答复: 答复: Forbidden account password reuse of the last 5 password
Clément Oudot, Thank you. I have changed the rootdn from root to other user, it’s still not working. I can modified the user password same with before. I have set the password policy and added user in this password policy as below: 发件人: openldap-technical [mailto:openldap-technical-boun...@openldap.org] 代表 Clément OUDOT 发送时间: 2019年2月14日 23:19 收件人: openldap-technical@openldap.org 主题: Re: 答复: Forbidden account password reuse of the last 5 password Le 14/02/2019 à 12:17, Tian Zhiying a écrit : But it seems not working, my password is following: First time password: AAbb1122 Second time password: CCdd3344 Third time password: AAbb1122, same with the first time password, it has been modified successfully. Check that the password modification is not done by the rootdn, as the rootdn is bypassing password policy constraints. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com <mailto:clement.ou...@worteks.com> Worteks | https://www.worteks.com
答复: Antw: 答复: Forbidden account password reuse of the last 5 password
Yes, I have set a default password policy and assigned the password policy to user. -邮件原件- 发件人: openldap-technical [mailto:openldap-technical-boun...@openldap.org] 代表 Ulrich Windl 发送时间: 2019年2月14日 22:18 收件人: matthieu.ce...@nbs-system.com; openldap-technical@openldap.org; tianzy1225 主题: Antw: 答复: Forbidden account password reuse of the last 5 password >>> "Tian Zhiying" schrieb am 14.02.2019 um >>> 12:17 in Nachricht <01d4c456$d6b4ed40$841ec7c0$@thundersoft.com>: > Hi Matthieu, > > > > Thank you for your reply. > > > > I have set the "pwdInHistory" attribute to 5 in password policy and > set forbidden their reuse in config.inc.php of Self Service Password. > As below > shown: > Did you also assign the password policy to users, or did you set a default policy? > > > > > > > > > But it seems not working, my password is following: > > First time password: AAbb1122 > > Second time password: CCdd3344 > > Third time password: AAbb1122, same with the first time password, it > has been modified successfully. > > > > Thanks > > > > > > -邮件原件- > 发件人: openldap-technical > [mailto:openldap-technical-boun...@openldap.org] 代表 > Matthieu Cerda > 发送时间: 2019年2月14日 17:38 > 收件人: openldap-technical@openldap.org > 主题: Re: Forbidden account password reuse of the last 5 password > > > > You may set the "pwdInHistory" attribute to 5 to store the last 5 > passwords > used, and forbid their reuse. > > > > Le 14/02/2019 à 10:35, Matthieu Cerda a écrit : > >> Yes, you might want to use the password policy (ppolicy) overlay: > >> <https://kb.symas.com/v2.4.45.2/man5/slapo-ppolicy/> > https://kb.symas.com/v2.4.45.2/man5/slapo-ppolicy/ > >> > >> Le 14/02/2019 à 07:58, Tian Zhiying a écrit : > >>> Hi > >>> > >>> Is there a feature that OpenLDAP password policy can forbidden user password > reuse of the last 5 password? > >>> > >>> Thanks. > >>> > >>> > >>> > >>> > > -- > > Matthieu Cerda > > Infrastructure, BU Means @ NBS System > > > >
答复: Forbidden account password reuse of the last 5 password
Hi Matthieu, Thank you for your reply. I have set the "pwdInHistory" attribute to 5 in password policy and set forbidden their reuse in config.inc.php of Self Service Password. As below shown: But it seems not working, my password is following: First time password: AAbb1122 Second time password: CCdd3344 Third time password: AAbb1122, same with the first time password, it has been modified successfully. Thanks -邮件原件- 发件人: openldap-technical [mailto:openldap-technical-boun...@openldap.org] 代表 Matthieu Cerda 发送时间: 2019年2月14日 17:38 收件人: openldap-technical@openldap.org 主题: Re: Forbidden account password reuse of the last 5 password You may set the "pwdInHistory" attribute to 5 to store the last 5 passwords used, and forbid their reuse. Le 14/02/2019 à 10:35, Matthieu Cerda a écrit : > Yes, you might want to use the password policy (ppolicy) overlay: > <https://kb.symas.com/v2.4.45.2/man5/slapo-ppolicy/> > https://kb.symas.com/v2.4.45.2/man5/slapo-ppolicy/ > > Le 14/02/2019 à 07:58, Tian Zhiying a écrit : >> Hi >> >> Is there a feature that OpenLDAP password policy can forbidden user password >> reuse of the last 5 password? >> >> Thanks. >> >> >> >> -- Matthieu Cerda Infrastructure, BU Means @ NBS System
Forbidden account password reuse of the last 5 password
Hi Is there a feature that OpenLDAP password policy can forbidden user password reuse of the last 5 password? Thanks.
root server and subtree server replicate.
Dear all, I'd like to have a subtree managed by a second LDAP server and its contents replicated to the "upper" root server. server A(root server): suffix="dc=domain,dc=org" server B(subtree server): suffix="ou=people,dc=domain,dc=org" B's subtree should be replicated to A and should be searchable on A. Is there any solutions can fix this case? Thanks.
OpenLDAP userpassword instead SambaNTPassword
Hi I just intergrated OpenLDAP and Samba service, the prupose is to allow users can use one account and password to login them. But after I change the password from " Self Service Password ", only userpassword has changed, SambaNTPassword has not changed. Could you help me ? Thanks.
答复: Chinese display garbled
Hi , Thank you very much. How can I display chinese in LDAP database, rather than a base64 code? -邮件原件- 发件人: openldap-technical [mailto:openldap-technical-boun...@openldap.org] 代表 Dieter Klünter 发送时间: 2015年2月5日 19:57 收件人: openldap-technical@openldap.org 主题: Re: Chinese display garbled Am Thu, 5 Feb 2015 19:17:25 +0800 schrieb "Tian Zhiying" : > Hello > > > > > > My ldif file type is UTF-8 as below. > > # file test.ldif > > test.ldif: UTF-8 Unicode text > > > > The test.ldif content includes Chinese, as below: > > # cat test.ldif > > dn: cn=行政部,ou=domain,dc=domain,dc=com > > cn: 行政部 > > gidnumber: 500 > > objectclass: posixGroup > > > > I can add it to the LDAP server. Then excuting this command “# > ldapsearch -x -H ldap://localhost -b dc=domain,dc=com” , it display as > below: > > > > # \E7\94\B0\E5\BF\97\E8\8B\B1, domain, domain.com > > dn:: > Y24955Sw5b+X6IuxLG91PXRodW5kZXJzb2Z0LGRjPXRodW5kZXJzb2Z0LGRjPWNvbQ== > > cn:: 55Sw5b+X6Iux > > gidNumber: 500 > > objectClass: posixGroup > > objectClass: top > This is just the base64 encoded DN string, decoded it is cn=田志英,ou=thundersoft,dc=thundersoft,dc=com -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
Chinese display garbled
Hello My ldif file type is UTF-8 as below. # file test.ldif test.ldif: UTF-8 Unicode text The test.ldif content includes Chinese, as below: # cat test.ldif dn: cn=行政部,ou=domain,dc=domain,dc=com cn: 行政部 gidnumber: 500 objectclass: posixGroup I can add it to the LDAP server. Then excuting this command “# ldapsearch -x -H ldap://localhost -b dc=domain,dc=com” , it display as below: # \E7\94\B0\E5\BF\97\E8\8B\B1, domain, domain.com dn:: Y24955Sw5b+X6IuxLG91PXRodW5kZXJzb2Z0LGRjPXRodW5kZXJzb2Z0LGRjPWNvbQ== cn:: 55Sw5b+X6Iux gidNumber: 500 objectClass: posixGroup objectClass: top How can I deal with it? Can you help me? Thanks!!!
Update openldap version from 2.3.43 to latest
Hi Admin I'm running OpenLDAP 2.3.43 in CentOS 5.8 64bit, now I want to update OpenLDAP from 2.3.43 to latest. How can I do it ? If no way update from 2.3.43 to latest, how can I migration data of 2.3.43 to new OpenLDAP? Thanks. Tian Zhiying - 在此邮件中未发现病毒。 检查工具:AVG - www.avg.com 版本:2012.0.2249 / 病毒数据库:4257/8428 - 发布日期:01/14/15
How can I add ldap user from linux shell command line?
Hi All How can I add ldap user from linux shell command line? And how can I batch add ldap user from linux shell command line? Tian Zhiying
How can i setup acl on openldap(ubuntu 12.04)
Hi My server is ubuntu 12.04 64bit, install openldap via apt-get, now i want to setup acl,how can i quickly to setup it. Before i use centos 5, slapd.conf on /etc/openldap dir, but slapd.conf is not on /etc/ldap dir at ubuntu 12.04. Tian Zhiying
OpenLDAP can manage IP/MAC/Assets and other information?
Hi OpenLDAP can manage IP/MAC/Assets and other information? If it can, what schema I need to add ? Thanks. Tian Zhiying
Re: RE: OpenLDAP 2.3.4 TLS negotiation failure
Hi Chris: I have to regenerate the CA, and make sure that the hostname and common name match(ldap.server.com), the following is the command output: [r...@ldap.server.com ~]# echo | openssl s_client -connect ldap.server.com:636 -showcerts -state -CAfile /etc/openldap/cacerts/cacert.pem CONNECTED(0003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 /C=CN/ST=BJ/O=TS/OU=IT/CN=ldap.server.com/emailAddress=tia...@server.com verify return:1 depth=0 /C=CN/ST=BJ/L=BJ/O=TS/OU=IT/CN=ldap.server.com/emailAddress=tia...@server.com verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A On LDAP Server run the command: "ldapsearch -x -H ldap://ldap.server.com -ZZ" is ok, I think CA is no problem now. But on my client , it also ouput "ldap_start_tls: Connect error (-11) " LDAP Server log file output: Oct 24 11:41:41 auth slapd[14371]: conn=49 fd=14 ACCEPT from IP=192.168.9.9:46226 (IP=0.0.0.0:389) Oct 24 11:41:41 auth slapd[14371]: conn=49 op=0 STARTTLS Oct 24 11:41:41 auth slapd[14371]: conn=49 op=0 RESULT oid= err=0 text= Oct 24 11:41:41 auth slapd[14371]: conn=49 fd=14 closed (TLS negotiation failure) Tian Zhiying From: Chris Jacobs Date: 2013-10-23 22:18 To: tianzy1225; DieterKlünter; openldap-technical Subject: RE: Re: OpenLDAP 2.3.4 TLS negotiation failure Inline... > -Original Message- > From: openldap-technical-boun...@openldap.org [mailto:openldap- > technical-boun...@openldap.org] On Behalf Of Tian Zhiying > Sent: Wednesday, October 23, 2013 2:59 AM > To: DieterKlünter; openldap-technical > Subject: Re: Re: OpenLDAP 2.3.4 TLS negotiation failure > > Hi Dieter: > > Thanks for your quick reply. > I have changed 'TLS_REQCERT try' and check the commonName of the host > certificate, the common name is LDAP Server hostname "auth.server.com", > the following is the query results: > [root@auth cacerts]# openssl s_client -connect localhost:636 -showcerts - > state -CAfile /etc/openldap/cacerts/cacert.pem > CONNECTED(0003) > SSL_connect:before/connect initialization > SSL_connect:SSLv2/v3 write client hello A > SSL_connect:SSLv3 read server hello A > depth=0 /C=CN/ST=BJ/L=BJ/O=TS/OU=IT/CN=auth.server.com/emailAddres > s=tia...@server.com > verify error:num=18:self signed certificate > verify return:1 Here is your problem. The host does not trust the SSL cert. The 'CAfile' you've pointed the openssl command (and the real clients guessing by the path) isn't the CA chain for that SSL cert. We also use an internal CA that our hosts don't trust globally. Same command and output for me: [root@ldapmaster1.[snip] ~]# echo | openssl s_client -connect ldapmaster1.[snip]:636 -showcerts -state -CAfile /etc/openldap/cacerts/cacert.pem CONNECTED(0003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=2 C = US, O = [snip], OU = PKI, CN = [snip] Internal Root CA verify return:1 depth=1 C = US, O = [snip], OU = PKI, CN = [snip] Internal Issuing CA 01 verify return:1 depth=0 C = US, ST = WA, L = Seattle, O = [snip], CN = ldap-vip. [snip], emailAddress = [snip] verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A The command then continues to dump the cert, and the chain certs, as expected. You must put the entire CA chain from the Root CA to the signing/subordinate CA that signed this SSL cert (if applicable) in x509/PEM format in your 'CAfile' - assuming the Root CA isn't trusted server wide already. Then try again. Also, make sure to use the name specified in your SSL cert when connecting/testing - mess with your local hosts file if needed. - chris > depth=0 /C=CN/ST=BJ/L=BJ/O=TS/OU=IT/CN=auth.server.com/emailAddres > s=tia...@server.com > verify return:1 > SSL_connect:SSLv3 read server certificate A > SSL_connect:SSLv3 read server certificate request A > SSL_connect:SSLv3 read server done A > SSL_connect:SSLv3 write client certificate A > SSL_connect:SSLv3 write client key exchange A > SSL_connect:SSLv3 write change cipher spec A > SSL_connect:SSLv3 write finished A > SSL_connect:SSLv3 flush data > SSL_connect:SSLv3 read finished A > > Now, the /etc/openldap/ldap.conf file: > URI
Re: Re: OpenLDAP 2.3.4 TLS negotiation failure
Hi Dieter: Thanks for your quick reply. I have changed 'TLS_REQCERT try' and check the commonName of the host certificate, the common name is LDAP Server hostname "auth.server.com", the following is the query results: [root@auth cacerts]# openssl s_client -connect localhost:636 -showcerts -state -CAfile /etc/openldap/cacerts/cacert.pem CONNECTED(0003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=0 /C=CN/ST=BJ/L=BJ/O=TS/OU=IT/CN=auth.server.com/emailAddress=tia...@server.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=CN/ST=BJ/L=BJ/O=TS/OU=IT/CN=auth.server.com/emailAddress=tia...@server.com verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A Now, the /etc/openldap/ldap.conf file: URI ldap://ldap.server.com/ BASE dc=server,dc=com TLS_CACERT /etc/openldap/cacerts/cacert.pem #SSL ON TLS_REQCERT try But, run "#ldapsearch -x -H ldap://ldap.server.com -ZZ" , I also get the following error: [root@client cacerts]# ldapsearch -x -H ldap://ldap.server.com -ZZ ldap_start_tls: Connect error (-11) Tian Zhiying From: DieterKlünter Date: 2013-10-23 17:35 To: openldap-technical CC: tianzy1225 Subject: Re: OpenLDAP 2.3.4 TLS negotiation failure Am Wed, 23 Oct 2013 16:47:25 +0800 schrieb "Tian Zhiying" : > Hi > > On the LDAP Server , I run following command is ok: > #ldapsearch -x -H ldap://ldap.server.com -ZZ > #ldapsearch -x -H ldap://ldap.server.com > > But on my client , I run "#ldapsearch -x -H ldap://ldap.server.com";, > is ok; Run "#ldapsearch -x -H ldap://ldap.server.com -ZZ" , I get the > following error: [root@client cacerts]# ldapsearch -x -H > ldap://ldap.server.com -ZZ ldap_start_tls: Connect error (-11) > > On LDAP Server log file, I get the following error messages: > Oct 23 16:41:25 auth slapd[4213]: conn=206 fd=24 ACCEPT from > IP=192.168.9.9:45648 (IP=0.0.0.0:389) Oct 23 16:41:25 auth > slapd[4213]: conn=206 op=0 STARTTLS Oct 23 16:41:25 auth slapd[4213]: > conn=206 op=0 RESULT oid= err=0 text= Oct 23 16:41:25 auth > slapd[4213]: conn=206 fd=24 closed (TLS negotiation failure) > > My client ldap configuration: > /etc/openldap/ldap.conf file: > URI ldap://ldap.server.com/ > BASE dc=server,dc=com > TLS_CACERT /etc/openldap/cacerts/ca.crt > SSL ON > TLS_REQCERT demand Set 'TLS_REQCERT try' and check the commonName of the host certificate. SSL ON is not an openldap configuration parameter. The /etc/ldap.conf file is not a openldap client configuration file, but of nss_ldap. > /etc/ldap.conf file: > BASE dc=server,dc=com > URI ldap://ldap.server.com > SSL ON > TLS_CACERT /etc/openldap/cacert/ca.crt > TLS_REQCERT demand > > Any suggestion what cause TLS negotiation failure? -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
OpenLDAP 2.3.4 TLS negotiation failure
Hi On the LDAP Server , I run following command is ok: #ldapsearch -x -H ldap://ldap.server.com -ZZ #ldapsearch -x -H ldap://ldap.server.com But on my client , I run "#ldapsearch -x -H ldap://ldap.server.com";, is ok; Run "#ldapsearch -x -H ldap://ldap.server.com -ZZ" , I get the following error: [root@client cacerts]# ldapsearch -x -H ldap://ldap.server.com -ZZ ldap_start_tls: Connect error (-11) On LDAP Server log file, I get the following error messages: Oct 23 16:41:25 auth slapd[4213]: conn=206 fd=24 ACCEPT from IP=192.168.9.9:45648 (IP=0.0.0.0:389) Oct 23 16:41:25 auth slapd[4213]: conn=206 op=0 STARTTLS Oct 23 16:41:25 auth slapd[4213]: conn=206 op=0 RESULT oid= err=0 text= Oct 23 16:41:25 auth slapd[4213]: conn=206 fd=24 closed (TLS negotiation failure) My client ldap configuration: /etc/openldap/ldap.conf file: URI ldap://ldap.server.com/ BASE dc=server,dc=com TLS_CACERT /etc/openldap/cacerts/ca.crt SSL ON TLS_REQCERT demand /etc/ldap.conf file: BASE dc=server,dc=com URI ldap://ldap.server.com SSL ON TLS_CACERT /etc/openldap/cacert/ca.crt TLS_REQCERT demand Any suggestion what cause TLS negotiation failure? Thanks! Tian Zhiying
Re: Re: Other system use port 636 connect LDAP Server Error
Hi Espeake Thanks for your quick reply. There is no firewall between the two systems. Telnet 192.168.0.10 is ok, as follows: # telnet 192.168.0.10 636 Trying 192.168.0.10... Connected to localhost (192.168.0.10). Escape character is '^]'. quit Connection closed by foreign host. Actually, LDAP Server is used for other system, include mediawiki/redmine/gerrit... , now these systems are unable to use LDAPS certification. So, I use ldapsearch method to test it. Tian Zhiying From: espeake Date: 2013-09-26 18:42 To: tianzy1225 CC: openldap-technical; openldap-technical-bounces Subject: Re: Other system use port 636 connect LDAP Server Error From: "Tian Zhiying" To: openldap-technical Cc: tianzy1225 Date: 09/26/2013 03:38 AM Subject: Other system use port 636 connect LDAP Server Error Sent by: openldap-technical-boun...@openldap.org Hi In ldap server(localhost) , I execute the below command , it ok. # ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W But in other linux system is not ok, below is the error info: # ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed LDAP Server is Centos 5.8 64 OS, iptables serverice is closed state. What is the cause? You have any Suggestions? Thanks. Tian Zhiying -- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 6C4D96009F0.A06A1 Is there a firewall between the two systems> That port could be blocked. Try doing a telnet to that IP on port 636. telenet 192.168.1.10 636 Eric This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS ?2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
Other system use port 636 connect LDAP Server Error
Hi In ldap server(localhost) , I execute the below command , it ok. # ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W But in other linux system is not ok, below is the error info: # ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed LDAP Server is Centos 5.8 64 OS, iptables serverice is closed state. What is the cause? You have any Suggestions? Thanks. Tian Zhiying
How to two-way synchronization on openldap 2.4.33 version
Hi I use OpenLDAP 2.4.33 version, I want to achieve two-way synchronization, but master --> slave ok slave --> master not ok Can it support slave to master data synchronization on 2.4.33 version? Thanks Tian Zhiying
Re: Re: OpenLDAP slave-master synchronization problem
Quanah, Thanks for your reply. I using "openldap-2.3.43" version now. It has not been supported ? What to go upgrade? In the begining, I use "yum" method to install . Tian Zhiying From: Quanah Gibson-Mount Date: 2013-03-01 10:39 To: tianzy1225; openldap-technical Subject: Re: OpenLDAP slave-master synchronization problem --On Thursday, February 28, 2013 6:35 PM -0800 Quanah Gibson-Mount wrote: > You clearly have not correctly configured your replica. I advise you to > read the replication section of the admin guide. In particular, you are > missing any syncrepl statement(s) for the replica, thus it still believes > it is a master. Ugh, never mind, you are using slurpd. I don't know what god-forsaken release you are using, but whatever it is, is ancient and no longer supported. Please upgrade to a current supported release of OpenLDAP. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. Zimbra :: the leader in open source messaging and collaboration
OpenLDAP slave-master synchronization problem
Hello,
I have two openldap servers, and have configured the master-slave
synchronization, but have a problem:
When an entry in master server is changed it is automatically changed in the
slave server.
But, when an entry in slave server is changed it is not automatically changed
in the master server.
In the slave server slapd.conf config file, I've set up “updateref
ldap://192.168.100.11:389“ , the 192.168.100.11 is my master server.
The following is my configuration.
Master Configuration:
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
access to *
by * write
databasebdb
suffix "dc=domain,dc=com"
rootdn "cn=root,dc=domain,dc=com"
overlay ppolicy
rootpw {SSHA}DyNIn6rweGRnQP0ntGaZxynMllSA3/w4
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShelleq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntryeq,pres,sub
replogfile /var/lib/ldap/openldap-master-replog
loglevel 4095
replica host=192.168.70.15:389
binddn="cn=sa,dc=domain,dc=com"
bindmethod=simple credentials=miao3p
Slave Configuration:
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
access to *
by * write
databasebdb
suffix "dc=domain,dc=com"
rootdn "cn=root,dc=domain,dc=com"
overlay ppolicy
rootpw {SSHA}sgBwprgmRciOEGTLjE5K9J22msm+U9NW
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShelleq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntryeq,pres,sub
updatedn "cn=sa,dc=domain,dc=com"
updateref ldap://192.168.100.11:389
Any ideas? Thank you very much.
Tian Zhiying
