RE: Openldap2.4.16 performance issue

Off the top of my head: 1. What indexes have been created? Do they match the attributes that your applications use most often? 2. In this age of cheap RAM, 2GB RAM for a server seems puny. Latest Dell R710s come packed with 32-64GB RAM. Consider a hardware upgrade. 3.

RE: Openldap2.4.16 performance issue

for viruses and defects. *From:* openldap-technical-boun...@openldap.org [mailto:openldap-technical-boun...@openldap.org] *On Behalf Of *Siddhartha Jain *Sent:* Thursday, August 19, 2010 4:17 AM *To:* openldap-technical@openldap.org *Subject:* RE: Openldap2.4.16 performance issue Off the top

RE: Can password-hash be database specific? also, storing and verifying cleartext passwords

-Original Message- Is the 'password-hash' configuration function a server-wide setting only or can it be set to different values for separate databases? I'm trying to add MAC-auth RADIUS functionality to my LDAP server (openldap-2.4.21) and I need to store the password for the MAC

RE: LDAP Account Manager

I suggest you look at GOSA. GOSA has lots of self-service features for LDAP users. https://oss.gonicus.de/labs/gosa/ From: openldap-technical-bounces+sjain=silverspringnet@openldap.org [mailto:openldap-technical-bounces+sjain=silverspringnet@openldap.org] On Behalf Of Foo Bar Sent:

RE: Unique Overlay Help

You can set more than one attribute to be unique. Please read the man page for slapo-unique: http://www.openldap.org/software/man.cgi?query=slapo-uniqueapropos=0sektion=0manpath=OpenLDAP+2.4-Releaseformat=html unique_attributes attribute... This legacy configuration parameter

Re: Pam password authentication

I came across a similar bug where enabling chaining between a master and slave allows invalid passwords to be accepted by pam_ldap. Unfortunately, no word from OpenLDAP or pam_ldap maintainers on the issue. I have been looking at pam_ldap source code but haven't been able to pinpoint the

RE: OpenLDAP configuration for ldap-group authentication on Apache2.x

Loren, You need to replace the nis.schema schema file with a rfc2307bis.schema file because both, posixGroup and groupOfnames are STRUCTURAL classes. Using rfc2307 schema, one object class becomes auxiliary and allows both to co-exist within the same object declaration. OTOH, see if you can

RE: Replication via cn=config

, 2010 4:49 AM To: Siddhartha Jain Cc: openldap-technical@openldap.org Subject: Re: Replication via cn=config Em 26-05-2010 21:09, Siddhartha Jain escreveu: I am not a pro at OpenLDAP but do you need to setup the frontend database in replication mode? In my setup, only cn=config is set

RE: ppolicy master/slave issue (currently forward ppolicy updates OR authenticate)

I replicated the setup and issues with slapd.d configuration. Running OpenLDAP 2.4.21 on CentOS x64. 1. Master and slave setup with ppolicy overlay. 2. When client points to master, pwdFailures are duly recorded and respected. Password auth works as expected. 3. When clients points to

RE: ppolicy master/slave issue (currently forward ppolicy updates OR authenticate)

passwords passwd: Permission denied From: Siddhartha Jain Sent: Tuesday, May 25, 2010 5:16 PM To: openldap-technical@openldap.org Subject: RE: ppolicy master/slave issue (currently forward ppolicy updates OR authenticate) I replicated the setup and issues with slapd.d configuration. Running

RE: Replication via cn=config

I am not a pro at OpenLDAP but do you need to setup the frontend database in replication mode? In my setup, only cn=config is set to replicate and that takes care of replication of the frontend too such that any ACL changes in frontend of one instance propogate to other instances as well. -

Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts

Sticking to 2.3.x is entirely RH/CentOS created issue. It's a shame that 2.4.x hasn't been introduced in RH/CentOS even two years after being released. We rolled our own 2.4.x RPM for RH/CentOS using RH openldap spec files and upgraded. YMMV. - Siddhartha On 5/4/10 9:36 AM, Quanah

N-Way Replication noob questions

Hi, First, kudos to OpenLDAP team for the progress they have made with 2.4. I am returning to use OpenLDAP after nearly a decade and it is heartening to see all the new features even when going from 2.3 to 2.4 (As a side rant, it is painful to see Redhat/CentOS still ship 2.3.x. RedHat might

RE: Re: OpenLDAP and SSH authentification

Michel, You did not specify what linux distro. That info will help. For example, on CentOS/RH, all you have to do to enable pam_ldap auth is /usr/bin/authconfig --enableldapauth --update Again, on RH/CentOS, this command changes /etc/pam.d/system-auth (linked to system-auth-ac).

Syncrepl TLS certificate verification - configurable

Hi, I have setup replication between two primary servers to use TLS. The config says: {0}rid=101 provider=ldap://pldap01.xyz.net binddn=cn=Manager,dc=xyz,dc=net bindmethod=simple credentials=secret searchbase=dc=xyz,dc=net type=refreshOnly interval=00:00:00:10 retry=5 5 300 5 timeout=1

RE: Problem with SSL/TLS

I ran into various issues with OpenLDAP + SSL/TLS. Finally, I ended up tunneling via stunnel. Something you might want to consider? Siddhartha From: openldap-technical-bounces+sjain=silverspringnet@openldap.org [mailto:openldap-technical-bounces+sjain=silverspringnet@openldap.org]

posixGroup and groupofNames

Hi, Running CentOS 5.4 with stock OpenLDAP distro 2.3.43. Both classes, posixgroup and groupofnames are structural causing conflicts if one wants to use both. And while RFC2307bis is deleted by IETF, RFC2307 doesn't seem to have the same traction (or, does it)? So, what's a good option? Simply