hi, i am seeing a symptom where the accesslog contextcsn is not always
updated when a new entry is added to the accesslog. i have a test setup
[config is below], with a content database using the accesslog and
syncprov overlays, and an accesslog database using the syncprov overlay.
for the
wow, that's a mess.
So #000# is serverID 0, which would be for any entries prior to moving
to MMR. The fact that you have different values for #000# on dsa1
accesslog vs the other 3 databases is disturbing.
It would appear DSA1 is serverID 1, and its CSNs make sense:
On 6/29/17 11:15 AM, Quanah Gibson-Mount wrote:
--On Thursday, June 29, 2017 2:12 AM -0400 btb <b...@bitrate.net> wrote:
i see, thanks. i tested this, and did a modify on each, but didn't see
replication resume. emulating the syncrepl connection with a manual
search against each
On 6/27/17 4:55 PM, Quanah Gibson-Mount wrote:
--On Tuesday, June 27, 2017 5:35 PM -0400 btb <b...@bitrate.net> wrote:
On 6/27/17 10:27 AM, Quanah Gibson-Mount wrote:
--On Tuesday, June 27, 2017 10:37 AM -0400 btb <b...@bitrate.net> wrote:
i'm using 2.4.44 on freebsd, built from p
On 6/27/17 10:27 AM, Quanah Gibson-Mount wrote:
--On Tuesday, June 27, 2017 10:37 AM -0400 btb <b...@bitrate.net> wrote:
i'm using 2.4.44 on freebsd, built from ports. i can provide any config
details etc - i just didn't want to inundate the post with guesses on
detail that
hi. i have two servers, in an mmr arrangement, using delta-syncrepl.
on a couple of occasions, the servers have stopped replicating, and the
following is logged:
dsa1:
Jun 27 06:13:29 ldap0 slapd[8699]: do_syncrep2: rid=000
LDAP_RES_SEARCH_RESULT
Jun 27 06:13:29 ldap0 slapd[8699]:
On Nov 10, 2016, at 20.47, Howard Chu wrote:
>
> b...@bitrate.net wrote:
>> recently i noticed these entries in slapcat output:
>>
>>> slapcat -F '/var/lib/ldap/config' -b 'cn=config' -H
>>> 'ldap:///cn=config??base'
>> 5824aae9 PROXIED attributeDescription "OU" inserted.
>>
recently i noticed these entries in slapcat output:
> slapcat -F '/var/lib/ldap/config' -b 'cn=config' -H 'ldap:///cn=config??base'
5824aae9 PROXIED attributeDescription "OU" inserted.
5824aae9 PROXIED attributeDescription "DC" inserted.
dn: cn=config
objectClass: olcGlobal
cn: config
> On Sep 30, 2016, at 06.55, Michael Ströder wrote:
>
> Sreekanth Sukumaran wrote:
>>
>> Sorry, I missed to add subject in the last mail. Resending with subject.
>> sorry
>> about spamming the group
>>
>> Hi All,
>>
>> OpenLDAP version : 2.4.39 on windows
>> Tool used
> On Aug 06, 2016, at 12.14, Matwey V. Kornilov
> wrote:
>
> After inspecting source code I've just found that TLS_KEY and TLS_CERT
> are ignored if located in /etc/openldap/ldap.conf.
> Why does it not written in man ldap.conf(5) explicitly?
from ldap.conf(5):
> On Jan 12, 2016, at 13.02, Katherine Faella wrote:
>
> For the life of me I can not figure out the syntax for performing this. Here
> is my snippet of config.ldif:
>
>
> dn: olcDatabase={1}hdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcHdbConfig
>
On Nov 10, 2015, at 00.49, Bogdan Rudas wrote:
>
> Hello all,
>
> I would like to start use of olcAccess rules, are there human-friendly editor
> for that ACLs?
> I can't even use line breaks in ldif file to make my restrictions a bit more
> readable! I strongly dislike
On 2015.01.12 03.17, Eileen(=^ω^=) wrote:
Hi team!
I face a question. When I use slapcat -l filename.ldif , the
output file will include the createTimestamp、modifyTimestamp、entrycsn
and entryUUID etc. These attributes will cause the output file can not
put back to the bdb database.
output
On Jan 07, 2015, at 10.56, Ryan Tandy r...@nardis.ca wrote:
On Wed, Jan 07, 2015 at 08:26:12AM -0500, btb wrote:
On 2015.01.06 23.54, Ryan Tandy wrote:
The nslcd protocol changed from 0.8.x to 0.9.x. I'm working on a patch
(nss done, pam still WIP) and hope to send it to the ITS soon
On 2015.01.06 23.54, Ryan Tandy wrote:
Hi,
On Tue, Jan 06, 2015 at 11:11:03PM -0500, b...@bitrate.net wrote:
i use the nss and pam stub libraries from nss-pam-ldapd [no nslcd]
with nssov. i've just upgraded nss-pam-ldapd from 0.8.13 to 0.9.4.
The nslcd protocol changed from 0.8.x to 0.9.x.
On Jan 06, 2015, at 16.00, Nick Atzert tlkg...@gmail.com wrote:
It's pretty messy and convoluted IMO. That's with a fairly pedestrian view of
the project. Considering it's (apparently) unmaintained I'd assume it's the
same for development. The biggest issue I've been having is mostly with
i use the nss and pam stub libraries from nss-pam-ldapd [no nslcd] with nssov.
i've just upgraded nss-pam-ldapd from 0.8.13 to 0.9.4. at the moment, i'm
using openldap version 2.4.31. after upgrading nss-pam-ldapd, nss and pam
stopped working with ldap, and i see this in slapd's debug log:
On Mar 8, 2014, at 08.50, Joshua Schaeffer jschaeffer0...@gmail.com wrote:
I'm in the process of setting up my slapd server to operate over LDAPS and
having trouble when using a CA certificate (being my own certificate
authority). I've been able to setup LDAPS when using a self-signed
On 2014.01.14 14.54, Michael Ströder wrote:
Dieter Klünter wrote:
Am Tue, 14 Jan 2014 11:06:34 -0500
schrieb Borresen, John - 0442 - MITLL john.borre...@ll.mit.edu:
First, my apologies for the adding you, Quanah, to the cc list. Over
the last few weeks, my emails have not been getting
On Dec 13, 2013, at 13.00, Clint Petty cpe...@luthresearch.com wrote:
I know you are suppose to make changes through the command line, when using
cn=config.
no, you are supposed make changes using the same methods you'd use for any
other openldap database. that's via ldap operations, or
i'm hoping a bump might get this on someone's radar it previously missed.
On Oct 19, 2013, at 20.10, b...@bitrate.net wrote:
i'm experimenting with the authz2dn setting for olcnsspam:
dn: olcOverlay={7}nssov,olcDatabase={2}mdb,cn=config
objectClass: olcConfig
objectClass: olcNssOvConfig
i'm experimenting with the authz2dn setting for olcnsspam:
dn: olcOverlay={7}nssov,olcDatabase={2}mdb,cn=config
objectClass: olcConfig
objectClass: olcNssOvConfig
objectClass: olcOverlayConfig
olcOverlay: {7}nssov
olcNssMap: group uniquemember member
olcNssPam: authz2dn hostservice
On Oct 8, 2013, at 09.56, Dan White dwh...@olp.net wrote:
That was referring to auxprop. In newer versions ( 2.1.23) of Cyrus SASL
there is an undocumented 'pwcheck_method: auxprop-hashed' which you can use
to support hashed passwords, but I do not believe that slapd/ldapdb are
supported. I
On Oct 2, 2013, at 09.44, Dan White dwh...@olp.net wrote:
libsasl2, with default configuration, requires that the password be stored
in cleartext, even for PLAIN.
To support {ssha} in this scenario, I recommend you configure your SASL
slapd.conf file to authenticate against saslauthd, which
On Oct 3, 2013, at 04.46, Dieter Klünter die...@dkluenter.de wrote:
You are connnecting to port 389, but s_client is not able to initiate a
LDAP startTLS session (only SMTP and IMAP), so you have to connect
ldaps and port 636.
s_client does support starttls for other protocols aside from
-technical-boun...@openldap.org
[mailto:openldap-technical-boun...@openldap.org] On Behalf Of btb
Sent: Wednesday, 2 October 2013 10:57 PM To:
openldap-technical@openldap.org Subject: Re: Openldap server with TLS
not working
On 2013.10.02 07.29, Axel Grosse wrote:
when I test on the server itself
On 2013.10.03 12.13, Michael Ströder wrote:
b...@bitrate.net wrote:
On Oct 2, 2013, at 11.47, Michael Ströder mich...@stroeder.com wrote:
btb wrote:
On 2013.10.02 07.29, Axel Grosse wrote:
when I test on the server itself ..
openssl s_client -connect 192.168.30.169:389 -showcerts -CAfile
On Oct 3, 2013, at 17.46, Axel Grosse agro...@axway.com wrote:
Hi all, Ben, Dieter,
thank you for your help ...
got it working on ldaps without TLS :-))
we can close that thread
glad you had success. a note of pedantry - just because ldaps was used doesn't
mean tls was not. those two
i've enabled the plain sasl mech, and testing with ldapwhoami works, but
only if the userpassword is left as plaintext. if hashing [ssha] is
used, it fails. a simple bind succeeds. what am i doing wrong?
ldapwhoami -H 'ldap://dsa4.example.com/' -Y 'plain' -U 'flash' -w
''
On 2013.10.02 07.29, Axel Grosse wrote:
when I test on the server itself ..
openssl s_client -connect 192.168.30.169:389 -showcerts -CAfile
./ssl/VordelCA.crt
CONNECTED(0003)
710:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
ldaps [port 636] is deprecated.
On Oct 2, 2013, at 11.47, Michael Ströder mich...@stroeder.com wrote:
btb wrote:
On 2013.10.02 07.29, Axel Grosse wrote:
when I test on the server itself ..
openssl s_client -connect 192.168.30.169:389 -showcerts -CAfile
./ssl/VordelCA.crt
CONNECTED(0003)
710:error:140790E5:SSL
On 2013.08.20 03.17, Steppacher Ralf wrote:
Ben,
I re-read those sections. But they only describe how to convert a
pre-existing slapd.conf file. So, to bootstrap slapd I created a
minimal slapd.conf with just the config database and a rootdn/pw for
it and converted that with slaptest. But I
On 2013.08.20 07.59, Steppacher Ralf wrote:
And how to use such a bootstrap LDIF? Starting slapd with -f pointing
to the LDIF does not work. That is what I have been looking for and
could not find.
read man 5 slapd-config [this is referenced from section 5 of the admin
guide]. specifically,
On 2013.08.19 07.35, Steppacher Ralf wrote:
Hello all,
this is probably a really stupid question... But I cannot figure out how
to start a freshly built slapd using only slapd-config configuration.
please see section 5 [configuring slapd] of the administrator's guide.
also see man 5
On 2013.08.19 08.23, Ingo wrote:
On 13.08.2013 19:02, btb wrote:
On 2013.08.13 12.17, Quentin PETEL wrote:
Hi,
To modify the cn=config DIT you'll have to modify the files under
/etc/ldap/slapd.d/cn=config where your config is stored.
NO. do NOT do this,
Why?
read section 5
On 2013.08.13 08.34, Robert Wolf wrote:
Hello people,
I would like to ask for correct and/or official way how to remove
objects from cn=config.
currently, the delete operation is not supported. this may change in a
subsequent version. currently, use slapcat to generate an ldif, modify
the
On 2013.08.13 12.17, Quentin PETEL wrote:
Hi,
To modify the cn=config DIT you'll have to modify the files under
/etc/ldap/slapd.d/cn=config where your config is stored.
NO. do NOT do this, and please STOP telling other people to do this.
-ben
it really is a complete non issue which has zero actual impact on anything, but
if it bothers your sense of style, build openldap on a computer that has a
generic/neutral hostname.
-ben
On May 30, 2013, at 16.58, Quanah Gibson-Mount qua...@zimbra.com wrote:
--On Thursday, May 30, 2013 8:25
On Jan 20, 2013, at 13.59, Ori Bani wrote:
Hello,
I'm struggling a little with understanding the dynamic configuration
system (sorry, but wanted to say my vote is for file-based config; the
way some of this config has been put into LDAP feels forced and
unnecessarily convoluted).
On 2012.11.16 03.45, martin.heinzm...@belden.com wrote:
Hi,
i am trying to write my own client which connects to an active directory
and searches for an user. So far it works, i call ldap_initialize, set
version 3, ldap_simple_bind_s and then search the directory.
Now i want the connection to be
On Nov 11, 2012, at 18.21, Simone Scremin wrote:
Frankly no.
I was under the impression that my quoted example was what you need to
activate the overlay.
I tried to load the module as you suggested but I get a different error:
have you read the README? it explicitly states:
...
On Nov 09, 2012, at 14.14, Simone Scremin wrote:
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
have you loaded the nssov module?
e.g.:
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModuleLoad: nssov
olcModulePath:
hi-
i'm having a few different issues with slapo-pcache. i did a bit of searching
in the its and did not find any items which seemed to match my symptoms. i'm
using 2.4.31, on ubuntu 12.10.
the first is that i so to not be able to add, via ldapadd, additional
olcPcacheTemplate attributes to
On Aug 05, 2012, at 08.07, Friedrich Locke wrote:
Hi folks,
i have noticed openldap keeps releasing new versions from time to
time. I have not noticed changes in protocol specification. So why
does openldap release new versions ? Isn't it mature enough yet ? I am
asking cause i am used to
On 07/05/2012 06:18 PM, Gavin Henry wrote:
HI all,
Taking advantage of the technical list for once and the OpenLDAP
related questions :-)
Anyone messed with ejabberd and OpenLDAP? I'm looking for an XMPP
server with the best LDAP support.
ejabberd does auth, rosters and vcards but the ability
given an entry such as:
dn=cn=abuse,ou=example.net,ou=mail,ou=groups,dc=example,dc=com
objectclass=mailgroup
cn=abuse
member=uid=jdoe,ou=people,ou=accounts,dc=example,dc=com
i'd like the entry to also include an attribute, generated automatically, based
on the rdn of the entry and the
On Apr 21, 2012, at 14.12, Michael Ströder wrote:
I doubt that this is possible with slapo-rwm.
thanks, i'd wondered this.
But you could at least enforce that attribute values match according to what
you've subscribed above with a set-based constraint to avoid having false user
input in
On Apr 02, 2012, at 14.34, Quanah Gibson-Mount wrote:
A quick perusal of http://www.openldap.org/software/release/changes.html
shows specifically that this was fixed in 2.4.26.
ah, of course. you're right. admittedly, i sometimes forget to think about
checking change logs - especially when
On 2012.03.22 07.19, Nick Milas wrote:
Cos with JXPlorer (as with standard tools) I see string-based and not
number-based ordering, for example:
yes, it is string based ordering.
On 2012.03.22 07.45, Nick Milas wrote:
Please tell me: How do you enter newlines in Apache Dir Studio? You
simply type \n or you enter a particular key combination?
i press the enter key on my keyboard
Also, which ADS version are you using?
currently, 2.0.0.v20120224. this behavior hasn't
On Mar 21, 2012, at 22.00, Chris Hiestand wrote:
On Mar 21, 2012, at 5:59 PM, David Arroyo wrote:
What is the correct way to delete a database from olc?
I get the feeling it is frowned upon, but I think you could:
1. slapcat -s 'cn=config' config.ldif
2. edit config.ldif
3. delete or
On 2012.03.19 14.39, Chris Hiestand wrote:
Editing via an ldap client is easy if you're just editing an
attribute here and there, but because of the interacting nature of ACLs and
schema
elements, poor readability (no newlines) makes editing via an ldap client more
difficult
(a gui with smart
52 matches
Mail list logo