objectClass: stkaPosixGroup
gidNumber: 5000
cn: dynposix
memberURL: ldap:///dc=example,dc=net?memberuid?sub?(title=admin)
4. I added the new objectclass stkaPosixAccout to my users:
dn: cn=Stefan Kania,ou=users,dc=example,dc=net
objectClass: posixAccount
objectClass
Am 25.11.19 um 19:59 schrieb Quanah Gibson-Mount:
> There's work to change this behavior (See ITS#9121) for OpenLDAP 2.5.
That would be a very good idea. So long I'll wait and maybe I will find
a different solution.
Stefan
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
smime.
; sendmailMTAMapName: virtuser
> sendmailMTACluster: mail
> sendmailMTAKey: t...@example.com
> sendmailMTAMapValue: testuser
>
> [2]
> uid=testuser,ou=,ou=,ou=,dc=,dc=,dc=local
>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-
ndmailMTAMapObject
> objectClass: ritAdditionalInfo
> sendmailMTAMapName: virtuser
> sendmailMTACluster: mail
> sendmailMTAKey: t...@example.com
> sendmailMTAMapValue: testuser
>
> [2]
> uid=testuser,ou=,ou=,ou=,dc=,dc=,dc=local
>
--
Stefan Kania
Landweg 13
Hello,
I try to do the authentication in LDAP via Kerberos. The
Kerberos-Database is in LDAP, no problem, I can login to the system as a
normal user but when I do a "ldapwhomami" I get the following output:
-
u1-verw@ldapserver:~$ ldapwhoami
SASL/GSSAPI authentication started
SASL
Hello Quanah
Am 24.01.20 um 00:51 schrieb Quanah Gibson-Mount:
>
> If you have "stats" level logging, you could see which of your servers
> is receving write ops via the logs.
That's it, thank's for the push ;-) Sometimes it's all you need. The
loadbalancer is running.
Stefan
smime.p7s
Hi,
maybe I can't find it or I forgot it :-), but is there a way to find out
which of my two servers in a mirrormode setup is active and which one is
passive?
Thanks for any hint
Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
ain group of users able to connect to certain computers.
> How do I do this ?
>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgn
Thank you all for the your answers. I did it like I did it before. I put
all the ACLs in the global part of the configuration and replicate just
e the part with the ACLs, that works fine. I hope replication of
attributes from the cn=config will work with 2.5 :-)
Stefan
Am 13.01.20 um 13:22
Hello,
I try to replicate the olcAccess, olcLimits and olcDbIndex Attributes
here is the Database where the olcx Attributes located on the Master
dn: olcDatabase={1}mdb,cn=config
olcAccess: {0}to dn.exact="" by * read
olcAccess: {1}to attr=entry,uid by anonymous auth by *
Thank you for your help, now it's working. I should have read the log
more closely, that's was the log said :-) Burt sometimes you just need
an input from someone else.
Am 23.12.19 um 09:40 schrieb Michael Ströder:
> On 12/20/19 8:54 PM, Stefan Kania wrote:
>> I would like to get the or
Hi Quanah,
I kow that there is a problem, but at the moment I don't know how to
solve it, can you give me a hint about my configuration of the replication.
Stefan
Am 07.01.20 um 02:08 schrieb Quanah Gibson-Mount:
>
>
> --On Saturday, January 4, 2020 5:35 PM +0100 Stefan Kania
Hello,
I would like to set ACLs to a bunch of attributes via ACL. Is it
possible to use regular expressions in the x field for attrs,
someting like
access to attrs.regex=[a.*]
by . read
by * break
I couldn't figure it out :-( If it is possible could someone please
write a short example
I try to set up a delta-syncrepl configured via slapd.d. Building the
configuration with Ansilbe. I got the following errormessages on my two
consumers:
Sep 08 19:45:49 ldapslave-01 slapd[3198]: do_syncrep2: rid=001 got
search entry without Sync State control
Am 15.09.20 um 10:40 schrieb Bastian Tweddell:
> Could you please send a link to this blog post?
Here it is:
https://mishikal.wordpress.com
smime.p7s
Description: S/MIME Cryptographic Signature
the forrest " :-) (as we say in Germany).
I comared the subschema of both consumer and provider there are the
same. I try to access the accesslog with ldapsearch with my rep-user and
I can access the database.
Can anyone have a look at my configuration please.
Stefan
Am 09.09.20 um 10
Hi Quanah,
Am 15.09.20 um 21:12 schrieb Quanah Gibson-Mount:
> Also, overlay order matters. For any replicated database, the
> SYNCPROV overlay should always be in the {0} index slot (primary or
> accesslog db). If it is delta-syncrepl, the ACCESSLOG overlay should
> be in the {1} index slot on
ed to know if it's written somewhere that the two
parts of the delta-syncrepl-setup must be in a certain order.
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre Privatsphäre.
Ein kostenfreies Zertifikat erhalten Sie unter
Thank's a lot for your explanation
Stefan
Am 14.09.20 um 17:43 schrieb Quanah Gibson-Mount:
>
>
> --On Sunday, September 13, 2020 9:19 PM +0200 Stefan Kania
> wrote:
>
>> Hi Quanah,
>>
>> I got a question about your blog about MMR. You wrote:
>>
>
Am 30.08.20 um 23:28 schrieb Quanah Gibson-Mount:
>
> I would strongly advise updating this to use delta-syncrepl instead of
> standard syncrepl.
You are right, I will change it :-) This was just the first step.
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jed
Hi Quanah,
thank's for the help. Up to now I did the delta-syncreple only via
slapd.conf, now I'm will get it work with slapd.d AND Ansilble.
After your posting I looked at my configuration and I saw it. Sometimes
you need someone to bring you an the right track. Thank's, not only for
this answer,
Hi Quanah,
I got a question about your blog about MMR. You wrote:
Add the syncprov and accesslog overlays to the existing primary
database. Note that it will be renumber from dn:
olcDatabase={2}mdb,cn=config to dn: olcDatabase={3}mdb,cn=config
But you did not explain why you renumber the
Hello,
I just compiled OpenLDAP 2.5alpha on a debian 10 system. I used this howto:
https://tylersguides.com/guides/install-openldap-source-debian-stretch/
Slapd is running and I load the following ldif:
-
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile:
s" completed without errors on both
> RHEL8 and Fedora 32.
>
> best regards,
> Jokke H.
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre Privatsphäre.
Ein kostenfreies Zertifikat erhalten Sie unter
https://www.
The problem was sitting in front of the monitor ^^
I must uses ldapi:/// insted of ldaps://. Sometimes it's good to
take a break :-)
Am 15.10.20 um 18:55 schrieb Stefan Kania:
> Hello,
>
> I just compiled OpenLDAP 2.5alpha on a debian 10 system. I used this howto:
> https://tyle
I wrote some Ansible roles to set up a testing environment, mybe someone
is interested in testing the roles. You can find all files and a
descripton on my page:
https://www.kania-online.de/using-ansible-to-set-up-an-openldap-environment/
smime.p7s
Description: S/MIME Cryptographic Signature
Am 21.09.20 um 22:09 schrieb Quanah Gibson-Mount:
>
>
> --On Sunday, September 20, 2020 5:29 PM +0200 Stefan Kania
> wrote:
>
>> first the provider:
>> -
>> dn: olcBackend={0}mdb,cn=config
>> objectClass: olcBackendConfig
&g
Am 21.09.20 um 22:01 schrieb Quanah Gibson-Mount:
>
>
> --On Monday, September 21, 2020 8:53 PM +0200 Stefan Kania
> wrote:
>
>> hi,
>>
>> replication is now running, but when I setup all three servers (one
>> provider and two consumers) I get the fo
hi,
replication is now running, but when I setup all three servers (one
provider and two consumers) I get the following errormessage on the provider
SEARCH RESULT tag=101 err=53 nentries=0 text=consumer state is newer
than provider!
And on the
Am 16.09.20 um 09:35 schrieb Michael Ströder:
> But as usual
> there are many opportunities to improve docs and I guess pull requests
> are welcome to make this more explicit.
As soon as my Ansible-script is running, I will write the documentation
and if it is interesting for the project it
dex slot (primary or
> accesslog db). If it is delta-syncrepl, the ACCESSLOG overlay should
> be in the {1} index slot on the primary db.
>
> Regards,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and
Hello,
I play around al little bit with the OpenLDAP 2.5alpha. I'm trying the
new overlay for the certificates. I start with the configuration with
slapd.conf, because it's faster to change ;-). I started with the two
lines from the manpage:
overlay autoca
caKeybits 4096
---
The
Am 20.10.20 um 22:54 schrieb Howard Chu:
> Stefan Kania wrote:
>>
>> Am 20.10.20 um 22:20 schrieb Howard Chu:
>>> Stefan Kania wrote:
>>>> But when I create a user or a server there is no certificate. In the
>>>> manpage said:
>>>> ---
Hello,
I start experimenting with Ansible and OpenLDAP. Now I try to set up the
overlay "synprov". I noticed that everytime I start my playbook the
configuration over the overlay is added to the configuration again and
again, so I now have:
--
# {0}syncprov, {1}mdb, config
dn:
Hello
If I create a new index on a provider in slapd.conf NOT in cn=config
(using mdb). I have to do a slapindex on the provider. When I configure
the same index in consumer slapd.conf do I have to do the slapindex here
too?
Greeting
Stefan
--
smime.p7s
Description: S/MIME Cryptographic
Hello,
I try to figure out which ACL I need to get the rewriting of the
sasl-username working.
I have in my slapd.conf the following lines:
--
authz-regexp
uid=(.+),cn=gssapi,cn=auth
ldap:///dc=example,dc=net??sub?(uid=$1)
---
If I do a "ldapwhoami" without any
Am 20.10.20 um 22:20 schrieb Howard Chu:
> Stefan Kania wrote:
>> But when I create a user or a server there is no certificate. In the
>> manpage said:
>> -
>> Certificates for users and servers are generated on demand using a
>> Search request
>>
Am 07.06.21 um 16:35 schrieb Michael Ströder:
> On 6/7/21 3:40 PM, Stefan Kania wrote:
>>
>>
>> Am 07.06.21 um 15:29 schrieb Michael Ströder:
>>> To build with libargon2 (which supports all ARGON2 arguments):
>>>
>>> --enable-argon2 --with-arg
missing files :-). Did
I miss anything else in my configure-line?
Thank's
Stefan
Am 07.06.21 um 11:29 schrieb Michael Ströder:
> On 6/7/21 10:23 AM, Stefan Kania wrote:
>> ARGON2 is not part of the actual version 2.5.5 I only find the sources
>> on git.openldap.org.
>
> Not t
Am 07.06.21 um 15:29 schrieb Michael Ströder:
> To build with libargon2 (which supports all ARGON2 arguments):
>
> --enable-argon2 --with-argon2=libargon2
Now it's compiling but still the same error :-(
Jun 07 15:37:24 ldap25-p02 slapd[8154]: olcPasswordHash: value #0:
scheme not available
fig
olcDatabase: {-1}frontend
olcPasswordHash: {ARGON2}
--
Now also {TOTP1ANDPW} is working. Thank's a lot. I learned a lot the
last days
Stefan
Am 07.06.21 um 20:13 schrieb Quanah Gibson-Mount:
>
>
> --On Monday, June 7, 2021 9:03 PM +0200 Stefan Kania
&
Am 07.06.21 um 17:18 schrieb Quanah Gibson-Mount:
>
>
> --On Monday, June 7, 2021 4:40 PM +0200 Stefan Kania
> wrote:
>
>>
>>
>> Am 07.06.21 um 15:29 schrieb Michael Ströder:
>>> To build with libargon2 (which supports all ARGON2 arguments):
>&
Hi to all,
I'm still testing TOPT with OpenLDAP 2.5. I got TOTP1 running. So a user
with an OTP can use the six-digit number from googleauthenticator (or
freeOTP+) to authenticate while using ldapsearch. Then I switch to
TOTP1ANDPW I generate a secretkey for the TOTP-part of userPassword.
Then I
Am 17.06.21 um 23:51 schrieb Michael Ströder:
> Using the old totp module is a waste of time.
ok ok ok :-) I now used the otp module together with argon2 als
password, and it's running.
But why, if it's old and not working, is pw-totp still part of 2.5. I
only ask because I like to understand
uot;userPrivateKey;binary"
-
The certificates for the user will be created.
Now only one thing is missing. How can I replace the self-signed
certificate with my own certificate?
Stefan
Am 24.05.21 um 16:40 schrieb Stefan Kania:
> Hallo,
>
> I try to get autoca running using the confi
Hello,
I try to set up TOTP1 and TOTP1ANDPW as passworthash. I use Debian 10
with Kernel 5.9 from the backports. As OpenLDAP I use 2.5.5. I set up
everything via Ansible. My configure-options are:
-
./configure --with-cyrus-sasl --with-tls=openssl --enable-overlays=mod
Hi Quanah,
Am 05.06.21 um 22:11 schrieb Quanah Gibson-Mount:
>
>
> --On Saturday, June 5, 2021 4:27 PM +0200 Stefan Kania
> wrote:
>
>> Hello,
>>
>> I try to set up TOTP1 and TOTP1ANDPW as passworthash. I use Debian 10
>> with Kernel 5.9 from the backp
n as I try to do anything or restart slapd,
the slapd chrashes.
Am 06.06.21 um 11:01 schrieb Dieter Klünter:
> Am Sat, 5 Jun 2021 15:27:40 +0200
> schrieb Stefan Kania :
>
>> Hello,
>>
>> I try to set up TOTP1 and TOTP1ANDPW as passworthash. I use Debian 10
>> with K
Hi Quanah
Am 05.06.21 um 22:11 schrieb Quanah Gibson-Mount:
>
> Personally I'd combine that with ARGON2 password hashes for secure
> password hash storage + 2 Factor auth.
ARGON2 is not part of the actual version 2.5.5 I only find the sources
on git.openldap.org. Will it ever become part of the
Am 24.05.21 um 16:55 schrieb Howard Chu:
> Stefan Kania wrote:
>> Hallo,
>>
>> I try to get autoca running using the configuration via slapd.d. With
>> slapd.conf it'S working with this configuration:
>> ---
>> overlay autoca
>> caKeybits 4
Hallo,
I try to get autoca running using the configuration via slapd.d. With
slapd.conf it'S working with this configuration:
---
overlay autoca
caKeybits 4096
userKeybits 4096
serverKeybits 4096
---
When I try to configure it with the following settings:
-
dn:
Am 23.02.21 um 16:50 schrieb Tilman Kranz:
> Hi Stefan,
>
> On Sun, 2021-02-14 at 18:46 +0100, Stefan Kania wrote:
>> I would like to set up a OpenLDAP proxy with meta-backend. I have a test
>> environment with two windows 2019 ADs and one OpenLDAP-server c
Hello,
I just try to set up the replication for cn=config using the example
from the documentation:
https://www.openldap.org/doc/admin24/replication.html
I have 3 Provider in an MMR with delta-syncrpl. Delta-syncrepl is
working fine I can add and change objects from all three providers.
Then I
t is unsafe?
>
>>
>> Additionally, you'd need to provide what the logs show when making the
>> change, as far as replication is concerned, to discern why it's failing.
>> It could be to one of the issues already fixed for OpenLDAP 2.5, but
>> without log info, t
Am 04.02.21 um 16:30 schrieb Harri T.:
> dn: uid=john,ou=People,dc=example,dc=com
> changetype: modify
> replace: shadowWarning
> shadowWarning: 7
-
> replace: mail
> mail: john@example.com
You are missing the line with just a "-" between the two attributes.
--
Hi,
I would like to set up a OpenLDAP proxy with meta-backend. I have a test
environment with two windows 2019 ADs and one OpenLDAP-server configured
as proxy. At the beginning all the authentication are med with
admin-accounts, it's the first step just testing. Here is my slapd.conf:
Hello to all,
short question. Is OpenLDAP supporting oauth2? If yes, can some one
point me to a howto?
Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
Hello to all,
I'm trying to get GSSAPI authentication running with the symas-packages.
I generated a ldap.keytab file and it's readable for the ldap-user
running the slapd. With the Debian-packages I ad:
-
export KRB5_KTNAME="/path/to/ldap.keytab"
-
I don't want to use the system
Hi Dieter
Am 18.12.21 um 07:28 schrieb Dieter Klünter:
> /etc/sasl2/slapd.conf
> mech_list: gssapi digest-md5 cram-md5 external
> keytab: /etc/openldap/ldap.keytab
>
> /etc/ldap.conf
> KRB5_KTNAME=/etc/openldap/krb5.keytab
> SASL_MECH GSSAPI
> SASL_REALM My.SASL.REALM
The configuration is
Am 22.12.21 um 13:18 schrieb Dieter Klünter:
> /* OpenLDAP SASL options */
> [...]
> /* OpenLDAP GSSAPI options */
> #define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT 0x6200
> #define LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL 0x6201
--
I did:
root@ldap25-p02:/opt/openldap-2.6.0# grep -ir
Am 22.12.21 um 13:01 schrieb Dieter Klünter:
> You probabely missed the header files, check /usr/include/gssapi/
> and /usr/include/krb5/
> and probabely some more.
> and check the libraries in /usr/lib64/sasl2/
>
I installed libkrb5-dev krb5-multidev libsasl2-dev
I found:
nisms: OTP
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
--
Again, thank you all for the help, several tips got me to the point.
Stefan
Am 17.12.21 um 16:34 schrieb Stefan Kania:
> Hello to all,
>
> I'm trying to get GSSAPI aut
Am 21.12.21 um 14:14 schrieb Dieter Klünter:
> Am Sat, 18 Dec 2021 07:28:16 +0100
> schrieb Dieter Klünter :
>
>> Am Fri, 17 Dec 2021 16:34:41 +0100
>> schrieb Stefan Kania :
>>
>>> Hello to all,
>>>
>>> I'm trying to get GSSAPI authentic
Hi to all,
two years ago I tried to use dynamic groups as Posix-groups see post:
https://www.openldap.net/lists/openldap-technical/201911/msg00028.html
Now I tried it again with OpenLDAP 2.6 and the attribute memberUID is
still not showing up. Is it still not possible to search for memberUid?
hi to all,
with 2.4.x the only way to remove an overlay from cn=config was exort
cn=config edit the export and reimport it. I found a thread where it said:
-
This will probably be supported in OpenLDAP 2.5.
-
So is it possible somehow or do I still have to go the way with slapcat
Am 03.01.22 um 18:19 schrieb Quanah Gibson-Mount:
>
>
> --On Monday, January 3, 2022 6:14 PM +0100 Michael Ströder
> wrote:
>
>> On 1/3/22 18:03, Quanah Gibson-Mount wrote:
>>> In general, "memberUID" is for use with posix groups (NOT LDAP groups).
>>> But again, it's generally deficient
Am 21.12.21 um 22:19 schrieb Michael Ströder:
>
> # ldd /opt/symas/lib/slapd
> [..]
> libgssapi.so.3 => /opt/symas/lib/libgssapi.so.3 (0x7f6d63716000)
> libkrb5.so.26 => /opt/symas/lib/libkrb5.so.26 (0x7f6d6347e000)
I don't know which packages you are using, but can't confirm
Am 22.12.21 um 10:31 schrieb Stefan Kania:
> either it's still a configuration problem, or it's missing. If it's a
> configuration problem, how can I fix it?
I now built OpenLDAP from source with this options:
--
./configure --enable-argon2 --with-argon2=libargon2 --with-cyru
I installed the symas OpenLDAP 2.6. The first step was getting the
gpg-key but the command on your web-page is :
root@ldap:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
DA26A148887DCBEB
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d
instead
Am 30.11.21 um 15:31 schrieb Ondřej Kuzník:
> Hi Stefan,
> if you don't want to get it from the keyservers, it's also kept here:
> https://repo.symas.com/repo/gpg/RPM-GPG-KEY-symas-com-signing-key
That's was i was looking for. Thank you
smime.p7s
Description: S/MIME Cryptographic Signature
Am 07.12.21 um 20:47 schrieb Quanah Gibson-Mount:
>
>
> --On Tuesday, December 7, 2021 7:15 PM +0100 Stefan Kania
> wrote:
>
>>
>>
>>
>>>
>>> The documentation clearly states that for cn=config replication, the
>>> serverID mus
Am 09.12.21 um 08:12 schrieb Ulrich Windl:
>>>> Stefan Kania schrieb am 07.12.2021 um 16:52 in
> Nachricht <37d8d0c0-fd4a-885d-7a8c-3874412ea...@kania-online.de>:
>
> ...
>> What I don't understand: Do I realy have to put all Servers in the
>> replic
Hi to all,
I still experimenting with openldap 2.6 and the deltasyncrepl with four
hosts. I use debian 11 and the symas packages.
I set up all four hosts with the following ldif-files.
Starting with the basic settings:
---
dn: cn=config
objectClass: olcGlobal
Hi to all,
is it now save to use mmr of cn=config with OpenLDAP 2.6? I got it
running with 4 server.
I'm installing all 4 server with Ansible so I created a basic configuration:
--
dn: cn=config
objectClass: olcGlobal
cn: config
olcLogLevel: sync
olcLogLevel: stats
olcPidFile:
>
> The documentation clearly states that for cn=config replication, the
> serverID must be in # URI format.
>
olcServerID: 1 ldap://ldap01.example.net
olcServerID: 2 ldap://ldap02.example.net
olcServerID: 3 ldap://ldap03.example.net
olcServerID: 4 ldap://ldap04.example.net
It's URI format
Am 15.12.21 um 10:11 schrieb Stefan Kania:
> I don't know
> where to look anymore.
I restarted from scratch and only did the basic configuration and the
replication of cn=config. When I do a change with the following ldif:
--
dn: olcDatabase={-1}frontend,cn=config
changetype:
Am 15.12.21 um 19:44 schrieb Quanah Gibson-Mount:
>
> Please file a bug.
How can I? Is there someting like bugzilla I know from the Samba project.
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphär
Am 15.12.21 um 20:34 schrieb Quanah Gibson-Mount:
>
>
> --On Wednesday, December 15, 2021 8:23 PM +0100 Stefan Kania
> wrote:
>
>>
>>
>> Am 15.12.21 um 19:44 schrieb Quanah Gibson-Mount:
>>>
>>> Please file a bug.
>> How can I? Is t
Now it's working. It was a syntax-problem in one of my Ansible templates
Am 09.12.21 um 15:42 schrieb Stefan Kania:
> by dn.exact="uid=repl-user,ou=users,dc={first_dc}},dc=net" read
This shoud be:
by dn.exact="uid=repl-user,ou=users,dc=example,dc=net" read
I forgot o
Hello,
I'm still working on replication of cn=config. The replication of the
main DB is working with delta-syncrepl but I still have problems getting
mmr running for cn=config. As I use Ansible to configure it here my
question:
Is the order of setting up the replication relevant?
What I do at the
err=53"
"server unwilling to perform"
@Quanah: In your blog about mmr it's also with a small "m", maybe you
can change it.
Am 07.12.21 um 16:52 schrieb Stefan Kania:
> Hi to all,
>
> is it now save to use mmr of cn=config with OpenLDAP 2.6? I got it
> runnin
Am 10.01.22 um 17:54 schrieb Quanah Gibson-Mount:
>
>
> --On Monday, January 10, 2022 5:46 PM +0100 Stefan Kania
> wrote:
>
>>
>>
>> Am 10.01.22 um 17:13 schrieb Quanah Gibson-Mount:
>>> And why the issue you filed has not been closed out.
>&
Am 10.01.22 um 17:13 schrieb Quanah Gibson-Mount:
> And why the issue you filed has not been closed out.
As RESOLVED and ???
FIXED is not right so which status should I choose?
--
smime.p7s
Description: S/MIME Cryptographic Signature
That's what can be found in the FAQ on openldap.org:
https://www.openldap.org/faq/data/cache/605.html
I would trust this more then any rumors on any stack page ;)
Am 30.03.22 um 18:45 schrieb thomaswilliampritch...@gmail.com:
> At risk of beating a dead horse, I'd like to hear
Am 21.09.23 um 19:13 schrieb Stefan Kania:
Thank you, now it's working. Would be nice if it documented somewhere,
maybe the manpage :-)
^.^ found it in the Manpage, it's late :-)
Am 21.09.23 um 18:08 schrieb Howard Chu:
Stefan Kania wrote:
Hi all,
I like to change the certificate
Thank you, now it's working. Would be nice if it documented somewhere,
maybe the manpage :-)
Am 21.09.23 um 18:08 schrieb Howard Chu:
Stefan Kania wrote:
Hi all,
I like to change the certificate and the key for autoca, but I can't find any
description how to do it. I tried the following
Hi all,
I like to change the certificate and the key for autoca, but I can't
find any description how to do it. I tried the following LDIF:
---
dn: dc=example,dc=net
changetype: modify
replace: cACertificate;binary
cACertificate;binary:< file:///root/mycert/cacert.pem
-
replace:
Hi to all,
I have autoca running with my own CA. And I can create certificates and
keys for users and hosts. But now I would like to use the certificate
and key for radius 802.1x authentication so I need to export the
certificate and the key. I know how to convert a DER certificate to a
pem
Am 04.10.23 um 18:56 schrieb Kaushal Shriyan:
Hi,
I am running the openldap server on Red Hat Enterprise Linux release 8.8
(Ootpa)
# rpm -qa | grep -i ldap
sssd-ldap-2.8.2-3.el8_8.x86_64
symas-openldap-servers-2.4.59-1.el8.x86_64
openldap-2.4.46-18.el8.x86_64
Am 05.10.23 um 18:59 schrieb Ulf Volmer:
On 05.10.23 18:39, Stefan Kania wrote:
Am 05.10.23 um 07:02 schrieb Howard Chu:
Read tests/scripts/test066-autoca for examples of how to do that.
Does anyone has an answer for an non developer WITHOUT compiling the
software. I'm not a developer
Am 05.10.23 um 07:02 schrieb Howard Chu:
Stefan Kania wrote:
Hi to all,
I have autoca running with my own CA. And I can create certificates and keys
for users and hosts. But now I would like to use the certificate and key for
radius
802.1x authentication so I need to export the certificate
Good morning,
we having a own schema with a lot of own attributes. We have a multi
provider replication of cn=config. What is the right way to add a new
attribute to our schema and get it into the configuration?
Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
I'm testing the openldap cache module pcache with OpenLDAP 2.6 on
Debian11 (symas-packages). The proxy has the following config:
(I'm testing caching so no security is set)
--
include /opt/symas/etc/openldap/schema/core.schema
include
Am 14.12.22 um 18:17 schrieb Quanah Gibson-Mount:
--On Wednesday, December 14, 2022 5:58 PM +0100 Stefan Kania
wrote:
Hi to all,
I want to test the "lloadd" as a standalone daemon. I'm using the symas
OpenLDAP 2.6 packages on a debian 11 system. I can only find the module
Hi to all,
I want to test the "lloadd" as a standalone daemon. I'm using the symas
OpenLDAP 2.6 packages on a debian 11 system. I can only find the module
"lloadd.la" but not the standalone daemon. If I want to us it, do I have
to compile it myself?
What would be the better way using the
Am 15.12.22 um 16:38 schrieb Ondřej Kuzník:
Should be authzTo if you're adding it to the lloadd's identity, are you
sure uid=lloadd,ou=users,dc=example,dc=net has 'auth' (+x) access to
dc=example,dc=net and the uid attribute on the subtree?
Thank you for the push in right direction
I added
I now took the example configuration and changed it to my settings:
-
TLSCertificateFile /opt/symas/etc/openldap/example-net-cert.pem
TLSCertificateKeyFile /opt/symas/etc/openldap/example-net-key.pem
TLSCACertificateFile /opt/symas/etc/openldap/cacert.pem
pidfile
Hi Ondřej,
thank you for your answer, that's what I wanted to know.
Stefan
Am 15.12.22 um 12:48 schrieb Ondřej Kuzník:
On Wed, Dec 14, 2022 at 06:57:05PM +0100, Stefan Kania wrote:
Am 14.12.22 um 18:17 schrieb Quanah Gibson-Mount:
--On Wednesday, December 14, 2022 5:58 PM +0100 Stefan Kania
Am 15.12.22 um 14:24 schrieb Ondřej Kuzník:
It's not possible inside lloadd but when lloadd uses an identity A and a
client binds with identity B, then sends an operation to it, what the
backend receives is an operation with proxyauthz carrying B over a
connection bound to A. If authz-policy
Am 15.12.22 um 13:10 schrieb Ondřej Kuzník:
On Wed, Dec 14, 2022 at 09:20:14PM +0100, Stefan Kania wrote:
I now took the example configuration and changed it to my settings:
-
feature proxyauthz
bindconf bindmethod=simple
binddn=uid=lloadd,ou=users,dc=example,dc
1 - 100 of 158 matches
Mail list logo
