Re: [389-users] Client Config on CentOS 6

*Hi * *I am using NSLCD, does your suggestion still work ? I am not using TLS on the ldap server* *Regards* -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] Client ACI question

"uid=serveruser1,ou=ServerUsers,dc=domain,dc=com" ==> has access to "cn=Project1,ou=Projects,dc=domain,dc=com" AND "cn=Project2,ou=Projects,dc=domain,dc=com" ==> deny access to other entries in "ou=Projects,dc=domain,dc=com" you could use targetfilter like: (targetfilter = "(|(cn=Project1)(cn=Pr

Re: [389-users] Search operation takes too much time for respond

(2013/01/02 05:24), Jim Finn wrote: logconv.pl is your friend. What is the filter & attributes you are searching? Are they indexed? Right. If you see "notes=U" in the slow search result (access log), the slowness could be coming from there. conn=65 op=1 RESULT err=0 tag=1

[389-users] AD <-> LDAP password expiration sync

Is it possible to synchronize password expiration times between AD and LDAP? We're just discovering that the AD sync to LDAP doesn't update shadowLastChange which we are currently using on the LDAP side. Should we use a different scheme for password expiration? -- Orion Poplawski Technical M

Re: [389-users] Client Config on CentOS 6

Hello On Wed, Jan 2, 2013 at 7:08 PM, Ali Jawad wrote: > Hi All > > I am facing problems configuring a CentOS 6 server to act as an ldap client > to my DS389 server. Does anyone know about a valid howto or can you please > paste the sample configs to get it working ? > > Regards > Are you using

Re: [389-users] Client ACI question

On 01/02/2013 11:41 AM, Matti Alho wrote: What is the correct way to use allow/deny because if I use default deny on ou=Projects..., it overrides allows. deny always has precedence, it cannot be overridden by an allow rule. So you should model your acis with allow rules (defining exceptions fro

[389-users] Client Config on CentOS 6

Hi All I am facing problems configuring a CentOS 6 server to act as an ldap client to my DS389 server. Does anyone know about a valid howto or can you please paste the sample configs to get it working ? Regards * * -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedorap

Re: [389-users] Search operation takes too much time for respond

logconv.pl is your friend. What is the filter & attributes you are searching? Are they indexed? On Jan 2, 2013, at 6:01 AM, Balaji P wrote: Hi All, We are using 389 LDAP server which is having around <1000 objects. We have a control script which is running as a separate process to perform

[389-users] Search operation takes too much time for respond

Hi All, We are using 389 LDAP server which is having around <1000 objects. We have a control script which is running as a separate process to perform the search operation in the particular DN.. From the access log around 98% Percentage the search operation estimation timeout value as 0 second.

Re: [389-users] Difference between Start and End Replication Request

ok, thanks. Moses 2013/1/2 Ludwig Krispenz > Hi, > > a "Start Replication Request" is an attempt to start a replication session > and to acquire a replica, but if the replica is currently updated by an > other supplier, it returns replica busy and the attempt will be repeated. > So it can be

Re: [389-users] Client ACI question

What is the correct way to use allow/deny because if I use default deny on ou=Projects..., it overrides allows. deny always has precedence, it cannot be overridden by an allow rule. So you should model your acis with allow rules (defining exceptions from the default deny). So basically default

Re: [389-users] Difference between Start and End Replication Request

Hi, a "Start Replication Request" is an attempt to start a replication session and to acquire a replica, but if the replica is currently updated by an other supplier, it returns replica busy and the attempt will be repeated. So it can be quite normal that start and end requests are not balanc

Re: [389-users] Client ACI question

Hi On 01/02/2013 08:18 AM, Matti Alho wrote: Hi, I have read various documents (including Redhat ones) about ACI implementation. But still the following basic scenario confuses me. * anonymous bind disabled * each client server is authenticated with a unique username (e.g. "ou=ServerUsers,dc

[389-users] Difference between Start and End Replication Request

Hi, I have passed the lofconv.pl script and get a difference between the Start and End Replication Request. Does it make sense? - Extended Operations - 11874 2.16.840.1.113730.3.5.3 Start Replication Request (incremental update) 79622.16.840.1.113730.3.5.5 End Repli