
--On Friday, September 06,
From: Quanah Gibson-Mount qua...@zimbra.com
To: espe...@oreillyauto.com
Cc: openldap-technical@openldap.org
Date: 09/06/2013 12:29 PM
Subject:Re: SyncRepl Chaining
--On Friday, September 06, 2013 12:21 PM -0500 espe...@oreillyauto.com
wrote:
add: olcAccess
olcAccess:
Hi,
i have this ldif file to import, but i have this error:
pwdChangedTime: attribute type undefined
I try to add ppolicy.ldif to my schema, but no success.
how i can do to resolve this problem?
Dieter Klünter wrote:
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher suites.
Also see ITS
Dieter Klünter wrote:
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
Hmm...
Tests on my local system (with OpenSSL 1.0.1e shipped with distribution)
Michael: I cannot tell if you're being sarcastic or not, so, I'm running with
your words:
Software isn't developed in a vacuum - when truly useful, it's intended use it
to be used and it cannot be used sans distros (in any realistic production
operation; sure you can compile everything from
I don't know!...
Il giorno 06/set/2013 22:49, Turbo Fredriksson tu...@bayour.com ha
scritto:
On Sep 6, 2013, at 9:50 PM, felas wrote:
I try to add ppolicy.ldif to my schema, but no success.
Why not?
--
Build a man a fire, and he will be warm for the night.
Set a man on fire and he will
Chris Jacobs wrote:
Michael: I cannot tell if you're being sarcastic or not, so, I'm running
with your words:
I'm completely serious.
Software isn't developed in a vacuum - when truly useful, it's intended use
it to be used and it cannot be used sans distros (in any realistic
production
From: Quanah Gibson-Mount qua...@zimbra.com
To: espe...@oreillyauto.com
Cc: openldap-technical@openldap.org
Date: 09/06/2013 02:14 PM
Subject:Re: SyncRepl Chaining
--On Friday, September 06, 2013 1:46 PM -0500 espe...@oreillyauto.com
wrote:
From: Quanah
--On Friday, September 06, 2013 9:50 PM +0200 felas fela...@gmail.com
wrote:
I try to add ppolicy.ldif to my schema, but no success.
how i can do to resolve this problem?
add ppolicy.ldif with success
You need to be more detailed about how you tried to add the schema, to
start with.
Howard Chu wrote:
Dieter Klünter wrote:
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher
--On Friday, September 06, 2013 4:34 PM -0500 espe...@oreillyauto.com wrote:
This was definitely an issue with the ACL's I took down to three for
testing and I will work on any areas our team deems to be a security
issue.
Glad you were able to able to get this resolved. Learning how to
You left off the part where I remind that he was looking for information -
specifically how to get said information:
If the information Casper requested isn't available, say so. If it is,
how would he get it?
As it stands now, his initial question remains unanswered, with the only
Howard Chu wrote:
Dieter Klünter wrote:
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
It already does, but you have to use the right cipher
Chris Jacobs wrote:
You left off the part where I remind that he was looking for information -
specifically how to get said information:
If the information Casper requested isn't available, say so. If it
is, how would he get it?
You should definitely leave it up to Casper whether
On Fri, 6 Sep 2013, Michael Ströder wrote:
Dieter Klünter wrote:
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
Hmm...
Tests on my local
And we're still left without an answer, or real guidance on how to get one on a
mailing list that's often referred to almost like a manual (STFML).
-Original Message-
From: Michael Ströder [mailto:mich...@stroeder.com]
Sent: Friday, September 06, 2013 2:51 PM
To: Chris Jacobs
Cc:
Philip Guenther wrote:
On Fri, 6 Sep 2013, Michael Ströder wrote:
Dieter Klünter wrote:
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
Hmm...
--On Friday, September 06, 2013 11:33 PM +0200 Michael Ströder
mich...@stroeder.com wrote:
Howard Chu wrote:
Dieter Klünter wrote:
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed
--On Friday, September 06, 2013 2:42 PM -0700 Chris Jacobs
chris.jac...@apollogrp.edu wrote:
As it stands now, his initial question remains unanswered, with the only
guidance being upgrade; which lacking anything else he is running with
in the blind hope it makes things faster (his actual
Quanah Gibson-Mount wrote:
--On Friday, September 06, 2013 11:33 PM +0200 Michael Ströder
mich...@stroeder.com wrote:
Howard Chu wrote:
Dieter Klünter wrote:
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
Michael Ströder wrote:
http://www.openldap.org/doc/admin24/tls.html mentions directive
'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
This was noted in ITS#7506. Apparently no one considered it an important
enough issue to fix it in the meantime.
--
-- Howard
Chris Jacobs wrote:
You left off the part where I remind that he was looking for information -
specifically how to get said information:
If the information Casper requested isn't available, say so. If it is, how
would he get it?
As it stands now, his initial question remains
Michael Ströder wrote:
Howard Chu wrote:
Dieter Klünter wrote:
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
It already does, but you have to
59 matches
Mail list logo