web2ldap pre-release 1.2.0 (final)

HI! There's the final release of web2ldap 1.2.0 available. It's considered to be the best web2ldap release so everybody's encouraged to upgrade to this version. See detailed changes below. >From now on web2ldap 1.1.x is considered historic and will not be maintained anymore. Download here: http

[ldap] Re: [ldapext] Any implementations using userPassword;hash-scheme?

Kurt Zeilenga wrote: > > On Jan 29, 2013, at 12:04 AM, Michael Ströder wrote: > >> Andrew Sciberras wrote: >>> Yes, the ViewDS product does support attribute value hashing using attribute >>> options to convey the hash scheme. >> >> Ok, I will e

[ldap] Re: [ldapext] Any implementations using userPassword;hash-scheme?

t 2:41 AM, Michael Ströder <mailto:mich...@stroeder.com>> wrote: > > HI! > > Is anyone here aware of any implementation using userPassword;hash-scheme? > > It was described in RFC 2307 but starting with a rather vague text: > "A future standard m

[ldap] Any implementations using userPassword;hash-scheme?

HI! Is anyone here aware of any implementation using userPassword;hash-scheme? It was described in RFC 2307 but starting with a rather vague text: "A future standard may specify LDAP v3 attribute descriptions to represent hashed userPasswords" The text was already dropped in draft-howard-rfc2307

[ldap] Re: Fwd: New Version Notification for draft-stroeder-namedobject-00.txt

Manuel Gaupp wrote: > Michael Ströder wrote: >> Please review this draft intended to be published as informational RFC. > > Section 2 ends with the following requirement: > >LDAP clients displaying a list of entries of these object classes >should use mandantory a

[ldap] Fwd: New Version Notification for draft-stroeder-mailboxrelatedobject-00.txt

...@stroeder.com CC: mich...@stroeder.com A new version of I-D, draft-stroeder-mailboxrelatedobject-00.txt has been successfully submitted by Michael Ströder and posted to the IETF repository. Filename:draft-stroeder-mailboxrelatedobject Revision:00 Title: Lightweight Directory

[ldap] Fwd: New Version Notification for draft-stroeder-namedobject-00.txt

: Sun, 16 Dec 2012 11:42:04 -0800 From: internet-dra...@ietf.org To: mich...@stroeder.com CC: mich...@stroeder.com A new version of I-D, draft-stroeder-namedobject-00.txt has been successfully submitted by Michael Ströder and posted to the IETF repository. Filename:draft-stroeder-namedobject

[ldap] Any case where same controlType is used twice?

HI! Is there any known LDAP extended control which is used more than once in a LDAPRequest or LDAPResponse? Or can a client expect that a controlType is only used exactly once in the list of returned controls in a single message? Up to now I've never seen something like this but one never knows.

[ldap] Re: filtered replication

Wuensche Michael wrote: I have an Openldap environment with 2 servers, one serving as provider for 2 databases and one as consumer. Technical questions specific for OpenLDAP should be directed to the openldap-technical mailing list (see http://www.openldap.org/lists/). On one of the databas

[ldap] Re: Require TLS for simple binds with password

juergen.bernh...@lhsystems.com wrote: I have the following question: we have about 100 LDAP applications running to our Novell LDAP interface. Some work on port 636, some on 389. Now I want to set the parameter "require TLS for simple bind with password". My understanding was that TLS (or StartTL

[ldap] Better schema for room entries

HI! The COSINE schema defined object class 'room' but requires setting attribute 'cn' and also recommends to use it for forming the RDN: http://tools.ietf.org/html/rfc4524#section-3.8 IMHO this does not make sense for most rooms. Are any LDAP admins here maintaining rooms as LDAP entries? Do

[ldap] ANNOUNCE: web2ldap release 1.1.0

ng of ;binary encoding type in input form (for attribute userCertificate) * More robust conversion of PEM to DER in Certificate.sanitizeInput() -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com smime.p7s Description: S/MIME Cryptographic Signature

[ldap] RE: Servers with support for dynamic entries (RFC 2589)?

Michael Ströder wrote: > Vladimir Dzhuvinov / NimbusDS wrote: >>> I'd like to do some more interop testing regarding dynamic entries (see RFC >>> 2589). Any servers except OpenLDAP with slapo-dds which support the Refresh >>> Extended Operation? >> >&g

[ldap] RE: Servers with support for dynamic entries (RFC 2589)?

Vladimir Dzhuvinov / NimbusDS wrote: > Hi Michael, > >> I'd like to do some more interop testing regarding dynamic entries (see RFC >> 2589). Any servers except OpenLDAP with slapo-dds which support the Refresh >> Extended Operation? > > Judging by the RFC sponsors it looks like MS Active Directo

[ldap] Servers with support for dynamic entries (RFC 2589)?

HI! I'd like to do some more interop testing regarding dynamic entries (see RFC 2589). Any servers except OpenLDAP with slapo-dds which support the Refresh Extended Operation? Ciao, Michael.

[ldap] Attributes for unlocking entries, all password-relevant attributes

HI! I've implemented the use-case in web2ldap for unlocking entries which were locked out because of password failure. IMHO it mainly boils down to delete the relevant attributes from the entry. Another similar use-case is to unset all password-relevant attributes. Now I'm looking for proprietary

[ldap] Re: Group entry name attribute

=no (The DSL uplink is slow though...) Ciao, Michael. > Am 19.10.2011 22:30, schrieb Michael Ströder: >> HI! >> >> I'd like to search for group entries by name. >> >> It seems that a group entry's name is commonly stored in attribute 'cn' >

[ldap] Group entry name attribute

HI! I'd like to search for group entries by name. It seems that a group entry's name is commonly stored in attribute 'cn' (groupOfNames, organizationalRole, posixGroup etc.). Are there any other known group entry naming attributes known? I did not find one in my schema collection... Ciao, Micha

[ldap] Re: Bank account information

Peter Brooks wrote: > On 4 June 2010 17:44, Mark H. Wood wrote: >> >> I imagine that some of the resistance to this idea rests on >> assumptions. Of *course* your directory is exposed to the entire >> universe: it's a *directory*. The idea of a hidden directory service >> seems strange to me, w

[ldap] Re: Bank account information

Christoph Holtermann wrote: > I'm using OpenLDAP to store my contacts. I tried to find a possibility > to store the bank account but i didn't find an according attribute in > any schema. What's the reason for this ? Do i have to create an own > schema to be able to store this information ? I creat

[ldap] Re: Bank account information

Justin Dearing wrote: >> On Jun 3, 2010 7:21 AM, "Christoph Holtermann" > > wrote: >> I'm using OpenLDAP to store my contacts. I tried to find a possibility >> to store the bank account but i didn't find an according attribute in >> any schema. What's the reason for this

[ldap] Re: checking credentials

ince most LDAP servers will accept this being an anonymous bind by default! > - Bind with a generic DN and search for username and password and: > - no results: credentials are KO > - result: credentials OK Unusual and might fail in some scenarios. Ciao, Michael. -- Michael St

[ldap] Re: ldap ssl MS AD

Simon Walter wrote: > Well this gave me a clue that the server is not correctly configured: > "TLS: peer cert untrusted or revoked (0x42)" This means that your client is not correctly configured. > I'm guessing that means that the way the server's was configured was > either with a revoked certif

[ldap] Re: ldap ssl MS AD

Simon Walter wrote: > I've tried with the command: > $ ldapsearch -x -W -LLL -E pr=200/noprompt -h ??? -p 3268 -D > "?...@???.???" -b "dc=???, dc=???" -s sub "(cn=*)" cn mail sn > > And I get a lot of info from the AD. However when I try to use SSL: > $ ldapsearch -W -LLL -E pr=200/noprompt -h ???

[ldap] Re: Custom Schema for host information.

is also STRUCTURAL. But LDAPv3 only allows a single STRUCTURAL object class for an entry. So it boils down to defining a custom object class. Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com > Hi, > > I've been pulling my hair out for the p

[ldap] Re: mail attribute for organizationalRole objectClass - best (de-facto) practice

kevin.buck...@ecs.vuw.ac.nz wrote: > In a basic (as in using the schemas that come with openldap) > DIT where "real people" are mostly describeable via "subclasses" > of inetOrgPerson objects > > top > person > organizationalPerson > inetOrgPerson > > one can obviously place an email address agai

[ldap] Re: Detecting the user password attribute and the proper way to change it

Vladimir Dzhuvinov wrote: > I'm working on a small Java package to assist users with changing their > password in an LDAP directory. It should be usable with minimal > knowledge about the exact server implementation and user schema. > Ideally, the package would allow a password to be changed with j

[ldap] Re: Connecting to Someone's LDAP Directory

Ivan Shmakov wrote: >> Andrew Findlay writes: > > >> Is there an LDAP directory available on the internet to connect to > >> for LDIF's and practicing? > > > There are quite a lot, though there is no definitive list. You will > > find a good number here: > > > http://www.emailman.com/l

[ldap] Re: LDAP attribute type for timezone, retrieve locale for shell sessions

Adam Tauno Williams wrote: > On Thu, 2009-08-13 at 15:59 +0200, Michael Ströder wrote: >> Anybody aware of an attribute type dedicated to store the time zone of a >> user? > > Nope (but timezone codes are just strings). I think this would be the > 'default' tim

[ldap] LDAP attribute type for timezone, retrieve locale for shell sessions

HI! Anybody aware of an attribute type dedicated to store the time zone of a user? It would also make sense if pam_ldap/nss_ldap could query the locale of the user from the user's directory entry and set the locale accordingly. Anybody doing something like this? Ciao, Michael.

[ldap] Re: LDAP attributes for geographic ``variables''?

Gavin Henry wrote: > Ivan Shmakov wrote: >>> Kurt Zeilenga writes: >> [...] >> >> > As an alternative approach, I would suggest having a single >> > multi-valued attribute that would contain URIs expressing the >> > location of the attribute. This would push various issues, such as >> > w

[ldap] Re: LDAP attributes for geographic ``variables''?

Kurt Zeilenga wrote: > As an alternative approach, I would suggest having a single multi-valued > attribute that would contain URIs expressing the location of the > attribute. This would push various issues, such as which location > system is being used, out to the URIs. This is a good thing as

[ldap] Re: ldap attribute for continent?

Ivan Shmakov wrote: >>>>>> Michael Ströder writes: > > Defining your own LDAP syntax would be the solution (similar to > > RFC2307 NIS Netgroup Triple, OID 1.3.6.1.1.1.0.0). > > ACK. Thanks. > > > But encouraging all the LDAP server vendo

[ldap] Re: real world object -> DN: an one-to-many mapping?

4519. Not sure whether that is the right approach for your particular application though. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com

[ldap] Re: ldap attribute for continent?

.0.0). But encouraging all the LDAP server vendors to implement an additional syntax can take some time. ;-) Also it would require to define name/ID registry for all the coordinate systems and encourage people to register their coordinate systems. Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com

[ldap] Re: Distinct passwords

André Ribas wrote: > You understood well Justin and I agree with you but it's the way that my > supervisor wants. =( > > His reason is supposed to be "security". Probably he wants service accounts (not separate user accounts) which is indeed a reasonable thing to do. Ciao, Michael. > Justin De

[ldap] Re: OpenLDAP 23 client with 24 server?

Matt Juszczak wrote: > > Most of our boxes are FreeBSD. FreeBSD has ports for openldap22, > openldap23, and openldap24. Not using slurpd much anymore in my setups, > I decided to run with openldap24 in our recent setup. Setup openldap24 > server, and all the FreeBSD clients have openldap24 clie

[ldap] Re: Connecting to Someone's LDAP Directory

Tyrone Baseck wrote: > Is there an LDAP directory available on the internet to connect to for > LDIF's and practicing? There used to be more than today. But still there are some left: http://web2ldap.de/demo.html#examples Or the select list on the start page of the application: http://demo.web2l

[ldap] RE: Multiple Feeds

Tyrone Baseck wrote: > Yes, I understand schema's. And schema's might answer my question. > So, I'm gonna say yes that I am trying to find out if there are existing > schemas the mainframe? Query the subschema subentry of the mainframe's LDAP server implementation and then look at the real data

[ldap] Re: OU as member of Group

Sanrag Sood wrote: > I can add individual users to a group by using the memberUid attribute. > How can I do the same for an OU so that if I add an OU to a group all > the Users in that particular OU automatically become member of the group > and whenever the OU gets updated, the group automatically

[ldap] RE: Multiple Feeds

Tyrone Baseck wrote: > This is not really a problem. I'm just trying to understand LDAP when > it comes to mainframes. I just would like to see an example of the ldap > information from a mainframe. What do the user attributes look > like coming from the mainframe going into an LDAP server? Wh

[ldap] Re: DSML vs. LDIF

Howard Chu wrote: >> From: Adam Tauno Williams > Date: Tue, 16 Dec 2008 11:19:51 -0500 > >>> > Does it tend to replace LDIF, or do they have different purpose ? >> >> You could replace LDIF with DSML if all your tools supported it. >> Personally I think it would be really nice as LDIF (like iCal,

[ldap] Re: LDIF v2

Yves Dorfsman wrote: > Hallvard B Furuseth wrote: >>> So then, shouldn't the RFC make that clear ? When I researched this, >>> I remember seeing that one of the LDAP server (either the Oracle or >>> the IBM, can't remember) added an extension to LDIF, and accepted a >>> "charset:" tag. Maybe we sho

[ldap] Re: DSML vs. LDIF

Yves Dorfsman wrote: > Is DSML used a lot ? >From my experience: No. > Does it tend to replace LDIF, or do they have different purpose ? DSML can replace LDIF. But personally I think you won't gain anything. Ciao, Michael.

[ldap] Re: LDAP Error 32 v/s Empty Result Set

Agarwal, Sharad wrote: > "Michael Ströder" <[EMAIL PROTECTED]> wrote: >> So I'd be interested which LDAP clients the original poster is >> working with and which problems he experienced. > > WebLogic is the application in question. WebLogic allow

[ldap] Re: LDAP Error 32 v/s Empty Result Set

Pierangelo Masarati wrote: > - "Michael Ströder" <[EMAIL PROTECTED]> wrote: > >> Pierangelo Masarati wrote: >>> - "Emmanuel Lecharny" <[EMAIL PROTECTED]> wrote: >>> >> http://www.watersprings.org/pub/id/draft-just-ldapv

[ldap] Re: LDAP Error 32 v/s Empty Result Set

Pierangelo Masarati wrote: > - "Emmanuel Lecharny" <[EMAIL PROTECTED]> wrote: > >> http://www.watersprings.org/pub/id/draft-just-ldapv3-rescodes-02.txt > > Iinternet Drafts are not authoritative sources of information. They > should never cited except as work-in-progress. No one seems to be

[ldap] ANNOUNCE: web2ldap release 1.0.5

HI! Find a new release of web2ldap on http://www.web2ldap.de/download.html About: web2ldap is a full-featured LDAPv3 client written in Python and designed to run as a stand-alone Web gateway or under the control of a web server with FastCGI or SCGI support (e.g., Apache with mod_fastcgi

[ldap] ANNOUNCE: web2ldap release 1.0.0

iven ASN.1 string type the viewer now falls back to display the invalid characters in hex-escaped form (instead of raising UnicodeError). o The OIDs of attribute types used in subject and issuer names are displayed. -- Michael Ströder Klauprechtstr. 11 Di

[ldap] Re: groupOfUniqueNames join / search (sql join)

Brent Clark wrote: I would like to know, if you use groupOfUniqueNames and you want to follow the uniqueMember to get the mail attribute. Would anyone know how perform that type of ldapsearch There's noch such think like a SQL join in LDAP. You have to implement a client for that. Ciao, Mi

[ldap] Re: [OT] dealing with network connection (looking for weird ldap situations)

Hallvard B Furuseth wrote: Gerardo Herzig writes: Hi dudes. I have a python/cgi app who interacts with an ldap server. The thing is, sometimes ldap server allows the cgi to make some changes, some times it does not. Same app, same user, same change... You are not waiting for results from previ

[ldap] Re: [OT] dealing with network connection (looking for weird ldap situations)

Gerardo Herzig wrote: Hi dudes. I have a python/cgi app who interacts with an ldap server. The thing is, sometimes ldap server allows the cgi to make some changes, some times it does not. Same app, same user, same change... Assuming you're using python-ldap you can let it write debug informati

[ldap] Re: member-of-group user attr + group/member object classes?

Hallvard B Furuseth wrote: Is there a published schema with a member-of-group user attribute (i.e. an attribute maintained by the user), with a associated auxiliary member object class and preferably structural group object class? I don't know any. But it might be a good idea to revisit the th

[ldap] ANNOUNCE: web2ldap release 0.16.41

HI! Find a new release of web2ldap on http://www.web2ldap.de/download.html About: web2ldap is a full-featured LDAPv3 client written in Python and designed to run as a stand-alone Web gateway or under the control of a web server with FastCGI or SCGI support (e.g., Apache with mod_fastcgi

[ldap] Re: Data Entry

Gerard wrote: I am new to using LDAP. When using objectclass: person, I know that I have to use both 'sn' and 'cn'; however, is it possible to leave one of them blank, or possibly enter a NULL character? No. Ciao, Michael. --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTE

[ldap] Re: value of an LDAP attribute is a document?

Zhang Weiwu wrote: > > Is it common to add document to LDAP as an attribute? No, although there's no length restriction for attribute syntaxes. > e.g. I'd like to > add CV (in PDF or RTF format) to personnel's entry. In this case what > attributes are recommended or standardized to be used? It'

[ldap] ANNOUNCE: web2ldap release 0.16.35

HI! Find a new release of web2ldap on http://www.web2ldap.de/download.html About: web2ldap is a full-featured LDAPv3 client written in Python and designed to run as a stand-alone Web gateway or under the control of a web server with FastCGI or SCGI support (e.g., Apache with mod_fastcgi

[ldap] Re: find Active directory server location

Dieter Kluenter wrote: Thts me <[EMAIL PROTECTED]> writes: My Active directory server is located somewhere in my network. Is there a way to find its location (IP address) & port ? Active Directory registers with your domain name service using Service Location Protocol (SLP), just ask your name

[ldap] ANNOUNCE: web2ldap release 0.16.31

HI! Find a new release of web2ldap on http://www.web2ldap.de/download.html About: web2ldap is a full-featured LDAPv3 client written in Python and designed to run as a stand-alone Web gateway or under the control of a web server with FastCGI or SCGI support (e.g., Apache with mod_fastcgi

[ldap] Re: PGP server schema and files?

Jan-Piet Mens wrote: The only decent stuff I found some time ago is dated 2006: http://lists.gnupg.org/pipermail/gnupg-users/2006-February/028058.html http://lists.gnupg.org/pipermail/gnupg-users/2006-April/028369.html That second URL helped. Thanks! But I really wonder whether there's any de

[ldap] PGP server schema and files?

HI! I wonder where to officially download schema files and even reference docs for a LDAP-based PGP key server? Some archived mailing list postings mention pgp-keyserver.schema. But I found no download URL still working... :-( Ciao, Michael. --- You are currently subscribed to ldap@umich.ed

[ldap] ANNOUNCE: web2ldap release 0.16.28

HI! Find a new release of web2ldap on http://www.web2ldap.de/download.html About: web2ldap is a full-featured LDAPv3 client written in Python and designed to run as a stand-alone Web gateway or under the control of a web server with FastCGI or SCGI support (e.g., Apache with mod_fastcgi

[ldap] ANNOUNCE: web2ldap release 0.16.24

HI! Find a new release of web2ldap on http://www.web2ldap.de/download.html About: web2ldap is a full-featured LDAPv3 client written in Python and designed to run as a stand-alone Web gateway or under the control of a web server with FastCGI or SCGI support (e.g., Apache with mod_fastcgi

[ldap] Re: correct way to ldapmodify certain entries

Damon Getsman wrote: What I need to do is add more memberUid s to this and other entries. I attempted to write an .ldif as follows: dn: cn=executiv,ou=Group,dc=ouah,dc=net changetype: add memberUid: diddy memberUid: whee Try this (since you want to modify an existing entry and not add a new o

[ldap] Re: [newbie] use of ldap for browser memorisation of userid/password on various web sites??

Terry Gardner wrote: databases accessed via LDAP can be and are used as a user data store and a policy data store for authentication and authorization purposes cf. OpenSSO (AccessManager), and competing products like CA SiteMinder. I guess this is not what Bernard asked for. Or maybe I didn't

[ldap] Re: [newbie] use of ldap for browser memorisation of userid/password on various web sites??

Bernard T. Higonnet wrote: All browser offer to remember userid/password pairs (and more) and it seems to me this would fall, somewhat obviously, into a case of possible use of ldap, since it does authentication. Hmm, strictly speaking saving the passwords in the browser profile is not "aut

[ldap] Re: schema with multiple organisation objects in a container

Frank Swasey wrote: slapadd: could not parse entry (line=6) [..] What you are trying to do should work just fine. The only problem I see is that structuralObjectClass is not an attribute that you can set yourself. But with slapadd you can import/restore it like the original poster tried.

[ldap] Re: schema with multiple organisation objects in a container

Wessel Louwris wrote: invalid value for attributeType structuralObjectClass #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=6) when adding: dn: o=company1,ou=companies,dc=dummy,dc=nl structuralObjectClass: organisation objectClass: top objectClass: organisation

[ldap] Re: Tool for bulk updates?

Frank Swasey wrote: Today at 1:02pm, Dave Horsfall wrote: What do people use for bulk updates? Examples would be changing the "gidNumber" for a bunch of users, or shifting users from one OU/suffix into another. My ldap server is OpenLDAP, I use slapcat, followed by a custom perl script that

[ldap] Re: Tool for bulk updates?

Dave Horsfall wrote: What do people use for bulk updates? Examples would be changing the "gidNumber" for a bunch of users, or shifting users from one OU/suffix into another. Simply write a small script yourself in your favourite scripting language. Really flexible tools would have to introdu

[ldap] Re: schema extension for Goverment

quite hard. In Germany there are even differences between the federal states. In one of my projects we even ended up defining different regions for specific applications since a generally usable definition could not be found. Ciao, Michael. -- Michael Ströder E-Mail: [EMAIL PROTECTED] http://w

[ldap] Re: DN for hosted LDAP tree

Hallvard B Furuseth wrote: > > Michael Ströder writes: >> Generally I recommend to follow dc-style naming but with an additional >> level (sub-domain) reflecting each service name. To be sure talk to the >> DNS people to reserve the used sub-domain for this partic

[ldap] RE: AD extending schema and objectClass

Dean Wells wrote: > > My original response was meant to only to address your specific > question and provide a little related information to reinforce the > answer. Did the collective responses successfully explain what a > dynamic aux. class is? I'm not the original poster. My aim was just to c

[ldap] Re: DN for hosted LDAP tree

not able to deal with SRV RRs. So you won't find them in corporate networks for anything else than AD. Ciao, Michael. -- Michael Ströder E-Mail: [EMAIL PROTECTED] http://www.stroeder.com --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.

[ldap] RE: AD extending schema and objectClass

ally meaning the same. Ciao, Michael. -- Michael Ströder E-Mail: [EMAIL PROTECTED] http://www.stroeder.com --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.

[ldap] RE: AD extending schema and objectClass

Dean Wells wrote: > 3. you've extended the schema and have added your auxiliary class to an > auxiliary class from which the structural class is derived > 4. you've extended the schema and have added your attributes directly to an > auxiliary class from which the structural class is derived ??? 1

[ldap] Re: Newbie Q: nested objects

g a role to a certain location. User could have role A in location X but not in location Y. Ciao, Michael. -- Michael Ströder E-Mail: [EMAIL PROTECTED] http://www.stroeder.com --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.

[ldap] Re: homePostalCode not working for me

Chuck wrote: > > I am unable to get homePostalCode (from inetOrgPerson) Just a side note: I don't know which object classes you're really using but attribute 'homePostalCode' is not allowed in object class 'inetOrgPerson'. Ciao, Michael. --- You are currently subscribed to ldap@umich.edu as: [E

[ldap] Re: Deleting with ldapdelete with a filter ?

Donn Cave wrote: > On Oct 8, 2007, at 2:26 PM, Michael Ströder wrote: >> >> That says it all. Create a list of DNs to be deleted with ldapsearch, >> grep "^dn:" and pipe that to ldapdelete. > > ldapsearch's LDIF output will wrap lines at column 78, wh

[ldap] Re: Deleting with ldapdelete with a filter ?

Zembower, Kevin wrote: > I'm trying to delete over a hundred objects in my LDAP tree with the > command line tool ldapdelete. So far, I've just used this tool to delete > one specific item at a time. I thought I could also use it to delete > many items based on a filter, but now I'm not sure and wo

[ldap] RE: Newbie: best method for using special characters?

Zembower, Kevin wrote: > > When nothing else could be found for 'special character,' I made the > erroneous assumption that this example could be extrapolated to > parenthesis. Parenthesis are not special in DNs but they are special in filters. > Warning: ldap_search(): Search: Bad search filter

[ldap] RE: Newbie: best method for using special characters?

Zembower, Kevin wrote: > Michael, thanks for your suggestion. I read the RFC and it seemed to > say that I just need to escape the parenthesis with a backslash. Parenthesis?!? Did you really read RFC 4514, section 2.4? Or did you read another RFC? -- snip

[ldap] Re: Newbie question

Mário Gamito wrote: > > Problem is I get this error: > > "adding new entry "dc=kito.dynip.sapo,dc=pt" > ldap_add: Naming violation (64) > additional info: value of naming attribute 'dc' is not present > in entry" I guess you're using OpenLDAP. Read about that in the very fine OpenLDAP Fa

[ldap] Re: Newbie: best method for using special characters?

Zembower, Kevin wrote: > I'm trying to modify a PHP program written by someone else so that it > correctly inserts LDAP records containing special characters in > distinguished names. Read about special chars for DNs in RFC 4514. Ciao, Michael. --- You are currently subscribed to ldap@umich.edu

[ldap] Re: Trees and Databases

Daniel Henninger wrote: > > on people I want the sizelimit to be 500 > on printers I want no limit > on hosts I want sizelimit 1 > ... basically limits based off the trees. Not exactly what you're requesting and assuming you're deploying OpenLDAP, look at slapd.conf(5): limits [ [...]]

[ldap] Re: organization name and department name does change, how do we do?

Zhang Weiwu wrote: > > On Wed, 2007-06-13 at 22:25 -0400, Adam Tauno Williams wrote: > > [EMAIL PROTECTED]:~/public_html/acd> ldapmodrdn -x -D ... -W > uid=realsstest6,ou=contacts,ou=china,dc=ahk,dc=de uid=test7 > Rename Result: Operation not allowed on non-leaf (66) > Additional info: subtree r

[ldap] Re: organization name and department name does change, how do we do?

Zhang Weiwu wrote: > > Or do you mean adding an attribute to each person entry which is a DN > referring to the business branch this person is working for? Probably he was talking about populating the attributes 'ou' and 'departmentNumber' in inetOrgPerson entries. You should partition your dire

[ldap] Re: must 'cn' of a person be the person's full name?

Zhang Weiwu wrote: > On Wed, 2007-06-13 at 22:28 -0400, Adam Tauno Williams wrote: >>> client PIM software, >> Meaning what? If you mean common address book and mail clients then >> you'd better stick to the standard or repeatedly/constantly explain to >> your users why "no, I know that is what t

[ldap] Re: Multimaster replication issue SunOne LDAP

Mahendra Sharma wrote: > > We have 2 multimaster replication server (sunone ldap 5.1x) setup. Make sure you have relevant patches. Better use a more recent version. > replication agreement looks good, but while updating and testing data, > whenever I update Server B I can see data on server A,

[ldap] Re: Where defines the allowed auxiliary classes that are used by an entry

Weijian Fang wrote: >> DIT content rules, see section 4.1.6 of RFC 4512. >> > I am programming a client using JNDI. How can it access the DIT > content rules? Many thanks. You might be able to retrieve them from the subschema subentry in attribute dITContentRules. This depends on the LDAP server.

[ldap] Re: Where defines the allowed auxiliary classes that are used by an entry

Weijian Fang wrote: > > I am new to ldap. I have a schema in hand and a ldap DIT complying > with the schema. I understand an entry in DIT can have only one > structural objectClass and multiple auxiliary objectClasses. I can see > these in DIT. But where defines the allowed auxiliary classes that

[ldap] ANN: python-ldap-2.3.0

Find a new release of python-ldap: http://python-ldap.sourceforge.net/ python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. It mainly wraps the OpenLDAP 2.x libs for that purpose. Additionally it contains modules for other LDAP-related stuff (e.g. p

[ldap] Re: Change passwords and other info stored in a LDAP directory

nd command-line tool ldappasswd). Then ldapconn.passwd_s() is used with python-ldap. Ciao, Michael. -- Michael Ströder E-Mail: [EMAIL PROTECTED] http://www.stroeder.com http://python-ldap.sf.net http://www.web2ldap.de --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]

[ldap] Re: Range in RDN value and LDAP search??

ince version 2.1 I suppose, but in 2.3 for sure. > > Thanks Michael for this information :) > > Michael Ströder a écrit : > >> Emmanuel Lecharny wrote: >> >> >>> This sounds a good idea, but be aware that again, this is a String >>> comparizon, not

[ldap] Re: ldap-compatible design software (Desktop Publishing)

Zhang Weiwu wrote: > Hello. Our organization has been making heavy use of ldap database to > manage a lot of contacts (> 4000) and we have a task to create a > printable directory of all these contacts. The directory must have the > corporate VI and a lot of design details, so a design software is

[ldap] Re: SSL/TLS certificate issues

Magnus Morén wrote: > Michael Ströder wrote: >> Magnus Morén wrote: >>> 2) What is the "best practice" here? Try to get Verisign to include >>> subjectaltname OR >> >> A CA is free to issue certs based on their policy which also contains a >

[ldap] Re: SSL/TLS certificate issues

Magnus Morén wrote: > > But... when i finally installed the "real" certificate on the ldap > servers i realized that the subjectaltname" was removed by Verisign and > now i can't connect to ldap.hh.se with some clients. > [..] > 2) What is the "best practice" here? Try to get Verisign to include

[ldap] Re: test ldap question...

bruce wrote: > > thanks for the reply. i went to the web2ldap site, and played with the app > for a sec. Yes, I saw it. > however, i can't figure out how to add the sub filter to the http request > that i have for the umich directory services. You won't add it to a HTTP request. LDAP URLs are s

[ldap] Re: Still Lost On SASL Documentation

Quanah Gibson-Mount wrote: > > Stanford University's webauth allows the server to make SASL/GSSAPI > binds to the LDAP server, But doesn't it pass a TGT by a HTTP cookie? Ciao, Michael. --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL

[ldap] Re: Good SASL Documentation

Rachel Florentine wrote: > > Their accounts will be established through a Plone (Zope) site I'm > building. Also check out Demo/sasl_bind.py in python-ldap's source distribution for what is needed in your Python parts. Ciao, Michael. --- You are currently subscribed to ldap@umich.edu as: [EMAIL

  1   2   >