hi,
my openldap is 2.2.19.there is 18 slave servers with one
master.Now,problem is coming. after running about six months,one
slurpd's log file has 400M,I have to delete it with handword,otherwise
maybe the slurpd couldn't start.my question is where can I set the
slurpd's log file size and how to
What OS are you using? are you using a very old version of OS? Eg: RH9
or Solaris2.6? Please upgrade the OS to RHFC3 or Solaris8 or later.
Gary
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, October 17, 2005 9:04 PM
To: Ta
må den 17.10.2005 Klokka 23:47 (+0200) skreiv Michael Ströder:
[EMAIL PROTECTED] wrote:
> I have configure OpenLDAP 2.2.13 over fedora core 1.
This is a very old release. You SHOULD upgrade to at least 2.2.29.
Here RHAS3/4.
People want to play safe and only install the vendor's utility versi
Hi Kurt / all,
I have kind of the same situation here with slurpd (openldap 2.3.7), I
knew it was something wrong with my implementation but I could not
figure it out, I m trying to configure replication between hosts lda01
and lda03, when using 389 everything was fine, as you suggested I can
use
> [EMAIL PROTECTED] wrote:
>> But is the last version stable for RH4 :(
>
> Distribution release cycles have no meaning to release cycles of
> particular open source software. This is a very common misunderstanding.
The essential point is: the distributor may be right, the version it
distributes
[EMAIL PROTECTED] wrote:
> But is the last version stable for RH4 :(
Distribution release cycles have no meaning to release cycles of
particular open source software. This is a very common misunderstanding.
Ciao, Michael.
P.S.: Please stay on the mailing list.
> Mensaje citado por Michael Ströd
[EMAIL PROTECTED] wrote:
> I have configure OpenLDAP 2.2.13 over fedora core 1.
This is a very old release. You SHOULD upgrade to at least 2.2.29.
Ciao, Michael.
ver: openldap-2.3.11
while testing back-ldap and back-meta, i set chase-referrals no in slapd.conf
for the ldap backend db. while running slapd -d 1, you can see the referrals
are still chased. i went and set REFERRALS off in ldap.conf and the referral
chasing stopped. i then set chase-refer
At 06:43 AM 10/17/2005, Robert wrote:
>Hi Folks,
>
>I have a quick question. I have used saslauthd for
>password verification for cyrus-imap using the ldap
>mechanism. I was wondering if it also possible to use
>it for openldap password verification. I used it with
>kerberos having the userPassw
Chapman, Kyle wrote:
this may be a silly question, but are you renewing your krb5 ticket that is
used for replication?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Derek T.
Yarnell
Sent: Monday, October 17, 2005 12:23 PM
To: openldap-software@OpenLDAP.o
At 05:00 AM 10/17/2005, Michael Ströder wrote:
>I'm experimenting with Manage DIT control in web2ldap.
You might consider deferring your experiment until there
is an Internet-Draft detailing the control extension.
>When this server control is enabled slapd 2.3.11 is writing to the log:
>
>slap_gl
Try adding a -x to force simple authentication.
On 10/17/05, Olivier Gigondan <[EMAIL PROTECTED]> wrote:
> Hello !
>
> i wish start to fill my directory. I made a ldif file and i have configured
> ma slapd.conf file.
> But when i want to execute:
> "ldapadd -D 'cn=admin,o=toto' -W -f dit.ldif"
>
Set the url to listen to one interface and set static routes for
getting to your replicas.
On 10/17/05, Su Tam Nguyen <[EMAIL PROTECTED]> wrote:
> Hi all,
> My LDAP servers have 2 network interfaces. I want to use one for serving
> clients and the other for synchronizing between the master and sla
Hello !
i wish start to fill my directory. I made a ldif file and i have configured ma
slapd.conf file.
But when i want to execute:
"ldapadd -D 'cn=admin,o=toto' -W -f dit.ldif"
the auth fail, therefore i have my suer in the config file with the
corresponding password.
The error message is:
"lda
Gary,
Just to double check... the ssl package installs to /usr/local/ssl
(using default paths for installation)? I moved the previously compiled
openSSL package to a .org directory (mv /usr/local/ssl /usr/local/ssl.org),
then ran the following:
Make clean
./config shared
make
make test
ma
Hi Folks,
I have a quick question. I have used saslauthd for
password verification for cyrus-imap using the ldap
mechanism. I was wondering if it also possible to use
it for openldap password verification. I used it with
kerberos having the userPassword attribute set to
[EMAIL PROTECTED] What
I have configure OpenLDAP 2.2.13 over fedora core 1.
My configuration is one master and 332 slaves
In many server i begin problems that this:
ERROR: Internal (implementation specific) error: entry store failed
thanks.
Este men
this may be a silly question, but are you renewing your krb5 ticket that is
used for replication?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Derek T.
Yarnell
Sent: Monday, October 17, 2005 12:23 PM
To: openldap-software@OpenLDAP.org
Subject: SyncRepl Pr
Hi all,
My LDAP servers have 2 network interfaces. I want to use one for serving
clients and the other for synchronizing between the master and slaves. Is it
possible ? If yes, how can I configure them ?
Any help will be appreciated !
Su Tam Nguyen
Thanks for your help, everyone. Given the lack of SASL support, I
think this is looking more and more like a job for our support folks.
Education and scripting could get everyone configured correctly.
The config hack could work, but I'm unsure how well we'd be able to
support it in a production
So I have a 2.3 setup with a provider that is the main RW copy of the
ldap and then 2 consumer RO copies. We are a Kerberos5 shop so we use
GSSAPI/SASL for the SyncRepl connection. The first time I sync it will
work fine, or if I stop and restart slapd it will work. But after a
period of tim
> So perhaps the new checks in 2.3.10/11 are blocking self signed
> certificates, even with "TLS_REQCERT allow"? I also tried "never",
> same result.
Are you setting a TLS_CACERT to your self-signed CA? If not, I'd try that.
Hello All,
I would like implement the following DIT.
DSA1 dc=example,dc=com
DSA2 dc=sub1,dc=example,dc=com
DSA3 dc=sub2,dc=example,dc=com
And in every DSA, there are 3 DS. And the 3 DS should have the same data.
How to implete this architecture?
Using glue overlay and HA?
Hi,
I have the following probleme:
TLS: can't accept.
TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac s3_pkt.c:424
when i try to do an ldapsearch
So i have created my certificats with openssl and test it with openssl
and it was good.
is someone can he
On Mon, 2005-10-17 at 10:31 -0200, Andreas Hasenack wrote:
> On Mon, Oct 17, 2005 at 10:39:15AM +0200, Dieter Kluenter wrote:
> > I just experienced the same problem and it took me a few minutes to find
> > the reason, which resulted in
> >
> > TLS trace: SSL3 alert read:fatal:certificate expired
On Mon, Oct 17, 2005 at 10:16:28AM -0400, Samuel Tran wrote:
> > If I run ldapsearch from another machine which has another version of
> > openldap that is not 2.3.11 nor 2.3.10, then it works.
>
> On my OL 2.3.11 test servers both SSL and TLS work fine.
> We use our own CA certificate to sign our
The following is the config we are using in order to provide a read-only
anonymous bind to our backend ADS directory. In order for the rwm-mapping
stuff to work without issues you must apply the changes Pierangelo made.
Namely, update the following files from HEAD:
servers/slapd/overlays/rwm.
On Mon, Oct 17, 2005 at 09:29:57AM -0400, Aaron Richton wrote:
> > If I run ldapsearch from another machine which has another version of
> > openldap that is not 2.3.11 nor 2.3.10, then it works.
>
> So this is against your 2.3.11 slapd, 2.3.11 ldapsearch -ZZ fails while
> <2.3.10 connects OK (2.3
> If I run ldapsearch from another machine which has another version of
> openldap that is not 2.3.11 nor 2.3.10, then it works.
So this is against your 2.3.11 slapd, 2.3.11 ldapsearch -ZZ fails while
<2.3.10 connects OK (2.3.11 server held constant)?
Do you have identical ldap.conf and/or .ldapr
Howard Chu writes:
> BDB doesn't look into subdirectories unless you tell it to.
Thanks.
--
Hallvard
On Mon, Oct 17, 2005 at 10:39:15AM +0200, Dieter Kluenter wrote:
> I just experienced the same problem and it took me a few minutes to find
> the reason, which resulted in
>
> TLS trace: SSL3 alert read:fatal:certificate expired
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> T
Em Seg 17 Out 2005 06:39, Dieter Kluenter escreveu:
> I just experienced the same problem and it took me a few minutes to find
> the reason, which resulted in
>
> TLS trace: SSL3 alert read:fatal:certificate expired
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't acc
HI!
Any information available about this control found in ldap.h?
#define LDAP_CONTROL_NO_SUBORDINATES"1.3.6.1.4.1.4203.666.5.11"
What is it for?
Ciao, Michael.
HI!
I'm experimenting with Manage DIT control in web2ldap.
When this server control is enabled slapd 2.3.11 is writing to the log:
slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.666.5.12
Does this mean that this control is not usable for all LDAP operations?
Only with modify reques
Dieter Kluenter wrote:
Hi,
with OpenLDAP-2.3.11 it seems that sasl authentication with external
mechanism via ldapi is flawed.
No, it is correct in 2.3. It was wrong in 2.2.
,
| [EMAIL PROTECTED]:~> ldapwhoami -Y external
| SASL/EXTERNAL authentication started
| SASL username: uidNumber=
Hi,
with OpenLDAP-2.3.11 it seems that sasl authentication with external
mechanism via ldapi is flawed.
,
| [EMAIL PROTECTED]:~> ldapwhoami -Y external
| SASL/EXTERNAL authentication started
| SASL username: uidNumber=1000+gidNumber=100,cn=peercred,cn=external,cn=auth
| SASL SSF: 0
| dn:gidNum
Hi,
Andreas Hasenack <[EMAIL PROTECTED]> writes:
> I reviewed ITS#4082 and I have that patch applied in tls.c (I'm running
> 2.3.11
> which has it). However, I still get TLS errors when using "ldapsearch -ZZ":
> connection_get(13)
> connection_get(13): got connid=0
> connection_read(13): checki
37 matches
Mail list logo