--On Friday, May 24, 2024 2:38 AM +0530 anil kumar pathuri
wrote:
This is what I did: Installed openldap 2.4.44 --> Upgraded to Symas
OpenLDAP 2.4.57 --> Upgrading from Symas OpenLDAP 2.4.57 to Symas
OpenLDAP 2.6.7
***PS: I am not using slapd.conf, what should I do in this case.
So you
if
[root@ip-172-31-22-18 cn=config]# cat olcDatabase={2}mdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 b0e4f2c3
dn: olcDatabase={2}mdb
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=my-domain,dc=com
--On Thursday, May 16, 2024 7:55 PM + anilkumar.pathu...@gmail.com
wrote:
Hi Team, GM
Successful while trying to upgrade from openLDAP 2.4.44 to SymasLDAP2.4.57
Facing issues while trying to upgrade to 2.5.x and 2.6.x from
SymasLDAP2.4.57 https://repo.symas.com/soldap2.5/upgrading/
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=hadoop,dc=com
olcRootDN: cn=ldapadm,dc=hadoop,dc=com
olcRootPW::
olcDbIndex: objectClass eq,pres
structuralObjectClass: olcMdbConfig
entryUUID: ba4f359a-a605-103e-9085-7fcb0f4ffaf5
creatorsName:
* Marc [26/04/2024 16:42] :
>
> Or is it possible to use an existing bind and 'switch' to a
> different user bind?
Yes, it is possible to make several binds on the same connection.
Note that it is important to wait for the response to a given bind
before sending the next one.
Emmanuel
--On Friday, April 26, 2024 5:42 PM + Marc
wrote:
I just searched a bit and did some requests on https files and it looks
like most are reporting results between 100 - 200. So I guess this is
sort of ok.
So probably it would be faster if I authenticate users via a 'manager'
bind and
>
> >
> > > I am doing some basic testing with ldap with this command.
> > >
> > > ldclt \
> > > -a 400 \
> > > -H ldap://x.x.x.x: \
> > > -e bindeach,bindonly,close \
> > > -D "uid=test,dc=
>
> > I am doing some basic testing with ldap with this command.
> >
> > ldclt \
> > -a 400 \
> > -H ldap://x.x.x.x: \
> > -e bindeach,bindonly,close \
> > -D "uid=test,dc=me,dc=local" \
> > -w yy \
> I am doing some basic testing with ldap with this command.
>
> ldclt \
> -a 400 \
> -H ldap://x.x.x.x: \
> -e bindeach,bindonly,close \
> -D "uid=test,dc=me,dc=local" \
> -w yy \
> -n 1
>
> I was testing this on two co
I am doing some basic testing with ldap with this command.
ldclt \
-a 400 \
-H ldap://x.x.x.x: \
-e bindeach,bindonly,close \
-D "uid=test,dc=me,dc=local" \
-w yy \
-n 1
I was testing this on two container test environments. Both are running with
~500
--On Friday, March 1, 2024 12:57 PM +0530 Jignesh Patel
wrote:
We have set up a new docker OpenLDAP Version 2.6.6 on Kubernetes.
We could migrate all the data except the following two
attributesauthTimestamp and
lastLoginTime
not working in personalized schema.
How to
We have set up a new docker OpenLDAP Version 2.6.6 on Kubernetes.
We could migrate all the data except the following two attributes
*authTimestamp* and
*lastLoginTime*
not working in personalized schema.
How to configure them?
The issue is resolved in OpenLDAP release 2.5.17 release with this fix :
https://bugs.openldap.org/show_bug.cgi?id=10100
Hello,
We need some help to resolve the intermittent sync replication issue.
We have configured mirror mode replication with two nodes.
Node1 syncrepl
{0}rid=1 provider=ldaps://AWPCISQL22.otxlab.net:6366 type=refreshAndPersist
searchbase="o=otxlab.net" schemachecking=off bindmethod=simple
Craig H Silva (Cenitex) wrote:
> from config:
>
> # {1}ldap, config
> dn: olcDatabase={1}ldap,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcLDAPConfig
> olcDatabase: {1}ldap
> olcSuffix: dc=myorg,dc=lcl
> olcAccess: {0}to dn.base="" by * read
er
> windows 2012.
>
> There's still nis info info in various attributes in AD schema, but the nis
> service is about to go. So an alternative is needed.
>
> I have the proxy configured with ldap-backend and its very happy to provide
> all the attribute information, bu
attributes in AD schema, but the nis
service is about to go. So an alternative is needed.
I have the proxy configured with ldap-backend and its very happy to provide
all the attribute information, but the solaris ldap client wants the DSE
through the proxy and for the life of me I can't work out
--On Tuesday, November 21, 2023 3:27 PM +0100 Kevin Cousin
wrote:
Hi List,
I've got an LDAP architecture with one read-write OpenLDAP (primary) and
some read-only OpenLDAP (replica).
I load the cn=monitor backend on the primary? is it sufficient to have
the cn=monitor backend
=monitor on the replica.
Best,
Uwe
Am 21.11.23 um 15:27 schrieb Kevin Cousin:
Hi List,
I've got an LDAP architecture with one read-write OpenLDAP (primary) and some
read-only OpenLDAP (replica).
I load the cn=monitor backend on the primary? is it sufficient to have the cn=monitor
Hi List,
I've got an LDAP architecture with one read-write OpenLDAP (primary)
and some read-only OpenLDAP (replica).
I load the cn=monitor backend on the primary? is it sufficient to have
the cn=monitor backend on the slave too or should I activate it on the
replicas ?
Regards,
Kevin C
I created an LDAP proxy using an LDAP backend to connect to our Active
Directory server. Unfortunately, our AD server has incorrect usernames in
the sAMAccountName attribute, so I would like to override this with the
prefix of the value found in the userPrincipalName attribute (the part
before
Am Thu, Sep 21, 2023 at 11:58:50AM + schrieb Marc:
> What a fuckups there at redhat/fedora. This plugin served me always wel. Now
> these morons require ldap write access which I manage to bypass with[1]. Then
> I guess it downloads everything from ldap and I have more memory/s
>
>
>
> >
> > > If I enable this module, does it mean that this slapd stops receiving
> > > updates from the master?
> >
> > No, it's perfectly fine to run syncprov on consumers as well.
> >
>
> I guess such messages are related to
>
> > If I enable this module, does it mean that this slapd stops receiving
> > updates from the master?
>
> No, it's perfectly fine to run syncprov on consumers as well.
>
I guess such messages are related to that my ldap is not allowing updates not?
Which I wan
--On Thursday, September 21, 2023 12:30 AM + Marc
wrote:
If I enable this module, does it mean that this slapd stops receiving
updates from the master?
No, it's perfectly fine to run syncprov on consumers as well.
--Quanah
If I enable this module, does it mean that this slapd stops receiving updates
from the master?
>
> You need to load the syncprov module.
>
> I wrote a test for this package recently in Ubuntu, you can see the
> script here: https://git.launchpad.net/ubuntu/+source/bind-dyn
I just loaded the module, and had a slightly different response
error: LDAP error: Critical extension is unavailable: critical control
unavailable in context: unable to start SyncRepl session: is RFC 4533 supported
by LDAP server?
So I added this config
dn: olcOverlay=syncprov,olcDatabase={1
Yes, dyndb requires syncprov
Here a snippet if building from source on RHEL
### build-bind-dyndb-ldap
prep
```
wget
https://pagure.io/bind-dyndb-ldap/archive/v11.9/bind-dyndb-ldap-v11.9.tar.gz -O
/tmp/bind-dyndb-ldap-v11.9.tar.gz
cd /tmp/
tar xf /tmp/bind-dyndb-ldap-v11.9.tar.gz
cd bind
You need to load the syncprov module.
I wrote a test for this package recently in Ubuntu, you can see the
script here:
https://git.launchpad.net/ubuntu/+source/bind-dyndb-ldap/tree/debian/tests/dyndb-ldap?h=applied/ubuntu/devel
On Wed, Sep 20, 2023 at 7:02 PM Marc wrote:
>
> Anyone expe
Anyone experience with openldap and dyndb from bind?
I am getting this:
critical extension is not recognized: unable to start SyncRepl session: is RFC
4533 supported by LDAP
Hello Sven,
Did you set ACL that allow reply to be send to client on the proxy ldap
instance ? I had same issue with META proxy ldap type before I set these ACL.
Brgds,
Jean-Luc.
> On 7 Jun 2023, at 16:23, Sven Feyerabend
> wrote:
>
> Hello everyone,
>
> I hav
Hello everyone,
I have set up two slapd instances in mirror mode.
As described in the documentation I used another slapd instance with
ldap backend to proxy the requests and provide failover capabilities in
case one of the upstream servers becomes unavailable.
Now I have the curious
I use OpenLDAP by years, but binded to Samba and using for the user
management mostly Samba-aware tools (LAM and smbldap-tools) and using Samba
account policy.
Now i need to setup a 'pure' UNIX environment, in a debian box; i've enabled
shadow data in account, but found that some very simple
Dears,
I've created a META configuration pointing to another backend ldap for which
I'd like to use a generic user which will be used as unique user to fetch datas
in backend requested by all users coming from the META proxy frontend.
I did following dynamic configuration :
dn: olcDatabase
Ah, I have a mix of suse stanzas and (ou=people) stanzas, I was removing
both.
Just removing the stanzas with suse references and reimporting the whole
mess seems to work! :)
I need to get someone else on my team to test some stuff since I've been
staring at this too long now.
Thanks,
Matt
On
--On Wednesday, February 8, 2023 3:10 PM -0500 Matthew Goebel
wrote:
I used slapcat/slapdd
The two boxes are using different backend databases so I don't think I
can copy the data files?
Right, heh. I forgot you were still on hdb/bdb. I'll try to get some time
to read over the
I used slapcat/slapdd
The two boxes are using different backend databases so I don't think I can
copy the data files?
Thanks,
Matt
On Wed, Feb 8, 2023 at 2:06 PM Quanah Gibson-Mount
wrote:
>
>
> --On Tuesday, February 7, 2023 4:56 PM -0500 Matthew Goebel
> wrote:
>
> >
> >
> >
> > Config
--On Tuesday, February 7, 2023 4:56 PM -0500 Matthew Goebel
wrote:
Config file attached ...
Sorry I haven't had time to review the config yet, but a question popped
into my mind -- How did you migrate the data between the two instances?
I.e., did you copy the MDB file, or use
--On Tuesday, February 7, 2023 4:27 PM -0500 Matthew Goebel
wrote:
I don't have anything on the old server from the actual config files ...
Use slapcat to export the config db in its entirety:
slapcat -n 0 -F /path/to/slapd.d -l /tmp/slapd-conf.ldif
Then redact passwords.
olcDbDirectory: /var/lib/ldap
olcSuffix: ou=people,o=emich.edu
olcAccess: {0}to attrs=userPassword by self write by * auth
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to attrs=userPKCS12 by self read by * none
olcAccess: {3}to * by * read
olcRootDN: cn=Administrator
one that's created by RH as an example. Note that this db doesn't
allow any access either. ;)
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: ou=people,o=emich.edu
olcAccess: {0}to attrs=us
#
#
# Define global ACLs to disable default read access.
#
olcArgsFile: /usr/local/var/run/slapd.args
olcPidFile: /usr/local/var/run/slapd.pid
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#olcReferral: ldap://root.openldap.org
--On Monday, February 6, 2023 4:58 PM -0500 Matthew Goebel
wrote:
directory8.emich.edu : redhat ES 8 : hand rolled from source code ldap
[r...@directory8.emich.edu:/root]# /usr/local/libexec/slapd -V
@(#) $OpenLDAP: slapd 2.6.X (Nov 15 2022 16:59:29) $
That's the engineering branch
Hello,
I am trying to migrate from
directory.emich.edu : redhat ES 7 : redhat supplied ldap
[r...@directory.emich.edu:/etc/openldap]# /usr/sbin/slapd -V
@(#) $OpenLDAP: slapd 2.4.44 (Jun 6 2020 17:06:42) $
mockbu...@x86-vm-25.build.eng.bos.redhat.com:
/builddir/build/BUILD/openldap-2.4.44
I am able to catch error if i import an invalid ca certificate based on return
of ldap_install_tls (ld);
Is there any other way?
Thanks,
Smitha
Dears,
I tried to configure a proxy ldap type (meta) but without success as I get
following error message when I try to start it :
63d13d3c.03f49ea0 0x7f2e4ff3b1c0 backend_startup_one: starting "o=mobistar.be"
63d13d3c.03f4ab38 0x7f2e4ff3b1c0 meta_back_db_open: no targets define
>>> Quanah Gibson-Mount schrieb am 19.01.2023 um 19:18 in
Nachricht :
>
> --On Thursday, January 19, 2023 8:25 AM +0100 Ulrich Windl
> wrote:
>
> Quanah Gibson-Mount schrieb am 18.01.2023 um
> 14:50 in
>> Nachricht <3D6804DEBBC5413284159965@[192.168.1.14]>:
>>
>> ...
>>> I would
Quanah Gibson-Mount wrote:
>
>
> --On Thursday, January 19, 2023 8:25 AM +0100 Ulrich Windl
> wrote:
>
> Quanah Gibson-Mount schrieb am 18.01.2023 um
> 14:50 in
>> Nachricht <3D6804DEBBC5413284159965@[192.168.1.14]>:
>>
>> ...
>>> I would note that it is not advised to use XFS with
--On Thursday, January 19, 2023 8:25 AM +0100 Ulrich Windl
wrote:
Quanah Gibson-Mount schrieb am 18.01.2023 um
14:50 in
Nachricht <3D6804DEBBC5413284159965@[192.168.1.14]>:
...
I would note that it is not advised to use XFS with back-mdb.
Would you explain why? Here we use XFS for
>>> Quanah Gibson-Mount schrieb am 18.01.2023 um 14:50 in
Nachricht <3D6804DEBBC5413284159965@[192.168.1.14]>:
...
> I would note that it is not advised to use XFS with back-mdb.
Would you explain why? Here we use XFS for all database filesystems.
Regards,
Ulrich
this by examining your data (although it should be fairly
apparent) you can get some idea from the mdb_stat command, such as:
mdb_stat -a /path/to/database, i.e., mdb_stat -a var/ldap/db/ . Then look
at the number of 'Entries' a given indexed attribute is shown as having.
For example
Hi,
How can i get an error specific to invalid CA certificate for an ldaps
connection(LDAP over TLS)?
Our flow is like this
1:ldap_initialize()
2:ldap_sasl_bind_s()
But even if i import an invalid CA certificate on ldap client to verify the
server certificate , i don't get any error specific
Hi Quanah
> >
> >
> > The current mdb data file is GB on disk. We are using XFS, we tried with
> > ext2 and ext4, we saw the same behavior for slow mods.
> >
> > 2376455:/var/lib/ldap$ sudo du -sh data.mdb
> > 11G data.mdb
> > 2376455:/var/lib/ldap$
--On Wednesday, January 18, 2023 6:31 PM +0530 Bhanush Mehta
wrote:
Hi Quanah
The current mdb data file is GB on disk. We are using XFS, we tried with
ext2 and ext4, we saw the same behavior for slow mods.
2376455:/var/lib/ldap$ sudo du -sh data.mdb
11G data.mdb
2376455:/var/lib/ldap
Hi Quanah
The current mdb data file is GB on disk. We are using XFS, we tried with
ext2 and ext4, we saw the same behavior for slow mods.
2376455:/var/lib/ldap$ sudo du -sh data.mdb
11G data.mdb
2376455:/var/lib/ldap$ sudo du -s data.mdb
10519776 data.mdb
The dump from slapcat is 200 MB approx
> On Jan 13, 2023, at 9:19 PM, Gustavo Rios wrote:
>
> I would like to write a simple ldap client in ANSI C programming language, to
> perform some interactions with slapd, things very simple, like howto insert
> an attribute to a given entry or even how to remove it from th
--On Monday, January 16, 2023 10:47 AM +0530 Bhanush Mehta
wrote:
Hi Quanah,
We see the same issue with 2.4.58 (compiled from source).
I am able to debug that mod operations are fast on a fresh mdb, but after
a certain number of operations the mdb size is going from 300 MB to 10
GB.
--On Monday, January 16, 2023 8:46 AM -0300 Gustavo Rios
wrote:
Hi folks,
i am looking for a tutorial on how to write ldap clients using C
language. May someone in this list give me a reference tutorial ?
The OpenLDAP software ships with several clients written in C. I would
Hi folks,
i am looking for a tutorial on how to write ldap clients using C language.
May someone in this list give me a reference tutorial ?
Thanks a lot for your time and cooperation.
Best regards,
Gustavo
--
The lion and the tiger may be more powerful, but the wolves do not perform
going from 300 MB to 10 GB.
And, the time spent per operation is like 1-2 seconds for every mod, and
5-6 seconds when there are a large number of mods. We also use a group for
disabling users, when running mod to add users to that group we are seeing
all ldap binds and other mods slowing as wel
Hi folks!
I would like to write a simple ldap client in ANSI C programming language,
to perform some interactions with slapd, things very simple, like howto
insert an attribute to a given entry or even how to remove it from the ldap
database.
May some one here provide any tips on documentation
--On Friday, December 23, 2022 9:06 PM +0530 Bhanush Mehta
wrote:
Hi All,
We are seeing very slow MOD operations on our ldap (250 MB data dump),
while using mdb (data.mdb is 6.4 Gb). The average MOD operation is going
to 8-9 seconds.
We are seeing 1k disk ops and 6-7MB/s writes
How can we improve the write performance for openldap? And, how to we debug
or tune it?
On Fri, Dec 23, 2022 at 9:06 PM Bhanush Mehta
wrote:
> Hi All,
>
> We are seeing very slow MOD operations on our ldap (250 MB data dump),
> while using mdb (data.mdb is 6.4 Gb). The average M
Hi All,
We are seeing very slow MOD operations on our ldap (250 MB data dump),
while using mdb (data.mdb is 6.4 Gb). The average MOD operation is going to
8-9 seconds.
We are seeing 1k disk ops and 6-7MB/s writes. The disk is 4096 IOPS Sata
SSD, we have seen write speed to be 126 MB/s generally
I went through the documentation and as per description tried to add
configurations, but when I tried to create OLC from slapd.conf, then changed
values not reflected there they are always
olcSssVlvMax: 0
olcSssVlvMaxKeys: 5
olcSssVlvMaxPerConn: 5
Can you please suggest steps I need to follow
rathore_pushpendr...@yahoo.co.in wrote:
> The bounty expires in 7 days. Answers to this question are eligible for a
> +200 reputation bounty. NG. wants to draw more attention to this question.
> I am trying to implement pagination in LDAP using vlv, using reference from
> docum
The bounty expires in 7 days. Answers to this question are eligible for a +200
reputation bounty. NG. wants to draw more attention to this question.
I am trying to implement pagination in LDAP using vlv, using reference from
document
https://docs.ldap.com/ldap-sdk/docs/javadoc/com/unboundid
--On Monday, August 15, 2022 6:39 PM + Bradley T Gill
wrote:
Bandani,
Is the host name your connecting with in the Certificate?
Also, you can try an ldapseach with –ZZ to get some
more connection information.
As an aside, I'd note that the
: openldap-technical@openldap.org
Subject: Re: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN
attachments. If suspicious please click the 'Report to Incidents' button in
Outlook or forward to incide...@aep.com
rust should be defined the ldap.conf using TLS_CACERT
>
>
>
> Bradley Gill
>
>
>
> *From:* BANDANI MAHARANA
> *Sent:* Thursday, August 11, 2022 2:50 PM
> *To:* openldap-technical@openldap.org
> *Subject:* [EXTERNAL] Unable to connect to 636 secure port using LD
: [EXTERNAL] Unable to connect to 636 secure port using LDAP library
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN
attachments. If suspicious please click the 'Report to Incidents' button in
Outlook or forward to incide...@aep.com<mailto:incide...@aep.com> from a mobile
devic
with ldap server
in 636 port.
LDAP * ldap_handler;
int return_value = ldap_initialize(ldap_handler, "ldaps://
TestServer.mylab.com:636"); //server url
if (return_value == LDAP_SUCCESS) {
cout<<"LDAP initialized successfully"; // this is successful
--On Monday, August 8, 2022 4:28 PM +0530 Shaheena Kazi
wrote:
Hello,
I am using Debian 11.
Openldap : 2.4.57+dfsg-3+deb11u1
The OpenLDAP 2.4 series is historic and no longer in support. Crash
reports for 2.4.57 will not be investigated. You may wish to contact
Debian or upgrade
Hello,
I am using Debian 11.
Openldap : 2.4.57+dfsg-3+deb11u1
python3-ldap : 3.2.0-4+b3
python3-ldap3: 2.8.1-1
TLS - 1.3
Openssl - 1.1.1n-0+deb11u3
I am try to set a new connect and then import files using below commands:
ldapcon = ldap.initialize('ldap://localhost')
ldapcon.set_option
ldap-backend to select one of the mirror mode
provider until it fails.
Yes, this is essentially general best practice. An LB for read nodes,
using whatever strategy desired for those, and an LB for the write nodes
that is sticky to a specific provider.
--Quanah
not use Loadbalancers
in-front of write endpoints? Or it suggests there is no way we can have
multiple providers in a ldap cluster without the possibility of corrupting the
data.
Better solution from the suggestions is to use two LBs.
one for read only operation which uses round robin to select
>>> Quanah Gibson-Mount schrieb am 22.06.2022 um 17:29
in
Nachricht :
>
> ‑‑On Wednesday, June 22, 2022 9:03 AM +0200 Ulrich Windl
> wrote:
>
>> Ignoring the loadbalancer issues, I think you add a race condition when
>> reading possibly older data from your consumers and maybe write them
--On Thursday, June 23, 2022 4:47 AM -0700 radiatejava
wrote:
Anyone of these issues could be responsible? Just checking
No. I would also note that while you said the CN in your cert was
"test.ldap.com" you didn't mention what any subjectAltName values in your
cert would be. You've
rsion addresses the issue. Can anyone tell me which version
> > would still verify the hostname when doing LDAP over TLS.
>
> The OpenLDAP 2.4 series is historic, no bug reports for it will be
> considered.
>
> No changes have been made to OpenLDAP 2.4 series to disable hostn
maintain two
separate endpoints, one for clients that only ever issue reads and
the other one for clients that might issue a write operation
(potentially mixed in with read traffic).
Regards,
--
Ondřej Kuzník
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged
--On Wednesday, June 22, 2022 9:03 AM +0200 Ulrich Windl
wrote:
Ignoring the loadbalancer issues, I think you add a race condition when
reading possibly older data from your consumers and maybe write them back
where newer data may exist already (i.e.: providers). BTW: Is a modify
the hostname when doing LDAP over TLS.
The OpenLDAP 2.4 series is historic, no bug reports for it will be
considered.
No changes have been made to OpenLDAP 2.4 series to disable hostname
verification by the OpenLDAP project. If you are using libraries provided
by downstream distributions
>>> schrieb am 20.06.2022 um 13:33 in
>>> Nachricht
<20220620113345.5262.56...@hypatia.openldap.org>:
> Hi,
>
> I am new to ldap. We have 4 ldap servers, 2 of them are in mirror-mode
> providers, 2 of them are just consumers/replicas.
> I am working o
ok. Thank you. yes I want to ensure write goes only to one node unless it fails.
My software was using openldap client 2.4.44 to talk to the LDAP
server. We have shifted to 2.4.59 now to address some issues. Ever
since we shifted, the new version is allowing LDAP over TLS without
hostname verification.
In the older ver 2.4.44, I always got this error if hostname did not
match
--On Monday, June 20, 2022 12:33 PM + nagamani.chinnapai...@viasat.com
wrote:
Hi,
I am new to ldap. We have 4 ldap servers, 2 of them are in mirror-mode
providers, 2 of them are just consumers/replicas. I am working on
loadbalancer for these 4 ldap servers using ldap/meta backend. I
Hi,
I am new to ldap. We have 4 ldap servers, 2 of them are in mirror-mode
providers, 2 of them are just consumers/replicas.
I am working on loadbalancer for these 4 ldap servers using ldap/meta backend.
I want to the ldap proxy/loadbalancer to,
redirect write requests to one of the 2 mirror
Hi,
We have setup a open ldap proxy with AD backend and we are seeing the following
bind error for some users. The only difference in successful bind users versus
the failed ones is the addition of square brackets "[]" in the user profile. As
seen below for the failed users &qu
Hi folks ?
I am writing an ldap library for accessing openldap server.
I have written a function that implements an ldap bind request and decode
the openldap response.
The program output is given below.
sioux@etosha:~/msc/it/cnf/ldap/programs/ldp$ ./ldp 127.0.0.1.389
30 c 2 1 3 61 7 a 1 0 4 0 4
I use commands like this to set permissions for some custom gorups/users.. now
I want to set the permissions without overwriting them for all the other
groups/users, what do I need to add to my ACL-Entrys?:
```
access to dn.subtree="cn=myContainer,dc=mydomain,dc=tld"
by set="user &
Just a question (quick).
You probably saw the relatively new CAA record for DNS. This (great) record
provides a means to get the address of a CA for a given DNS domain.
Firstly, it is unclear to me why the old SRV records are not used as they
essentially do the same. You may think of creating
ic scan i am getting the Improper Neutralization of Special Elements
used in an LDAP Query ('LDAP Injection') when i debug i can see {
constraints } is printing Special Characters like example (
specila@345678) so any solution or else any other alternate way to use
instead of SearchControls
Thi
I am Using SearchControls constraints = new SearchControls(); NamingEnumeration
answer = ctx.search("DC=YourDomain,DC=com", "sAMAccountName=" + username,
constraints); when i Run the Varacode Dynamic scan i am getting the Improper
Neutralization of Special Elements
used in
different versions: 2.4.50, 2.4.55, 2.4.57.
All of slaves can breake. We use next configuration:
syncrepl rid=000
provider=ldaps://ldap-master.domain.com
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=staff,dc=com"
attrs="*,+"
bindmethod=si
:
67c22522-0749-1039-933a-fdc6b5a9b3b7
syncrepl_entry: rid=000 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) csn=(none)
tid 4
"error code 0x50" means other ldap error. How to determine, what exactly
wrong?
There is no dependence with slaves or versions:
- master has 2.4.50
- slaves have differen
Hi,
I have configured LDAP successfully on Centos 7. I have integrated it with
my Axigen email server. I can authenticate successfully with LDAP.
I can search all the records using ldapsearch command.
ldapsearch -H ldaps://cyberldap.cyber.net.pk:636 -b
"o=intranet,dc=cyber,dc=net,dc=pk&qu
On 10/7/21 13:51, Dario García Díaz-Miguel wrote:
We have a LDAP group that should be able to vi, tail and less all the
files contained inside /var/log/
Bad idea because less and vi let the user escape to shell.
We are thinking about using wildcards but it seems that the wildcards
that works
: sudoedit /etc/postgresql/*/main/*
sudoCommand: sudoedit /etc/postgresql/*/main/conf.d/*
This solves/avoids the root escalation issues with editors.
On 10/7/21 12:54 PM, Michael Ströder wrote:
> On 10/7/21 13:51, Dario García Díaz-Miguel wrote:
>> We have a LDAP group that should be able t
Hello Everyone,
We are facing an issue related with the Sudoers LDAP Backend.
We have a LDAP group that should be able to vi, tail and less all the files
contained inside /var/log/
We are thinking about using wildcards but it seems that the wildcards that
works for suders file does not works
Hi all,
Can someone explain me why there is a difference in behavior (especially
response time for the last one) between these 4 LDAP queries ?
OpenLDAP 2.4.47 Debian 10 (~300K users)
The first three are quick ! :
1) Search with base dn corresponding to an user dn and scope base without
1 - 100 of 2374 matches
Mail list logo