Ben Steeves wrote:
On 7/21/06, Per Kristiansen <[EMAIL PROTECTED]> wrote:
I had hoped to let the people at HR do the data entry on the "soft"
information , while the operations people do the "hard" information.
If people are going to need access to just a few attributes, or you
need to apply
David Boreham wrote:
Mikael Kermorgant wrote:
Hello,
I'd like to run a script that deletes everything from ou=People (~
5000 users).
The problem is that I first run a search and the result size is
limited by the server.
Increasing thiis limit would surely work but I don't find it very
el
Mike Jackson wrote:
Richard Megginson wrote:
Views and VLV (Virtual List Views) are different. Views allows you
to impose a hierarchical DIT upon a flat tree (virtually). VLV is
paged search results.
Right.
So, do you Rich have any tips how to disable VLV?
Although I still don't se
Scott Boggs wrote:
Del babel.com.au> writes:
Scott Boggs wrote:
I am curious; I understand that LDAP does not enforce case sensitivity for
user names or passwords.
However, I am wondering if there is a method to enforce such a policy on
fedora-ds? I noticed the behavior earlier this
Craig White wrote:
I have personal address books...each user would have one - i.e.
ou=AddressBook,uid=craig,ou=People,dc=azapple,dc=com
ou=AddressBook,uid=jennifer,ou=People,dc=azapple,dc=com
and my thinking is that each person can read/write/delete/etc. their own
address book, authenticated u
John Dennis wrote:
We are also keenly interested in a calendar server but I'll confess I'm
confused as to the relationship you envision between FDS and calendar
server based on caldav, could you explain?
Well, I originally said it was somewhat off topic, and I think I'm going
even further of
Mike Jackson wrote:
I searched all over their site trying to find the source code, but no
cigar. Binary downloads were downloadable for free.
I imagine this was just the announcement, and the release will come
sometime later.
Between FDS (which seems to be improving more steadily than Sun'
I know this is somewhat off topic, though it has come up a couple times
since Red Hat bought the whole suite from Netscape...
http://www.sun.com/smi/Press/sunflash/2005-11/sunflash.20051130.1.html
Looks like Sun is open sourcing JES (which includes the mail and
calendar server as well as the d
Darren Fulton wrote:
Hello,
The web calendar is "Web Calendar" ( http://www.k5n.us/webcalendar.php )
and I'm currently authenticating using http basic auth, over SSL using
mod_ldap in Apache. User authenticates as jjones and if there is a
webcal user by the name of jjones, it pulls up his cale
Richard Megginson wrote:
Darren Fulton wrote:
I have an in production application at our office (Web Calendar) that I
am migrating to LDAP authentication using FDS from application internal
authentication.
Some of the users in the old program have user id's of $firstname and
they don't work be
Yeah - I think console caches some of this stuff. You don't have to
restart ldap or admin server, just console.
- Jeff
Rich Megginson wrote:
Hm - sounds like a bug. You may have to restart the console in order
for it to pick up your new schema.
speedy zinc wrote:
--- Rich Megginson <[EM
speedy zinc wrote:
Let's say, my apps have some specific needs for data,
which is not covered by existing standard schema. So,
I create extended schema. Let's say I have 3 apps
right now, and I can't forsee what future apps will
need in terms of schema definition.
And let's say I've been using
You can look at this from 2 perspectives. One is LDAP access control,
and the other is application level access control stored in LDAP.
Access control within LDAP is simply setting up ACI's that restrict
access to LDAP data based on certain rules. Note that LDAP access
control is implementat
er="(&(objectClass=posixGroup)(cn=toto))" attrs="cn gidNumber
userPassword memberUid"
[12/Oct/2005:12:46:24 +0200] conn=1 op=1 RESULT err=0 tag=101
nentries=1 etime=0
[12/Oct/2005:12:46:24 +0200] conn=1 op=2 UNBIND
[12/Oct/2005:12:46:24 +0200] conn=1 op=2 fd=64 closed -
of users i can have
basile
Jeff Clowser wrote:
It could be a limit on the sizes of groups, etc in Solaris.
To check to see if it's LDAP related, look at the ldap access logs
for queries related to that group or coming from that machine.
Anyway, 2000 I believe is the default sizelimit fo
It could be a limit on the sizes of groups, etc in Solaris.
To check to see if it's LDAP related, look at the ldap access logs for
queries related to that group or coming from that machine. Anyway, 2000
I believe is the default sizelimit for searches, so look for entries
with 2000 results, if
Comments inline below
Jet Young wrote:
Now I want to create a new server in Fedora Directory 7.1 with these
data. But I found some problems.
1.In NS directory 4.1, I only need to copy those files to the relative
directory and everything will be ok. But now, I can't find any files
named "sldap
I'm looking at options for back-ending DNS data in LDAP/FDS. Looking
for free/open source options, and what I've found so far are:
ldapdns
dns server integrated against ldap
http://www.nimh.org/code/ldapdns/ (version 2)
http://ldapdns.sourceforge.net/ (version 3)
Sounds good, but I'm not sure i
Rich Megginson wrote:
Jeff Clowser wrote:
suppose that might be more clearly stated in the X.501 spec?).
Sounds like I am stepping into an LDAP/X.50x holy war :)
I'm sure the folks on the ldap umich list will be happy to provide
their interpretations :-)
Heh :)
I propose the cre
Steven Bonneville wrote:
Well, sort of. What X.501 says and the LDAP RFCs follow is that an entry
is characterized by exactly one *chain* of structural object classes that
has exactly one structural object class as the most subordinate object
class in the chain...
...Now, we can't add accou
Sorry to dredge up a really old thread, but I've been trying to track
down something about it that's been bothering me.
Basically, part of the thread devolved to the idea of creating a single
user entry that has objectclasses: inetorgperson, account,
posixaccount, shadowaccount, etc. If I un
Chris Curran wrote:
I have a LDAP server setup in my Tbird Address Book. To test the
connection, in Tbird addr book I choose the 'Offline' tab then
'Download Now'. It asks me for a username and password - I enter them
and at that point I'm back where I began in Tbird. I check the log
files in
Are you sure you are not using cn=directory manager when you do ssl, and
cn=manager when you are doing non-ssl? Maybe you just typed the wrong
thing in one app?
- Jeff
Vsevolod (Simon) Ilyushchenko wrote:
Hi,
I'm trying to bind to FDS as "cn=Manager, ..." and looks like it does
not work u
It all depends on your client apps. Client apps, in this case, are
pretty much anything that talks to the directory server (i.e.
thunderbird, a mail server that uses ldap for user info, etc.).
In the case of using thunderbird as an addressbook client:
1. click on the addressbook button.
2. u
Kevin Myer wrote:
Quoting Jeff Clowser <[EMAIL PROTECTED]>:
There is really no need to use the dc=k12,dc=pa,dc=us style tree - in
fact, in most cases I've set up, that was actually a bad choice. Sun
uses o=internet as a base under which to put a full dc tree (in their
5.
I would create a suffix with something like "o=isp", then create
"o=k12.pa.us", "o=abc.org", "o=", etc under that. Create
ou=people, ou=groups, etc under each, and set up admin groups, aci's,
etc to allow each to be managed separately, allow appropriate views by
users, etc.
Search o=isp as y
Sam Tran wrote:
We have about 1,300 employees grouped by departments (Finance, HR, IT,
...) and some contractors and volunteers.
Since we have the opportunity to redesign the DIT in a few months I
have been thinking on improving the DIT structure.
Most of the applications that use our Director
Pete Rowley wrote:
Which sounds like a nice enhancement, redirect non-view entry creation to
some other part of the dit :) I think it is only the creation case that
really matters - clients that just do modify ops are much more likely to use
the dn of the returned entry than to try to construc
Sam Tran wrote:
Jeff, Pete,
So you would definitely go with hierarchical DIT and not flat DIT with views?
Thanks for you comments.
Personally, yes, that is my preference. But... sometimes the apps you
deploy will overrule that. For those apps, views may be the solution
(personally, I've
Pete Rowley wrote:
A) they currently have no internet draft or RFC, and to my knowledge no
other server impliments them - only you can tell if this matters
Yep - if you are looking for portability, stay away from this.
D) Entry DN's are not disguised, that is views does not try to make the
Look in the access log on the FDS server for connections from that
workstation (grep on the IP of that workstations, or one of the user
id's that are trying to auth, etc). When you find it, grep out conn=xxx
(where xxx is the connection # from that IP) so you get the complete
connection from s
Mike Jackson wrote:
Good point. OpenLDAP does support ACIs, but it is listed as
experimental, and you have to explicitly enable it at configure time.
Still, I don't know if the ACI syntax and evaluation algorithms in OL
and FDS are similar or not.
Nope - openldap's experimental aci's are co
Note that there are a lot of issues with replicating data between
dissimilar ldap implementations, and always will be until things like
access control is standardized. Even if I could replicate my data to
openldap, it would not honor the fds aci's, which would result in
unexpected/unwanted res
Mike Jackson wrote:
There are similar issues with changing the IP address. Note that
this is an issue with admin server, not directory server itself (i.e.
changing the port and ip address on directory server works without
problem, but "breaks" admin and such).
I wonder what breaks if you
Think of it this way (doing this from memory):
- Config info for _other servers_ (such as admin) is held in the
directory under o=netscaperoot. DS itself does not "use" any of this.
It's important to understand that directory and admin are 2 separate
servers.
- There is one file (adm.conf?
George Holbert wrote:
The installer for Fedora DS asks about which directory server should
be the "Configuration Directory Server." My understanding is that
this configuration directory server stores information about the
Fedora/Netscape console (e.g., which servers show up in the console
sc
Brian K. Jones wrote:
On Monday 20 June 2005 2:03 pm, Mike Jackson wrote:
Don't put schema into 99user.ldif, it's not maintainable.
This would seem to be contrary to the documentation on redhat's site. I'm
certainly not meaning to say you're wrong - quite the contrary - I'm pointing
37 matches
Mail list logo
