be correct to deploy
this way.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
one could also use:
http://www.unboundid.com/products/ldapsdk/ for Java or (now Oracle's) JNDI.
Nick
On 19/10/2011 2:28 πμ, daisy...@emc.com wrote:
I am trying to write a Java LDAP client program using Novell’s JLDAP
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Ondrej Kuznik wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/19/2011 12:50 PM, Howard Chu wrote:
Read http://highlandsun.com/hyc/drafts/draft-chu-ldap-xordered-xx.html
I would like to point out that while back-ldif handles the ordering
prefix fine, bconfig's (bconfig.c:4726
in the database.
ldapsearch -x -LLL -D uid=admin,cn=config -W -s sub -b cn=config
(olcDatabase=*) '*' '+'
The '+' adds the operational attributes.
S. Bernard
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
correctly (so the symbol didn't get
exported from the binary) or the libslapi binary was not built correctly (and
doesn't have a runtime link dependency on the slapd binary).
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com
. The original poster is probably on a
Debian-derived distro with a broken libltdl, and that's their problem, not an
OpenLDAP Project issue.
ltdl version: libltdl.so.3.1.4.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
from cn=mapped using RefreshOnly (Desired)
dn: cn=record,dc=suffix,dc=org,cn=mapped
cn: record
attr1: value1
attr2: value3 | |
attr3: value2 | Values switched |
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
wrote:
Don't ask questions that are already answered in the manpages. RTFM.
See slapcat(8) option -a.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
a slapd.d
configuration?
Ask your buddies at Zytrax, they seem to think so.
As far as the OpenLDAP Project is concerned, conversion from slapd.conf to
slapd.d is a one-way trip. Migrate everything else forward.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
:
-H URI
use dn, scope and filter from URI to only handle matching
entries.
It says nothing about using an attribute list in the URI.
Did you think we were just joking? That what the docs say is not what is
actually meant?
--
-- Howard Chu
CTO, Symas
Brett @Google wrote:
On Thu, Oct 20, 2011 at 10:00 PM, Hallvard B Furuseth
h.b.furus...@usit.uio.no mailto:h.b.furus...@usit.uio.no wrote:
Howard Chu writes:
Zytrax.com is not a reliable source of OpenLDAP documentation. Most of
what
they advise is misguided or flat wrong
such that slapd knows about everything else occurring on the
machine or filesystem. Use some common sense.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Craig White wrote:
On Oct 26, 2011, at 12:00 PM, Howard Chu wrote:
Craig White wrote:
Having migrated to dynamic config, I'm looking for a reasonable way to
restore in the event of a disaster.
The discussion last week got me curious and though I can slapcat -n 0 -l
$SOME_FILE I can't
Craig White wrote:
On Oct 26, 2011, at 1:13 PM, Howard Chu wrote:
Pay attention. Even a monkey can copy text without omitting parts.
slapadd -F /etc/ldap/slapd.d -n 0 -l slapcat_config.ldif
sorry - I'm stupid but and am not a monkey.
It seems to me the reason that something like Zytrax
an
additional module to enable it to use PEM files.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
(in the
future) to reference settings directly from an MDB entry record, instead of
copying back and forth between slapd global variables and Entry structures.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
setting is to mount with noatime or relatime.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
in all environments.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
other programs (e.g. mail, backup,..) may rely on
atime, it depends what programs using this partition.
Use relatime, that will take care of any other dependencies.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
?
The pbind (ProxyBind) overlay will proxy Simple Binds to another LDAP server.
See slapo-pbind(5).
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
just be implemented there (which thus allows them
to be used by any other applications that are also SASL-enabled, such as IMAP
servers or whatever...)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
Brett @Google wrote:
On Mon, Nov 14, 2011 at 3:20 PM, Howard Chu h...@symas.com
mailto:h...@symas.com wrote:
Brett @Google wrote:
Sorry for the fuzzy logic :P, but :
My thoughts for no:
1. The name will affect only the name of the backend module, which
are still
a better option (and there are many management packages you can use).
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
getting this right is almost as much work as implementing your own
syncrepl client.
That's almost on the right track. Use back-sock as an overlay.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
sim123 wrote:
On Mon, Nov 14, 2011 at 4:45 PM, Howard Chu h...@symas.com
mailto:h...@symas.com wrote:
sim123 wrote:
On Mon, Nov 14, 2011 at 1:37 PM, sim123 sim3...@gmail.com
mailto:sim3...@gmail.com
mailto:sim3...@gmail.com mailto:sim3...@gmail.com wrote
accounts left over but they
wouldn't match each other.
There are known bugs in syncrepl delete handling. ITS#7052 is probably
relevant here. The fix will be in 2.4.27.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
days. Probably sometime next
week.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Jeffrey Crawford wrote:
On Wed, Nov 16, 2011 at 1:27 PM, Howard Chu h...@symas.com
mailto:h...@symas.com wrote:
Jeffrey Crawford wrote:
On Wed, Nov 16, 2011 at 7:40 AM, Jeffrey Crawfordjeffr...@ucsc.edu
mailto:jeffr...@ucsc.edu wrote:
On Wed, Nov 16, 2011 at 12
like it completely ignored the failure
result from the ldapdelete operation, it just went right on to issue another
request.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
.
http://www.openldap.org/doc/admin24/slapdconf2.html
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
to another server.
Use the proxybind overlay (built into back-ldap).
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
26dc16e9f634ed5dc061088ff3bd156dec5170c0
2c4d548206916676026a5b57298ae3086500eb66
2a8b55b1c55cb99c09543f1b5648da98f5d28a8d
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
:43c54530 error:0
is practically useless?
It shows that something crashed. It doesn't tell what or why. Without a
backtrace there's nothing we can determine.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
=74bfdc7c268053c8375e5fe9de68f60b10e91084;hb=HEAD
Section 2.2.2
AFAIK nobody has implemented this feature yet, but it is the right solution.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
entries, remove them, and re-add
them via ldapadd(1).
Thanks for clearing that out.
Could this be mentioned in the documentation somewhere (e.g.
slapo-memberof(5))?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
in a struct sockaddr. As far as I know there is no field
of these structs reserved for an interface name, so the %eth0 part would not
be valid.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
automatically. In most cases there is no need to run
db_recover manually.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: tony
cn: Tony Doe
uidNumber: 11000
gidNumber: 6000
userPassword: tonyldap
loginShell: /bin/bash
homeDirectory: /home/tony
===
Anyone?
Thanks in advance,
Peter
--
-- Howard Chu
CTO, Symas Corp
Research Laboratories Ltd.
Pune-411 004.
Maharashtra, India.
+91 9923536030 tel:%2B91%209923536030.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
Nov 30 14:41:22 kil-ds-4 slapd[8178]: do_syncrep2: rid=001 (2) Protocol error
Nov 30 14:41:22 kil-ds-4 slapd[8178]: do_syncrepl: rid=001 rc -2 retrying (3
retries left)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
rey sebastien wrote:
Le 12/12/2011 19:24, Howard Chu a écrit :
reyman wrote:
You have a self signed certificate,
Correct.
so you don't need to verify your certificate.
When you activate the tls on ldap, you only need this two lines, and you don't
need the line with certificate verification
a fresh install of openldap in this case? there is an
option to run slapd without zero configuration?
Thanks a lot,
Use slapadd. Again, RTFM. Everything you've asked in the past week or so has
been documented in the manpages and the Admin Guide. Read and learn.
--
-- Howard Chu
CTO, Symas Corp
with actual
schema defined.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
straight forward in the OpenLDAP 2.4 doco)
Client OS's involved;
- Solaris 9/10
- Fedora 15/16
- Centos 5/6
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
is nobody's friend. It's a poor design and even more poorly implemented.
slapo-pcache has full support for laptops/disconnected operation, and actually
works. Unlike those others.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
the same.
cya
Craig
--
Raffael Sahli
pub...@raffaelsahli.com
Switzerland
This message is private and confidential. If you have received it in error,
please notify the sender and remove it from your system.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
startup.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
membership to a group. I
have pasted below my code where I add a user to a group incase that is the
source of my error
That's the wrong approach. Use an LDAP Compare operation on the group,
checking for uniquemember matching the user's DN.
--
-- Howard Chu
CTO, Symas Corp. http
. Is anybody interested in this?
Maybe I'll do it (or have a student do it) if a few people think it'd
help...
Already done, see the keepalive= keyword in syncrepl config.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
is in the latest Draft specification, but not implemented by
anyone (as far as I know). Yes, it seems we should be using finer than
1-second resolution for the failure timestamps. Might be worth filing an
enhancement request for this in the ITS.
--
-- Howard Chu
CTO, Symas Corp
?
Not possible. slapd only sees the IP address of the incoming connection, it
has no way to know what DNS name was used to resolve to that address.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
Erwann Abalea wrote:
Can't SNI support be added?
Perhaps. It depends on which version of TLS library is being used.
--
Erwann.
Le 14 janv. 2012 13:08, Howard Chu h...@symas.com mailto:h...@symas.com a
écrit :
Ronie Gilberto Henrich wrote:
Hello,
I need to be able to restrict
there is no need for it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
?
Dunno. IMO most people using memberOf are misusing the data model anyway, so
it's of little interest.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Felipe Augusto van de Wiel wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello,
On 19-01-2012 15:14, Howard Chu wrote:
Dunno. IMO most people using memberOf are misusing the data model
anyway, so it's of little interest.
Out of curiosity (and because I do try to avoid misusing
exists as a principal on your kerberos db ;)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Chastity Blackwell wrote:
On Thu, 2012-01-26 at 17:38 -0500, Howard Chu wrote:
Raffael Sahli wrote:
No, authz-regexp is to map a sasl dn to a real user account in your ldap
directory.
But your user is c...@test.com with a realm named test.com, your
userPassword should be {SASL}chas@KRBTEST
Chastity Blackwell wrote:
On Thu, 2012-01-26 at 18:40 -0500, Howard Chu wrote:
Does kinit work for your chas@KRBTEST user? Judging from what you've pasted
here, I don't think it should. Get your basic Kerberos installation working
first. Take things one step at a time.
It does:
[chas
Marc Patermann wrote:
Hi,
under some circumstances DEL don't get replicated to the consumers
(SyncRepl). I think this has to do with other changes at the some moment.
Already known, ITS#7052.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
Marc Patermann wrote:
Hi,
Howard Chu schrieb (31.01.2012 12:08 Uhr):
Marc Patermann wrote:
under some circumstances DEL don't get replicated to the consumers
(SyncRepl). I think this has to do with other changes at the some moment.
Already known, ITS#7052.
Thanks.
So this is fixed
For any folks in the San Francisco area who haven't already heard, I'll be
giving a talk on OpenLDAP's new memory-mapped database and backend (back-mdb)
there on February 16.
http://www.baylisa.org/
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
, then the problem is already solved - you
have the password.
Also, I believe there are olcRootPW per-database (I don't remember
seeing that on slapd.conf kind of configs, but I just saw it on the
slapd.d right now):
Don't guess. RTFM. It's all stated there clearly.
--
-- Howard Chu
CTO, Symas
.
Thanks for that. It makes sense and it was enough to convince me to submit a
bug.
None of this has any significance until someone writes a new spec and submits
it to the IETF for approval.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
to OpenLDAP. (And
most likely, in future releases, BerkeleyDB will disappear anyway.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
1990s, yes, it's generally a safe bet to just
stick with it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
installed OpenLDAP. Obviously you can't compile with SASL support if the SASL
devel packages weren't already present at compile time.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
computation.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Nick Milas wrote:
On 17/2/2012 10:07 πμ, Howard Chu wrote:
Yes, the OID is included in the index computation.
Thank you.
Could/Should the software automatically reindex the directory after OID
change or - if not possible - inform the administrator with a message
that such reindexing should
if this was intended.
This is just an artifact of slapd.conf support. Since slapd.conf files aren't
affected by the olc objectclass definitions, we need to put the enforcement in
the common code instead of in the schema.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Michael Ströder wrote:
Howard Chu wrote:
Marc Patermann wrote:
There are reverted commits in git (ITS#7162). Should a build again with
current git status?
Yes, build with current git.
Should we take this as a call to have a test round?
Eh. I would look at the RE24 CHANGES file and see
posixGroup and groupOfMembers objecttypes are no longer allowed together
because the are both STRUCTURAL.
In AD this is possible.
Greetz,
Fred http://epsilon.eridani.nl
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
FQDNhostname:4433 -CAfile
/etc/openldap/cacerts/FQDNhostname.cacert.pem
*Bryce Powell*
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Obviously there is a standard for it and we implement that spec.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
client configurations apply
according to man ldap.conf(5).
Dieter, no.
Josh Miller's post was correct.
http://www.openldap.org/lists/openldap-technical/201202/msg00414.html
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
.
Cheers
Brett
--
*The only thing that interferes with my learning is my education.*
*
Albert Einstein*
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
did my test on 2 Windows PCs and OpenLDAP 2.4.29 with Berkeley 5.1
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
mycompany.com in the cert too, it
should trust the connection
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
I have a default (centos6) DB_CONFIG setup.
==
set_cachesize 0 268435456 1
set_lg_regionmax 262144
set_lg_bsize 2097152
I think if you had mounted the DB's filesystem with noatime or relatime that
would also have removed the problem.
--
-- Howard Chu
segmentation faults are never expected. You should file an ITS with the
backtrace on the core file.
And the last few lines of slapd.1.log.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
to a stable release. Use delta-syncrepl, which uses significantly
less bandwidth than syncrepl.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--
-- Howard Chu
of the reasons as to why this is a bad idea.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--
-- Howard Chu
CTO, Symas Corp. http
, it is OPIE
(or S/Key) RFC 2289:
http://tools.ietf.org/html/rfc2289
whereas HOTP is RFC 4226:
http://www.ietf.org/rfc/rfc4226.txt
HOTP is considered more secure and more widely implemented.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
Make sure the consumer is talking to the server you think it is. Show slapd
-d7 output from the provider while the consumer is trying to connect.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
affects sessions where the client has already
initiated TLS. To force connections to require TLS, look at the olcRequires
and olcSecurity settings in slapd-config(5).
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
.
Regards,
Swapnesh
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
in the NDB OpenLDAP code have walked
away from it. If you know of any developers who'd like to pick up back-ndb and
push it further, send them over...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
restart the
server anyway.
Lastly, I thank everyone who contributes to OpenLDAP.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
and the ldif I have
been trying to add for the proxy is-
olcDatabase: ldap
olcSuffix: dc=companyname,dc=local
olcSubordinate: yes
olcRebind-as-user: yes
olcUri: ldap://companyname.local/;
olcChase-referrals: yes
Thanks in advance to anyone who can help!
--
-- Howard Chu
CTO, Symas Corp
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Michael Ströder wrote:
Howard Chu wrote:
Michael Ströder wrote:
So I'd be interested in hearing one of the core developers confirm that line
breaks in those attribute values will always be preserved when added via LDAP.
The attribute types in question all have Directory String syntax
Buchan Milne wrote:
On Tuesday, 20 March 2012 12:53:08 Howard Chu wrote:
The purpose of cn=config is to support configuration changes on a server
without causing any service outage. Supporting Deletes in cn=config is
fundamentally opposed to this goal. E.g., deleting an olcDatabase entry
Michael Ströder wrote:
Howard Chu wrote:
The OpenLDAP Project is only concerned with implementing the low level
functionality. If you want a GUI, ask the Apache Directory Studio folks.
But back-config's schema has a very high influence.
The question is why it's so much easier for GUI clients
cannot make any predictions about the future, the smart
thing to do is to make no assumptions whatsoever about what the server will
preserve or strip. Treat all values as unformatted data and reformat it in
your client whenever presenting to a user.
--
-- Howard Chu
CTO, Symas Corp
configured?
Irrelevant.
Regards,
Frank
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
it on
another server, you should not use -w.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
libnss-ldapd on one set
of machines, why even consider using something different, given the choice?
libnss-ldapd is superior, libnss-ldap causes too many problems.
Neither of these packages are part of OpenLDAP; none of this discussion
belongs on this mailing list.
--
-- Howard Chu
CTO
301 - 400 of 1889 matches
Mail list logo