On 28/09/12 02:38, Howard Chu wrote:
For those who haven't been following along, support for OpenLDAP's MDB
(memory-mapped database) library is also available for several other
open source projects, including Cyrus SASL (sasldb mech), Heimdal
Kerberos (hdb module), SQLite3, OpenDKIM, and
On 29 avr. 2012, at 10:27, stefano malini lozing...@gmail.com wrote:
I used slapindex also, the output is:
stefano@amahoro:~$ /usr/sbin/slapindex
/etc/ldap/slapd.conf: line 20: invalid path: Permission denied
slapindex: bad configuration file!
Try running slapindex as the user openldap.
Le 03/04/12 20:39, Francis Swasey a écrit :
On 4/3/12 11:50 AM, Howard Chu wrote:
I don't see any description in the admin guide about how to convert a *.schema
file into a
*.ldif file. Google tells me that most people are using slaptest with the -F
and -f parameters
with a specially
Hi,
On 02/04/12 14:52, Imre Bertalan wrote:
Hi guys.
This is not really an OpenLDAP question, but it seems we have some fine
qualified users here, so I'll ask this question here. :)
I have a nice working Zentyal 2.2 server with DNS and SambaPDC. Windows
client's can join the domain with
credentials=secret mode=none
Will cause all connections to the proxied LDAP server to use those
credentials. Is this what you're trying to achieve?
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
On 30/03/2012 15:27, Howard Chu wrote:
Nick Milas wrote:
On 30/3/2012 3:04 μμ, Nick Milas wrote:
I would expect some test parameter in build/version.var, but I
didn't see any.
Hmm, I guess I could simply change (in build/version.var):
ol_patch=X
from X to e.g. 29a or to 29.1 ?
Would
On 07/06/11 08:06, Silvio Verrecchia wrote:
Hello gurus,
I'm migrating a Sun DS to Openldap and I've an highly personalized
99user.ldif file with user defined objectclass and attributes
(hundreds... :( :( )
Regarding personalized schema definitions, is there a way
(script/batch/etc) to
to change the configs ?
Hi,
I'm not entirely sure I've understood your question, but you can write
ACLs to allow any user (using any DN, thus including a DN from a BDB
database) access to the cn=config subtree.
Jonathan
--
--
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
failed password attempts or other operational attributes
(actually, using the chain overlay it is possible to forward these
updates for ppolicy but not currently with the lastbind overlay ).
Jonathan
--
==
Jonathan CLARKE
--
==
Jonathan CLARKE
--
Normation
44 rue Cauchy, 94110 Arcueil, France
--
Telephone: +33 (0)1 83 62 41 24
--
Web:http://www.normation.com/
==
installation.
Hope this helps,
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
On 23 janv. 2011, at 00:30, m...@grounded.net m...@grounded.net
wrote:
I'm trying to find leads on what else to look for with this problem.
Locally, I can create users, etc.
From remote centos servers, I can create and read account info from
command line.
However, from remotes using
On 14/11/10 18:29, Paulo Jorge N. Correia (paucorre) wrote:
Hi all,
I’m just starting with openLDAP and saslauth, and I’m trying to
replicate what I can achieve with ADAM/AD LDS in Windows platform.
I’m trying to use openldap to aggregate user information from several AD
servers
be faulty, either on the clients or the server?
What results do you get when running a similar search manually from the
clients, via ldapsearch?
Any error or warning messages in the slapd logs?
Jonathan
--
==
Jonathan CLARKE
based relation.
Hope this clears some things up!
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
Hi,
Le 24/09/2010 07:31, Alister Forbes a écrit :
Hi Jonathon,
On 23 Sep 2010, at 15:24, Jonathan CLARKE wrote:
Hello Alister,
Le 23/09/2010 12:04, Alister Forbes a écrit :
All,
I have two identical servers (RHEL based VMs, server1 and server3)
running 2.4.23 openldap.
built
with -c rid=001
-c rid=003, to reset the replication status, and take it from there.
Hope this helps,
Jonathan
--
==
Jonathan CLARKE
--
Normation
44 rue Cauchy, 94110 Arcueil, France
Hi Andrew,
On 10/09/2010 18:42, Andrew Findlay wrote:
On Fri, Sep 03, 2010 at 08:06:31PM +0200, Jonathan CLARKE wrote:
I don't have any problems using the 2 syncrepl statements side-by-side on
the slave. When one master goes offline, replication continues from the
other, etc.
I have done
in the same
order on all servers.
I see no changes between 2.4.22 and 2.4.23 that could lead to this
specific error occuring, but of course it may be more complicated than
it looks.
Jonathan
--
==
Jonathan CLARKE
:
This list is intended for discussion of technical issues related to the
use of OpenLDAP Software.
OpenLDAP software includes slapd, the libraries, utilities, tools and
sample clients (from http://www.openldap.org).
Jonathan
--
==
Jonathan CLARKE
--
==
Jonathan CLARKE
--
Normation
44 rue Cauchy, 94110 Arcueil, France
--
Telephone: +33 (0)1 83 62 26 96
--
Web:http://www.normation.com/
==
...
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
://www.openldap.org/lists/mm/listinfo/openldap-software
The official announcement was sent out to all subscribers, see:
http://www.openldap.org/lists/openldap-software/201005/msg00095.html
So I'm here.
This is the right place to be :)
Jonathan
--
==
Jonathan
server).
Being able to log in to a system using accounts from LDAP is another. To
acheive this, I suggest you google one of many tutorials on PAM NSS LDAP.
Hope this helps,
Jonathan
--
==
Jonathan CLARKE
--
Normation
, though, if that's what you want.
Jonathan
--
==
Jonathan CLARKE
--
Normation
44 rue Cauchy, 94110 Arcueil, France
--
Telephone: +33 (0)1 83 62 26 96
/philosophy/no-word-attachments.html
--
==
Jonathan CLARKE
--
Normation
44 rue Cauchy, 94110 Arcueil, France
--
Telephone: +33 (0)1 83 62 26 96
Le 03/09/2010 17:18, Andrew Findlay a écrit :
On Fri, Sep 03, 2010 at 04:35:24PM +0200, Jonathan CLARKE wrote:
DB_LOCK_DEADLOCK errors are only a warning: retries should occur until the
operation completes. Of course, if they can be avoided, best avoid!
Question: is this topology sensible
comment comes to mind: your
setting of attrs=* in the syncrepl statements is going to prevent
operational attributes not to be replicated. This is most likely not
what you want.
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
/etc/ldap/slapd.conf?
but the server is running.
I believe that Debian testing has switched to the cn=config based
configuration now, and you should find it stored in /etc/ldap/slapd.d/.
--
--
Jonathan Clarke - jonat...@phillipoux.net
database. This seems unnecessary, an
may well cause problems. I suggest you remove it.
Hope this helps,
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap
/slapd.conf, but some distributions may use other paths
(Debian uses /etc/ldap/sasl/slapd.conf).
This file should contain at least pwcheck_method: saslauthd, and be
readable by slapd.
Hope this helps,
Jonathan
--
--
Jonathan Clarke - jonat
the CSN, and thus the serverID of the server you performed
the operation on, eg:
entryCSN: 20100816090343.822782Z#00#001#00
Here the serverID is 001.
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
://blog.normation.com/2010/07/18/java-ldap-sdk-for-syncrepl-replication-showcase/
Hope this helps,
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization
re-sync of your backup instance.
This should help!
Jonathan
--
==
Jonathan CLARKE
--
Normation
44 rue Cauchy, 94110 Arcueil, France
--
Telephone: +33 (0)1 83 62 26 96
this helps,
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
Le 27/07/2010 02:51, Zhang Weiwu a écrit :
On 2010年07月26日 22:13, Jonathan Clarke wrote:
Actually if you re-read that (means the document), you'll see that it
says to use the 'olcBdbConfig' objectClass *in addition* to the
olcDatabaseConfig objectClass.
If you re-read my original post, you
Le 21/07/2010 14:29, Juliano Rodrigues a écrit :
On 21/07/10 05:33, Jonathan Clarke wrote:
On 21/07/2010 02:28, Juliano Rodrigues wrote:
Hello,
Im using Phamm, its an php-web front-end to manage ldap postfix virtual
hosting mail env. at my Fedora 11 box (openldap 2.4.15-7).
Its designed
=tld$
by dn=cn=admin,dc=example,dc=tld write
by self read
--- end ---
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
Hi,
I've set up an ldap backend, with a pcache overlay to cache binds for PAM.
The config is below, for info.
My question concerns the pcachePersist parameter. From the man page:
pcachePersist { TRUE | FALSE }
Specify whether the cached queries should be saved across restarts of
the caching
,
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
a SASL bind.
AD does in fact accept plain LDAP binds with a username in place of a
DN. Or at least usern...@domain.tld. It's one of those weird things...
--
--
Jonathan Clarke - jonat...@phillipoux.net
On Tue, 13 Jul 2010 07:32:53 +, Stuart Cherrington
stuart_cherring...@hotmail.co.uk wrote:
Hi,
Running OpenLDAP 2.4 on RHEL 5.
In order for my SOlaris 10 clients to start using the OpenLDAP service I
need the objectclass 'nisDomainObject' to be declared. I found this
objecttype in the
On Tue, 13 Jul 2010 11:19:06 +0200, openldap...@stresst.net wrote:
On 07/12/2010 07:40 PM, Quanah Gibson-Mount wrote:
--On Monday, July 12, 2010 5:01 PM +0200 openldap...@stresst.net wrote:
Attached to this message you'll find a quick and dirty bash script that
should determine the cachesize
On Mon, 12 Jul 2010 08:10:56 +, Stuart Cherrington
stuart_cherring...@hotmail.co.uk wrote:
Hi,
I'm running Openldap 2.4 on Rhel5. I've got the basics working, user
accounts etc, but have tried adding some new schemas which I'm getting
problems with. I followed a VERY helpful Blog at
On Mon, 12 Jul 2010 14:13:27 +0100, Nicholas Syrotiuk
syrot...@manchester.ac.uk wrote:
Dear OpenLDAP users,
We have downloaded OpenLDAP 2.4.22 from Sunfreeware.com and installed
it. We have successfully imported the LDAP data from another server.
We are using the *simple* authentication
:
http://www.openldap.org/faq/data/cache/1140.html
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
posting an excerpt of the LDIF that
fails, and your config.
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
://www.openldap.org/lists/openldap-technical/201006/msg00225.html
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc
have the right idea?
Apache does all this for you. See:
http://httpd.apache.org/docs/2.1/mod/mod_authnz_ldap.html
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap
.
That would probably work, yes.
I would instead recommend doing a slapcat on one consumer, copying over
the file to second consumer, slapadd, then starting that consumer.
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
.
Luizmarceloo!
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
database definition.
Looks like your mailer has provided the solution: it seems there's some
funny (probably invisible) character after syncrepl. Delete the line and
rewrite it...
Jonathan
--
--
Jonathan Clarke - jonat
can now be (advantageously) set
up from slapd.conf or slapd-config via the dbconfig parameter.
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization
,
such as Ldap Synchronization Connector (LSC), which is designed for
exactly this purpose - see http://lsc-project.org.
Hope this helps,
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
) to a distant LDAP server.
If you just want an LDAP proxy with multiple backends, take a look at
the meta and ldap backends:
http://www.openldap.org/software/man.cgi?query=slapd-meta
Hope this helps,
Jonathan
--
--
Jonathan Clarke
keyword in ldap.conf
for OpenLDAP clients.
If you're configuring this on a Linux server, I think you'll find the
equivalent configuration in /etc/libnss_ldap.conf or similar.
Hope this helps,
Jonathan
--
--
Jonathan Clarke - jonat
.
Many thanks,
Mark.
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
change the rootdn's password in the configuration file or
configuration backend:
http://www.openldap.org/doc/admin24/slapdconfig.html#rootpw%20%3Cpassword%3E
Hope this helps
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
configured.
This option was clearly designed for read-only slaves.
I'm not sure what the behaviour would be in a multi-master setup. You
could try this anyway. Any ideas from someone else?
Regards,
Jonathan
--
--
Jonathan Clarke - jonat
Do you think, there are some steps or configurations I am missing.
Yes. To login via LDAP on your Linux box you also need to configure PAM
and NSS. Plenty of information on that by googling.
Jonathan
--
--
Jonathan Clarke - jonat
groups: one listing members, and another one,
dynamically filled from the contents of the first.
Regards,
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap
,
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
On 25/02/2010 13:17, Seger, Mark wrote:
-Original Message- From: Jonathan Clarke
[mailto:jonat...@phillipoux.net] Sent: Thursday, February 25, 2010
6:00 AM To: Seger, Mark Cc: openldap-technical@openldap.org
Subject: Re: a newbie trying to get the basics of syncrepl going
On 23/02
, initial setup *does* require changing the configuration of the
provider.
Jonathan
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
dynamic groups on the fly without restarting slapd?
Yes. You may need to load the overlay as a module, if you don't have it
compiled in statically, then add the overlay config object under your
database.
Regards,
Jonathan
--
--
Jonathan
On 01/04/2010 07:33 PM, Diego Lima wrote:
Hello all,
I'm trying to import an LDIF file where some users have values that
appear to be encoded on the file. The values have two : (i.e. ::) and
appear like this:
# entry-id: 36545
dn: uid=someuser,ou=funcionarios,ou=pessoal,o=xxx,c=xxx
l::
On Thu, 10 Dec 2009 15:35:26 +0100, Peter Mogensen a...@mutex.dk wrote:
Jonathan Clarke wrote:
Is it possible to temporarily turn of mirroring of cn=config, so I can
raise loglevels on server2 without the change being replicated to
server1 and thus hanging the whole system ?
Of course
of other groups the user is a member of.
So, yes, all members of a group with gid 4 have the permissions
granted to that group. Each user also has the permissions of his main
group.
Hope this helps,
Jonathan
--
--
Jonathan Clarke - jonat
OpenLDAP schema, and created entries that use it, then
it can't work.
What are you trying to achieve? Does your OpenLDAP server contain the
same accounts ad your Microsoft AD?
Regards,
Jonathan
--
--
Jonathan Clarke - jonat
set_lk_max_objects 1500
set_lk_max_locks 1500
set_lk_max_lockers 1500
--
--
Jonathan Clarke - jonat...@phillipoux.net
--
Ldap Synchronization Connector (LSC) - http://lsc
78 matches
Mail list logo