Off the top of my head:
1. What indexes have been created? Do they match the attributes that your
applications use most often?
2. In this age of cheap RAM, 2GB RAM for a server seems puny. Latest Dell
R710s come packed with 32-64GB RAM. Consider a hardware upgrade.
3.
for viruses and defects.
*From:* openldap-technical-boun...@openldap.org
[mailto:openldap-technical-boun...@openldap.org] *On Behalf Of
*Siddhartha Jain
*Sent:* Thursday, August 19, 2010 4:17 AM
*To:* openldap-technical@openldap.org
*Subject:* RE: Openldap2.4.16 performance issue
Off the top
-Original Message-
Is the 'password-hash' configuration function a server-wide setting
only
or can it be set to different values for separate databases?
I'm trying to add MAC-auth RADIUS functionality to my LDAP server
(openldap-2.4.21) and I need to store the password for the MAC
I suggest you look at GOSA. GOSA has lots of self-service features for LDAP
users.
https://oss.gonicus.de/labs/gosa/
From: openldap-technical-bounces+sjain=silverspringnet@openldap.org
[mailto:openldap-technical-bounces+sjain=silverspringnet@openldap.org] On
Behalf Of Foo Bar
Sent:
You can set more than one attribute to be unique. Please read the man page for
slapo-unique:
http://www.openldap.org/software/man.cgi?query=slapo-uniqueapropos=0sektion=0manpath=OpenLDAP+2.4-Releaseformat=html
unique_attributes attribute...
This legacy configuration parameter
I came across a similar bug where enabling chaining between a master and slave
allows invalid passwords to be accepted by pam_ldap. Unfortunately, no word
from OpenLDAP or pam_ldap maintainers on the issue. I have been looking at
pam_ldap source code but haven't been able to pinpoint the
Loren,
You need to replace the nis.schema schema file with a rfc2307bis.schema
file because both, posixGroup and groupOfnames are STRUCTURAL classes. Using
rfc2307 schema, one object class becomes auxiliary and allows both to co-exist
within the same object declaration.
OTOH, see if you can
, 2010 4:49 AM
To: Siddhartha Jain
Cc: openldap-technical@openldap.org
Subject: Re: Replication via cn=config
Em 26-05-2010 21:09, Siddhartha Jain escreveu:
I am not a pro at OpenLDAP but do you need to setup the frontend database in
replication mode? In my setup, only cn=config is set
I replicated the setup and issues with slapd.d configuration.
Running OpenLDAP 2.4.21 on CentOS x64.
1. Master and slave setup with ppolicy overlay.
2. When client points to master, pwdFailures are duly recorded and respected.
Password auth works as expected.
3. When clients points to
passwords
passwd: Permission denied
From: Siddhartha Jain
Sent: Tuesday, May 25, 2010 5:16 PM
To: openldap-technical@openldap.org
Subject: RE: ppolicy master/slave issue (currently forward ppolicy updates OR
authenticate)
I replicated the setup and issues with slapd.d configuration.
Running
I am not a pro at OpenLDAP but do you need to setup the frontend database in
replication mode? In my setup, only cn=config is set to replicate and that
takes care of replication of the frontend too such that any ACL changes in
frontend of one instance propogate to other instances as well.
-
Sticking to 2.3.x is entirely RH/CentOS created issue. It's a shame that
2.4.x hasn't been introduced in RH/CentOS even two years after being
released.
We rolled our own 2.4.x RPM for RH/CentOS using RH openldap spec files
and upgraded. YMMV.
- Siddhartha
On 5/4/10 9:36 AM, Quanah
Hi,
First, kudos to OpenLDAP team for the progress they have made with 2.4. I am
returning to use OpenLDAP after nearly a decade and it is heartening to see all
the new features even when going from 2.3 to 2.4 (As a side rant, it is painful
to see Redhat/CentOS still ship 2.3.x. RedHat might
Michel,
You did not specify what linux distro. That info will help. For example, on
CentOS/RH, all you have to do to enable pam_ldap auth is /usr/bin/authconfig
--enableldapauth --update
Again, on RH/CentOS, this command changes /etc/pam.d/system-auth (linked to
system-auth-ac).
Hi,
I have setup replication between two primary servers to use TLS.
The config says:
{0}rid=101 provider=ldap://pldap01.xyz.net binddn=cn=Manager,dc=xyz,dc=net
bindmethod=simple credentials=secret searchbase=dc=xyz,dc=net
type=refreshOnly interval=00:00:00:10 retry=5 5 300 5 timeout=1
I ran into various issues with OpenLDAP + SSL/TLS. Finally, I ended up
tunneling via stunnel. Something you might want to consider?
Siddhartha
From: openldap-technical-bounces+sjain=silverspringnet@openldap.org
[mailto:openldap-technical-bounces+sjain=silverspringnet@openldap.org]
Hi,
Running CentOS 5.4 with stock OpenLDAP distro 2.3.43. Both classes, posixgroup
and groupofnames are structural causing conflicts if one wants to use both. And
while RFC2307bis is deleted by IETF, RFC2307 doesn't seem to have the same
traction (or, does it)? So, what's a good option? Simply
17 matches
Mail list logo