speculating, of course.
Bye
Marco
On Wed, Jul 16, 2014 at 8:29 PM, Michael Ströder mich...@stroeder.com
wrote:
Marco Pizzoli wrote:
yes but leveraging the copytruncate option of logrotate. So you don't
have to worry about the open state of the file.
Truncating in the middle of a LDIF record
Apologies for having top-posted before.
On Thu, Jul 17, 2014 at 8:26 AM, Ulrich Windl
ulrich.wi...@rz.uni-regensburg.de
javascript:_e(%7B%7D,'cvml','ulrich.wi...@rz.uni-regensburg.de'); wrote:
Marco Pizzoli marco.pizz...@gmail.com
javascript:_e(%7B%7D,'cvml','marco.pizz...@gmail.com
Hi Ulrich,
yes but leveraging the copytruncate option of logrotate. So you don't
have to worry about the open state of the file.
HTH
Marco
On Wed, Jul 16, 2014 at 3:54 PM, Ulrich Windl
ulrich.wi...@rz.uni-regensburg.de wrote:
Hi!
The manual does not say whether the file auditlog uses is
Hi Italo
On Tue, Feb 25, 2014 at 2:08 AM, Italo Valcy italova...@gmail.com wrote:
Dear all,
I`m trying to setup replication from OpenLDAP to Fedora 389 DS.
Honestly I don't know the actual state of this implementation, but I
suggest you have a look at:
- the changelog of 389DS 1.3.2.2 [1]
-
All tests fine even here.
Compiled HDB and MDB on RHEL6.4 64bit with gperftool.
Regards
Marco
On Tue, Oct 22, 2013 at 10:27 PM, Quanah Gibson-Mount qua...@zimbra.comwrote:
If you know how to build OpenLDAP manually, and would like to participate
in testing the next set of code for the 2.4.37
Hi all,
considered the importance of the patches which have landed in the last few
days, could I ask to start with a testing call for a new release?
I'm confident they could solve the crashes I have been facing since I
started working heavily with back-mdb and I'm only allowed to work with
Hi Christian,
I'm not one of the gurus you were talking about, but I would appreciate
that very much anyway!!
I recently filed an ITS asking also for excluding specific entries from
having the authTimestamp attribute populated (ITS#77076).
If you think it should be not so difficult to
On Mon, Jul 29, 2013 at 9:44 PM, Quanah Gibson-Mount qua...@zimbra.comwrote:
If you know how to build OpenLDAP manually, and would like to participate
in testing the next set of code for the 2.4.36 release, please do so.
Generally, get the code for RE24:
Hi all,
I would like a hint on how to syncreplicate only a group of subtrees from a
master DIT.
In example, if I have a BaseDN called ou=root,dc=my_domain with 4
subtrees at the first nesting level (ou=subtree1, ou=subtree2, and so
on..), how can I configure a slave to syncrepl only subtree1 and
Hi all,
I think I already know the answer, but I would like to be absolutely sure
about it.
Could I generate a {SSHA1} hash of a password (to be used for the rootdn
account) with the help of slappasswd utility on a system and reuse that
salted hash for the very same purpose but on a different
On Wed, Mar 27, 2013 at 2:14 AM, Quanah Gibson-Mount qua...@zimbra.comwrote:
If you know how to build OpenLDAP manually, and would like to participate
in testing the next set of code for the 2.4.35 release, please do so.
Generally, get the code for RE24:
Hi all,
Is it possible I discovered a limit on the number of attributes I can
specify on the attrs parameter of the replica directive in slapd.conf?
In my config file, for the replica directive, I explicited a long list of
attributes. On the provider side I can see, on the provider slapd logs,
On Thu, Feb 28, 2013 at 4:10 PM, Marco Pizzoli marco.pizz...@gmail.comwrote:
Hi all,
Is it possible I discovered a limit on the number of attributes I can
specify on the attrs parameter of the replica directive in slapd.conf?
In my config file, for the replica directive, I explicited a long
Hi all,
yes, I already know this is not possible. But I have a particular scenario
and maybe someone could give advice.
In an LDAP tree I inherited some times ago, I have entries created many
years ago by using a schema definition which implied an entry to acquire as
structuralObjectClass a
On Thu, Jun 28, 2012 at 2:09 AM, Todd Stein todd.st...@openx.org wrote:
Hi,
I have a provider server and five consumer servers, all of which have the
memberOf overlay configured:
overlay memberof
memberof-group-oc groupOfUniqueNames
memberof-member-ad uniqueMember
memberof-refint true
Hi Quanah,
On Mon, Oct 29, 2012 at 6:16 PM, Quanah Gibson-Mount qua...@zimbra.comwrote:
--On Monday, October 29, 2012 8:52 AM +0100 Marco Pizzoli
marco.pizz...@gmail.com wrote:
If I try to configure a second replica configration targeted directly to
(in example) to ou=ou3, then that ou
Hi all,
I'm using OL 2.4.33 and I'm trying to replicate a tree to an instace of OL
2.4.33 composed by multiple databases.
My tree is something as this:
- basedn
- ou=ou1
- ou=ou2
- ou=ou3
If I have all my subtrees, on the master, served by a single db... then I
can syncrepl to the
Hi list,
I would like to create a virtual view of my data.
In short, this is my tree
ou=main
|--ou=unitA
|--uid=user1
|--uid=user2
|--ou=unitB
|--uid=user3
|--ou=unitC
|--uid=user4
|--uid=user5
And this is what I would like to have:
ou=main
|-- ou=my_virtual_view
Hi all,
last time I answered Quanah's testing call I simply downloaded the tgz from
gitweb and then compiled as usual.
This is the link I can find on gitweb:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs/heads/OPENLDAP_REL_ENG_2_4;sf=tgz
Hope this helps
Marco
2012/2/1 Michael Ströder mich...@stroeder.com
Quanah Gibson-Mount wrote:
--On Wednesday, February 01, 2012 1:40 PM +0100 Michael Ströder
mich...@stroeder.com wrote:
Nick Milas wrote:
On 1/2/2012 12:19 μμ, Emmanuel Lecharny wrote:
Any direction on how to test the build and to check out
Hi, actually it has been a while since I did it last time... it could be
that my memory starts to faulting.
But this behaviour could also be due to the oldness of your memberOf
overlay. I cannot afford again the slapcat/drop/slapadd these days, sorry.
Marco
On Thu, Dec 1, 2011 at 5:36 PM, Bryce
slapo-memberof(5) does not support tool mode; in order to populate the
memberOf attribute of an existing database you need to use ldapadd(1).
You could, for example, dump your group entries, remove them, and re-add
them via ldapadd(1).
Hi Ando,
correct me if I'm wrong, but another method is
Any advice concerning the configuration?
Hi,
the configuration is pretty straightforward. This is mine:
overlay memberof
memberof-group-oc groupOfNames
memberof-member-ad member
memberof-memberof-ad memberOf
memberof-dn cn=Manager,dc=my_base_dn
memberof-dangling ignore
memberof-dangling-error
Hi, some times ago I considered the possibility to export ldap-data as dsml
(xml).
OpenLDAP doesn't natively support (yet) dsml output, but you can find
something on the web that could help you.
Mi idea was then to write a CSS or XSLT stylesheet to transform the dsml in
a more
2011/4/28 Michael Ströder mich...@stroeder.com:
Marco Pizzoli wrote:
could someone point me to some resources, in particular usage
examples, about DIT content rules?
Example:
dITContentRule ( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson-dcr'
NOT ( x121Address )
AUX ( msPerson
Hi,
OpenLDAP is officially supported only with BerkeleyDB versions at
maximum equal to 5.0.x, and this particular version only since 2.4.24.
See http://www.openldap.org/lists/openldap-announce/201102/msg0.html
You should try with the latest one available: 2.4.25
Hope this helps
Marco
On
Apart the fact we were told not to touch slapd.d, this will raise complexity
(adding a VCS, finding a way to relate commens to contens, and so on).
So now I need more logic, more programs, when I can do everything with just
an editor and some text when having a file.
I do agree.
My thought
Hi list,
could someone point me to some resources, in particular usage
examples, about DIT content rules?
Thanks in advance
Marco
--
_
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison
On Thu, Apr 28, 2011 at 1:27 PM, Alejandro Imass aim...@yabarana.com wrote:
On Thu, Apr 28, 2011 at 6:54 AM, Marco Pizzoli marco.pizz...@gmail.com
wrote:
Hi list,
could someone point me to some resources, in particular usage
examples, about DIT content rules?
The first rule
On Thu, Apr 28, 2011 at 7:33 PM, Quanah Gibson-Mount qua...@zimbra.com wrote:
--On Thursday, April 28, 2011 11:21 AM +0200 Marco Pizzoli
marco.pizz...@gmail.com wrote:
Hi,
OpenLDAP is officially supported only with BerkeleyDB versions at
maximum equal to 5.0.x, and this particular version
I completely agree. As I said, a little statistic to understand what people
use could be interesting. For me comments and a text file config is
mandatory. I am not configuring mysql.cnf using a mysql database. As it has
been said before, once your setup is done, you barely change it. And a
Hi all,
do you know if I could use filenames with relative paths in include
directive on my slapd.conf configuration file?
If yes, which is the root directory referred to?
Thanks
Marco
--
Hi
[cut]
Check against OpenLDAP 2.4.25. I believe nearly all backends and overlays
support slapd-config now.
I'm using 2.4.25, but short of trying every one of the official and
contrib overlays one by one, I don't know of any way to find out which
ones don't support slapd-config. That's
soft
2011/4/5 Marco Pizzoli marco.pizz...@gmail.com
On 5 Apr 2011 16:11, c0re nr1c...@gmail.com wrote:
nss_ldap.conf:
timelimit 10
bind_timelimit 5
bind_policy soft
nss_connect_policy oneshot
I think every mail that come through my mail relay ask openldap about
nss
Hi,
Could it be due to SELinux enforcing?
Could you check with getenforce command to see if this is the case?
If so, could you check your /var/log/audit/auth.log (or similar) and tell if
you see something wrong in it?
M.
On Thu, Mar 31, 2011 at 4:08 PM, Dan White dwh...@olp.net wrote:
On
Hi all,
I would like to learn how to write an overlay.
I'm looking at overlay sources as available in the OpenLDAP package, but
they appear to be too complex to me, particularly in not having clear
comments/descriptions and, most of all, considering that I'm an occasional C
programmer.
I ask if
Hi,
I could be corrected if I'm wrong, but this problem is not related to
OpenLDAP. It's a nss_ldap problem.
nss_ldap is a client library that's used by linux vendors to achieves
seamless integration of users against *a* LDAP server.
I had a similar problem with a complex configuration and
Hi list,
could someone tell me how can I obtain a binary slapd with all libraries
linked statically in it?
I tried mixing many --enable-static / --enable-shared=no etc... without no
luck.
I also tried invoking make with LTFLAGS=-static
Thanks
Marco
--
Hi list,
I'm having a problem in using the example back_shell example of OL
distribution.
I'm using OL 2.4.21 as released in Ubuntu10.04 distribution.
This is my database definition:
databaseshell
suffix dc=pippo,dc=it
search /tmp/slapd_search.sh
This is the example
Hi all,
on the same line of previous mail about openldap performances on Solaris, I
would like to know if someone has experience about AIX.
I'm evaluating a deploy on this platform and I would like to know about any
performance comparison/experience between AIX (5.3/6.1/7.1) and Linux.
Thanks in
Sorry, but I do not agree.
What I can do is some tests with my relative little user database with my
specific configuration.
I surely cannot encounter any problem that a more complex (or simply
different) configuration would be able to.
If I need to introduce a new software in my production
Hi list,
Today I downloaded the HEAD repository and tried to compile also the contrib
module lastbind.
With the configure script I'm not able to have that module built in.
I have to do something particular?
Thanks
Marco
--
_
Non è forte chi non cade, ma
On 7 Feb 2011 22:31, Marco Pizzoli marco.pizz...@gmail.com wrote:
Hi Jonathan,
I understand the locality of the attribute, but my question is motivated
by the ppolicy_forward_updates directive that addresses this identical
problem.
Do you think it would be possible to have a similar feature
went from:
- search and delete of 1-day entries in about 22hours
to
- search and delete of 9-days entries in 40minutes
Marco
On Thu, Feb 3, 2011 at 7:23 PM, Marco Pizzoli marco.pizz...@gmail.comwrote:
Hi Howard,
probably you are addressing me to this part:
When using a log database
?
Augmenting the frequency of this job could help in this meaning?
Every best practice to follow to use accesllog effectively will be very
appreciated! :-)
Thanks
Marco Pizzoli
--
_
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi
, Howard Chu h...@symas.com wrote:
Marco Pizzoli wrote:
Hi all,
I would like to know the internal behaviour of slapo-accesslog.
Read the slapo-accesslog(5) manpage. Re-read the logpurge description and
don't skip any of it.
I would like to have accesslog with a data retention of 10 days
Hi all,
I would like to know if is it possibile to have accesslog overlay to write
to a remote ldap server.
I have 2 OL instances and I would like to aggregate accesslog data on 1
server dedicated to serve accesslog query.
Thanks in advance
Marco
--
_
Hi all,
I would like to know if is there a plan to make a new release of OL in the
following months.
Thanks in advance
Marco
--
_
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison
Hi all,
is there a way to obtain a OL configuration to permit proxying an ldap
connection without knowledge in advance about the target ldap server?
Simple scenario, I would like to put a proxy system in front of a client
which is trying to check a Certificate Revocation List (CRL), which is
...@zimbra.comwrote:
--On Wednesday, September 29, 2010 9:02 AM +0200 Marco Pizzoli
marco.pizz...@gmail.com wrote:
Hi Quanah,
you're right. Those weren't my configuration but only an indication of
the order in which those groups of directives appear in my slapd.conf
config file.
If you disable
accessing the
other ldap servers. In my deploy I used iptables to not permitting the
connection so they reverted to another one until the populating end.
Hope this helped.
Regards
Marco
Thanks
Karthik.
On Wed, Sep 29, 2010 at 10:49 PM, Marco Pizzoli
marco.pizz...@gmail.comwrote:
Hi,
I had
:37 PM +0200 Marco Pizzoli
marco.pizz...@gmail.com wrote:
Today I tried to change the order of overlays inclusion and I had the
same problem.
If the module was not loaded, I couldn't save that data in the accesslog
db.
Someone could suggest a possible solution or an alternative trial?
Do
Hi,
I had the same problem some times ago.
I could be corrected by someone, but the glue is the way by which the OL
system revert to represent entries that are accessible directly.
I mean, if you have a subtree like this one
ou=a -- ou=b -- ou=c
Assume that your ou=b entry is not available
CLARKE
jonathan.cla...@normation.com wrote:
On 22/09/2010 09:10, Marco Pizzoli wrote:
Hi Jonathan,
no, all my 4 systems are configured equally, same configuration file
(except for little specifications of every single instance) on all of
them. The only difference is OL version which
:
Hi Marco,
Le 16/09/2010 13:07, Marco Pizzoli a écrit :
I came to this evidence in investigating an anomaly that I'm having with
my accesslog database.
Symptom I was having was continuous high cpu spot. I suspected it was
due to my accesslog database.
- I made a slapcat of my entire log
:35 PM, Quanah Gibson-Mount qua...@zimbra.comwrote:
--On Monday, September 20, 2010 9:35 AM +0200 Marco Pizzoli
marco.pizz...@gmail.com wrote:
Hi all,
I would like to know if is there a recommended version of BerkeleyDB to
be used with OpenLDAP.
Days ago, on this mailing list, I read
Hi list,
I need to populate an entry in OL having DN uid=pippo,ou=people,dc=mycorp.
I need to force this entry to have a uid attribute *different* from uid
appearing in the name. Example: I need uid: pluto.
ldapadd-ing the entry I have the entry with 2 uid attributes populated:
- uid: pippo
-
Thanks,
I will solve my problem using ACL, forbidding access to that attribute using
attrs=uid vals=pippo .
Marco
2010/9/20 Bjørn Ruberg bj...@ruberg.no
On 09/20/2010 11:31 AM, Marco Pizzoli wrote:
Hi list,
I need to populate an entry in OL having DN uid=pippo,ou=people,dc=mycorp.
I need
I re-post this help request using a more appropriate subject .
Thanks in advance
Marco
-- Forwarded message --
From: Marco Pizzoli marco.pizz...@gmail.com
Date: Thu, Sep 16, 2010 at 1:07 PM
Subject: Re: Searched Attr=1.1
To: Dieter Kluenter die...@dkluenter.de
Cc: openldap
Hi all,
I'm using Buchan's package of openldap2.4.22 x86_64 on RHEL5.3.
I'm able to reproduce a crash renaming an entry in my tree. I'm doing this
by using phpldapadmin. When I restart the engine I can see the entry with
the name changed.
I'm trying to produce a core dump and subsequently file
Hi, you have to add in your configuration of ppolicy overlay the directive
about the forwarding of operational attirbutes related to ppolicy to the
master server. So you have this attributes syncronized in all your servers.
ppolicy_forward_updates available since version 2.4.18.
Regards
You're right, I apologize for reading too fast the original request. It
seemed similar to a problem I had months ago and replied consequently.
Sorry.
Marco
On Fri, Jul 2, 2010 at 6:00 PM, Chris Jacobs chris.jac...@apollogrp.eduwrote:
ppolicy_forward_updates won't affect the primary issue
Hi list,
Is there a way to log some specific client (choosen by IP or by binddn) to
log to some specific log-file?
I would like to have both the general log file written by syslogd, and a
special log file to write only some specific clients .
Thanks in advance
Marco
--
Hi all,
Me too I am interested in knowing how forward_updates works in a
multi-master environment .
If someone could share some experience about this, I would appreciate very
much! :-)
Thanks in advance
Marco
-- Forwarded message --
From: Jonathan Clarke jonat...@phillipoux.net
64 matches
Mail list logo