Re: Using OpenLDAP without the support of OpenSSL - reg.
Hi Aviator, You can try use the option "ssl no" on ldap.conf file. On slapd.conf, you can try remove the TLS lines, like TLSRandFile, TLSCipherSuite, TLSCertificateFile, TLSCertificateKeyFile, TLSCACertificateFile,TLSVerifyClient. But, Its so important to remember if you had errors with ldapsearch without "-x" option the problem is SASL and you need check this configurations. The correct use of LDAP and SSL is "ldapsearch -ZZ". And finally, you really sure about not use this secure resources? Can you explain better your ideas? Hugs, On 5/22/07, Aviator LDap <[EMAIL PROTECTED]> wrote: Hi All, I want to develop an application that uses OpenLDAP without OpenSSL functionalities. Can anybody help me to know how to eliminate the openSSL libraries from openLDAP? thanks in advance, regards, dinesh. -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: LDAP and MySQL - No database selected
What´s your result for odbctest ou iodbctest? This command shows your ODBC connection? And more: you set your slapd.conf with your ODBC Connection Name, not your MySQL dbname. For example, if you have a database with name ldap and setup a ODBC connection with name test, you need set test on your slapd.conf An ODBC Connection for example, in your /etc/odbc.ini [ODBC Data Sources] test = MySQL ODBC 2.50 Driver DSN [test] Driver = /usr/local/lib/libmyodbc.so Description = MySQL ODBC 2.50 Driver DSN DSN = test Server = localhost PORT = 3306 SOCKET = /var/lib/mysql/mysql.sock User = *valid_user* Password = *valid_passwd* Database = ldap ReadOnly = no ServerType = MySQL FetchBufferSize = 99 ServerOptions = ConnectOptions = OPTION = 3 TraceFile = /var/log/mysql_test_trace.log Trace = 0 Cheers, On 5/23/07, Ace <[EMAIL PROTECTED]> wrote: Hi Friends, I am trying to configure LDAP with MySQL 5.0 as backend. I am using Connector/ODBC 3.51 and LDAP 2.3.32 built from sources. While starting slapd I get following error - === backsql_load_schema_map(): oc_query "SELECT id,name,keytbl,keycol,create_proc,delete_proc,expect_return FROM ldap_oc_mappings" backsql_load_schema_map(): error executing oc_query: Return code: -1 nativeErrCode=1046 SQLengineState=3D000 msg="[MySQL][ODBC 3.51 Driver][ mysqld-5.0.27-standard]No database selected" ==>backsql_free_db_conn() === My odbc.ini file has all the details and I can see in slapd log that its getting dbname before connective to MySQL server. slapd.conf has dbname = test. Thanks in advance! -- Cheers, Rajan -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: LDAP and MySQL - No database selected
Yes. On same directory with structural *.sql you have data *.sql scripts. You can import this sql files. Cheers! On 5/25/07, Ace <[EMAIL PROTECTED]> wrote: I could get LDAP started with mysql. One query - === [EMAIL PROTECTED] libexec]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts* # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContexts # # dn: namingContexts: o=sql,c=RU # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [EMAIL PROTECTED] libexec]# ldapsearch -LLL -s sub -b "o=sql,c=RU" "(objectClass=*)" *SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database == Why is my second LDAP search not working? Anyone has samples on inserting/searching records from LDAP with MySQL backend? On 5/24/07, Ace <[EMAIL PROTECTED]> wrote: > > I got it working now after I restrted my LinuxIts weird...but its > true! > > Thanks for you help! > > > On 5/23/07, Ace <[EMAIL PROTECTED] > wrote: > > > > The funny part here, my odbc test result - > > > > == > > 1: SQLDriverConnect = [MySQL][ODBC 3.51 Driver]Could not determine the > > driver name; could not lookup setup library. DSN=(test) > > (0) SQLSTATE=HY000 > > 1: ODBC_Connect = [MySQL][ODBC 3.51 Driver]Could not determine the > > driver name; could not lookup setup library. DSN=(test) > > (0) SQLSTATE=HY000 > > == > > > > Where as LDAP is able to connect to MySQL. I am using "test" database > > from MySQL and DSN name is "test". > > > > One more thing, why was slapd looking for /tmp/mysql.sock? I had > > specified Socket = /var/lib/mysql/mysql.sock > > > > Here is my odbc.ini - > > > > > > ; begin odbc.ini > > [ODBC Data Sources] > > test = Connector/ODBC 3.51 Driver DSN > > > > [test] > > Driver = /usr/lib/libmyodbc3.so > > Description = Connector/ODBC 3.51 Driver DSN > > Server = localhost > > DSN = test > > Port = 3306 > > Socket = /var/lib/mysql/mysql.sock > > User = root > > Password = mysql > > Database = test > > ServerType = MySQL > > Option = > > TraceFile = /var/log/mysql_test_trace.log > > Trace = 0 > > > > [Default] > > Driver = /usr/lib/libmyodbc3.so > > Description = Connector/ODBC 3.51 Driver DSN > > Server = localhost > > DSN = test > > Port = 3306 > > Socket = /var/lib/mysql/mysql.sock > > User = root > > Password = mysql > > Database = test > > ServerType = MySQL > > Option = > > TraceFile = /var/log/mysql_test_trace.log > > Trace = 0 > > ;end odbc.ini > > > > > > > > On 5/23/07, Gabriel Stein <[EMAIL PROTECTED] > wrote: > > > > > > What´s your result for odbctest ou iodbctest? This command shows > > > your ODBC connection? > > > > > > And more: you set your slapd.conf with your ODBC Connection Name, > > > not your MySQL dbname. > > > > > > For example, if you have a database with name ldap and setup a ODBC > > > connection with name test, you need set test on your slapd.conf > > > > > > An ODBC Connection for example, in your /etc/odbc.ini > > > > > > [ODBC Data Sources] > > > test = MySQL ODBC 2.50 Driver DSN > > > > > > [test] > > > Driver = /usr/local/lib/libmyodbc.so > > > Description = MySQL ODBC 2.50 > > > Driver DSN > > > DSN = test > > > Server = localhost > > > PORT = 3306 > > > SOCKET = /var/lib/mysql/mysql.sock > > > User = *valid_user* > > > Password = *valid_passwd* > > > Database = ldap > > > ReadOnly = no > > > ServerType = MySQL > > > > > > FetchBufferSize = 99 > > > ServerOptions = > > > ConnectOptions = > > > OPTION = 3 > > > TraceFile = /var/log/mysql_test_trace.log > > > Trace = 0 > > > > > > > > > Cheers, > > > > > > On 5/23/07, Ace <[EMAIL PROTECTED] > wrote: > > > > > > > > Hi Friends, > > > > > > > > I am trying to configure LDAP with MySQL 5.0 as backend. I am > > > > using Connector/
Re: server startup overhead
Hei Howard! A question: How do you setup the "lastmod" directive on slapd.conf? ON or OFF? cheers. On 5/25/07, Howard Chu <[EMAIL PROTECTED]> wrote: Eric Irrgang wrote: > Is there a way (with or without attaching a debugger) to find out what my > IDL cache and DN cache is doing? > Using a debugger, set a breakpoint inside any of the backend functions. When the bdb pointer is set up, print out its data. The bdb->bi_cache structure records all the info about the entry cache. The bdb->bi_idl_* fields records the info about the IDL cache. In 2.4 some of these counters are exposed via back-monitor. We can add more to the monitor entry as needed. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sunhttp://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: OpenLDAP-OpenSSL association - reg.
Aviator! The libs files are in you LIBS configuration of Makefile. The another hint is gcc -print-search-dirs, Aaron wrote in another mail. Cheers! On 5/28/07, Aaron Richton <[EMAIL PROTECTED]> wrote: >From whichever path your compiler/linker are configured to use. Often, the notable defaults include /usr/lib and /lib, and are altered by -L or -R options. You can ask your compiler/linker supplier to tell you how to determine the defaults in effect (e.g. "gcc -print-search-dirs" if you're using gcc). ...of course, it looks odd to me that configure would grab "-lssl.a" ... "-lssl" seems much more likely (even if it is an ar archive). On Mon, 28 May 2007, Aviator LDap wrote: > Hi Friends, > I am really struk with this issue. Could you help me? > > In the makefile generated by the configure scipt, the TLS_LIBS value has > been assigned as -lssl.a -lcrypto.a. From which location, the system finds > the corresponding libssl.a and libcrypto.a? > > Thanks in advance!!! > regards, > dinesh. > -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: ldap_add: Already exists (68)
3d 50 65 6f 70 6c 65
mnaik1,ou=People
0020: 73 2c 64 63 3d 7a 6c 65 6d 61 69 6c 2c 64 63 3d
s,dc=zlemail,dc=
0030: 63 6f 6d 30 81 8d 30 0d 04 03 75 69 64 31 06 04
com0..0...uid1..
0040: 04 31 30 31 33 30 17 04 09 67 69 76 65 6e 4e 61
.10130...givenNa
0050: 6d 65 31 0a 04 08 72 61 6d 6e 61 69 6b 31 30 23
me1...ramnaik10#
0060: 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 31 14 04
..objectClass1..
0070: 03 74 6f 70 04 0d 69 6e 65 74 4f 72 67 50 65 72
.top..inetOrgPer
0080: 73 6f 6e 30 1a 04 0c 75 73 65 72 50 61 73 73 77
son0...userPassw
0090: 6f 72 64 31 0a 04 08 72 61 6d 6e 61 69 6b 31 30
ord1...ramnaik10
00a0: 10 04 02 73 6e 31 0a 04 08 72 61 6d 6e 61 69 6b
...sn1...ramnaik
00b0: 31 30 10 04 02 63 6e 31 0a 04 08 72 61 6d 6e 61
10...cn1...ramna
00c0: 69 6b 31 ik1
modify complete
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 2
wait4msg continue, msgid 2, all 1
** Connections:
* host: 127.0.0.1 port: 389 (default)
refcnt: 2 status: Connected
last used: Thu May 31 13:10:47 2007
** Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 2, all 1
ber_get_next
ldap_read: want=8, got=8
: 30 0c 02 01 02 69 07 0a0i..
ldap_read: want=6, got=6
: 01 44 04 00 04 00 .D
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x099eec48 ptr=0x099eec48 end=0x099eec54 len=12
: 02 01 02 69 07 0a 01 44 04 00 04 00 ...i...D
ldap_read: message type add msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x099eec48 ptr=0x099eec4b end=0x099eec54 len=9
: 69 07 0a 01 44 04 00 04 00i...D
read1msg: 0 new referrals
read1msg: mark request completed, id = 2
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x099eec48 ptr=0x099eec4b end=0x099eec54 len=9
: 69 07 0a 01 44 04 00 04 00i...D
ber_scanf fmt (}) ber:
ber_dump: buf=0x099eec48 ptr=0x099eec54 end=0x099eec54 len=0
ldap_msgfree
ldap_perror
ldap_add: Already exists (68)
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 4
: 30 05 02 01 03 42 00 0B.
ldap_write: want=7, written=7
: 30 05 02 01 03 42 00 0B.
ldap_free_connection: actually freed
==========
--
Cheers,
Rajan
--
/\
Gabriel Stein
[EMAIL PROTECTED]
MSN: [EMAIL PROTECTED]
Administrador de Redes -
Network Administrador
Linux User #223750
51-92796310
Porto Alegre - RS - Brasil
Re: ppolicy and others attributes
Raphael, Reading the man of PPOLICY, you can use the attributes from pwdPolicy object class to defines policies about userPassword attribute. But userCertificate, I never see someone using this. Cheers. On 6/6/07, Raphaël 'SurcouF' Bordet <[EMAIL PROTECTED]> wrote: Hi, Can we use ppolicy with another attribut than userPassword, userCertificate by example ? Regards, -- Raphaël 'SurcouF' Bordet -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: Rewrite DN format?
Well... I suggest you try to use "slapcat > olddn.ldif". After, you can open the ldif file with your prefered text editor(example: vi) and change all entries to the new dn. But, you need create the new structure on ldap to accept this entries. Do you understand? Cheers. On 6/6/07, Nels Lindquist <[EMAIL PROTECTED]> wrote: Hi there. I'm trying to merge entries from one tree into another, but the DN format for each tree is different. We're talking about inetOrgPerson entries, if that matters. Specifically, the old DNs are of the form: dn: cn=person,o=org,c=ca And the new DNs are of the form: dn: uid=username,ou=People,dc=example,dc=ca I'm using OpenLDAP 2.1.19, and I suspect that slapd-meta might be able to do what I need. All the examples I've been able to find seem to do with rewriting suffixes, however. I need to go slightly further and rewrite the DN itself. Is this possible, or am I barking up the wrong tree? Thanks very much for any assistance/configuration examples! Nels Lindquist -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: Lock is no longer valid / deferring operation
And about your DBCONFIG? Is everything ok? Cheers. On 7/4/07, Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote: --On Wednesday, July 04, 2007 8:40 PM +0100 Gavin Henry <[EMAIL PROTECTED]> wrote: >> We're running openldap 2.3.35 with ITS#4924 and ITS#4925 patches with >> a bdb backend running 4.2.52 with all 6 recommended patches. > > I hope you mean 5, as there are only 5 listed on the Oracle site. There are 6 recommended patches to BDB 4.2.52, 5 of which come from the Oracle site. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: how to maintain OpenLDAP database ?
Hi Joy! I suggest you to use slapcat, but its better stop the OpenLDAP. You can make a crontab task on midnight, or something like. A very simple example of shell script. #!/bin/bash /etc/init.d/ldap stop slapcat > /path/to/backup/backup_base.ldif tar -zcf /path/to/backup/backup_ldap.tar.gz /etc/ldap /path/to/base /etc/init.d/ldap start exit Cheers. On 7/11/07, JOYDEEP <[EMAIL PROTECTED]> wrote: Dear list, I am newbie in OpenLDAP. Prersently I am running an OpenLDAP as the authentication of Postfix+IMAP email server. How can I take backup and maintain the database of LDAP ? what are the commands ? I like to place the associated commands in a cron jobs. Please enlighten me. thanks -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: cn=config example
People... I have a idea about OpenLDAP documentation. There´s a good documentation at OpenLDAP website. Why not create more efforts to create a Howto series? I´m writing constantlty a howto week´s about basic OpenLDAP features, like some integrations and hints. We can create something like a wiki, using the OpenLDAP documentation and "translate" this things to Howto´s. Horward, we can help your efforts? Thanks for your good work. Cheers. On 9/20/07, Howard Chu <[EMAIL PROTECTED]> wrote: > > Gavin Henry wrote: > > Emmanuel Dreyfus wrote: > >> Howard Chu <[EMAIL PROTECTED]> wrote: > >> > >>> Note that this feature was already documented in the existing > >>> slapd/slapadd/slap* manpages in 2.3. It's a shame that we go to the > trouble of > >>> writing these docs that nobody actually reads. > >> And it's a sad that project leaders immediatly assume users are just > >> unwilling to read the docs, rather than wondering if the docs need > >> improvement. > > > > We know they do, and we are. There's no wondering involved ;-) > > This bears some repeating. We are continuously investing time and energy > into > updating the docs. But if you don't provide feedback like "this part > helped" > or "this part is unclear" then we can only assume you're not reading any > of > it. If you don't tell us the commands you used, and you don't tell us what > diagnostic output was produced, we can only assume that you don't know how > to > ask for help, and that you don't know how to use the software, and that > you've > ignored all of the documentation that tells you how to do all these > things. > > Just saying "this didn't work for me" doesn't tell anybody anything > useful. > > When you communicate effectively with us, you'll get better information > back. > -- >-- Howard Chu >Chief Architect, Symas Corp. http://www.symas.com >Director, Highland Sunhttp://highlandsun.com/hyc/ >Chief Architect, OpenLDAP http://www.openldap.org/project/ > -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: cn=config example
Thanks Gavin for your answer. I appreciate this. Yes, sounds like a good plan. The Admin Guide is a excelent start to the wiki. On next months, if a have a good howto´s to the wiki, where I can install wiki and leave the howto´s? There´s a possibility to have private wiki with contributors at openldap.org? Something like http://wiki.openldap.org? I´m in the end of howto about schema anatomy. And finally, how I can help you Gavin with Admin Guide? Cheers. On 9/20/07, Gavin Henry <[EMAIL PROTECTED]> wrote: > > Gabriel Stein wrote: > > People... > > > > I have a idea about OpenLDAP documentation. There´s a good documentation > > at OpenLDAP website. Why not create more efforts to create a Howto > > series? I´m writing constantlty a howto week´s about basic OpenLDAP > > features, like some integrations and hints. We can create something like > > a wiki, using the OpenLDAP documentation and "translate" this things to > > Howto´s. > > > > Horward, we can help your efforts? Thanks for your good work. > > > > Cheers. > > > > Hi Gabriel. > > I've often thought about this, as Samba do similar at: > http://wiki.samba.org/index.php/Main_Page as do other major OSS projects. > > Here are the issues with your appreciated suggestions: > > 1. The OpenLDAP project do not support 3rd Party software > 2. We have to find the time to mentor and verify the howto/wiki > contributors. > 3. We have to find the time to fight the wiki spam > 4. We have to find the time to keep the howtos updated > 5. Resources, lack of resources, need more resources. > 6. etc. > > *My* first and foremost priority is to finish the Admin Guide, keep it > accurate and up to date. > > I think, as we have done all along, we leave the 3rd party integration > to the 3rd party projects (like the wiki mentioned above). What we don't > want is a wiki where people come along and start posting How tos that we > don't have time to vet, which in turn starts to dilute the OpenLDAP > quality brand and take our time away with the little resources we have. > > However, what is *vital* is that we provide a means to put the Admin > Guide sections into working configuration examples (which some sections > have/will have). This could mean real world deployment examples etc. > > It's all very good having in depth guides, but sometimes it's better to > get something running and come back to the main docs. The vessel in > which we present these complete examples is irrelevant and can be > decided at any point. > > So, coming back to your wonderful offer of help. If you would like to > look at the latest docs in our source repo and pick up a > section/subsection that appeals to you, we can move towards a complete > and detailed OpenLDAP 2.4 Admin Guide and then do the wiki/howto stuff. > > Does that sound like a plan? > > Thanks, > > Gavin. > > -- > Kind Regards, > > Gavin Henry. > OpenLDAP Engineering Team. > > E [EMAIL PROTECTED] > > Community developed LDAP software. > > http://www.openldap.org/project/ > > -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: cn=config example
gt; addition. But again, we have a great FAQ system for this. > > Ditto, there is a FAQ. > > > >> 4. We have to find the time to keep the howtos updated > > > As the scratchpad wiki proves, I don't have *much* time ... but if a > few > > > people can spare a small amount of time, it may be viable. > > We all seem to think we don't have a system in place for this, namely > > the FAQ. I've only mentioned a wiki, as people are talking about it. > > We've had the FAQ for years and years now, but people are still shy. > > Maybe if we just rename the FAQ and call it a Wiki then people will be > happy? :) > > > >> 5. Resources, lack of resources, need more resources. > > >> 6. etc. > > >> *My* first and foremost priority is to finish the Admin Guide, keep > it > > >> accurate and up to date. > > >> I think, as we have done all along, we leave the 3rd party > integration > > >> to the 3rd party projects (like the wiki mentioned above). > > > Which obviously isn't doing such a great job. > > It has worked for me any many others. I've migrated almost all our > services to use OpenLDAP. > > > > Or, is this > > > an area nss_ldap should cover (including the indexes, ACLs etc. that > should > > > be configured on the server side)? > > Yes, it is. > > > >> What we don't > > >> want is a wiki where people come along and start posting How tos that > we > > >> don't have time to vet, which in turn starts to dilute the OpenLDAP > > >> quality brand and take our time away with the little resources we > have. > > > It may be better than having hundreds of howtos out there in random > places of > > > much worse quality, leaving the impression that the OpenLDAP project > prefers > > > this to one authoritative place, where at least contributors or > experts can > > > correct mistakes (which we can't do for all the broken howtos). > > What i don't understand is that (a) there is an official place for Samba > documentation (b) there is an official place for PAM documentation (c) > there is an official place for NSS documentation (d) there is an > official place for ISC Bind documentation (e) there is an official place > for ISC DHCPd documentation (f) there is an official place for Cyrus > IMAPd documentation... so what is the problem? Either (1) the > user chose not to look in the official place or (2) the project chose > not to provide documentation related to LDAP. #1 is the user's problem > and for #2 the user should contact that project, not complain to their > DSA "vendor". > > If the user chose to look in "random places" they must expect > documentation of "random" quality. > > > >> It's all very good having in depth guides, but sometimes it's better > to > > >> get something running and come back to the main docs. > > Disagree; that is just a sloppy approach to system administration. > > -- > Adam Tauno Williams, Network & Systems Administrator > Consultant - http://www.whitemiceconsulting.com > Developer - http://www.opengroupware.org > > -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: cn=config example
Ok People. Just organize this question: - Gavin finishing the Admin Guide; - I'm free to put links(3rd party) at FAQ and update it when have some change(its a good idea about RSS); - Gavin, you are accepting contributions to finish Admin Guide; - And finally... the main concept is RTFM and not make a Dummies Guide; Anything wrong? These points are correct? Sorry about this email, I´m just trying to organize this discussion to make more easy focus and our production. On 9/21/07, Emmanuel Dreyfus <[EMAIL PROTECTED]> wrote: > > Emmanuel Dreyfus <[EMAIL PROTECTED]> wrote: > > > > Thanks for that, but we have to assume some background knowledge ;-) > > Then the amount of > > Hem, that one was sent too early :-) > > What is the amount of assumed knowledge? It would be fair to tell what > are the requirement for reading the doc and where they can be > acquired... > > > -- > Emmanuel Dreyfus > http://hcpnet.free.fr/pubz > [EMAIL PROTECTED] > -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Links about integration
There´s no problem with my ego, is just a annouce: I´m promised to me to post constantly posts to Integration section of FAQ. Every week I wiil check the links consistency and make all necessary updates to the links. Cheers. -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: Links about integration
Quanah, I'm just doing my best. Every documentation, every software have a bug(ok, maybe a little, little, little bug), in the world. Just remember, software was made by humans, documentation was made by humans, and humans have some defects. Can you make some logical links with this? And finally... Perfect!!! You see a wrong samba documentation! Why not report to samba docs team? If have defects in samba documentation, why not contribute? Cheers. On 9/26/07, Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote: > > --On Wednesday, September 26, 2007 12:27 AM -0300 Gabriel Stein > <[EMAIL PROTECTED]> wrote: > > > There´s no problem with my ego, is just a annouce: > > > > I´m promised to me to post constantly posts to Integration section of > > FAQ. Every week I wiil check the links consistency and make all > necessary > > updates to the links. > > Cool. Will you be able to help fix documentation of these other sites? > For example, I was helping someone on #ldap the other day set up syncrepl, > and they were using the documentation at samba.org, which was completely > wrong. :/ > > --Quanah > > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > ---- > Zimbra :: the leader in open source messaging and collaboration > -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: syncrepl refreshing data from new master
Hi, Do you tried setup the retries directive at consumer(slave?) >From OpenLDAP Admin Guide: If an error occurs during replication, the consumer will attempt to reconnect according to the retry parameter which is a list of the and <# of retries> pairs. For example, retry="60 10 300 3" lets the consumer retry every 60 seconds for the first 10 times and then retry every 300 seconds for the next three times before stop retrying. + in <# of retries> means indefinite number of retries until success. Cheers. On 9/26/07, Arunachalam Parthasarathy <[EMAIL PROTECTED]> wrote: > > Hello all, > > I am using openldap 2.3.36 In normal refresh and persist mode of sync > replication, when I dynamically change the uri of the master server in > slave, how to instruct the slave server to refresh the whole data from the > new master server > > Thanks in advance, > > Arunachalam. > > > > > > This e-mail and attachments contain confidential information from HUAWEI, > which is intended only for the person or entity whose address is listed > above. Any use of the information contained herein in any way (including, > but not limited to, total or partial disclosure, reproduction, or > dissemination) by persons other than the intended recipient's) is > prohibited. If you receive this e-mail in error, please notify the sender by > phone or email immediately and delete it! > > > -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: setting up admin password on openldap
You see a rootpw with password hashed in slapd.conf, like Quanah said in
another email. The slappaswd syntax:
slappasswd -h HASH{MD5 or CRYPT, for example} -s password.
For example:
slappasswd -h {MD5} -s password
Cheers.
On 10/28/07, Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
>
> --On Friday, October 26, 2007 5:25 PM -0400 Naufal Sheikh
> <[EMAIL PROTECTED]> wrote:
>
>
> > Any pointers will be appreciated
>
> Actually sending the error message would be useful. If there is no
> password in slapd.conf, how can it be in slapd.conf, and hashed? I assume
> you mean there's a rootpw line in slapd.conf that is hashed. Simply run
> slappasswd to generate the hash of a password you know, and update
> slapd.conf. Given the limited information you've supplied, that's the
> best
> shot in the dark I can make.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------
> Zimbra :: the leader in open source messaging and collaboration
>
--
/\
Gabriel Stein
[EMAIL PROTECTED]
MSN: [EMAIL PROTECTED]
Administrador de Redes -
Network Administrador
Linux User #223750
51-92796310
Porto Alegre - RS - Brasil
Re: Regarding Tree hierarchy in openLDAP
Anjali, You need create the OUs too. The first three steps to create a new directory tree: 1 - Create a suffix: dn:dc=example,dc=com 2 - Create OUs dn: ou=test,dc=example,dc=com dn:ou=test2,dc=example,dc=com 3 - Create things in OUs: dn:cn=something,ou=test,dc=example,dc=com dn:cn=something2,ou=test2,dc=example,dc=com Cheers. On 11/5/07, Anjali Arora <[EMAIL PROTECTED]> wrote: > > Hi, > > Actually i want to create a directory tree hierarchy. If i mention suffix > as dc=example,dc=com > and next time a want to add dn: > cn=file_name,ou=Development,dc=example,dc=com > and dn: cn=file2,ou=SoftwareDeveloper,dc=example,dc=com then server is not > allowing me to perform these kinds of operation server is giving ERROR: > server is umwilling to perform the operation. how to handle this situation > Please let me know as soon as possible. > > Thanks and Regards, > Anjali > > -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil
Re: Access Control issues
Try this: access to dn.one="ou=Private,ou=AddressBook,o=organization,c=US" by self write by anonymous auth by group.exact="ou=Private,ou=AddressBook,o=organization,c=US" write by * none Link: http://www.zytrax.com/books/ldap/ch5/step4.html#step4-access admin wrote: > Hi! > How to grant privileges to all users from, let say, > ou=People,o=organization,c=US with gidNumber=1056 to > ou=Private,ou=AddressBook,o=organization,c=US ? >
Re: AW: best way to export a whole ldap directory
Try using this: slapcat > base.ldap Cheers, On Tue, Apr 8, 2008 at 11:23 AM, Michael Ströder <[EMAIL PROTECTED]> wrote: > Kick, Claus wrote: > > > > > Try something like (depends a bit on your OS): > > ldapsearch -b 'your base dn' -D 'your user ' -w 'password' cn=* > > > somefile.txt > > > > One should rather use "*" "+" as 'attributes' to also get operational > attributes (if needed). And the filter above does not catch entries which > does not have a attribute 'cn' at all. > > So this would be a better example (in one line): > > ldapsearch -x -b -D -w > "(objectClass=*)" "*" "+" > > Note that the entity specified by the bind-DN should have full read access > to the whole content. The server's rootdn has full access circumventing all > ACLs. > > Ciao, Michael. > -- /\ Gabriel Stein [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Administrador de Redes - Network Administrator Linux User #223750 +55 51 9357 3886 Porto Alegre - RS - Brasil
