.
--Quanah
--
Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
that be required? Encrypting the GSSAPI connection is generally
desired much of the time...
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
=com
sn: testuser1
cn: testuser1
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
up some numbers between
OpenLDAP, ApacheDS, and maybe some others.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
their error, and they
are working on a fix, but I don't know which release will have it.
Anyone I've worked with who uses Java soon abandons JNDI because of these
and other issues (custom controls, new RFC's, etc etc etc etc etc).
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra
--On Sunday, March 14, 2010 11:22 PM +0100 Emmanuel Lecharny
elecha...@gmail.com wrote:
On 3/14/10 11:09 PM, Quanah Gibson-Mount wrote:
--On Sunday, March 14, 2010 1:39 PM +0100 Stefan Zoerner
ste...@labeo.de wrote:
The question is: What is the target group of the library? LDAP people
like
[
https://issues.apache.org/jira/browse/DIRSERVER-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12838939#action_12838939
]
Quanah Gibson-Mount commented on DIRSERVER-1214:
This is a very real
[
https://issues.apache.org/jira/browse/DIRSERVER-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12838973#action_12838973
]
Quanah Gibson-Mount commented on DIRSERVER-1214:
So, at least with sub
[
https://issues.apache.org/jira/browse/DIRSERVER-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12838986#action_12838986
]
Quanah Gibson-Mount commented on DIRSERVER-1214:
So ignore my first bit
$ cn )
Should it be considered as an error, and rejected, or should we just
accept the OC ?
I think it should be rejected as an error. I should see what OL does with
such a thing.
my 2c.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra
[
https://issues.apache.org/jira/browse/DIRSTUDIO-513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12746053#action_12746053
]
Quanah Gibson-Mount commented on DIRSTUDIO-513:
---
Stefan,
I think
://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
--On August 5, 2009 11:26:02 AM -0700 Howard Chu h...@symas.com wrote:
Quanah Gibson-Mount wrote:
AFAIK, it is perfectly valid to unbind and then rebind as a new user,
without ever closing the connection, and without ever involving
connection pooling. This is why various LDAP api's
to the world, most clients prefer it. :P
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
, as they are already stored in the DiT.
Sounds a lot like syncrepl. ;)
That search doesn't sound like it handles deletes though, which is always a
PITA.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging
-syncrel, I
documented it on Symas' tech tips at:
http://www.connexitor.com/forums/viewtopic.php?t=3
It's been my preferred replication mechanism with OpenLDAP, as it is
significantly less overhead traffic wise as well in a high-write
environment.
--Quanah
--
Quanah Gibson-Mount
Principal
, I'd love to see one (or more) across all the dir servers. ;) ).
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
, so it can, for example, be limited
to just write operations. That's what the delta-syncrepl replication
mechanism in OpenLDAP is based off of.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging
informational data that's not as
easily tracked in LDIF, but I didn't write the spec (like request Controls
for example). Mainly, I was noting something that the logschema draft is
used for (and which so far is my preferred replication mechanism in
OpenLDAP).
--Quanah
--
Quanah Gibson-Mount
Principal
that misspelling in it. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
ema
il?
Because I sure don't.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
where I found that it is
necessary to have the concept of an internal ID acting on different
permissions from the external ID making a request.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging
--On Thursday, May 31, 2007 1:17 AM -0400 Alex Karasulu
[EMAIL PROTECTED] wrote:
On 5/31/07, Quanah Gibson-Mount [EMAIL PROTECTED] wrote:
--On Wednesday, May 30, 2007 10:11 PM -0700 Enrique Rodriguez
[EMAIL PROTECTED] wrote:
Actually, I very much care whether the request is internal vs
call SDAP or SMART DAP). Of course, then
one would no longer have an LDAP server, and I'm guessing corporate vendors
would be slow to adopt (given the slow pace of their LDAP v3 adoption
already...).
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
technologies
emerge to solve these problems
and clutter the vision of those that should be deciding on LDAP.
Works for me. :)
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
for people to work on a draft
Kerberos LDAP schema. If the Apache DS project is interested in having a
valid RFC approved schema (which is something I've been wanting for years),
those who are interested may wish to join and participate.
--Quanah
--
Quanah Gibson-Mount
Principal Software
. Unfortunately, AD is broken in this area, and cannot use
them for authorization (it can only use static groups).
--Quanah
--
Quanah Gibson-Mount
Senior Systems Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
I like them short as well.
Usually, a smart email client will wrap lines as appropriate. And aren't
most terminals 79 characters??
--Quanah
--
Quanah Gibson-Mount
Senior Systems Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu
based. Unfortunately, one that is not proprietary
is of course desired.
--Quanah
--
Quanah Gibson-Mount
Senior Systems Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--On Tuesday, March 27, 2007 4:04 PM -0400 Alex Karasulu
[EMAIL PROTECTED] wrote:
On 3/27/07, Quanah Gibson-Mount [EMAIL PROTECTED] wrote:
Java based load generators are just fine. I guess this is a tactic to
toot the OpenLDAP (C) horn
and bash Java while doing it: subtle but apparent
--
Quanah Gibson-Mount
Senior Systems Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--On Wednesday, March 28, 2007 12:17 AM +0200 Emmanuel Lecharny
[EMAIL PROTECTED] wrote:
Quanah Gibson-Mount a écrit :
--On Tuesday, March 27, 2007 11:29 PM +0200 Emmanuel Lecharny
[EMAIL PROTECTED] wrote:
Unfortunately, one that is not proprietary is of course desired.
This is why
it as a work item.
http://www3.ietf.org/proceedings/05nov/krb-wg.html
has the instructions for subscribing.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--On Friday, March 02, 2007 1:57 PM -0800 Enrique Rodriguez
[EMAIL PROTECTED] wrote:
On 3/1/07, Quanah Gibson-Mount [EMAIL PROTECTED] wrote:
...
ldap:///cn=Webauth,cn=Applications,dc=stanford,dc=edu??sub?krb5Principal
Name=webauth/[EMAIL PROTECTED] sasl-regexp
uid=(.*),cn=stanford.edu,cn
, MIT and Heimdal if I'm not mistaken.
Greg,
Thanks for the update. It would be nice to see such a schema RFC tracked
so that it gets included by default with various LDAP providers.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford
)
SASL/DIGEST-MD5 is used a lot
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
. But that was several years
ago. I certainly would ensure that this not be a hard-coded method of
making SASL/GSSAPI work. The sasl-regexp bits from OpenLDAP are pretty
handy in this area, you may wish to review them if you haven't yet.
--Quanah
--
Quanah Gibson-Mount
Principal Software
@openldap.org is for OpenLDAP specific queries.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
to ApacheDS 1.0
RC4 (it is), and whether I am able to edit entries (I am). A nice feature
is the Schema browser.
Disadvantage: Windows only.
You might like JxPlorer better, it runs on multiple platforms (java).
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application
called MakeLDIF that'll do this for you,
too. Plus then how you made your LDIF is publishable to others who may
also want to run the same benchmark, since all you have to do is provide
the template for MakeLDIF to use. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared
=stanford.edu,cn=gssapi,cn=auth
ldap:///uid=$1,cn=Accounts,dc=stanford,dc=edu??sub?suSeasStatus=active
Stanford uses SASL/GSSAPI as a binding mechanism, and this allows me to map
different types of Kerberos identities into different parts of the tree.
--Quanah
--
Quanah Gibson-Mount
--On Wednesday, August 02, 2006 1:16 AM +0300 Ersin Er [EMAIL PROTECTED]
wrote:
https://opends.dev.java.net/
And this would be better than FDS how?! :P
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http
--On Tuesday, August 01, 2006 3:21 PM -0700 Quanah Gibson-Mount
[EMAIL PROTECTED] wrote:
--On Wednesday, August 02, 2006 1:16 AM +0300 Ersin Er
[EMAIL PROTECTED] wrote:
https://opends.dev.java.net/
And this would be better than FDS how?! :P
Oh, this is all in java, not based off
://www.symas.com/benchmark-auth.shtml has a link to the Sun
benchmarks.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
Very nice. I'll have to tinker a bit.
Thanks for your recommendations.
Sounds good... When you get to the OpenLDAP bits of cross-testing, I'd be
happy to contribute any knowledge that might be useful there as well. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared
tests as well as the ability to
create your own
(e) Report generation, including PDF and HTML
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
. It uses multiple distributed clients to get an idea of a
servers performance.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--On Tuesday, June 06, 2006 12:50 AM -0400 Noel J. Bergman
[EMAIL PROTECTED] wrote:
Quanah Gibson-Mount wrote:
I think the concept of applying all indexing to attributes is in itself
broken.
So is your suggestion that the option be made available, but that by
indexing selectively
it to the next release if you
schedule the fix for it when creating the JIRA. Sometimes emails go by
and we may miss something.
Alex,
I'll be sure and use JIRA next time for anything I come up with. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
--On Tuesday, June 06, 2006 9:37 AM +0200 Emmanuel Lecharny
[EMAIL PROTECTED] wrote:
Hi guys !
Quanah Gibson-Mount a écrit :
I think it is important to allow specification of what indices to use
for a given attribute for a few reasons. One, that you can use it to
actually make some
--On Monday, June 05, 2006 8:49 AM +0200 Emmanuel Lecharny
[EMAIL PROTECTED] wrote:
Quanah Gibson-Mount a écrit :
Hi !
Hi,
I'm looking at apache DS as compared to OpenLDAP, and have an initial
set of questions:
(a) is it possible to bulk load an LDIF file while the server is
offline
--On Monday, June 05, 2006 7:02 AM -0400 Alex Karasulu
[EMAIL PROTECTED] wrote:
Quanah Gibson-Mount wrote:
Hi,
I'm looking at apache DS as compared to OpenLDAP, and have an initial
set of questions:
(a) is it possible to bulk load an LDIF file while the server is
offline? If yes, how
, and presence. Should also
handle substring matching but not as aggressively as would a substring
index in OpenLDAP.
I assume it should also handle approx, which is not the same as substring.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
, my point was, I'd assume that should be added, so that it could be
supported
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--On Monday, June 05, 2006 5:25 PM -0400 Alex Karasulu
[EMAIL PROTECTED] wrote:
Quanah Gibson-Mount wrote:
--On Monday, June 05, 2006 2:54 PM -0400 Alex Karasulu
[EMAIL PROTECTED] wrote:
I assume it should also handle approx, which is not the same as
substring.
No as I mentioned
scale production
environment every day, fine, ignore them. But that's certainly not a good
way to go to improve the product.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah
--On Monday, June 05, 2006 12:03 AM -0700 Quanah Gibson-Mount
[EMAIL PROTECTED] wrote:
I tried loading a 250,000 (very small) database into Apache DS tonight,
and it died horribly somewhere between 10k and 11k entries.
Emmanuel was able to help me resolve this, and I successfully loaded
--On Tuesday, June 06, 2006 1:03 AM +0200 Emmanuel Lecharny
[EMAIL PROTECTED] wrote:
Quanah Gibson-Mount a écrit :
--On Monday, June 05, 2006 12:03 AM -0700 Quanah Gibson-Mount
[EMAIL PROTECTED] wrote:
I tried loading a 250,000 (very small) database into Apache DS tonight,
and it died
is indexed, is it then simply indexed for all possible search methods?
(f) Are there any other general guidelines for tuning Apache DS?
Thanks,
Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu
60 matches
Mail list logo
