TLS? Is it something in
the slapd.conf file or is it something in the build of openldap? Or is
it just not an issue?
It is not an issue. LDAP is a connection-oriented protocol, not datagram-based.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
2.4.19 with BDB4.8
Please test CVS RE24. 2.4.20 is being prepped for release and probably all of
these issues have already been addressed.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
Willie Gillespie wrote:
Howard Chu wrote:
No. LDAP Simple Bind requires DNs. Use SASL Bind if you want to use other
forms of user names.
Good to know. What is olcAuthIDRewrite used for then?
Probably nothing. It hasn't ever been documented, you're probably the first
person to ask about
I've done any
operations on server2.
No idea what that is. Your debug logs should tell what it was doing.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
you know a good howto for debian ?
The OpenLDAP Project doesn't provide any check_password module. You will have
to ask whoever wrote the module you're talking about.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
as
the credentials value used for syncrepl?
No.
The binddn within
syncrepl has to have read access to the provider database and this
should not be rootdn of the provider, rootdn of the consumer manages
the consumer database only.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
with overlay chain not found. No mention is made of a solution, but
could it be that the chain overlay was simply removed from the slapd
package as result?
The chain overlay is not a separate module, it's built into back-ldap.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
not
complain at all when the connection was not there...
If you had read the docs http://www.openldap.org/doc/admin24/replication.html
you wouldn't need to ask such questions.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
quite mistaken, the two are completely orthogonal. If
you have a commercial enterprise, and you have even half a brain, you pay for
support for your solutions, whether they are open or closed source.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
in the filter:
ldap:///dc=example,dc=com??sub?
((|(entryDN:dnSubtree:=ou=eng,dc=example,dc=com)
(entryDN:dnSubtree:ou=bio,dc=example,dc=com))
(uid=$1)(objectclass=person))
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Alex Samad wrote:
Hi
I have setup a multimaster setup and some slave nodes, using cn=config.
I am looking at trying to create a user in the cn=config space
The config database does not support user entries, it only handles config
entries.
--
-- Howard Chu
CTO, Symas Corp
have to explicitly configure the overlay to get it. So
there's no way that just upgrading to 2.4.20 would have suddenly caused this
problem to start.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
this error. Some more details are below.
Some built-in schema elements were moved out into a config file in 2.4.19. You
probably need to add the ldapns.schema before configuring the overlay.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
checks can only be performed if we know the LDAP DN of
the user. We only get that DN during authentication.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
available directly in the library or if the
client has to implement it.
This feature is implemented in the OpenLDAP client code, not in libldap.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
the sender and remove it from your system.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
transportation like email where
you cannot guarantee the recipient is the only person able to 'see' the
document ;)
[snip]
This message is private and confidential. If you have received it in error,
please notify the sender and remove it from your system.
--
-- Howard Chu
CTO, Symas
databases
I already answered this quite a while back. Just add -n 0 to the invocation.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
://activedirectory.abc.com/636'
-b 'dc=abc,dc=com' -D 'testdn'
-W '((objectclass=user)(!(objectclass=computer))(samaccountname=myname))'
samaccountname
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
No, not the VMware kind...
http://www.symas.com/blog/
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
solution here is to use a extended filter with dnSubtreeMatch on
each desired branch.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
(-1)
?? additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
??
I can???t quite pin point what the problem might be.??
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
http://www.bayardserviceweb.com
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
and if so, how?
No. It's normal, it just means it was looking for the index of a value that
doesn't exist in your DB.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org
, it was simply asked
to find a value that does not exist. There's nothing abnormal about that,
there's nothing to fix. This whole thread is much ado about nothing.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
stored that I could convert.
We don't keep a counter on the LDAP side. However, the Heimdal KDC maintains
the keyVersionNumber, and it seems to me that you'd have that integrated here
as well.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http
and don't
list their members with the 'member' attribute.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Ian Collins wrote:
On 05/26/10 02:40 PM, Howard Chu wrote:
Ian Collins wrote:
Hello again,
My earlier thread appears to have been hijacked, so I'm starting a new
one for the summary of my investigations.
My current understanding is as follows:
There are three overlays that can use yes
on:
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
to
put in the apache server. I did it but nothing happened.
Well, i'm lost in all this stuff, that is why i'm asking for help to
configure my servers to use ldaps with php.
Do you have information that could help me ?
I thank you in advance
--
-- Howard Chu
CTO, Symas
.
Just don't specify TLS_REQCERT at all in ldap.conf. The default is demand and
should not be changed.
In all of this thread no one has asked or stated what version of OpenLDAP is
being used...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
users to
certain hosts.
http://www.hurricanelabs.com/september2009_login_security_using_openldap_and_pam
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com
baked (which I for one
do not think has completely happened even now in 2.4.22).
All of the core overlays support cn=config.
You can always pull slurpd from CVS if you enjoy that sort of thing, no one
put a gun to your head to force you in any direction.
--
-- Howard Chu
CTO, Symas Corp
should file an ITS so that we
can get the manpage updated.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
in the right order. I.e., you must declare monitor, etc
before the empty suffix.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
==
hometest:rc.d # ./slapd start
Starting slapd.
./slapd: WARNING: failed to start slapd
Run slapd -d -1 to see why it failed to start.
--Quanah
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
the documentation says. Where did you get this understanding?
An RID is just a unique tag within a single slapd.conf or slapd.d. Its only
purpose is to provide an unambiguous ID that can be referenced from the slapd
-c option. That's all.
--
-- Howard Chu
CTO, Symas Corp. http
entry.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
,
which didn't enforce any distinction between global and frontend
directives. But it's not evaluated there, since it's possible to specify a
hash mechanism that is loaded from a module (and the moduleLoad parsing hasn't
occurred yet when olcGlobal is read).
--
-- Howard Chu
CTO, Symas Corp
maximum sizes, then you
might consider defining them as blobs using attrblob attr. If all of the
attributes are of average size, and you simply have too many of them to fit in
a single table, then you should break them up into separate attrsets.
--
-- Howard Chu
CTO, Symas Corp. http
multiple sockets (sort of along
the same lines as rsyslog, for example)?
No, currently there is no support for configuring the socket path, or multiple
sockets. Patches to add this feature are welcome.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
)
Thanks,
Andrew Bartlett
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Andrew Bartlett wrote:
On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
Andrew Bartlett wrote:
What is the best way to get OpenLDAP to understand it needs to match on
and follow references to the DN part of these values?
Good question. So far the only way to get DN semantics is by using
Howard Chu wrote:
Andrew Bartlett wrote:
On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
Andrew Bartlett wrote:
What is the best way to get OpenLDAP to understand it needs to match on
and follow references to the DN part of these values?
Good question. So far the only way to get DN
Andrew Bartlett wrote:
On Sun, 2010-07-11 at 18:25 -0700, Howard Chu wrote:
Howard Chu wrote:
Andrew Bartlett wrote:
On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
Andrew Bartlett wrote:
What is the best way to get OpenLDAP to understand it needs to match on
and follow references
masar...@aero.polimi.it wrote:
Howard Chu wrote:
Andrew Bartlett wrote:
On Sun, 2010-07-11 at 14:16 -0700, Howard Chu wrote:
Andrew Bartlett wrote:
What is the best way to get OpenLDAP to understand it needs to match
on
and follow references to the DN part of these values?
Good question
it knows nothing
about them. If you just need them for compatibility with OID, I suggest you
change the declaration to make them non-operational. You'll probably want
to remove the NO-USER-MODIFICATION flag too, if you want to be able to
modify them with user accounts.
--
-- Howard Chu
CTO, Symas
is distinguishedName. It does not rewrite any
other attributes.
Thanks in advance!
Tom
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
(uid=) 0 900 sub dc=proxy
pcachePersist FALSE
pcacheOffline FALSE
directory /var/cache/ldap
cachesize 1
index objectClass,sAMAccountName,pcacheQueryideq
8--
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
bandwidth to memory, disks, and
network interfaces. Raw CPU performance is much less important here than
aggregate bandwidth.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
this?
Just turn off automatic referral chasing and chase them manually. Then you'll
know which server you're dealing with.
Thanks for any pointes.
[1] http://lists.arthurdejong.org/nss-pam-ldapd-users/2010/msg00097.html
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
be greatly appreciated
William Brown
pgp.mit.edu
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
the
internal slapd plugin.
I recommend you file a bug report.
File the bug with the correct people. OpenLDAP doesn't do anything in
particular with SASL configuration. If you can't get the desired behavior by
setting the SASL config file, then file a bug against Cyrus SASL.
--
-- Howard Chu
to the problem of syncrepl
terminating after master is restarted.
You have no retry parameter in your syncrepl config, so naturally it does
not retry. It always helps to actually Read The correct FM, slapd.conf(5) in
your case.
--
-- Howard Chu
CTO, Symas Corp. http
people you're using an obsolete release, you should
upgrade.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
/group (that is, these flat files provide
the backing store for the database that this slapd exposes) and then replicate
account updates to it from a central master. You could accomplish much the
same thing today using a client reading an accesslog DB.
--
-- Howard Chu
CTO, Symas Corp
:* Openldap2.4.16 performance issue
Hi All,
I need help for openldap slapd 200% cpu utilization issue.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
to copy them over, and then edit the
dn.
No, you are never supposed to muck with any of the files inside slapd.d. You
slapadd the LDIF files, same way you would load any other LDIF file into slapd.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun
.
Seems a bit clunky if thats the case, but I have had a few settings not
stick already (olcDatabaseDirectory).
Anyway, would love your insight and thanks for your time :)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
the TLS settings, it will reinitialize the entire TLS
context, including reloading the CRL.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
, to discourage people from pursuing this
misguided course. Use GSSAPI.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
to get TLS working. And applications don't have to implement specific SASL
mechanisms, that's all hidden inside libldap and libsasl2. All they have to do
is use the right libldap calls and they automatically get support for all
mechanisms, currently known as well as future mechs.
--
-- Howard
syntax handler for the pwdAttribute attribute
that will recognize textual attribute names as well as OIDs. If you don't have
the module loaded, you have done something wrong.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
line you
used for slapcat?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
into their mainline code, it ought to work reasonably transparently, and at
that point we may provide a configure switch for it. For now, we do not
endorse or support it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com
Silvan Marco Fin wrote:
Thanks for your input, currently I'm trying to get it working with the
description supplied here.
Am 27.09.2010 22:38, schrieb Howard Chu:
doesn't seem to be a configure switch to enable NSS, like with Gnutls or
There is no switch for it at this time
, not an overlay, and I specifcally said overlays.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
my LDAP
server is not an option, how can I allow the unique overlay to enforce my
constraint?
Re-read the slapo-unique(5) manpage. Specifically the 3rd paragraph.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
synchronous is ldap_sasl_interactive_bind_s(), and I have some plans to fix that.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
plan on implementing such a feature in the near future or is
there a proposed way of setting such a callback method?
Kind regards,
Silvan
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
location.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
a bug report against the Fedora
Directory Server.
Cheers,
Edward
[1] http://lists.fedoraproject.org/pipermail/389-users/2010-October/012320.html
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
, and the server is clearly broken.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
backend
configure: error: select appropriate LDBM options or disable
Does anyone know how to fix it? Thanks in advance.
Piotr
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
this, but I would run with the BDB cache in shared memory
instead of on disk. It won't survive a system crash/reboot, but otherwise it's
superior for performance.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief
with ramdisk ?
I know it is risky but running rsyncd between ramdisk and a hardisk depot
would be safe huh ?
Thanks for any advices
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
:
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
software at the other database, and rewrite as appropriate for each app.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
to the alias entry is
the only way which one may reference the
alias entry
And that is clearly not the case, in fact.
Your last search is not equivalent to your previous searches, because the last
time you omitted the **SEARCH FILTER**.
Think about it.
--
-- Howard Chu
CTO, Symas Corp
all the other insignificant, backward-compatible changes we make
that changing this is obviously a non-starter.
The use of whitespace is clearly described in the manpage and the Admin Guide.
People who don't read the manpage deserve no sympathy.
--
-- Howard Chu
CTO, Symas Corp
Howard Chu wrote:
Chris Jacobs wrote:
Ya know, that leading space thing confused the heck out of me when I started
writing a slapf.conf from scratch. I'm guessing were ya'll to know at that
start of spec'ing slapd.conf the methods that are now common to multi-line or
'containerize' options
-based config is too complicated and a bad idea simply don't understand
LDAP...)
Very handy!
Thanks,
Jaap
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org
, and clearly
that bit of LDIF was not base-64 encoded. ;)
And again, stuff like this is clearly documented in the ldif(5) manpage...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http
as of October 13, so it's already in the past.
Thanks,
Shankar
On Mon, Oct 11, 2010 at 3:06 PM, Howard Chu h...@symas.com
mailto:h...@symas.com wrote:
William Ahern wrote:
Excepting DNS, is the latest release of OpenLDAP fully
asynchronous-capable,
even with TLS? Perusing
} tag. (And the slapd is
actually running on Solaris.)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
it if you wish.
Thanks
Tim
On 11/11/10 21:38, Howard Chu wrote:
Tim Dyce wrote:
Hi Dieter,
Thanks for the tips on tuning, sadly the problem is still haunting us :(
Andrey Kiryanov at CERN has been doing a lot of work on this performance
degradation problem as well.
He has tried BDB 4.8.30
Howard Chu wrote:
Tim Dyce wrote:
Hi Howard,
Thanks for the help :D
We have been testing in ramdisk as well, to make sure that disk
thrashing is not the root cause.
If your searches are not running long enough to show up for profiling,
increase the number of second level entries until you
this?
The cheapest workaround is to change your DB config to have an empty suffix.
Then the DN is the DB root entry, and your ou=test will be the first
child entry. (You'll have to reload the DB of course.)
Thanks
Tim
On 11/11/10 22:45, Howard Chu wrote:
Tim Dyce wrote:
Hi Howard,
Thanks
Shankar Anand R wrote:
On Mon, Nov 8, 2010 at 5:57 PM, Howard Chu h...@symas.com
mailto:h...@symas.com wrote:
Shankar Anand R wrote:
Hi,
Is there any workaround way by which we will be able to do a
DIGEST-MD5 - SASL
LDAP bind asynchronously
referrals.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Christian Schmidt wrote:
Hello Howard,
thank you very much for your reply.
Howard Chu, 10.11.2010 (d.m.y):
No conversion is necessary, as long as you built OpenLDAP with
--enable-crypt and you're using the native C library's crypt() (and
not e.g. OpenSSL's crypt())
I just gave this a try
, and
operations inside this memory will trigger reads inside the kernel which do not
show as libc syscalls. Rats. So it may be IO? I need to throw even more memory
at it, and live with the increasing startup times?
How does the set_cachesize relate to the mmap usage?
--
-- Howard Chu
CTO, Symas Corp
.
No, the software will accept whatever you tell it to use, if you configure it
appropriately.
You really should create a full certificate chain, that is, a ca, a server
certificate and a server key.
But yes, the Project always recommends that you do the right thing.
--
-- Howard Chu
CTO, Symas
their password.
Other users are remotely authenticated with saslauthd.
They shall not be able to change their 'password' which is just a
redirection.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect
be there another way in openldap?
pam_check_host_attr do almost same. If I add user - I need to add all
hosts to user attr host:. So it's same work I think.
Read up on the nssov overlay.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com
Borilko
objectClass: inetOrgPerson
sn: Borilko
mail: de...@somedomain.com
My LDAP settings both in Mail and address book:
Code:
Search base: ou=people,dc=minu,dc=biz
Scope: subtree
Thanks in advance!
Toomas
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director
1 - 100 of 1887 matches
Mail list logo
