looked in the right spot. I'm currently trying to make my way
through the configure script... Blech.
Thanks for any pointers,
configure --help
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
, or there is something wrong going on but you didn't noticed the
problem...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
an glibc error.
#index objectclass,uid,maileq
#index sn,cn,givenName sub,eq
#index dhcpHWAddress,dhcpClassData,dhcpOption eq
#index entryCSN,entryUUID,zoneName eq
Hm? :(
Marc
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
for x500UniqueIdentifier but would like to
double check.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Howard Chu wrote:
Juan Gonzalez wrote:
Hi, I’m trying to insert userCertificate values containing
x500UniqueIdentifiers. When the value appears at the SubjectNames, it inserts
correctly.
By this I assume there is a validation for the field formatting.
When I have a x500UniqueIdentifier
the smbk5pwd README.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Thierry Lacoste wrote:
On 9 déc. 10, at 22:03, Howard Chu wrote:
Thierry Lacoste wrote:
Hello,
I'm experimenting with integrating Kerberos and OpenLDAP
following roughly http://wiki.mandriva.com/en/Projects/OpenLDAP_DIT
I'm using CentOS and Buchan Milne's repository
(http
Thierry Lacoste wrote:
On 10 déc. 10, at 20:57, Howard Chu wrote:
Thierry Lacoste wrote:
BTW I'd appreciate any recommandations about providing kerberos
and
LDAP authentication (with the same password) in a production
setting.
Should I use Heimdal or MIT kerberos ?
If Heimdal, is it better
Hugo Monteiro wrote:
On 12/15/2010 07:19 PM, Howard Chu wrote:
Thierry Lacoste wrote:
I noticed some differences. In particular ldappasswd updates
sambaLMPassword while kpasswd does not.
I suppose we can delete sambaLMPassword support by now, certainly no
one should be using it any more
is not an issue as it's
very low traffic. Integritiy is everything.
It's target storage is a USB flash device. Are there any special
considerations WRT flash storage and ldap?
Thanks in advance.
-Bruce
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
a
specific value in a multivalued attribute. Even then, they're just a
convenience, not absolutely essential.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
without specifying -Y GSSAPI
explicitly. However if I omit it, the client picks DIGEST-MD5 instead
(which isn't much use, since I have no passwords in the database)
Configure a sasl/slapd.conf with the options you want.
Read the Cyrus SASL documentation.
--
-- Howard Chu
CTO, Symas Corp
hardcoded into the
SASL gssapi plugin. Generally Kerberos is using triple-DES today, or AES.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
it:
Not yet. Wait for the release engineer to announce a call for testing. The
tree is still in flux.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
guess after seeing these mails I should have been using something like -Y
EXTERNAL?
Yes, from your description, you should have used ldapmodify -Y EXTERNAL -H
ldapi:/// while running as root.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
Andreas Ntaflos wrote:
So what do I need to do so users can specify dc=example,dc=com as
search base and traverse the directory tree down to their own DN entry?
Read the Operation Requirements section of slapd.access(5).
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
class are loaded in contiguous order.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
, these discussions have only
ever been of interest or relevance to other OpenLDAP developers.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
of a directory, you create the possibility of having
duplicate names in separate branches, and the base OS will not be able to
handle that.
This question has nothing to do with LDAP and has no place on this forum.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
=-DLDAP_PVT_THREAD_STACK_SIZE=16777216
to your make invocation and recompiling libldap_r with this new value.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
what it does for the authz regexp. Then you'll clearly see how to
handle what you did in slapd.conf in the new format.
Or just read the slapd-config(5) manpage and the Admin Guide...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
and remove it from your system.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
pam_ldap authentication, it is still allowed to login.
How pam_ldap should be instructed to take the expiration attributes ito
account?
Ask on a pam_ldap mailing list. pam_ldap is not a piece of OpenLDAP software,
your question is off topic here.
--
-- Howard Chu
CTO, Symas Corp. http
ldapadd and examine the error message from there.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
not belong on this list.
There is no evidence that the original poster is having any trouble using
OpenLDAP. His question is entirely about making 3rd party software work, and
those questions belong on the support forums for those 3rd party software
packages.
--
-- Howard Chu
CTO, Symas Corp
reader would have known all of this. If you're not reading carefully, you
should not be responding to the posts.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org
Konstantin Boyandin wrote:
13.01.2011 13:39, Howard Chu writes:
Konstantin Boyandin wrote:
Hello,
OpenLDAP version: 2.3.43-12 (CentOS 5.5), 64-bit.
In order to enable ppolicy overlay, I am trying to create the relevant
entries, as specified in
http://www.openldap.org/doc/admin24
, the pwdAttribute could only contain OIDs.
That issue was fixed long before 2.3.43, which he says he is running.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
. In fact Dieter's answer was already 3 years out of date when he posted
it. The issue in question is ITS#4025 which was fixed in September 2005 and
released in OpenLDAP 2.3.8.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com
.
Loading on the new server, read the new slapadd(8) manpage, look at using the
-q option.
Do yourself a favor and use OpenLDAP 2.4. Questions about 2.3 or older will be
ignored by the Project.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
out of commission? I've thought about
getent passwd /etc/passwd cron job, etc.
Setup OpenLDAP nssov on all clients, use proxycache overlay and/or syncrepl to
continue operating when servers and/or networks fail.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
flexibility, specially when combined with pam_env
and such.
You're on the wrong list. There is no piece of OpenLDAP software that uses
nss_override_attribute_value so discussing enhancements to it is pretty far
off base.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
to stay up to date.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
server simply
didn't do schema validation and allowed you to store whatever garbage you gave
it without checking.
Have a look at nis.schema (or nis.ldif) to see what attributes are required
or permitted for posixGroup.
I corrected all posixGroups to posixGroup and import worked!
--
-- Howard
inside the msys
DLL. That's not a good idea, you should be configuring gcc to build a pure
Win32 binary instead.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
cn=config to show the contents of the
config database. As with other slapd databases, its structure and format are
subject to change without notice at any time. The only thing guaranteed to
remain compatible is the LDAP interfaces to the database.
--
-- Howard Chu
CTO, Symas Corp
function gets the sockbuf as one of the parameters.
- if not would this new option LDAP_OPT_REF_SOCKBUFS be a useful addition? If
so I could submit it via the bug reporting.
No, I don't think it's needed.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland
to leave
the cn=config rootdn at its default and separate the role of slapd
administrator from regular database admin.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org
! :-)
Thanks
Marco Pizzoli
--
_
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
If, on the other hand, userQuota=200 is set on the user then that would
override the current value.
I don't think there's anything in the current code that does this, but you
could modify the collect (collective attributes) overlay to do it.
--
-- Howard Chu
CTO, Symas Corp
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
, it is dsaOperation.) Such attributes are, by design, not
replicated, since their content is only meant for and valid on the particular DSA.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95N
10°08'02,42E
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
...@ed.ac.uk
*/
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
=config
changetype: modify
delete: olcAccess
olcAccess: {2}
olcAccess: {1}
olcAccess: {0}
-
Similarly in 7.1.2.x you don't need to specify the prefixes when you're adding
rules in order.
Cheers,
Jaap
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland
a security
perspective first. Otherwise this is just creating back doors to do end-runs
around your sysadmins and company policies.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
specifier but you have it after the access
specifier.
We don't just write things randomly. Read and follow what's actually written
in front of you.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
RAT wrote:
The ongoing saga...
While trying to add the ACL for to hide userPassword, we get the following
error:
ldap_modify: Insufficient access (50)
I'm beginning to think Apple has this locked down...
You should ask Apple.
--
-- Howard Chu
CTO, Symas Corp. http
function there is only one place to fix.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Ian Puleston wrote:
Hi Howard,
-Original Message-
From: Howard Chu [mailto:h...@symas.com]
Ian Puleston wrote:
I'm working on a fix now, and I think what is needed is:
1. A call to ldap_int_poll in ldap_int_tls_start if async. Then it
should abort without calling
to be cracked?
Read the slapo-ppolicy manpage again. This is explicitly documented.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
if you really
want to.
slapd's security mechanisms will support just about any conceivable security
policy.
If some of the data is very sensitive you may prefer to set up an
'outside' server and replicate just a subset of the data to it.
--
-- Howard Chu
CTO, Symas Corp. http
authz-regexp already configured.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Andrew Findlay wrote:
On Wed, Feb 16, 2011 at 02:51:19AM -0800, Howard Chu wrote:
I also suspect that there may not be a valid password set on the
cn=config suffix, so you will not be able to manage the server through
LDAP either.
Since it's starting on ldapi:/// he should just do a SASL
Leonardo Carneiro wrote:
On Wed, Feb 16, 2011 at 8:51 AM, Howard Chu h...@symas.com
mailto:h...@symas.com wrote:
Andrew Findlay wrote:
On Tue, Feb 15, 2011 at 05:08:43PM -0200, Leonardo Carneiro wrote:
fileserver:/etc/ldap# /usr/sbin/slapd -h ldapi:/// ldap:/// -g
to that document several
times. Beyond that it's no different from any other LDAP URL.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
config
We have one provider and 160 consumers - and this is IMHO called a lot
here, if I'm right ...
Marc
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
to produce
the same entryCSN (regardless of timestamp issues) since they each have unique
serverIDs. Conflict resolution will always resolve consistently and
deterministically in syncrepl.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
Howard Chu wrote:
Jérémy Wagner wrote:
Hello,
I'm facing some issues with syncrepl...
The simplest situation in which I was able to reproduce the problem
consists of 1 provider and 1 consumer.
I have configured syncrepl to do a partial replication :
olcSyncrepl:
{0}rid=105
for your explanation! So, should one assume that the
server with the highest serverID will have priority when it comes to
conflict resolution?
Yes.
Also, when and how is the serverID determined? Is
this manually configurable?
Yes. Read the slapd config manpage.
--
-- Howard Chu
CTO, Symas Corp
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
for...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
, by entries in the local database before being
presented to the client.
This overlay does not merge attributes, it replaces them.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
-x86 on identical
hardware, and it still was noticeably slower, although not as bad as when
using the sparc architecture.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
Brett @Google wrote:
On Fri, Feb 25, 2011 at 10:25 AM, Howard Chu h...@symas.com
mailto:h...@symas.com wrote:
I will note that if you are going to use slowaris, I highly advise you
set
a memory key rather than using on disk cache for BDB if your DB is any
size
:
handle all nostop
run
quit
This way I can modify the start-stop script. With a restart there is no
need for user intervention.
Now it runs and functions. I assume this is the way Howard Chu
suggests. Let's wait and see what happens.
No. I did not say to start slapd using gdb. I
0xb28ffb70 (LWP 1464) exited]
[Thread 0xaecf1b70 (LWP 1970) exited]
Program exited normally.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
. Any
changes which possibly affect writing to accesslog DB? (I'm not sure whether
we had problems like this with 2.4.23 or not though.)
Doesn't sound like it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
?
Sounds to me like you haven't read the slapd.access(5) manpage.
The answer is yes. Read the section on THE ACCESS FIELD in the manpage.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
Gervase Markham wrote:
On 03/03/11 15:33, Howard Chu wrote:
Note that a Guide is not a reference manual; it is not intended to be
complete or exhaustive.
I'm not sure this use of terminology is universal; here is a
counter-example:
http://www.bugzilla.org/docs/tip/en/html/
It's certainly
visible all of a sudden.
But I guess this is not how to do it as there may be many other backend
types.
You probably should be searching for olcDatabaseConfig instead, which is the
common superclass of all DB types.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
james_whitea...@mcafee.com wrote:
So does OpenLDAP have another mechanism to do this? Combine two ldap providers
into a single consumer that is?
I've already answered that. You need to read more carefully.
Jim
On Mar 4, 2011, at 4:31 PM, Howard Chu wrote:
james_whitea...@mcafee.com
juergen.spren...@swisscom.com wrote:
Hi,
first I wish to thank all those who supplied helpful hints to solve the
problem, especially Quanah Gibson-Mount and Howard Chu.
My performance issue was solved by switching from memory mapped keys to shared
memory keys for hdb as suggested by Quanah
browsers don't support ldapi:/// that's their deficiency...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
that feature, it was quite handy,
and getting the results pretty-printed in HTML was really nice.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
setup,
the network will be the performance limiter, not slapd.
Juergen Sprenger
-Original Message-
From: Howard Chu [mailto:h...@symas.com]
Sent: Monday, March 07, 2011 10:25 PM
To: Sprenger Jürgen, ITS-SDL-SO-WXS-USO-BE1
Cc: openldap-technical@openldap.org
Subject: Re: [Solved] Poor
syncprov-reloadhint on anything except for the actual
cn=log database.
the consumer slapd.conf can be found here
http://pastebin.de/15922
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
organisational policy to point out exposures there.
When the tool doesn't even call the object by its proper name (Root DSE)
it's a sure sign the tool authors have no idea what they're talking about.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
something new!
Is there a way of utilizing these sorts of controls via ldeapsearch?
Yes. Use -e 1.2.840.113556.1.4.417
Thanks for any advice you may have...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
It's too unclear to make such an assumption.
Best bet still is to switch to 2.4.24 and see if the problem remains.
And yes, it's most likely related to the memberOf overlay.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com
making unfounded assumptions
that there is any relevance between your situation and his.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
general interest? Anyone?
Are you saying there's a low level Postgres-specific API that can be
leveraged? If you're just going to use SQL or something euqivalent, I don't
see any advantage to that.
Regards,
Richard
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
for a reason - it is work in progress and not suitable for use.
Since you are asking this question, you are apparently not a qualified
developer, therefore you should not touch it. It won't work.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
* functions when liblutil is build.
Did I miss a change in the way to build OpenLDAP 2.4.24?
Seems to be a bug in the Makefile introduced with the new libldif. Please file
an ITS for this.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
, how to turn on
LDAP_DEVEL directly in a proper way?
When compiling openldap use CFLAGS=-DLDAP_DEVEL -DLDAP_COMP_MATCH
No. This code is guaranteed to crash. It is irresponsible of you to give this
advice.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
need to update to 2.4.24.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
Of course, that only gets you the data. I would bet that the real issue
will be getting the access controls correct.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org
the results manually.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
consumer or provider in such
situation. I'll simplify to test in a single provider setup, to see if it works.
All servers are 2.4.23
Please try your test with 2.4.24 instead.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
(ITS#6707)
Fixed slapd syncrepl uninitialized return code (ITS#6719)
Fixed slapd syncrepl variable initialization (ITS#6739)
Fixed slapd syncrepl refresh to use complete cookie (ITS#6807)
Thanks
Dom
2011/3/23 Howard Chu h...@symas.com mailto:h...@symas.com
should ask your question on
their mailing list.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
(and thus will always
be slow) you can still improve things a little using the sortvals config option.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
of decent performance.
Apparently it's become more important on recent Linux kernels too.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
Is there an approved practice to achieve this, or some other pointers on
avenues to explore?
Use slapo-rwm to rewrite the cn=config_slave database to be cn=config on
the replicas.
No, that never worked well. Use suffixmassage in the syncrepl config
statement. (Added in 2.4.24)
--
-- Howard Chu
CTO
Christopher Strider Cook wrote:
On 4/15/11 11:46 AM, Howard Chu wrote:
Quanah Gibson-Mount wrote:
--On Thursday, April 14, 2011 5:28 PM -0700 Christopher Strider Cook
cc...@pandora.com wrote:
Alternately, I tried to setup a separate database cn=config_slave and
have that snycrepl
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
101 - 200 of 1889 matches
Mail list logo