Hello,
I would like to monitor connectivity to my OpenLDAP using nagios with its
check_ldap script and was wondering which minimal ACL would you recommend for
that purpose?
For that purpose I will be using a dedicated user such as
cn=nagios,ou=users,dc=domain,dc=tld and would like it just to
Here is the version info -
slapd -V
@(#) $OpenLDAP: slapd 2.4.23 (Apr 22 2013 05:03:41) $
mockbu...@x86-007.build.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.
23/openldap-2.4.23/build-servers/servers/slapd.
There are few practical implementation documents for the new cn=config
Choure, Sidd wrote:
Here is the version info -
slapd -V
@(#) $OpenLDAP: slapd 2.4.23 (Apr 22 2013 05:03:41) $
mockbu...@x86-007.build.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.
23/openldap-2.4.23/build-servers/servers/slapd.
There are few practical implementation documents for
Hi,
since it is working for a lot of people (including some of our
customers) it seems that you are doing something wrong.
What about the contents of your entries: Are you sure that you have the
attribute userPassword with the value
{SASL}username@AD-realm
set in all entries that are to bind
Hi,
If it's only bind and nothing else, this user won't be able to read any
information concerning the monitor backend.
If you want to really really restrict this user to access unneeded data,
list what attributes the check_ldap need to read, and allow your user to
read only those.
-- Esteban
So you don¹t have a solution?
Siddharth Choure
Senior Systems Engineer
On 11/25/13, 8:52 AM, Howard Chu h...@symas.com wrote:
Choure, Sidd wrote:
Here is the version info -
slapd -V
@(#) $OpenLDAP: slapd 2.4.23 (Apr 22 2013 05:03:41) $
Choure, Sidd wrote:
So you don¹t have a solution?
The Project only supports current releases, the current release is 2.4.38.
Since you're running Red Hat's old build of 2.4.23, which was released over 3
years ago, you should contact them for support.
Siddharth Choure
Senior Systems
Am Mon, 25 Nov 2013 03:20:55 -0800 (PST)
schrieb ML mail mlnos...@yahoo.com:
Hello,
I would like to monitor connectivity to my OpenLDAP using nagios with
its check_ldap script and was wondering which minimal ACL would you
recommend for that purpose?
For that purpose I will be using a
--On Monday, November 25, 2013 7:03 AM -0800 Howard Chu h...@symas.com
wrote:
Choure, Sidd wrote:
So you don¹t have a solution?
The Project only supports current releases, the current release is
2.4.38. Since you're running Red Hat's old build of 2.4.23, which was
released over 3 years ago,
Thanks for your answers. Btw check_ldap from nagios has a -3 option to enable
LDAPv3 queries. the tlb-project.org has very nice nagios plugins, will try them
out asap.
ML
On Monday, November 25, 2013 4:07 PM, Dieter Klünter die...@dkluenter.de
wrote:
Am Mon, 25 Nov 2013 03:20:55 -0800
ML mail wrote:
I would like to monitor connectivity to my OpenLDAP using nagios with its
check_ldap script and was wondering which minimal ACL would you recommend
for that purpose?
It really depends on what you want to check.
Things which come to mind:
1. Performance data from cn=monitor
2.
Hello,
I've searched the archives of this list, the web as best I can, and have
this same question asked to the sssd-devel mailing list and can not seem to
find an answer this my question. I have a RHEL 6.4 server with OpenLDAP
2.4.23-32.el6_4.1 and sssd 1.9.2-129.el6, both installed as
Viviano, Brad wrote:
Hello,
I've searched the archives of this list, the web as best I can, and have
this same question asked to the sssd-devel mailing list and can not seem to
find an answer this my question. I have a RHEL 6.4 server with OpenLDAP
2.4.23-32.el6_4.1 and sssd 1.9.2-129.el6,
Howard,
I'm not expecting it to validate their password, I am expecting it to check
if their account is locked for some reason. If their account is locked in
LDAP, it shouldn't let them login under any circumstances. For technical
reasons we need ssh public keys to operate (IBM GPFS), but
Change the users she'll to nologin.
Mike
On Nov 25, 2013, at 1:23 PM, Howard Chu h...@symas.com wrote:
Viviano, Brad wrote:
Hello,
I've searched the archives of this list, the web as best I can, and have
this same question asked to the sssd-devel mailing list and can not seem to
Autocorrect shell
On Nov 25, 2013, at 1:33 PM, Michael mlstarlin...@hotmail.com wrote:
Change the users she'll to nologin.
Mike
On Nov 25, 2013, at 1:23 PM, Howard Chu h...@symas.com wrote:
Viviano, Brad wrote:
Hello,
I've searched the archives of this list, the web as
Viviano, Brad wrote:
Howard,
I'm not expecting it to validate their password, I am expecting it to
check
if their account is locked for some reason. If their account is locked in
LDAP, it shouldn't let them login under any circumstances. For technical
reasons we need ssh public keys to operate
Viviano, Brad wrote:
I'm not expecting it to validate their password, I am expecting it to check
if their account is locked for some reason. If their account is locked in
LDAP, it shouldn't let them login under any circumstances. For technical
reasons we need ssh public keys to operate (IBM
Hi.
I have OpenLDAP 2.4.36 server grabbed from LTB project. I’ve noticed two
issues, can anyone confirm the same behavior?
First - ACLs:
to dn.base=
by users read
to dn.subtree=ou=disabledaccounts,o=examples
by dn.base=cn=replicationmanager,o=example read
by * none
to
Wiadomość napisana przez Aleksander Dzierżanowski o...@e-lista.pl w dniu 25
lis 2013, o godz. 20:15:
First - ACLs:
Sorry for first question, as I can see in docs write access gives automatically
read access.
I was not aware of this.
—
Olo
For userPassword by self write implies the ability to read as well, try
by self =xw if you want to be able to write to userPassword without being
able to view it.
On Mon, Nov 25, 2013 at 2:15 PM, Aleksander Dzierżanowski
o...@e-lista.plwrote:
Hi.
I have OpenLDAP 2.4.36 server grabbed from
21 matches
Mail list logo