hi
I face a weird situation with my LDAP syncrepl consumer [1],
please advise ...
on "delete" sync state control receiving, I'm trying to search for
accesslog object with the just deleted object to use it in further
processing, but it is not available yet
though if I set delay (sleep) for 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
please advise, how can I catch ModRDN object in syncrepl cosumer?
I use perl Net::LDAP
on ldapmodrdn I successfully catch LDAP_SYNC_MODIFY event with
Net::LDAP::Entry object, DN of which contains *new* rdn ...
but how to know/get the old one?
greetings,
We've found RFC2307bis2:
"An Approach for Using LDAP as a Network Information Service"
and now wondering, what've happened to it finally? Is it just expired
and forgotten?
Recently we've began to deploy netgroup usage in our network and found
it impossible to do search by
thanks to everybody for soon reply
Michael Ströder wrote:
> On 07/30/2018 02:32 PM, Zeus Panchenko wrote:
> Basically you have two options:
> 1. run something within slapd (back-perl or back-sock)
I'm still missing something ... what is/are the condition/s to see a
candidate objec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
greetings,
please advise
how can I run external script on event (LDAP operation)?
for example: I am generating config files for users from LDAP data with perl
script
I want to re-generate config files each time LDAP operation (modify, add,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
I'm using organizationalUnit to hold organization related data
and I'm wondering, how can I add country attribute to the object?
I find it stumbling, all other address attributes are available but country ...
I'd like to be able to do
Christian Kratzer wrote:
> > 1. to move file?
> > 2. to ldapmodify?
> >
> > for the one used to slapd.conf both of ways look weird ... :(
>
> for those cases that ldapmodify that does not work you can use slapcat
> to dump all of the cn=config database edit it and reimport
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
what is the best practice or right way to change schemas order for cn=config
case?
1. to move file?
2. to ldapmodify?
for the one used to slapd.conf both of ways look weird ... :(
- --
Zeus V. Panchenko
Andrew Findlay wrote:
> You could try using the extended search filter syntax:
>
> (dhcpOption:caseIgnoreSubstringsMatch:=boot*)
>
> See RFC4515 for more details. In practice you will probably want to create a
I tried and failed ... where did I mistake?
Andrew Findlay wrote:
> Try this:
> (authorizedService:caseIgnoreSubstringsMatch:=m...@hh001.umi)
now there is no error message, though the result is still empty
alas ...
# base
Ulrich Windl wrote:
> But you are basically changing the semantics of attribute authorizedService:
> Before "*" was literal, after it is magic (substring match).
>
> The discussion on which variant is more useful is a different issue ;-)
for *my* flow, the
thank you for reply
Andrew Findlay wrote:
> You should not change the definitions of standard attributes or
> objectclasses.
I remember that, though I wasn't able to get that working without patching ...
> That does not stop you from setting up an index for
greetings,
I'm wondering of search possibility lack for some attributes
my question is: is it correct/good/sane/e.t.c. to patch them this way?
is there other way to get those attributes searchable?
for example I have to patch some schemes like this:
---[ PATCH SAMPLES START
greetings,
alas, but I still face the issue ... :-\
---[ replica log quotation start ]---
...
Jul 27 12:29:46 ABC slapd[15466]: do_syncrep2: rid=000 LDAP_RES_SEARCH_RESULT
(53) Server is unwilling to perform
Jul 27 12:29:46 ABC slapd[15466]: do_syncrep2:
Andrew Findlay wrote:
> [ This is a very old thread you are resurrecting! ]
sorry, but was not able to find the answer yet
bellow is a bit long reply/commentary ...
> > access to dn.subtree="ou=People,dc=foo"
> > by
Quanah Gibson-Mount wrote:
> > emm ... I was sure I can not do that on the master side ... just I try
> > do that, I receive full data ...
>
> Then likely your ACLs were incorrect?
yes, they were
at last I was able to fix that and get it working the way (I believe) I want:
Quanah Gibson-Mount wrote:
>
> Wouldn't it be simpler to define ACLs on the master that limit what
> the replication identity has access to that matches your filters?
>
emm ... I was sure I can not do that on the master side ... just I try
do that, I receive full data ...
Quanah Gibson-Mount <qua...@symas.com> wrote:
> --On Friday, June 30, 2017 12:48 AM +0300 Zeus Panchenko
> <z...@ibs.dn.ua> wrote:
> ...
> > 22:45:30 ABC slapd[12593]: do_syncrep2: rid=000 (53) Server is unwilling
> > to perform Jun 29 22:45:30 ABC slapd[1
Andrew Findlay wrote:
>
> Try fixing the RIDs - use small numbers, all different. The exact values are
> not important.
> Also try commenting out the second syncrepl clause until you have the others
> working properly.
> You should be able to merge the first
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
please advise
I need to replicate not all but some branches from one master to one slave
not sure how much correct I have done that, but here what I have:
slave starts successfully, records appear on slave as expected,
services successfully
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
greetings,
I'm trying to configure ACL, I belive it is possible to ... but after
some attempts I doubt it is ...
please, help me to understand where I'm making the mistake/s ...
I need to manage possibility for "coadmins" group members to manage
hi,
I'm trying to configure a not complex (as I believe) ACL ... but have some
difficulties
I have two posixGroup groups
cn=admins,ou=group,dc=foo
cn=coadmins,ou=group,dc=foo
my users resides in ou=People,dc=foo
so, in subtree ou=People,dc=foo I need to allow anything to admins (and
it is
thanks much,
Côme BERNIGAUD wrote:
If not, maybe you can inspire yourself from it anyway.
You can see the schema there:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
greetings,
please advise, is there schema or what will it be correct to use, for
hardware inventory data to be stored in LDAP (except custom schema)?
perhaps I'm not the first who asks that ...
- --
Zeus V. Panchenko
thank you very much, it is really what I need
Michael Ströder mich...@stroeder.com wrote:
Zeus Panchenko wrote:
is there way to have something like, I'd call, journal of changes
where it could be saved all changes (modifications and deletions in
particular) for each object
what I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
is there way to have something like, I'd call, journal of changes
where it could be saved all changes (modifications and deletions in
particular) for each object
what I'm talking about is *whole* history of the actions the object has
undergone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Harry Jede harry.j...@arcor.de wrote:
By default, that's not possible.
yes, and I really wonder why? ... isn't it beneficial to be able to find
which MAC has which IP? ... but this question is to dhcp.schema author/s
of course :)
You need to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Ströder mich...@stroeder.com wrote:
Because there's no SUBSTR matching rule defined for 'dhcpHWAddress'
so, there is no way to ldapsearch by that attribute exept `*' ?
You should really make yourself familiar with the various search
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
I configured my isc-dhcpd servers to work with openldap, all works
now when I want to find dn for some definite MAC or IP, I am unable to
do that
please, help to understand how can I ldapsearch by attribute
dhcpStatements values?
in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Ströder mich...@stroeder.com wrote:
I use filter:
((objectClass=dhcpHost)(dhcpStatements=fixed-address 10.0.0.222))
and receive empty result ...
Did you change the indexing configuration for attribute 'dhcpStatements'?
the only
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Ströder mich...@stroeder.com wrote:
I rephrase my question:
Did you change the indexing configuration for attribute 'dhcpStatements'
*after* adding/modifying the entries?
no, I didn't
If yes, then see this:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Ströder mich...@stroeder.com wrote:
Because there's no SUBSTR matching rule defined for 'dhcpHWAddress'
so, there is no way to ldapsearch by that attribute exept `*' ?
which is not needed anyway.
mmm ... no need to be able to find the
Andrew Findlay andrew.find...@skills-1st.co.uk wrote:
That can be done - it is just a matter of choosing a naming structure
that allows it.
that's simple but was not obvious to me :(
That one won't work, as there is no way to link the individual uid and
userPassword values. You need one LDAP
Andrew Findlay andrew.find...@skills-1st.co.uk wrote:
mmm ... will not it prevent non-uniqueness only for parent DN-s? while
what I'm trying to ask (I'm sorry for muddled up explanation what I mean)
about is - uniqueness for the uid *in* the entry ... so, the uniqueness
of the attribute
hi,
may somebody to recommend the attribute to store path to system mailbox,
among attributes of schema files shipped with openldap,
system mailbox is the path to mbox format file or maildir directory
where MDA (depends on MDA configuration) stores received mail messages
so, to not to add new
Nick Milas n...@eurobjects.com wrote:
so, to not to add new LDAP object and attribute definition, I'd like to
know, may be close by function attribute already exists?
I suggest using a specialized schema for such use. Maybe you would
want to read through this thread:
Andrew Findlay andrew.find...@skills-1st.co.uk wrote:
...
You would end up creating two new attributes for each service type,
and OpenLDAP would still not check the passwords for you in a useful way.
Better method: Create a sub-entry below the user entry for each service.
The
Andrew Findlay andrew.find...@skills-1st.co.uk wrote:
Do you reall want every user account on every service to have a
different username?
to be honest, I do not want, but in practice when I need to land some
mail domain with whole it's users at my MTA, I need to decide what
to do with widely
Quanah Gibson-Mount qua...@zimbra.com wrote:
what I mean is structure for head office (ho), branch 1 of head office
(bo1), ... branch N of head office (boN):
This is generally a bad way to implement. I would generally advise
tracking their organization based on attributes in their entry.
hi all,
please, may somebody advice
I need to set separate credentials for each service I provide
(optionally) to my users
I think of something like this:
dn: uid=target-user,ou=People,dc=ibs
userPassword: **
...
authorizedService: xmpp
authorizedService: smtp
authorizedService: pop
hi all,
I'm absolutely new to LDAP and need advice, please
how is it better/correct to configure database to implement corporative
users tree covered?
what I mean is structure for head office (ho), branch 1 of head office
(bo1), ... branch N of head office (boN):
- ho -+- bo1 -+- People
41 matches
Mail list logo