Hi
In ldap server(localhost) , I execute the below command , it ok.
# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D
cn=interface,dc=mydomain,dc=com -H ldaps://192.168.1.10 -W
But in other linux system is not ok, below is the error info:
# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D
Michael Ströder wrote:
Are contextCSN values on all replicas really in sync if changes were correctly
replicated?
I've implemented a monitoring check used with normal MMR setup (OpenLDAP
2.4.35, own build on Debian Squeeze) which also checks the contextCSN values
on all replicas compared by
From: Tian Zhiying tianzy1...@thundersoft.com
To: openldap-technical openldap-technical@openldap.org
Cc: tianzy1225 tianzy1...@thundersoft.com
Date: 09/26/2013 03:38 AM
Subject:Other system use port 636 connect LDAP Server Error
Sent by:
Hi Espeake
Thanks for your quick reply.
There is no firewall between the two systems.
Telnet 192.168.0.10 is ok, as follows:
# telnet 192.168.0.10 636
Trying 192.168.0.10...
Connected to localhost (192.168.0.10).
Escape character is '^]'.
quit
Hi all,
I'm in the process of changing the domain name of a
kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the
user metadata such as homedir location, user and group id, etc. The server
itself remains the same as well as the IP number. Actually I cloned it, so
I can still
On 09/26/13 14:37 +0300, Jukka Tuominen wrote:
I'm in the process of changing the domain name of a
kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the
user metadata such as homedir location, user and group id, etc. The server
itself remains the same as well as the IP number.
On 09/26/13 14:37 +0300, Jukka Tuominen wrote:
I'm in the process of changing the domain name of a
kerberos/openafs/openldap server on ubuntu 10.04 LTS. ldap provides the
user metadata such as homedir location, user and group id, etc. The
server
itself remains the same as well as the IP
On Thu, 26 Sep 2013, Tian Zhiying wrote:
# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D
cn=interface,dc=mydomain,dc=com -H ldaps://192.168.1.10 -W
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
--On Thursday, September 26, 2013 4:35 PM +0800 Tian Zhiying
tianzy1...@thundersoft.com wrote:
# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D
# cn=interface,dc=mydomain,dc=com -H ldaps://192.168.1.10 -W
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
--On Thursday, September 26, 2013 10:38 AM +0200 Michael Ströder
mich...@stroeder.com wrote:
Still seeing this issue with OpenLDAP 2.4.36 that contextCSN values
retrieved via LDAP differ for quite a while.
Restarting slapd immediately updates the contextCSN values.
Any idea?
Still not
On Thu, 26 Sep 2013 08:41:10 -0700 Quanah Gibson-Mount qua...@zimbra.com
wrote
--On Thursday, September 26, 2013 10:38 AM +0200 Michael Ströder
mich...@stroeder.com wrote:
Still seeing this issue with OpenLDAP 2.4.36 that contextCSN values
retrieved via LDAP differ for quite a while.
--On Thursday, September 26, 2013 5:50 PM +0200 Michael Ströder
mich...@stroeder.com wrote:
I've managed to reproduce it deterministically by triggering internal ops
in slapo-memberof.
See this ITS:
http://www.OpenLDAP.org/its/index.cgi?findid=7710
Ah, makes sense. I don't use
Hello,
I have been trying to configure my slave ldap servers to send changes to the
master servers.
From what I have been able to understand from previous mailing lists and
various google searches I need to configure and olcUpdateref on the salve and
then add the chaining overlay (I think it
On Thu, 26 Sep 2013 08:41:10 -0700 Quanah Gibson-Mount qua...@zimbra.com
wrote
--On Thursday, September 26, 2013 10:38 AM +0200 Michael Ströder
mich...@stroeder.com wrote:
Still seeing this issue with OpenLDAP 2.4.36 that contextCSN values
retrieved via LDAP differ for quite a while.
--On Thursday, September 26, 2013 4:02 PM + Jancewicz, Russell
russell.jancew...@uconn.edu wrote:
dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
olcChainCacheURI: FALSE
olcChainMaxReferralDepth: 1
It was modified from the generation of slapd-chain2.conf which also didn't
work (I was working off the assumption that the overlay needed to be on
olcDatabase={1}frontend)
This is the slapd-chain2.conf file I am using (modified slightly)
The only differences between this and the unmodified
On Thu, Sep 26, 2013 at 08:33:56AM -0700, Quanah Gibson-Mount wrote:
--On Thursday, September 26, 2013 4:35 PM +0800 Tian Zhiying
tianzy1...@thundersoft.com wrote:
# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D
# cn=interface,dc=mydomain,dc=com -H ldaps://192.168.1.10 -W
ldap_bind:
--On Thursday, September 26, 2013 1:33 PM -0400 Brian Reichert
reich...@numachi.com wrote:
You can use an IP address, if that IP address is in the SAN (Subject
Alternate Name) list of the certificate.
True. I don't think I've actually seen anyone do it though. ;)
--Quanah
--
Quanah
On Thu, Sep 26, 2013 at 10:54:00AM -0700, Quanah Gibson-Mount wrote:
--On Thursday, September 26, 2013 1:33 PM -0400 Brian Reichert
reich...@numachi.com wrote:
You can use an IP address, if that IP address is in the SAN (Subject
Alternate Name) list of the certificate.
True. I don't
Am Thu, 26 Sep 2013 17:23:42 +
schrieb Jancewicz, Russell russell.jancew...@uconn.edu:
It was modified from the generation of slapd-chain2.conf which also
didn't work (I was working off the assumption that the overlay needed
to be on olcDatabase={1}frontend)
This is the
On 2013-09-26 15:04, Dieter Klünter die...@dkluenter.de wrote:
Am Thu, 26 Sep 2013 17:23:42 +
schrieb Jancewicz, Russell russell.jancew...@uconn.edu:
It was modified from the generation of slapd-chain2.conf which also
didn't work (I was working off the assumption that the overlay needed
Am Thu, 26 Sep 2013 19:50:08 +
schrieb Jancewicz, Russell russell.jancew...@uconn.edu:
On 2013-09-26 15:04, Dieter Klünter die...@dkluenter.de wrote:
Am Thu, 26 Sep 2013 17:23:42 +
schrieb Jancewicz, Russell russell.jancew...@uconn.edu:
It was modified from the generation of
On 2013-09-26 16:42, Dieter Klünter die...@dkluenter.de wrote:
Am Thu, 26 Sep 2013 19:50:08 +
schrieb Jancewicz, Russell russell.jancew...@uconn.edu:
On 2013-09-26 15:04, Dieter Klünter die...@dkluenter.de wrote:
Am Thu, 26 Sep 2013 17:23:42 +
schrieb Jancewicz, Russell
Andrew Findlay andrew.find...@skills-1st.co.uk wrote:
mmm ... will not it prevent non-uniqueness only for parent DN-s? while
what I'm trying to ask (I'm sorry for muddled up explanation what I mean)
about is - uniqueness for the uid *in* the entry ... so, the uniqueness
of the attribute
24 matches
Mail list logo
