indices as well. Also, it's always
possible that some slots in your index are still too big, even for this
increased size.
You should also test this query with your data loaded into back-mdb.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
index design, but it is still inherently faster
than BDB backends.
Thanks Meike
2013/5/24 Howard Chu h...@symas.com:
Chris Card wrote:
Any ideas?
Increase the IDL range. This is how I do it:
--- openldap-2.4.35/servers/slapd/back-bdb/idl.h.orig 2011-02-17
16:32:02.598593211 -0800
))
#define BDB_IDL_UM_SIZEOF (BDB_IDL_UM_SIZE * sizeof(ID))
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
--
-- Howard Chu
CTO, Symas Corp
with the filter index. Please submit an ITS for this.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
one LDAP TO openldap on Linux
I haven't seen any such list.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
. The
OpenLDAP Project distributes source code, not binary packages. What you can or
can't do with a particular distro's binary package is a question you should
ask of your distro/package provider.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
Probably worth pointing out - Solaris 11 now bundles OpenLDAP by default. If
there were any issues in migrating, the OpenSolaris guys must have already
encountered them and they can surely provide you answers.
Howard Chu wrote:
Far a wrote:
As part of Solaris to Linux migration, I am
Clément OUDOT wrote:
2013/6/6 Howard Chu h...@symas.com:
Far a wrote:
* Is there a list of dos and don'ts and list of possible issues for
migrating from SUN
one LDAP TO openldap on Linux
I haven't seen any such list.
Hi,
you can find some notes here:
http://www.linid.org
to the corresponding binaries.
It could all be done, certainly, if you have the patience.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
to test against.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Doug Leavitt wrote:
On 06/06/13 09:51, Howard Chu wrote:
Clément OUDOT wrote:
2013/6/6 Howard Chu h...@symas.com:
Far a wrote:
* Is there a list of dos and don'ts and list of possible issues for
migrating from SUN
one LDAP TO openldap on Linux
I haven't seen any
=7599
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Aaron Richton wrote:
On Thu, 6 Jun 2013, Howard Chu wrote:
Doug Leavitt wrote:
Finally, Solaris direct linking should protect the third party
application in the event that dynamically loaded Solaris library
dynamically loads one of the two libldaps for it's needs. In this
event even if both
about that. You could just try to run
make CFLAGS=-m64
but that'd override whatever else configure put in there in the Makefiles.
Safer to use
make CC=gcc -m32
for that reason
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
#---
slapd.conf end
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
have no idea how out-of-date the info is relative to the version of z/OS
you're using. Good luck.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Far a wrote:
I am new with LDAP.I am not sure if this is proper place to post this. I could
use all the help I can get.
I'm sure you could but this is not the Sun Directory support channel. Contact
your Oracle support rep.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
pruning.
Look at the mdb_stat command's output to get an idea of what you're looking for.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
reasonable to you, or do I need to be working on a different
scale entirely?
I doubt that the cutover point will scale as linearly as that, you should just
experiment further with your real data.
Jeremy
Am 11.06.2013 um 20:11 schrieb Howard Chu h...@symas.com:
Your entire mapsize was only 64K
. A freelist
entry is created by a single commit, and you want to always have at least 3 of
them (because the 2 most recent ones are not allowed to be used). If you do
all of your deletes in a single commit you will not free up usable space as
quickly as doing them in several commits.
--
-- Howard
page warning about stopping slapd
before running slapcat makes that seem like an impractical way to find and
recover the orphans.
None of the current backends require slapd to be stopped before running slapcat.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
a client authenticated TLS connection.
If PKCS#11 support for smartcard/HSM is needed I'd try to use libnss
(--with-tls=moznss). Never tried that myself though.
Or submit appropriate GnuTLS or OpenSSL patches to add the feature.
--
-- Howard Chu
CTO, Symas Corp. http
/ Linux
distributor built the client software.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
3
ldap_free_connection: actually freed
Does anybody have a clue?
You haven't configured any of the TLS settings in the server yet.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
Bill MacAllister wrote:
--On Tuesday, June 25, 2013 03:10:17 PM -0700 Howard Chu h...@symas.com wrote:
Probably bad default FS settings, and changed from your previous OS revision.
Also, you should watch vmstat while it runs to get a better idea of
how much time the system is spending in I/O
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
translucent_local attributes.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
I expect modern Linux
tools to be able to operate with actual 4096 byte sectors and make the issue
more obvious. There should be a drive option that reports its true sector
size, I just don't remember the details at the moment.
--
-- Howard Chu
CTO, Symas Corp. http
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
]: = mdb_equality_candidates:
(sAMAccountName) not indexed
Jul 15 09:46:09 eck1 slapd[9198]: conn=1001 op=1 SEARCH RESULT tag=101 err=0
nentries=0 text=
Jul 15 09:46:09 eck1 slapd[9198]: conn=1001 op=2 UNBIND
Jul 15 09:46:09 eck1 slapd[9198]: conn=1001 fd=10 closed
Thanks.
Steve
--
-- Howard
of members in big groups is
fast.
System details are
CentOS 6 64bit
OpenLDAP 2.4.35
slapd.conf below
Is this something normal/exptected or is it maybe a bug?
Read slapd.conf(5) manpage, sortvals keyword.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland
specifically about GnuTLS does not
apply to you.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
requirement is that a URL in
the list of serverIDs must match one of the URLs in slapd's -h option. If
you put trailing slashes or not that's your choice, just be consistent and use
the exact same format in both places.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
operations you perform in a single
transaction will occur atomically. BDB-style locking is unnecessary.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
keys? or is the basic
assumption such is unnecessary?
That is answered in the presentations.
thank again!
tomer
On Jul 24, 2013, at 1:52 PM, Howard Chu h...@symas.com mailto:h...@symas.com
wrote:
Tomer Doron wrote:
wondering what the best strategy to achieve atomic updates with LMDB.
what
Ulrich Windl wrote:
I thought I read that delta sync with multi-master is not working yet... Is
ist working in the meantime?
Read the Changelog for 2.4.27.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
the bind.
Use ldap_parse_result().
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
?) is not defined.
Am I right?
It means the attribute has no equality matching rule, exactly what the error
message says.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org
as the next entry is add, even if I recycle the server, I hit the
condition. I even tried deleting 1,000 entries. I would then need to add
1,0001 to get to 65,536 entries in the database and then hit the delay.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
to replace the old ones,
not by old ones morphing into new ones.
The elements and syntax of an attribute definition are specified in X.500 and
ASN.1. We don't have the freedom to arbitrarily add extensions to these
definitions.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
to remove all entries
currently referencing the schema?
Yes, you need to remove all references.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
case, it seems that syncrepl thinks the two
entries' RDNs are not exactly the same, so it tries to modify them as well.
Your log shows that this attempt also fails (err=67). You'll have to
doublecheck that the local and remote entries have exactly identical DNs.
--
-- Howard Chu
CTO, Symas
Scott Koranda wrote:
On Sat, Aug 10, 2013 at 10:30 AM, Howard Chu h...@symas.com wrote:
Scott Koranda wrote:
Hello,
I wish to develop a user-defined loadable module that instantiates the
check_password() function as described in the slapo-ppolicy man page.
The man page specifies
went fine
Thanks!
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
an actual URL attribute syntax, is to
define attributes that inherit from the labeledURI attributetype for these
purposes.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
stupid question... But I cannot figure out how
to start a freshly built slapd using only slapd-config configuration.
please see section 5 [configuring slapd] of the administrator's guide.
also see man 5 slapd-config and man 8 slaptest
-ben
--
-- Howard Chu
CTO, Symas Corp. http
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
distro provider.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Mark Zealey wrote:
On 22/08/13 23:37, Howard Chu wrote:
1) Can you update documentation to explain what happens when I do a
mdb_cursor_del() ? I am assuming it advances the cursor to the next
record (this seems to be the behaviour). However there is some sort of
bug with this assumption
performing quite poorly here. I've tweaked my copy of the code to alleviate
that problem but your test program still fails here because the volume of data
being written also exceeds the map size. You were able to run this to completion?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Howard Chu wrote:
Mark Zealey wrote:
I'm not doing *any* commits just one big txn for all the data...
The below C works fine up until i=4m (ie 500mb of residential memory
shown in top), then has massive slowdown, shared memory (again, as seen
in top) increases, waits about 20-30 seconds
Mark Zealey wrote:
On 23/08/13 04:55, Howard Chu wrote:
Howard Chu wrote:
Yes, I see it here, and I see the problem. LMDB was not originally
designed to
handle transactions of unlimited size. It originally had a txn
sizelimit of
about 512MB. In 0.9.7 we added some code to raise this limit
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Mark Zealey wrote:
On 23/08/13 17:08, Howard Chu wrote:
Mark Zealey wrote:
I've found another weird - I have now converted the database to use
duplicates. Typically when I do mdb_cursor_get(... MDB_NEXT ) it will
set the key and value but I've found 1 place so far where I do
: Debian Wheezy
2.4.31 is relatively old, you should use the current release (2.4.36).
Cheers,
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
: %d: %.*s\n, data.mv_size,
data.mv_size, data.mv_data);
}
mdb_txn_abort(txn);
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
the product they've paid for actually is.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
://bugzilla.redhat.com/show_bug.cgi?id=599713
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
strange CPU load (~200%) with just ~15 operations per second.
SRCH is 90% of all operations. All attributed involved in search a
indexed (many single attribute indexes, ~30).
The point is to find which search operations a taking long time to
develop a solution.
--
-- Howard Chu
CTO, Symas
as designed. The config engine
requires your TLS configuration to be valid when you configure it. That means
at a minimum you must configure a server cert and key. If you only configure
the randfile and nothing else, the config is rejected.
--
-- Howard Chu
CTO, Symas Corp. http
or take
a look at about previous releases? Or are you just recruiting beta-testers for
the current release?
It is Project policy to only investigate issues in the current release. There
is no sense in tracing back thru old code whose bugs have already been fixed.
--
-- Howard Chu
CTO, Symas
Покотиленко Костик wrote:
В Птн, 06/09/2013 в 04:42 -0700, Howard Chu пишет:
Ulrich Windl wrote:
Quanah Gibson-Mount qua...@zimbra.com schrieb am 05.09.2013 um 22:58 in
Nachricht 0FCBC02976FFDC0CF5D9A489@[192.168.1.22]:
--On Thursday, September 05, 2013 10:58 PM +0300 Покотиленко
Костик cas
with debug -d 255.
--
*Frederic Poisson*
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
#7595 http://www.openldap.org/its/index.cgi/Incoming?id=7595
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Michael Ströder wrote:
http://www.openldap.org/doc/admin24/tls.html mentions directive
'TLSEphemeralDHParamFile' whereas slapd.conf(5) mentions 'TLSDHParamFile'.
This was noted in ITS#7506. Apparently no one considered it an important
enough issue to fix it in the meantime.
--
-- Howard
to this conversation, and it's
been simply side stepped again.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Michael Ströder wrote:
Howard Chu wrote:
Dieter Klünter wrote:
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki/Perfect_forward_secrecy
This issue has been discussed on several mailinglists recently.
It already does, but you have
Ulrich Windl wrote:
Michael Strödermich...@stroeder.com schrieb am 06.09.2013 um 23:33 in
Nachricht 522a4a3a.9060...@stroeder.com:
Howard Chu wrote:
Dieter Klünter wrote:
Hi,
I wonder whether openldap, if compiled with openssl-1.x, will support
PFS. http://en.wikipedia.org/wiki
(and
risking a run-in with Oracle's license compliance lawyers) at all.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
should instead have
downloaded the regular OpenLDAP source.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
over to it.
You're welcome.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
anyway. You want DHE, not DH, for PFS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
currently using is
7.1.90.20100730-cvs
http://sourceforge.net/projects/mingw-w64/files/External%20binary%20packages%20%28Win64%20hosted%29/gdb/
Has anyone successfully build LMDB for Windows and can help here.
Cheers,
Alain
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
where dirty buffers
should be swapped unless the mapping is PRIVATE.
Correct; since LMDB uses an mmap'd file it will *never* use swap space.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
, so
they are simply continuations of the preceding comment line. I.e., they never
actually got processed.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
it immediately. Thank you.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
support
it?
Thanks in advance!
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
: along with libraries from openCSW to get it all working
http://www.gurulabs.com/downloads/certutil-1.0-sol9-sun4u-local.gz
I'm pretty sure its the cert database or something to do with
certutill being painful. Any suggestions?
Thanks
Ben
--
-- Howard Chu
CTO, Symas Corp. http
/ldapdb are
supported.
See ITS#7419. We will not support it until it is properly documented. It would
be foolish to attempt otherwise.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
not really sure about that. (The data consistency issues happened without
slapo-memberof.)
Ciao, Michael.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
apps. But if
you've configured ACLs to adequately protect your data, then it doesn't matter
how sloppy your clients are.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
devzero2000 wrote:
On Fri, Oct 11, 2013 at 8:33 PM, Howard Chu h...@symas.com wrote:
A paper and presentation making the rounds, claiming to show how webapps
using LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
http://www.blackhat.com
Michael Ströder wrote:
Howard Chu wrote:
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
http://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper
Michael Ströder wrote:
Howard Chu wrote:
A paper and presentation making the rounds, claiming to show how webapps using
LDAP are vulnerable to search filter spoofing attacks.
http://www.youtube.com/watch?v=wtahzm_R8e4
http://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper
, etc.) Check the
DB_VERSION ifdefs in the code and you'll see.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
will be fixed.
Nonsense. Unnecessary.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
there is no need to explain any of this.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
of the contextCSN on the subordinate databases as well as the maximum
contextCSN on the superior database.
Use a unique ServerID per provider.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
, at the least, Sol 10 + Studio 12.1 + 64 bit may be a no-go.
Fwiw, I built with Studio 12.2 (both 32 and 64 bit SPARC) on Solaris 10 and
had no errors.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
was that slapd
logged. Most likely you've run out of BDB locks or some other BDB config needs
to be increased.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
, but it won't use the
certificate identity for anything unless you Bind with SASL/EXTERNAL.
http://www.openldap.org/doc/admin24/sasl.html#EXTERNAL
And naturally, if you're using SASL, then the DN/password pair is ignored.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
Michael Ströder wrote:
Howard Chu wrote:
Brent Bice wrote:
I was recently asked if we could use ssl client certs as a 2nd form
of authentication with OpenLDAP and didn't know for sure. Is it
possible to have OpenLDAP require both a DN/password pair *and* a client
ssl cert?
You can
11:30 __db.001
Apparently the cluster is doing some synchronizing at 05:45 in the
morning, but that's once a day. My concern is the files called
__db.001
__db.002
__db.004
Is there a simple way to prevent OpenLDAP from updating these files at
each query?
R.
--
-- Howard Chu
CTO, Symas
to add/delete users
and groups.
If some one knows how to add hosts in LDAP and be able t map groups
and users to it that would greatly help me.
Thanks
Dheera
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
with first one, then adding rest
values, like this:
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to dn.base= attrs=namingContexts by * none
-
add: olcAccess
olcAccess: {1}to * by * read
-
There's no need to break it up that way.
--
-- Howard Chu
CTO
.
Are you using slapo-memberof or slapo-refint?
If yes, you're probably hitting ITS#7710 which was fixed recently in OpenLDAP
2.4.37:
http://www.openldap.org/its/index.cgi?findid=7710
Ciao, Michael.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
601 - 700 of 1889 matches
Mail list logo
