Re: Question about OpenLDAP and rwm overlay

"Vandenburgh, Steve Y" writes: > Thanks for the tip Quanah (and Dieter). I have added the MSUser > schema to the configuration. However, I'm still getting the same > behavior. If I use a bind DN like > > Mail=myn...@mycompany.com > > which is potentially a valid DN, the rewriting is applied;

Re: How to correctly import schemas?

Jens Bürger writes: > […] > > Frankly, ist is a long time ago that i have been engaged in > Kolab3/Univention systems, but i believe that UCS still is based on > Kolab3. > At that time the openldap source code had been modified. In particular > schema.c, schema_init.c and schema_prep.c.

Re: How to correctly import schemas?

Jens Bürger writes: > Hi Peter, > > thanks for your answer. > […] > > not sure if I understood completely, what you wish to do (a one time clone > and no continuous replication?), > > A continuous replication in terms of maybe a daily copy-over. > > but as to schema, it should not be too

Re: accesslog database: overflow or data rotation?

Manuela Mandache writes: > Le mar. 14 mai 2019 19:31, Quanah Gibson-Mount a écrit : > > --On Tuesday, May 14, 2019 8:03 PM +0200 Dieter Kluenter > wrote: > > >> olcDbMaxSize defined for this database? Thanks! > > > > Depending on the numbe

Re: accesslog database: overflow or data rotation?

Manuela Mandache writes: > Hi all, > > A directory is configured as delta-syncrepl provider, the backends for > the main database and the accesslog database are both mdb. Everything > works fine, my question is: What happens if there are so many write > ops that the size of the accesslog

Re: strange regexp behaviour

"Dieter Kluenter" writes: > Hi, > I face a strange behaviour of a authz regexp. This is part of my > slapd.conf > > authz-regexp "gidNumber=(.*)\+uidNumber=(.*),cn=peercred,cn=external,cn= auth" > "ldap:///o=avci,c=de?dn?sub?(&(uidNumber=$2)

Re: changes in libldap?

"Dieter Kluenter" writes: > Hi, > I face some more strange error reports from some updated tools. There is > for example ldapfuse, introduced in 2011, built with > ldd /usr/bin/ldapfuse > [...] > § ldapfuse ldap://localhost ~/adbook > Unhandled LDAP error code

Re: changes in libldap?

Michael Ströder writes: > On 4/14/19 5:32 PM, Dieter Kluenter wrote: >> § ldapfuse ldap://localhost ~/adbook >>Unhandled LDAP error code -1 >>LDAP Can't contact LDAP server > > Is the server running? > > Ciao, Michael. Yes, slapd is running. In fact I

changes in libldap?

Hi, I face some more strange error reports from some updated tools. There is for example ldapfuse, introduced in 2011, built with ldd /usr/bin/ldapfuse linux-vdso.so.1 (0x7ffe8c92a000) libHX.so.28 => /usr/lib64/libHX.so.28 (0x7fdf144de000) libfuse.so.2 => /lib64/libfuse.so.2

strange regexp behaviour

hentication started SASL username: gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn:gidNumber=100+uidNumber=1000,cn=peercred,cn=external,cn=auth A result of search ldapsearch -Y EXTERNAL -H ldapi:/// -b o=avci,c=de -s sub "(&(gidNumber=100)(uidNumber=1000))" d

Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation

Robert Heller writes: R> At Thu, 28 Sep 2017 10:19:43 -0700 Quanah Gibson-Mount wrote: > >> >> --On Thursday, September 28, 2017 2:08 PM -0400 Robert Heller >> wrote: >> >> > OK, I have narrowed things down to slapd and sssd not

Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation

Robert Heller writes: > OK, I have narrowed things down to slapd and sssd not playing nice with each > other. slapd is able to listen on ldaps (port 636) and accept SSL > connections > (eg from openssl s_client and other applications using straight SSL). slapd > will

Re: Configuring OpenLDAP with a custom schema instead of default schemas

Jon Smark writes: > Hi, > > I'm new to OpenLDAP and I'm finding it hard to perform the initial > configuration (a lot of the information I find online seems to   > pertain only to old versions of OpenLDAP, which used a different > configuration system). > > Anyway, I have

Re: Stopping pagination

Côme Chilliet <c...@opensides.be> writes: > Le mardi 11 juillet 2017, 20:48:57 Dieter Kluenter a écrit : >> You should read the RFC more carefully, in particular section 3. >> A page size of 0 only returns 0 results, but does not disable the >> search control. >&

Re: Stopping pagination

Côme Chilliet writes: > Hello, > > Once a pagination server controls is set with ldap_set_option, it > seems impossible to cancel pagination by sending a pagination control > with 0 as pagesize. > > What I mean is calling ldap_set_option to set a pagination control > (let’s

Re: Not able to run OpenLDAP in SLES11

Am Sat, 17 Sep 2011 16:34:51 +0200 schrieb pradyumna dash neomatrix...@gmail.com: Hi, I am not able to run OpenLDAP, if am trying to configure it from slapd.conf file. Please find the configuration files as attached. When i run the below command i get the output ldapsearch -x -h

Re: Ldappasswd failure

Am Wed, 3 Aug 2011 17:30:40 +0530 schrieb Naga Chaitanya Palle naga.chaita...@aricent.com: Hi, I have configured a openldap2.4.25 server on RHEL5.4 and added few users to the ldap. I want to assign password to the user and I am trying it out this way, but getting Naming violation error

Re: TLS configuration with syncrepl

Am Mon, 18 Jul 2011 21:05:48 +0530 schrieb Naga Chaitanya Palle naga.chaita...@aricent.com: Hi, I am configuring TLS for syncrepl. But the consumer is not reading any updates from the server. Without tls the configuration was working fine. Please let me know where I am going wrong On

Re: Build a fake LDAP

Am Mon, 4 Jul 2011 19:15:33 -0300 schrieb Joao Robertson Kramer Santana kram...@tcu.gov.br: Hi, I have an Oracle database table with usernames and their encryted passwords. I would like to build an LDAP Server only for authentication. It should communicate with the client, receive the

Re: access

Am Wed, 6 Jul 2011 21:15:59 -0300 schrieb Friedrich Locke friedrich.lo...@gmail.com: Hey, On Wed, Jun 29, 2011 at 4:41 AM, Dieter Kluenter die...@dkluenter.de wrote: Am Tue, 28 Jun 2011 15:10:00 -0300 schrieb Friedrich Locke friedrich.lo...@gmail.com: How may i know i setted SASL

Re: stange log

Am Fri, 1 Jul 2011 15:15:05 -0300 schrieb Friedrich Locke friedrich.lo...@gmail.com: I am seeing the log messages below on my openldap installation: @(#) $OpenLDAP: slapd 2.4.23 (Jun 28 2011 17:55:44) $ @gustav.cpd.ufv.br:/usr/ports/pobj/openldap-2.4.23/build-amd64/servers/slapd

Re: fetching information

Am Wed, 29 Jun 2011 19:44:41 -0300 schrieb Friedrich Locke friedrich.lo...@gmail.com: I am planing using openldap to fetch user/group information. Below my main tree there will be ou=people and ou=group, and below those the regular user or group information. It happens that a program

Re: access

Am Tue, 28 Jun 2011 15:10:00 -0300 schrieb Friedrich Locke friedrich.lo...@gmail.com: How may i know i setted SASL/GSSAPI correctly ? Here is how i executed saslauthd: saslauthd -a kerberos5 -cd -t 60 -n 2 -s 128 Here is a test: sioux@gustav$ testsaslauthd -u sioux -p XYZ 0: OK

Re: Connections

Am Wed, 29 Jun 2011 17:05:15 -0300 schrieb Friedrich Locke friedrich.lo...@gmail.com: I would like to see how many connections openldap is serving on a given momment. I am trying this: sioux@gustav$ ldapsearch -LLL -W -D cn=oldap,dc=ufv,dc=br -b cn=current,cn=connections,cn=monitor -H

Re: Setup syncrepl on Redhat Fedora

Am Tue, 07 Jun 2011 15:15:43 -0400 schrieb Daniel Qian dan...@up247solution.com: On 11-06-07 1:40 PM, Aaron Richton wrote: On Tue, 7 Jun 2011, Daniel Qian wrote: Can anyone point out to me how I can add the module required to do replication on the provider side? I will make a document

Re: Setup syncrepl on Redhat Fedora

Am Tue, 07 Jun 2011 16:36:23 -0400 schrieb Daniel Qian dan...@up247solution.com: On 11-06-07 4:12 PM, Howard Chu wrote: Daniel Qian wrote: On 11-06-07 3:37 PM, Howard Chu wrote: On Ubuntu you would leave slapd running and just do this (as root): # ldapmodify -H ldapi:// -Y

Re: cannot restore db

Am Tue, 7 Jun 2011 18:13:55 -0600 schrieb Bidwell, Matt matt.bidw...@nrel.gov: I'm using both openldap-2.4.24 and db-5.1.25 from source. I was experiencing corrupted entries from the running database. I tried moving the openldap-data folder, created a new one, and tried running slapadd with

Re: Fail to test uid of OpenLDAP with TLS...

Am Sun, 29 May 2011 19:38:48 +0700 schrieb Nguyen, Quoc Khanh khan...@saigontech.edu.vn: Hi all, Please help me about this problem... I want to use testsaslauthd to test uid of OpenLDAP with TLS, but it fail... Here is my config: /usr/local/etc/saslauthd.conf: ldap_servers:

Re: Data aggregator

Am Fri, 15 Apr 2011 12:12:49 +0100 schrieb Hugo Monteiro hugo.monte...@fct.unl.pt: Hello all, This post may be a little OT, but i'm sure this subject has bitten some of you some time. So, i'm willing to take the chance. Anyway, feel free to redirect me and this conversation elsewhere.

Re: fedora and openldap

Judith Flo Gaya j...@imppc.org writes: Hello, After some time dealing with ldap and fedora, I'm stuck with an strange behaviour. I can successfully change the password for a certain user using the ldappasswd command, after this change (either done by the manager of the ldap or the same

Re: openldap-technical@openldap.org

Am Thu, 31 Mar 2011 09:28:12 +0200 schrieb olivier morel olivier.mo...@panoranet.com: i would like to remove my account on the mailing list , how can do Read the header of this mail. -Dieter -- Dieter Klünter | Systemberatung sip: 7770...@sipgate.de http://www.dpunkt.de/buecher/2104.html

Re: Infos needed to setup a ldap proxy

Am Thu, 31 Mar 2011 14:28:19 +0200 schrieb Frank Bonnet f.bon...@esiee.fr: Hello Anyone could send me some pointers on documentation howto setup a proxy OpenLDAP server ? Basically I need it to have a unique LDAP server to configure all our LAN clients and have the possibility to

Re: Internal (implementation specific) error (80) and cannot allocate memory

Am Sun, 27 Mar 2011 11:41:07 +0200 schrieb Hendrik van der Ploeg hvdpl...@competa.com: Op 25-03-11 12:59, Hendrik van der Ploeg schreef: Hello People, I'm importing a ldif file in a ldapserver which has 200 different databases on it. The max is 256 by the way. I import the ldif in

Re: Internal (implementation specific) error (80) and cannot allocate memory

Am Sun, 27 Mar 2011 13:20:49 +0200 schrieb Hendrik van der Ploeg hvdpl...@competa.com: [...] Yes I did. All databases are in a seperate directory with a DB_CONFIG file in each directory And the total amount of memory your system provides? Think about what you are aiming at. -Dieter --

Re: Internal (implementation specific) error (80) and cannot allocate memory

Am Sun, 27 Mar 2011 14:38:08 +0200 schrieb Hendrik van der Ploeg hvdpl...@competa.com: Yes I did. All databases are in a seperate directory with a DB_CONFIG file in each directory And the total amount of memory your system provides? Think about what you are aiming at. The systems

Re: Internal (implementation specific) error (80) and cannot allocate memory

Hendrik van der Ploeg hvdpl...@competa.com writes: Hello People, I'm importing a ldif file in a ldapserver which has 200 different databases on it. The max is 256 by the way. I import the ldif in every database only with a different DN per database of course. I can import the ldif file in

Re: OpenLDAP migration from 2.3 to 2.4

Am Fri, 18 Mar 2011 11:01:50 - (UTC) schrieb j...@bordengrammar.kent.sch.uk: Hi All, I'm currently in the progress of moving from v2.3 to 2.4 and have been following the procedure shown in the documentation for switching from the old slapd.conf to the new cn= format, i.e. slaptest -f

Re: Schema Design :: ACL on Groups by Group Members only

Am Thu, 17 Mar 2011 12:01:15 -0700 schrieb sim123 sim3...@gmail.com: Hi There, I want n number of groups (or similar structure which keeps member information) to be created and only group members have access to those groups. Members are defined in separate user branch so my DIT look like

Re: delta-sync - ContextCSN on proivder older than consumers

Am Sun, 13 Mar 2011 17:39:17 -0700 schrieb Yuri Bank yurib...@gmail.com: After doing more testing I have noticed that it is the 'Group member modify entryCSNs' that seem to get ignored by the Provider, but picked up by the Consumers. All other changes, adding or removing users seems to update

Re: delta-sync - ContextCSN on proivder older than consumers

Am Mon, 14 Mar 2011 02:43:53 -0700 schrieb Howard Chu h...@symas.com: Dieter Kluenter wrote: Am Sun, 13 Mar 2011 17:39:17 -0700 schrieb Yuri Bankyurib...@gmail.com: After doing more testing I have noticed that it is the 'Group member modify entryCSNs' that seem to get ignored

Re: delta-sync - ContextCSN on proivder older than consumers

Am Mon, 14 Mar 2011 04:53:21 -0700 schrieb Howard Chu h...@symas.com: Dieter Kluenter wrote: Am Mon, 14 Mar 2011 02:43:53 -0700 schrieb Howard Chuh...@symas.com: Dieter Kluenter wrote: Am Sun, 13 Mar 2011 17:39:17 -0700 schrieb Yuri Bankyurib...@gmail.com: After doing more

syncrepl with with multiple subordinate databases

Hi, I am facing a severe problem with the replication of subordinate databases and a log database. The initial replication of the subordinate databases is successful but afterwards slapd crashes, A backtrace and a momory map can be found here http://pastebin.de/15919 the provider slapd.conf can be

Re: LDAP single sign on with samba

Am Tue, 08 Mar 2011 07:25:45 +0800 schrieb Lumeng Lim lumeng@gmail.com: not sure if this is the right place. would like to implement samba with ldap as well as authentication using sonicwall basically, I just want to be able to manage groups, users and computers. would like

Re: Slapd restarting slowly

Am Tue, 1 Mar 2011 09:37:05 -0500 schrieb Joe Tseng joe_ts...@hotmail.com: I recently set up a file server using Fedora and I configured it to run as a PDC with Samba and OpenLDAP. It had been running very smoothly until just last night when I discovered when I tried to restart the slapd

Re: Help needed with opeLDAP configuration

Am Fri, 25 Feb 2011 11:36:17 -0800 schrieb sim123 sim3...@gmail.com: Dear All, I am new to LDAP and openLDAP, just installed and configured openLDAP 2.4.23 with Berkeley DB 4.8 on CentOS 5.4 using http://www.openldap.org/doc/admin24/quickstart.html make test gave an error on replication

Re: pcache / proxy overlay

Am Mon, 21 Feb 2011 16:09:44 -0600 schrieb Mauro Parra maur...@gmail.com: Hello, is there any document besides the Kumar's article about the openLDAP proxy cache? Specially a howto about configuring the service. man slapo-pcache(5), and there should one or two old contributions in SuSE SDB.

Re: ACL Issues

Am Wed, 16 Feb 2011 08:37:24 -0800 schrieb Troy Knabe kn...@4j.lane.edu: I didn't get any responses, so I am asking again. Did I not phrase my question correctly, or am I missing something? Thanks! -Troy On Feb 15, 2011, at 8:40 AM, Troy Knabe wrote: I am attempting to be very

Re: ldap auth does not works after openldap upgrade

Am Thu, 17 Feb 2011 11:28:59 -0200 schrieb Leonardo Carneiro chesterma...@gmail.com: On Thu, Feb 17, 2011 at 9:09 AM, Andrew Findlay andrew.find...@skills-1st.co.uk wrote: On Wed, Feb 16, 2011 at 03:29:45PM -0800, Howard Chu wrote: [...] Here is the search that Apache is doing. Note

Re: ACL Issues

Am Thu, 17 Feb 2011 07:46:24 -0800 schrieb Troy Knabe kn...@4j.lane.edu: On Feb 17, 2011, at 3:09 AM, Dieter Kluenter wrote: Am Wed, 16 Feb 2011 08:37:24 -0800 schrieb Troy Knabe kn...@4j.lane.edu: I didn't get any responses, so I am asking again. Did I not phrase my question

Re: How to make ldappasswd obey password policy restrictions?

Am Fri, 18 Feb 2011 12:55:01 +0600 schrieb Konstantin Boyandin temmo...@gmail.com: Greetings, Given: OpenLDAP: 2.4.23, password policy module enabled, default password policy loaded as dn: cn=default,ou=Policies,dc=example,dc=com cn: default objectClass: pwdPolicy objectClass: person

Re: seeking guidance with back-shell setup

Am Mon, 14 Feb 2011 12:33:15 -0800 schrieb Elle Y Suzuki esuz...@law.berkeley.edu: hello, my thunderbird does not appear to be using back-shell's searchexample.sh..? i have compiled openldap on a desktop windows xp machine with the back-shell backend enabled without threads.

Re: LDAP writes/second limit?

Am Fri, 4 Feb 2011 13:54:20 -0200 schrieb Diego Lima li...@diegolima.org: Hello all, I'm running some load tests on an LDAP server using JMeter and as part of the tests I'm running a continuous loop of users trying to change their passwords. The problem is, there is a point where OpenLDAP

Re: slapd.d syntax help for ldap proxy server

Am Fri, 4 Feb 2011 11:45:36 -0800 schrieb Anton Chu anton@telecommand.com: I'm trying to setup a ldap proxy server for push based replication. I'm in need of help with providing the correct syntax on installing a ldap proxy using slapd.d instead of slapd.conf.The items in bold are the

Re: Tagging and Data Access: a request for advice and help

Am Thu, 03 Feb 2011 10:00:05 + schrieb Gervase Markham g...@mozilla.org: On 02/02/11 17:43, Gervase Markham wrote: [I hope this message is on-topic for this list; if not, please can you tell me where I can get some advice?] Thanks to the moderator for approving my post; however, I

Re: slapindex Required or Not

Am Wed, 02 Feb 2011 09:49:04 -0700 schrieb l...@mm.st: I am in the process of rebuilding our ldap servers that are many years old to run on RH5. I basically took the existing slapd.conf file from the old server and am using it on the new server (minor changes). I did a slapcat on the old

Re: Logging to syslog

Am Wed, 02 Feb 2011 19:43:27 +0100 schrieb John Espiro john_esp...@yahoo.com: I have tied in a few things such as openid-ldap and openfire to use my ldap backend for authentication. I am wondering if it is possible to collect error logs for any invalid attempt that a user tries with these

Re: Access control

Am Mon, 31 Jan 2011 10:54:55 +0100 schrieb Thomas Schweikle t...@vr-web.de: Am 31.01.2011 08:29, schrieb Dieter Kluenter: Am Sun, 30 Jan 2011 23:36:13 +0100 schrieb Thomas Schweikle t...@vr-web.de: Hi! I am trying to set up access control for an OpenLDAP server. I'd like to use

Re: slapd logging in chroot() environment

Am Thu, 27 Jan 2011 00:37:26 +0100 schrieb Peter Palmreuther pitpalme+openl...@gmail.com: Hello On 01/26/11 08:54, Christian Manal wrote: Am 26.01.2011 07:31, schrieb Peter Palmreuther: no one with any idea about what to look for? On 01/13/11 9:03 pm, I wrote: I'm running OpenLDAP

Re: Kerberized LDAP not accessible

Am Fri, 21 Jan 2011 11:45:53 +0100 schrieb Thomas Schweikle t...@vr-web.de: Hi! I kerberized ldap: dn: cn=config objectClass: olcGlobal cn: config olcAuthzRegexp: uid=(.*),cn=example.com,cn=gssapi,cn=auth uid=$1,ou=Users,dc=example,dc=com olcSaslHost: srv.example.com olcSaslRealm:

Re: Kerberized LDAP not accessible

Am Fri, 21 Jan 2011 17:51:03 +0100 schrieb Thomas Schweikle t...@vr-web.de: Am 21.01.2011 17:17, schrieb Dan White: On 21/01/11 17:06 +0100, Thomas Schweikle wrote: Am 21.01.2011 16:02, schrieb Dan White: [...] #ldapsearch -LLL -x -H ldap://srv.example.com -s base -b

Re: No remote writes, only reads

Am Sun, 16 Jan 2011 20:42:48 -0600 schrieb m...@grounded.net m...@grounded.net: So, if I do it this way, I get the connect error; ldapsearch -x -b dc=mydomain,dc=com But this way works; ldapsearch -x -b dc=mydomain,dc=com -H ldap://192.168.1.250 and ldapsearch -x -b dc=mydomain,dc=com -h

Re: distribution list in openldap

Am Tue, 11 Jan 2011 17:20:04 -0600 schrieb Ben Kim b...@benix.tamu.edu: Hi, I'm trying to create a distribution list for outlook 2007, using openldap. Outlook reads ldap contacts quite OK, but I can't make a mailing group. Does anyone know of a good tutorial? I did some googling, but

Re: Problems importing ppolicy LDIF: LDAP_INVALID_SYNTAX

Am Thu, 13 Jan 2011 11:42:29 +0600 schrieb Konstantin Boyandin temmo...@gmail.com: Hello, OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit. In order to enable ppolicy overlay, I am trying to create the relevant entries, as specified in

Re: Granting write to ou

Am Tue, 04 Jan 2011 21:59:52 +0100 schrieb Thomas D. Dahlmann domi...@domingo.dk: something like: ldapmodify -D cn=config -W -H ldap://some.host dn:olcDatabase={1}hdb,cn=config changetype: modify replace: olcAccess olcAccess: {1} to dn.subtree=ou=addressbook,dc=example,dc=net by

Re: problem enabling ssl on openldap 2.2.13

Am Tue, 4 Jan 2011 16:52:06 + schrieb rui guidevelo...@gmail.com: Hi I am trying to enable tls based session with openldap from a client. I created a self signed certificate based on command from http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.1 My server.pem file is in

Re: problem enabling ssl on openldap 2.2.13

Am Wed, 5 Jan 2011 13:07:48 + schrieb rui guidevelo...@gmail.com: Hi, The is not readable by ldap error happens when i start ldap using /etc/rc.d/init.d/ldap restart These three lines are the source of the problem, if i remove them then no warning message on restart.

Re: Is attribute options supported?

Am Thu, 30 Dec 2010 13:09:24 +0100 schrieb Angel L. Mateo ama...@um.es: Hello, Is attribute options supported in openldap (version 2.4.21)? In RFC 2251 (LDAPv3) the attributes in search could be specified as attribute_name;options, so you could indicate options in the return

Re: invalid credentials (49) for normal user

Am Thu, 30 Dec 2010 15:14:34 + schrieb rui guidevelo...@gmail.com: Hi, This is the output after doing -d 128 http://pastebin.com/6Jb9j7F7 my latest slapd.conf is this: ### # # See slapd.conf(5) for details on

Re: invalid credentials (49) for normal user

Am Wed, 29 Dec 2010 14:52:39 + schrieb rui guidevelo...@gmail.com: Hi, After running slapd with -d 128 i have found lot of messages like this. Can somebody point me to standard acl for users, i want to authenticate for every user using ldap browser or c ldap api with

Re: invalid credentials (49) for normal user

Am Wed, 29 Dec 2010 16:32:52 + schrieb rui guidevelo...@gmail.com: Hi, I have changed the slapd.conf acl settings accordingly. Also i have switched to bdb through these two commands slapcat -f /etc/openldap/slapd.conf -l dumps.ldif slapadd -l dumps.ldif Still no luck, can't bind

Re: Kerberos/GSSAPI issues

Am Wed, 29 Dec 2010 16:50:17 + schrieb Brian Candler b.cand...@pobox.com: On Wed, Dec 29, 2010 at 07:57:43AM +0100, Dieter Kluenter wrote: The default ssf of ldapi is 71, but you may change localSSF in slapd.conf(5). [...] Thank you, that is very clear. Having changed that, I can

Re: Certificate authentication and back-ldap proxy

Am Tue, 28 Dec 2010 14:31:46 + schrieb Ubay Dorta Guerra udo...@iac.es: Hi, El 28/12/10 12:00, openldap-technical-requ...@openldap.org escribió: Hi, Am Mon, 27 Dec 2010 15:15:21 + schrieb Ubay Dorta Guerra udo...@iac.es: The simple bind under TLS worked but when i

Re: Problem with ACL in 2.4.22

Am Tue, 28 Dec 2010 17:07:17 +0200 schrieb Nick Milas n...@eurobjects.com: Hi, I have upgraded from 2.3.43 to 2.4.22 on CentOS 5.5. Everything works fine, except my ACLs don't work on the new version. Strange results occur. Has anything changed significantly in v2.4 ACLs in comparison

Re: Kerberos/GSSAPI issues

Am Tue, 28 Dec 2010 09:41:33 + schrieb Brian Candler b.cand...@pobox.com: Supplementary question: I tried to set minssf so as to require encryption, like this: # ldapmodify -Y EXTERNAL -H ldapi:/// EOS dn: cn=config replace: olcSaslRealm olcSaslRealm: WS.NSRC.ORG - replace:

Re: Certificate authentication and back-ldap proxy

Hi, Am Mon, 27 Dec 2010 15:15:21 + schrieb Ubay Dorta Guerra udo...@iac.es: Hi, El 23/04/10 17:17, masar...@aero.polimi.it escribió: The problem is that you probably do not realize that the proxy cannot do a cert-based authentication on behalf of the client because it doesn't

Re: invalid credentials (49) for normal user

rui guidevelo...@gmail.com writes: Hi, I have imported my passwd and groups file in ldap using migrate_all_online.sh script. I am able to simple bind to ldap using binddn= uid=root,ou=People,o=M1,c=GB but i can't seem to bind with any other user like rui etc with their linux password. Its

Re: Openldap Authentication

Am Thu, 23 Dec 2010 01:44:07 +0530 schrieb Sachin Bhugra sachinbhu...@hotmail.com: Hi All, I have configured a ldap server and trying to login to same ldap server using a ldap user. However, I am not able to login and getting the following in /var/log/secure: [...] I can see that if I

Re: Granting write to ou

Am Wed, 22 Dec 2010 14:46:50 +0100 schrieb Thomas D. Dahlmann domi...@domingo.dk: Hi I'm trying to add ordinary users write access to a specific ou. I've googled a lot and haven't really found any useful regarding to openldap 2.4 (slapd.d format). What would be the correct syntax for

Re: slapadd: corrupted double-linked list

Am Fri, 10 Dec 2010 09:46:06 +0100 schrieb Marc Patermann hans.mo...@ofd-z.niedersachsen.de: Howard, Howard Chu schrieb am 09.12.2010 18:21 Uhr: Marc Patermann wrote: Marc Patermann schrieb am 09.12.2010 11:40 Uhr: Howard Chu schrieb am 08.12.2010 18:55 Uhr: Marc Patermann wrote:

Re: Filesystem backend options for embedded openldap

Am Sun, 19 Dec 2010 08:02:02 -0800 schrieb Bruce Edge bruce.e...@gmail.com: On Sat, Dec 18, 2010 at 4:04 PM, Howard Chu h...@symas.com wrote: Bruce Edge wrote: On Sat, Dec 18, 2010 at 12:26 PM, Peter Lambrechtsen plambrecht...@gmail.com  wrote: Or perhaps TinyLdap?

Re: Constant invalid credentials error (49)

gael therond gael.ther...@gmail.com writes: Dear members, I installing/configuring a new OpenLDAP server with compiled sources today. But unfortunatly I got a serious issue with this server. [...] But now, if I launch my slapd, and if I want to access it throught a LDAP Browser, for

Re: slapadd: corrupted double-linked list

Hi Marc, Am Wed, 15 Dec 2010 15:53:12 +0100 schrieb Marc Patermann hans.mo...@ofd-z.niedersachsen.de: Ralf, Ralf Haferkamp schrieb am 15.12.2010 13:13 Uhr: Am Freitag 10 Dezember 2010, 09:46:06 schrieb Marc Patermann: Howard Chu schrieb am 09.12.2010 18:21 Uhr: Marc Patermann wrote:

Re: TLS trace: SSL_accept:error in SSLv2/v3 read client hello A

Am Wed, 15 Dec 2010 22:27:23 + (UTC) schrieb Martin Jungowski mar...@rhm.de: Hi everybody, I'm trying to run OpenLDAP 2.2.13 on a CentOS 4.8 box with TLS/SSL enabled. Certificate should be ok (fqdn set as common name!), self-signed since I can't copy a cacert file to all clients that

Re: can't contact the LDAP server

Am Fri, 17 Dec 2010 11:36:00 +0300 schrieb kibirango moses kibsmo...@gmail.com: hullo everybody I have tested the SLAPD server and it is giving me the output below r...@mailbackup:/etc/openldap# ldapsearch -x -W -D 'cn=Manager,dc=mak,dc=ac,dc=ug' -b -s base Enter LDAP Password:

Re: how to analysis openldap log

Am Thu, 16 Dec 2010 16:32:37 +0800 schrieb owen nirvana freeespe...@gmail.com: I could not find apis for analysising log. Thanks for help! What kind of log are you referring to? syslog, log database or monitor database? log databasem, the files like log.00x in /var/ldap/

Re: how to analysis openldap log

Am Tue, 14 Dec 2010 18:27:36 +0800 schrieb owen nirvana freeespe...@gmail.com: I could not find apis for analysising log. Thanks for help! What kind of log are you referring to? syslog, log database or monitor database? -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG

Re: Mac OS X OpenLDAP allows anonymous access to all fields

Am Mon, 13 Dec 2010 16:22:44 GMT schrieb RAT rober...@netzero.net: I am experimenting with authenticating users off of OpenLDAP. The default deployment from Apple seems to be (at least in my case) completely wide open. I have been trying to find a ACI to block access to the password value.

Re: backend issue

there is a /usr/include/db.h of an older BerkeleyDB version in your system. -Dieter On Mon, Dec 13, 2010 at 6:39 PM, Dieter Kluenter die...@dkluenter.de wrote: Am Mon, 13 Dec 2010 17:10:47 -0200 schrieb Friedrich Locke friedrich.lo...@gmail.com: Hi folks, i run openbsd as my OS of choice

Re: ACL based on superior entry

Michael Ströder mich...@stroeder.com writes: HI! Is it possible to grant access in an ACL by a certain attribute value of the superior entry? I'd like to be able to disable bind for users based on a status flag in the container entry under which all user entries reside. sets come to my

Re: ACL based on superior entry

Dieter Kluenter die...@dkluenter.de writes: Michael Ströder mich...@stroeder.com writes: HI! Is it possible to grant access in an ACL by a certain attribute value of the superior entry? I'd like to be able to disable bind for users based on a status flag in the container entry under

Re: synrepl sends wrong rid cookie?

Marc Patermann hans.mo...@ofd-z.niedersachsen.de writes: Hi, on the provider server there are 3 databases glued together with one sync provider in the top level database: ... overlay glue overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 one consumer replicates two

Re: syncrepl with accesslog not replicating

Dieter Klünter die...@dkluenter.de writes: Hi Quanah, On Mon, Nov 29, 2010 at 10:38:16AM -0800, Quanah Gibson-Mount wrote: --On Monday, November 29, 2010 6:31 PM +0100 Dieter Klünter die...@dkluenter.de wrote: Hi, I am facing a problem with OpenLDAP-2.4.23. That is I am trying to setup

Re: syncrepl with accesslog not replicating

Quanah Gibson-Mount qua...@zimbra.com writes: --On Tuesday, November 30, 2010 6:04 PM +0100 Dieter Kluenter die...@dkluenter.de wrote: Any idea what is going on? On the master, in the accesslog overlay section for the main DB, you're missing the following parameter: logsuccess TRUE

Re: syncrepl with accesslog not replicating

Hi Quanah, Quanah Gibson-Mount qua...@zimbra.com writes: --On Monday, November 29, 2010 6:31 PM +0100 Dieter Klünter die...@dkluenter.de wrote: Hi, I am facing a problem with OpenLDAP-2.4.23. That is I am trying to setup a delta replication based on accesslog. Although the accesslog

Re: Problems Enabling Authentication using Cyrus SASL

Fernando Torrez fernando_tor...@hotmail.com writes: Hi all I finally got work cyrus-imapd with cyrus-sasl (and with openldap as backend to authenticate users) I did telnet tests to both pop and imap services from localhost and worked great. but when I tried to do the same tests from

Re: Problem when trying to authenticate squid with openldap server

Am Wed, 24 Nov 2010 08:59:05 -0300 schrieb Bruno Lamps lam...@gmail.com: Hi everybody, I spent some days reading the ebook Ldap for rocket scientists ( zytrax.com/books/ldap/) and I've succesfully (I think it's a success =3 ) created a VM with debian lenny and openldap running. After

Re: syncrepl problems

Hi, Am Mon, 22 Nov 2010 19:24:26 -0500 schrieb Bram Cymet bcy...@cbnco.com: Hi, I am trying to set up a syncrepl consumer. I have done this a number of times without any problem. The consumer seems to be connecting via TLS to the producer and authenticating but the consumer directory

Re: how to compile recent openldap on Centos 5.5

Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de writes: Hello, I tried to compile the Release 2.4.23 of openldap on my centos 5.5 server. It fails with: checking db.h usability... yes checking db.h presence... yes checking for db.h... yes checking for Berkeley DB major

Re: Problems Enabling Authentication using Cyrus SASL

Fernando Torrez fernando_tor...@hotmail.com writes: Hi all I got work sasl authentication to access ldap server by correcting two things: 1.- inserting the proxyuser's userpassword in clear text (userPassord=secret) 2.- fixing the proxyuser's authzTo atributte to authzTo:

Re: Problems Enabling Authentication using Cyrus SASL

Fernando Torrez fernando_tor...@hotmail.com writes: Hi all Thanks for all your suggestions I tried the suggested command (thanks Moorthi): ldapwhoami -U proxyuser -X u:test -Y digest-md5 -I with no success. I got this error: firewall:~ # ldapwhoami -U proxyuser -X

  1   2   3   >