Re: password hashes

Brandon McCombs wrote: The info I found never explicitly stated either way whether multiple hashes could be listed but since the info I found would only list one hash in the examples I had to assume that multiple hashes weren't allowed since the text wouldn't claim otherwise. I didn't have a

Re: password hashes

Howard Chu wrote: Brandon McCombs wrote: I'm gathering from reading various sites that openldap doesn't allow a person to specify multiple hash algorithms in the slapd.conf file. Is this correct? Gathering info from various sites around the web is a bad idea, when the info is plainly availab

Re: password hashes

Brandon McCombs wrote: I'm gathering from reading various sites that openldap doesn't allow a person to specify multiple hash algorithms in the slapd.conf file. Is this correct? Gathering info from various sites around the web is a bad idea, when the info is plainly available in the OpenLDAP

password hashes

I'm gathering from reading various sites that openldap doesn't allow a person to specify multiple hash algorithms in the slapd.conf file. Is this correct? If only one is able to be listed then when I specify a password in a custom client openldap will automatically hash the plaintext version o

Re: Using back-ldap as a dumb proxy

--On Thursday, February 22, 2007 12:59 AM +0100 Pierangelo Masarati <[EMAIL PROTECTED]> wrote: Quanah Gibson-Mount wrote: Sure. Which configuration do you want me to try it with? ;) Here is -d -1 with this config: idassert-bind bindmethod=sasl saslmech=gssapi

Re: Using back-ldap as a dumb proxy

Quanah Gibson-Mount wrote: > Sure. Which configuration do you want me to try it with? ;) Here is -d > -1 with this config: > > idassert-bind bindmethod=sasl >saslmech=gssapi >realm=stanford.edu >authcID=service/[EMAIL PROTECTED] > > authzID=dn:

Re: Using back-ldap as a dumb proxy

--On Thursday, February 22, 2007 12:23 AM +0100 Pierangelo Masarati <[EMAIL PROTECTED]> wrote: I have never tested back-ldap with GSSAPI; however, config parsing exploits the slap_bindconf() code that's used throughout slapd (e.g. in syncrepl), and the related SASL bind code was basically a

Re: Using back-ldap as a dumb proxy

Quanah Gibson-Mount wrote: > > > --On Wednesday, February 21, 2007 11:52 PM +0100 Pierangelo Masarati > <[EMAIL PROTECTED]> wrote: > >> Quanah Gibson-Mount wrote: >>> >>> >>> --On Wednesday, February 21, 2007 2:39 PM -0800 Quanah Gibson-Mount >>> <[EMAIL PROTECTED]> wrote: >>> I'm trying to

Re: Using back-ldap as a dumb proxy

--On Wednesday, February 21, 2007 11:52 PM +0100 Pierangelo Masarati <[EMAIL PROTECTED]> wrote: Quanah Gibson-Mount wrote: --On Wednesday, February 21, 2007 2:39 PM -0800 Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote: I'm trying to set up a very simply slapd that takes incoming requests

Re: Using back-ldap as a dumb proxy

--On Wednesday, February 21, 2007 11:44 PM +0100 Hallvard B Furuseth <[EMAIL PROTECTED]> wrote: Quanah Gibson-Mount writes: suffix "dc=stanford,dc=edu" (...) /etc/ldap/slapd.conf: line 17: invalid DN 21 (Invalid syntax) include core.schema, which defines 'dc'. Yeah. Unfortuna

Re: Using back-ldap as a dumb proxy

Quanah Gibson-Mount writes: > suffix "dc=stanford,dc=edu" > (...) > /etc/ldap/slapd.conf: line 17: invalid DN 21 (Invalid syntax) include core.schema, which defines 'dc'. -- Regards, Hallvard

Re: Using back-ldap as a dumb proxy

--On Wednesday, February 21, 2007 2:39 PM -0800 Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote: I'm trying to set up a very simply slapd that takes incoming requests locally, and forwards them on to a remote server using SASL/GSSAPI to get the information, so that a internal app that doesn't

Using back-ldap as a dumb proxy

I'm trying to set up a very simply slapd that takes incoming requests locally, and forwards them on to a remote server using SASL/GSSAPI to get the information, so that a internal app that doesn't understand SASL/GSSAPI can get the information it needs. I'm trying to configure back-ldap thusly

Re: OpenLDAP 2.3 using ACI

Eugenia Candida Oliveira de Moura wrote: > Hi, > Is possible to use ACI to control the access in openLDAP 2.3? Yes. For ACI use, see > What the difference between ACI and ACL? Old, but (at lest partially) still valid

OpenLDAP 2.3 using ACI

Hi, Is possible to use ACI to control the access in openLDAP 2.3? What the difference between ACI and ACL? Thanks. Eugênia Moura.

Re: This is a new thread

Tony Earnshaw wrote: This has nothing to do with that thread, but has been worrying me: Our production RHAS4 site with 4 OpenLDAP 2.3 servers (1 delta syncrepl provider, 3 consumers) has been running exemplararily (new word?) since ~= 2.3.27. All servers were running 2.3.33 perfectly, then I

This is a new thread: Re: slapd stopping with no error message

Howard Chu wrote, with irony, on 21. feb 2007 16:43: [...] > Unix has this cool thing called I/O redirection, perhaps you've heard > of it? [...] and > There's also this other cool thing called job control... [...] This has nothing to do with that thread, but has been worrying me: Our prod

RE: slapd stopping with no error message

Howard pointed out that I am still asleep - he stated what to do below '-d 7'. Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas B. Jones Sent: Wednesday, February 21, 2007 10:52 AM To: 'Howard Chu' Cc: [EMAIL PROTECTED]; openldap-software@

RE: slapd stopping with no error message

Slap/slap/slap - waking up now - sorry not much sleep since last week - sick child, still should never forget the most basic. I will redirect. Question: what level of debug would you recommend. Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howar

RE: slapd stopping with no error message

Hi Douglas, For these kinds of problems your best bet is to copy an unstripped slapd binary (and any other modules you may be using) from the build tree, start it as you would normally, and then attach to it using gdb. When it stops you can run a back-trace and see exactly where it was. Output of

Re: slapd stopping with no error message

Douglas B. Jones wrote: About three times in the last several days, ldap-2.3.33 (RHEL4) has just stopped. No core or error messages in the log files. The last entry in the log file is just a search entry, with nothing common in the search from 'crash' to 'crash'. I have even tried the searches a

slapd stopping with no error message

About three times in the last several days, ldap-2.3.33 (RHEL4) has just stopped. No core or error messages in the log files. The last entry in the log file is just a search entry, with nothing common in the search from 'crash' to 'crash'. I have even tried the searches and they worked fine. I re

Re: OpenLDAP 2.4

Some minor bits, from browsing the Software Enhancements section of the ITS. I figured they're relatively obscure and easy to miss, so drawing attention to them here. ITS#4554: slapindex option for attribute you can now give a list of specific attributes to (re)index on the slapindex command li

Re: entryDN attribute

Brandon McCombs writes: > I want to use the entryDN attribute as a unique identifier. Is there > any particular reason why I can't read this attribute using > openldap.org's server? It won't return in searches I do. entryDN is an operational attribute, so it is only returned if you explicitly ask

Re: entryDN attribute

Kurt Zeilenga wrote: On Feb 20, 2007, at 3:26 PM, Brandon McCombs wrote: I want to use the entryDN attribute as a unique identifier. Is there any particular reason why I can't read this attribute using openldap.org's server? It won't return in searches I do. % ldapsearch -LLL -H ldap://ldap.o