On 21/10/2021 6:39 μ.μ., Nick Milas wrote:
From the journal, some excerpts (it is very long):
My fault: I copied parts from the journal before the restart :(
Here is the actual log after restart:
Oct 21 18:31:28 ldap.noa.gr systemd[1]: slapd.service start operation
timed out. Terminating
Thank you for the reply:
Here it is:
# ldapwhoami -H ldaps://ldap.noa.gr:636 -x -d -1
ldap_url_parse_ext(ldaps://ldap.noa.gr:636)
ldap_create
ldap_url_parse_ext(ldaps://ldap.noa.gr:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
Hello,
Our main OpenLDAP Server (running on CentOS 7) has been working fine
with 2.4.58.
Since yesterday, after a (minor, see at the end) OS upgrade which
included an update to LTB Openldap 2.4.59, SSL clients see:
# ldapwhoami -H ldaps://ldap.noa.gr:636 -x
ldap_sasl_bind(SIMPLE): Can't
Hello,
We are running a (small) number of OpenLDAP instances with v2.4.58.
There is a single master and 4 syncrepl consumers (all on CentOS 7
boxes), all running with back-mdb.
We are planning our migration from 2.4 to 2.5.x
My question: Would it be OK if we migrate our master server to
On 18/5/2021 1:55 π.μ., Michael Ströder wrote:
Missing space after SUBSTR?
On 18/5/2021 1:57 π.μ., Howard Chu wrote:
Yes, but there is only one attribute value #2 in the attribute. Pay attention
to what the error message tells you.
You were both right, thank you.
Turns out that all
Hello,
We are using PowerDNS with LDAP Backend.
At some point the backend schema changed so in order to upgrade we need
to change the schema loaded in OpenLDAP.
Unfortunately, something seems to be going wrong in the process.
What I did: First, I converted the new schema to ldif by creating
On 18/1/2021 6:27 μ.μ., Quanah Gibson-Mount wrote:
Nothing in the log snippet provided shows an issue. What leads you to
believe an issue has been encountered?
Hi Quanah,
Thanks for the reply,
I can't tell whether it was an issue or not (for example, I could call
it a phenomenon), but I
Hello,
I would like to ask you for your guidance regarding the following.
We have an openldap (v2.4.56) master server syncing with three other
openldap slaves.
The master seems being unable to complete successfully syncing a
particular entry and it keeps trying for ever. Logs follow.
I
Hello everyone,
In our (non-profit, research) organization we are already using OpenLDAP
for many years, storing people data and dns records (LDAP-based DNS server).
We are now looking into how we could organize our LDAP DIT in order to
store device data (descriptions, MAC addresses, IP
On 2/3/2017 5:59 μμ, Quanah Gibson-Mount wrote:
If setting this resolves your problem, then you have something in your
network monitoring and severing connections.
I used (as I have noted):
keepalive=20:100:2
on one consumer and:
keepalive=120:10:30
on the other (which is closer to
On 2/3/2017 12:17 πμ, Quanah Gibson-Mount wrote:
Have you tried setting the "keepalive" parameter in your syncrepl
configs?
Thank you Quanah,
I just added (to syncrepl config):
keepalive=20:100:2
Any suggestions on the selected values? What are the default ones? (I
haven't found them
Hello,
I have recently installed two syncrepl consumers using 2.4.44 on CentOS
7 using LTB rpm packages.
I am almost daily facing issues with consumers losing connection to the
master. I always have to restart the consumer in order to re-establish
connection.
Note 1: These two consumers
On 2/2/2017 8:11 πμ, Jephte Clain wrote:
just a little follow-up:
- this is quick and dirty. it assumes cn is monovalued which may not
be true in your DIT
- I assume you just wanted a quick script for a oneshot. if you want a
script that you can regularly run to "fix" your database, you
Hello,
Does anyone have a ready-made script (e.g. bash) that would do the
following:
Loop on all entries in the ou=people branch where ou <> "system" {
If attribute DisplayName does not exist{
Set DisplayName to the value of attibute cn
}
}
I could do it with a bit of work, but
On 20/3/2016 3:55 μμ, Michael Ströder wrote:
Language sub-types (RFC 3866) are tricky to handle in a schema-aware LDAP
client.
For which attributes are you using this?
We are using language tags (lang-el-gr, lang-en-us) for:
cn, o, ou, title, sn
phpLDAPadmin handles them well up to
On 19/3/2016 1:44 πμ, Uwe Werler wrote:
http://pegacat.com/jxplorer/
+1
Lightweight, reliable and powerful. Handles well both cn=config and DIT.
The developer is very helpful too.
phpLDAPadmin is also fine (as a web-based GUI), but practically not
maintained any more since many years.
On 10/8/2015 2:16 μμ, Kaushal Shriyan wrote:
I am not sure if i understand the difference between Authorization and
Authentication. Does Openldap support both or it supports or
configured as Authorization or Authentication server? I will
appreciate if somebody can help me understand with some
On 2/12/2014 11:12 μμ, Igor Shmukler wrote:
Do I create a new schema file for my new attribute as in
${new_attribute}.schema and another for the new object using this new
attribute?
See also: http://www.openldap.org/devel/admin/schema.html
We have done it in this way: Got a registered OID
On 30/11/2014 7:55 πμ, Da Rock wrote:
Sorry to butt in, but the apache studio works with openldap too? I was
under the impression it was just for ApacheDS. If it works with
openldap I might give it a shot as it has been rather sticky with the
other tools I've tried.
ApacheDS works, but I
On 30/11/2014 5:30 μμ, brendan kearney wrote:
I have fallen in love with phpLdapAdmin.
We are using phpLDAPAdmin on a daily basis as well, but not for
cn=config (only for the DIT).
Unfortunately, phpLDAPAdmin has a very slow development process, if it
has not stalled completely; last
On 26/11/2014 11:41 πμ, Da Rock wrote:
How would I get a core dump, as well? That sounds like it might be
more useful.
See for example:
http://www.openldap.org/lists/openldap-technical/20/msg00243.html
Nick
On 15/8/2014 1:20 μμ, Miroslaw Baran wrote:
Dear all,
I don't want to sound too alarmistic, but it seems that the LTB project has
disappeared from the 'net sometime this week. Would you happen to know what
happened, what's going on (and perhaps if some help with the infrastructure
is needed)?
On 12/8/2014 12:23 μμ, Jerry wrote:
I will have to give that a try I suppose. It is a shame that there is not a
native way of accomplishing the creation of a distribution list like the MS
Outlook address book affords. Actually, may MUAs such as claws-mail have this
feature embedded into their
On 28/3/2014 1:25 μμ, Christian Kratzer wrote:
I consider cn=config superior once you get your head wrapped around it.
On 28/3/2014 12:53 μμ, Simone Piccardi wrote:
- I can put comments on it
Christian,
Please allow me to intervene in the thread to say that your comments are
very valid,
On 28/3/2014 3:59 μμ, Christian Kratzer wrote:
Ordering is already implemented.
Thanks Christian for your feeback, but, as of v2.4.39 (which I am
running), I can't confirm correct ACL ordering.
As explained in the thread I provided, ordering (of ACL rule numbers) is
string-based and not
Hi,
On 2.4.39 (CentOS 5.10 x86_64), I found that if I attempt to change
certificate values but there is an error in a path, openldap stops.
I would expect this should be avoided. Openldap should reject the
modification and not stop.
Running the modification below, it hungs; we press Ctrl-C
On 13/3/2014 11:58 μμ, Nick Milas wrote:
On 13/3/2014 9:42 μμ, Friedrich Locke wrote:
i am planning to use opendalp to build my email infra structure. What
happens is two users (two entries) hold the same email address ?
...
Since you are now starting this design, you may want to read
Hi,
We have a running openldap installation (2.4.39) - a single master -
with cn=config and hdb backend.
So, config has the branches:
I know we must slapcat our data and slapadd it in mdb afterwards.
The question is: what changes should be done in the config DIT (and how)
so that the
On 14/3/2014 3:08 μμ, Howard Chu wrote:
Read the schema definition of the olcHdbConfig objectclass, and
compare it to the definition of the olcMdbConfig objectclass. Delete
anything that isn't present in the olcMdbConfig objectclass.
The schema has everything you need to know. Use it.
On 13/3/2014 9:42 μμ, Friedrich Locke wrote:
i am planning to use opendalp to build my email infra structure. What
happens is two users (two entries) hold the same email address ?
In our setup all users have unique mail addresses / mailboxes.
In such cases, we create a dummy user (we call it
On 21/8/2013 9:40 μμ, Quanah Gibson-Mount wrote:
You mean
http://www.openldap.org/lists/openldap-announce/201303/msg0.html?
Exactly! I think it is important to include the notice in the change
log: http://www.openldap.org/software/release/changes.html !
These announcements are not
On 21/8/2013 11:48 πμ, Clément OUDOT wrote:
LTB project RPMs for OpenLDAP 2.4.36 are available:
http://tools.ltb-project.org/news/40
I also created a yum repository to ease the installation:
http://ltb-project.org/wiki/documentation/openldap-rpm#yum_repository
Thanks Clement for your
On 21/8/2013 4:33 μμ, Howard Chu wrote:
slapd prints a message to this effect if it is needed.
Hmm. That would probably be too late... The administrator should know
beforehand to plan upgrade(s). Is there a way to know beforehand?
Thanks,
Nick
On 19/8/2013 3:23 μμ, Ingo wrote:
To modify the cn=config DIT you'll have to modify the files under
/etc/ldap/slapd.d/cn=config where your config is stored.
NO. do NOT do this,
Why?
Directly manipulating cn=config files will result in a CRC Error and
will render your configuration
On 19/8/2013 6:20 μμ, Zeus Panchenko wrote:
may somebody to recommend the attribute to store path to system mailbox,
among attributes of schema files shipped with openldap,
system mailbox is the path to mbox format file or maildir directory
where MDA (depends on MDA configuration) stores
On 26/4/2013 12:50 μμ, Yuki Takase wrote:
When I can't use a ldap server because of hardware or network trouble,
I want to reduce the influence of ldap client.
I changed the following configration of ldap.conf.
You can setup your software to try a number of ldap servers in turn (I
guess it
On 19/4/2013 2:00 μμ, Chris Card wrote:
I tried reducing the maxsize, but it made no difference to the performance.
So I'm still at the point where writes to BDB are roughly 4 times faster than
writes to MDB.
Any more suggestions?
Could it be possibly related to the OS / filesystem used?
On 18/4/2013 6:16 μμ, Quanah Gibson-Mount wrote:
For me, MDB writes are a minimum of 65 times faster than writes with
BDB/HDB, even when BDB/HDB use an SHM key.
Can you please share your compilation options (or spec file, if
applicable) and test setup complete configuration so interested
On 20/3/2013 10:51 πμ, Raffael Sahli wrote:
So what could that be? Maybe a config problem or a bug?
Please post configs, OS details, BDB details, pertinent log entries, and
full backtrace of the crashed process.
Nick
On 1/3/2013 5:00 πμ, Tian Zhiying wrote:
I using openldap-2.3.43 version now. It has not been supported ?
What to go upgrade? In the begining, I use yum method to install .
Read:
http://www.mail-archive.com/openldap-technical@openldap.org/msg11414.html
On 17/2/2013 12:27 μμ, Benin Technologies wrote:
does OpenLDAP support transactions ?
No, it does not. I see this is scheduled for v2.5 (see:
http://www.openldap.org/software/roadmap.html) and it is unknown when
v2.5 will be published.
I don't even know if there is already any work in
On 9/2/2013 9:11 μμ, Denis BUCHER (lists) wrote:
* I don't even know if I'm using proxy:ldap ? My postfix config is :
o virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf
o virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
o virtual_mailbox_maps =
On 18/1/2013 12:07 μμ, Denis BUCHER (lists) wrote:
It looks like slapd server is overwhelmed with too many requests at
the same time, which makes postfix getting timeouts.
On the postfix side hopefully it's only a temporary lookup failure
but I want to correct that problem.
I would suggest
On 11/1/2013 11:58 πμ, Chris Card wrote:
where can I download a tar.gz file for RE24?
Simply take a snapshot from here:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=shortlog;h=refs/heads/OPENLDAP_REL_ENG_2_4
This is a direct link for the snapshot:
On 14/11/2012 11:24 μμ, Jignesh Patel wrote:
Ok I just subscribed to the group. Now I have bunch of questions.
* How is LDAP tool box project different then openLDAP?
* Does this project supports HDB(not BDB) database?
* Does LTB has any utility like
On 4/10/2012 1:18 πμ, Patrick Lists wrote:
Seems the Fedora one carries a ton of patches while the ltb one is
vanilla.
Out of curiosity, coz I am using LTB OpenLDAP RPMs on many CentOS 5/6
machines: What kind of patches are available in Fedora builds which are
not available in LTB?
LTB,
Hi,
I am running a v2.4.31 consumer on CentOS 5.8 to serve user accounts
(and aliases) on a Postfix mail server running locally. It has been
running for a long time without problems.
Today, after a user sent (on 14:53:39) a mass mail (through a group
alias, implemented using ldap dynlist),
On 17/7/2012 9:04 μμ, Evgeniy Kosov wrote:
The issue I'm facing as stated above is regarding the syncrepl and
attribute order.
What version of Openldap are you using on provider and consumers?
What backends are you using? Which versions thereof?
Nick
On 18/7/2012 6:47 μμ, Francois Gnu wrote:
Can you put the link of the Howard's post, please?
I believe he meant this post:
http://www.openldap.org/lists/openldap-technical/201004/msg00035.html
which was referred-to recently in this thread:
On 3/7/2012 6:00 μμ, Frank Bonnet wrote:
I have a problem removing ONE ( and only ONE !!! ) entry in
my directory server
Is the db correctly indexed? Or may the db be corrupt?
I would use slapd_db_recover (if needed) and slapindex;
Then try again.
Good luck,
Nick
On 20/6/2012 3:10 μμ, Konstantin Menshikov wrote:
Please, show your replication setup at which it works correctly.
OK, here is an example test setup:
DN: ou=TestBranch1,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: TestBranch1
DN:
On 11/6/2012 8:59 μμ, Quanah Gibson-Mount wrote:
Most ldap browsers also do not understand cn=config. Apache Directory
Studio would be an exception.
JXplorer works fine!
Nick
On 7/6/2012 6:08 μμ, Efstathios Xagoraris wrote:
I have a working OpenLDAP setup ( 2.3.43 - Centos 5.8 RPM ) with a
Master LDAP and consumers worldwide across datacenters. I also monitor
if directories from Consumers are in Sync with the master. Consumers
sometimes fail to communicate with
On 5/6/2012 9:58 μμ, Howard Chu wrote:
What you've posted is expected behavior. The single backslashes were
parsed by the slapd.conf parser. To actually get them into the regex
you need to escape those backslashes as well. This is already
documented in slapd.conf(5) and in the Admin Guide.
On 6/6/2012 2:19 μμ, Howard Chu wrote:
Obscure? Are those ACL statements in slapd.conf or aren't they? Do
backslashes in slapd.conf need to be escaped or don't they? It's not
like it says backslashes must escaped except on alternate Tuesdays.
Thanks for the humor. [ I guess I had success
I am facing the following problem (with v2.4.31 on CentOS 5.8).
I am using a - recently added - custom schema with one AUX objectclass
and 3 optional attrs; I am trying to use an ACL of the form:
access to dn.subtree=ou=people,dc=example,dc=com
attrs=@entryAccessEntities
by
On 6/6/2012 6:36 μμ, Howard Chu wrote:
Don't inherit from top.
In my case, removing top ObjectClass from an entry does not change behavior.
Here is the entry, after removing top:
DN: uid=tester,ou=people,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass:
On 6/6/2012 9:03 μμ, Quanah Gibson-Mount wrote:
Discussed with Howard. That is how the standard track RFCs define
those objectClasses, but in general, you don't want to do this with
your custom AUX objectClasses. Really the RFC defined oc's should be
fixed via another RFC, but fat chance of
Hi,
I used slaptest to convert a set of ACLs from standard to dynamic format
using slaptest. I noticed that backslashes (used to escape characters)
in regexes are silently dropped after conversion.
For example:
access to
On 5/6/2012 5:51 μμ, Nick Milas wrote:
becomes:
olcAccess: {xx}to
dn.regex=^dc=\b\d{1,3}\.\d{1,3}\.\d{1,3}\b\.in-addr\.arpa,ou=dns,dc=example,dc=com$
by group/groupOfNames
Sorry, I copied the wrong string. I re-send:
For example:
access to
dn.regex=^dc=\b\d{1,3}\.\d{1,3}\.\d{1,3
On 5/6/2012 5:51 μμ, Nick Milas wrote:
becomes:
olcAccess: {xx}to
dn.regex=^dc=\b\d{1,3}\.\d{1,3}\.\d{1,3}\b\.in-addr\.arpa,ou=dns,dc=example,dc=com$
by group/groupOfNames
In the end, I might manage to send the *actual* converted regex :( :
access to
dn.regex=^dc=\b\d{1,3}\.\d{1,3
On 27/5/2012 10:25 μμ, Nick Milas wrote:
For example, you could set up an ACL with a filter clause and
answer your own question about whether that affects the attrs matched.
OK, I'll do it.
I owe an answer on this; I have done the required research and found
that if we use an ACL
On 1/6/2012 8:54 πμ, Jeffrey Crawford wrote:
Are you saying that syncprov looks at the account that is bound and
sends deletes if a record would become invisible after a modification?
I understand the opposite: syncprov will only send add/delete message
based on base/scope/filter and not on
On 25/5/2012 4:56 μμ, Konstantin Menshikov wrote:
When i move object in forbidden by ACL subtree, then no information about this
modification goes to the replica server
I don't know if you have followed a recent thread, but according to
Howard Chu:
(quote) Visibility changes due to ACL
On 29/5/2012 7:42 μμ, Michael Ströder wrote:
There's a SLAPI plugin for 389 DS which supports MIT Kerberos. A C programmer
might be able to adapt this as an OpenLDAP overlay (similar to OpenLDAP's
slapo-smbk5pwd).
Sorry, couldn't one use the SLAPI plugin as is in OpenLDAP, since SLAPI
On 29/5/2012 9:01 πμ, Konstantin Menshikov wrote:
somebody? anybody?
I would say: if you can use test servers with 2.4.31 and BDB = 4.6.21,
then you could try to reproduce by doing some experiments (moving to
branch visible by consumer binddn, moving to branch not visible by
consumer) and
On 27/5/2012 6:33 πμ, Philip Guenther wrote:
@extensibleObject covers*EVERYTHING*, including the pseudo-attrs entry
and children.
Then, the first example at:
http://www.openldap.org/faq/data/cache/1140.html is a bit deceptive, or
it just aims in emphasizing the entry pseudo-attr, by
On 25/5/2012 6:59 μμ, Nick Milas wrote:
You mean that if we use a what statement without an attrs= clause,
then it affects children and entry pseudo-attributes as well? And what
if there is a filter specified too (still without an attrs= clause)?
From some research I did (e.g.:
http
On 25/5/2012 2:37 μμ, Andrew Findlay wrote:
In the example above, the first access statement does not have a
control clause for dn.exact=cn=The Update DN,dc=example,dc=com so
it uses the default, which is 'stop'.
Fine. Thank you Andrew, I see. Control clauses are on a per-who-clause
basis.
On 25/5/2012 2:37 μμ, Andrew Findlay wrote:
No. From slapd.access(5):
Access control checking stops at the first match of the
what andwho clause, unless otherwise dictated by the
control clause.
In the example above, the first access statement does not have a
On 25/5/2012 4:56 μμ, Konstantin Menshikov wrote:
I have replication setup .
What version of OpenLDAP are you running on the provider and on the
consumer?
Nick
On 25/5/2012 6:44 μμ, Philip Guenther wrote:
Because that's a popular style of ACL processing logic to use for those
attributes. As you note, this is done in most cases, i.e., not all, so
obviously there nothing in the software that requires it.
I'm not sure why the ACLs for entry and
On 25/5/2012 9:15 μμ, Steve Reveliotty wrote:
I'm trying to migrate from OpenLDAP 2.3.43-12.el5_6.7 to OpenLDAP
2.4.23-20.el6.x86_6.
Can't tell you about the specific issue, but, as has been discussed
numerous times in this list, avoid using the distro-provided RPMs, esp.
if you are using
On 25/5/2012 10:20 μμ, Steve Reveliotty wrote:
I'm hoping I just missed something in the configuration, and
that 2.4.23-20.el6.x86_6 (which looks to be the latest in RedHat's
repo), will work, rather than build 2.4.31 from source. We use Puppet
to manage as much as possible, and while we do
On 24/5/2012 12:13 μμ, Turbo Fredriksson wrote:
But in the meantime, is there any way to know/figure out if the master
and it's slave(s) are in
sync?
This was discussed only yesterday!
Supposing you are replicating the full DIT: slapcat both ends, use the
ldifsort utility to sort the
I was wondering whether there is any difference between dn.exact and
dn.base constructs.
For example, theoretically (according to the documentation) we can use
either:
access to dn.base=ou=system,dc=example,dc=com
by dn.exact=uid=userx,ou=people,dc=example,dc=com write
or:
access to
On 23/5/2012 6:11 πμ, Quanah Gibson-Mount wrote:
I would generally expect a replica to export the database in the same
order as the master. But in general, yes, you compare the LDIF
generated by the master and the replica. If the replica is out of
order in relation to the master, you can use
On 23/5/2012 4:39 μμ, Charles T. Brooks wrote:
I u s e s l a p c a t t o d u m p t h e d a t a b a s e s t o L
D I F f i l e s , s o r t t o n o r m a l i z e t h e o r d e r i n
g , a n d d i f f t o c h e c k f o r d i f f e r e n c e s .
Thank you,
On 23/5/2012 5:35 μμ, Howard Chu wrote:
RTFM. slapcat(8) can be told to dump only a portion of the database,
if desired.
I know we can specify filters. However there is a huge difference
between specifying a filter and replicating based on ACLs (see below
more on this).
Possibly. There
On 23/5/2012 5:51 μμ, Charles T. Brooks wrote:
Mail content is a bit scrambled (text with spaces between chars),
but I managed to read !!
Charles,
Thank you for your thoughts. I agree with you. There can/should be a
number of consumers fully replicating the DIT so that they can be
On 23/5/2012 10:38 μμ, harry.j...@arcor.de wrote:
so the final search is:
ldapsearch -xMMLLL 'cn=111' '*' structuralObjectClass entryUUID creatorsName
createTimestamp entryCSN modifiersName
modifyTimestamp 2/dev/null
The used switches MM and LLL are important.
So now we have a way to
On 19/5/2012 6:56 μμ, Nick Milas wrote:
Additionally, we are always waiting for the implementation of one (or,
even better, multiple) olcAccess comments per olcAccess value
(numbered identically as olcAccess values, so they can always be
synced/coupled with them), i.e.:
olcAccess
On 22/5/2012 10:23 πμ, Michele Mase' wrote:
Sorry, I'didn't understand. Which should be better compile/build options?
Michele MAsè
From experience, I recommend using ready-made RPMs (or building from
SRPMs) rather than building from source. This way you can upgrade at
will and fully control
On 22/5/2012 11:43 πμ, Michele Mase' wrote:
Tx again 4 the support. The links are Good, it's a good start point.
(I've built tons of packages from early 1999, I don't have any time to
follow directly the building/testing stage of ldap cause of lack of
time, I'll ask my boss to find somebody
On 21/5/2012 11:39 μμ, Quanah Gibson-Mount wrote:
Then you have either been extremely lucky, or you aren't doing routine
comparisons of the validity of your replicated data
By the way, is there a tool or a suggested way to do routine comparisons
of the validity of replicated data (using
On 22/5/2012 7:48 μμ, Quanah Gibson-Mount wrote:
man slapcat
Thank you Quanah,
You mean slapcat both ends and diff the two ldif files? I am afraid I
don't understand.
If so, are the two output files expected to have exported entries in the
same sequence?
Can you please be more
On 21/5/2012 5:11 μμ, Bobby Krupczak wrote:
I then got slapd to run with olc. However, none of my TLS settings
transferred to the olc config.
Are you sure? Mine were migrated fine.
They lie in the {0}config (i.e. in the config root) branch.
Nick
On 22/3/2012 3:56 μμ, Nick Milas wrote:
On 22/3/2012 2:20 μμ, btb wrote:
i press the enter key on my keyboard
Thanks,
Interestingly, I found that the same is also possible with JXPlorer.
ACLs can be formatted like that and they remain formated. They also
function without problems.
Hi
On 19/5/2012 5:35 μμ, Michael Ströder wrote:
I think now it's the time to start looking at LDIF processing module in your
favourite scripting language. I cannot imagine any other sane way.
I guess you are right. In any case, I prefer to have the primitive data
(I mean olcAccess attr values)
Hi,
I think it would be important to add some text in
http://www.openldap.org/doc/admin24/access-control.html regarding the
use of control keywords (i.e. stop, continue, break), esp break.
These are not explained at all in the particular page, and IMHO they are
notsatisfactorily explained in
On 16/5/2012 11:48 μμ, Michele Mase' wrote:
We have to maintain 500+ custom apps and the skill is not so high, so
it's better if we don't touch system related packages.
It would not be really feasible to advise anything without *good*
knowledge of your environment, but I guess that you have
On 27/3/2012 4:43 μμ, Hallvard B Furuseth wrote:
Nick Milas wrote:
Let me re-phrase: Can we express the following three statements using
ONE ACL statement? I haven't been able to find a solution.
access to dn.subtree=ou=people,dc=example,dc=com
filter=(ou=dept1) attrs=attr1,attr2
On 18/5/2012 7:56 μμ, Michael Ströder wrote:
Any clue what's going on here?
Can't really help, but it *may* be useful to see:
http://ludopoitou.wordpress.com/2011/06/29/opendj-troubleshooting-ldap-ssl-connections/
Good luck,
Nick
On 8/5/2012 12:32 μμ, Dorit wrote:
I have now tried adding another acl in the middle as follows:
access to dn.subtree=ou=abc,dc=aa,dc=bb,dc=cc attrs=entry
by dn=uid=Admin,ou=Operators,dc=aa,dc=bb,dc=cc search
Try using:
access to dn.subtree=ou=abc,dc=aa,dc=bb,dc=cc attrs=entry
by
On 1/3/2012 6:32 μμ, Marc Patermann wrote:
from a provider with pre 2.4.30 (from Feb. 21st) and four consumers
with exact the same config (checked by md5sum), two with 2.4.26, one
with pre 2.4.29 and one with the same pre 2.4.30 version, I get this:
...
Because even two server with the
On 27/4/2012 11:20 πμ, Clément OUDOT wrote:
for people using RPMs, I published some here:
http://ltb-project.org/wiki/download#openldap
Thank you Clement for your fine RPMs and for your continued efforts with
LTB.
Thanks, of course, to the OpenLDAP project too for another fine release.
On 26/4/2012 12:30 μμ, dhanushka ranasinghe wrote:
is there any way sort this issue.
I am a young member here, but I can tell you as a starting point:
Send more info: OpenLDAP version(s) you use and your configs.
Regards,
Nick
On 25/4/2012 4:16 μμ, Nagaraj Panyam wrote:
I just installed openldap (RHEL 6.1), and created a config file with
suffix dc=example, dc=com
And started up slapd.
However, the value of dc in the olcDatabase files remains
dc=my-domain,dc=com
How does one remove this mismatch?
Hmm. I am not
On 13/4/2012 1:28 μμ, Bahadir Konu wrote:
Connection to repositories fail. Are these repo adresses correct? Or
how can I get the source code of JLDAP?
http://www.openldap.org/devel/gitweb.cgi?p=openldap-jldap.git;a=snapshot;h=bae9f556e97ad5bb0f76fe897c9b298a6021e244;sf=tgz
In more
On 3/4/2012 9:39 μμ, Francis Swasey wrote:
If anyone is interested, I've thrown together a short perl script
I believe it would be useful to all of us (I am interested too)! So, if
it's OK with you, it would be nice of you if you published it here.
Thanks,
Nick
1 - 100 of 215 matches
Mail list logo