On 7/3/07, John Burian [EMAIL PROTECTED] wrote:
[...]
if you want a SASL bind with PLAIN mechanism and TLS, the ldapwhoami
should look something like
$ ldapwhoami -Y PLAIN -U burianj -ZZ -H ldap://localhost
I'm not having a problem getting TLS to work. ldapwhoami is connecting
over port
Is there any way to do something like this without copying all data many
times.
1) there is entry: uid=user1,ou=people,dc=xx,dc=x
The entry has objectClass = person, posixAccount etc.. So there is
attribute userPassword.
2) there are entries:
[EMAIL PROTECTED],ou=domains,dc=xx,dc=x
[EMAIL
Hi all,
For largely historical reasons we run slapd servers on most clients
(this will probably change in the future - I'm just giving this
information as background). We're seeing problems when some of these
machines are busy, particularly, it seems, with memory intensive
activity, although
Luca Scamoni wrote:
JOYDEEP ha scritto:
Dear list,
from the log I am getting these errors like
==
= bdb_equality_candidates: (uid) index_param failed (18)
= bdb_equality_candidates: (uid) index_param failed (18)
= bdb_equality_candidates: (uidNumber) index_param failed
Took the slapcat output from version 2.0.27 (ldbm) to version 2.3.32
(bdm). Used /usr/local/bin/slapadd on 2.3.32 and am using Berkeley
4.5.20. The slapadd works fine. Then I issued chown ldap:ldap on the
/var/lib/ldap-2.3.32 directory and files. Any type of ldapsearch results
in a 32 no such
Buchan Milne wrote:
But, SASL authentication does not use a DN, but a username (as provided in the
example Dieter gave you above). And you would need to have configured slapd
to map a SASL identity to a DN for the bind to succeed.
I have an authz-regexp that maps SASL's
Andreas Hasenack writes:
I'm trying to avoid mistakes and configure a server and/or client to
force the use of start tls. So, if someone binds to the server and
accidentally forgets to configure start_tls on the client, the
connection is rejected.
The problem is that the rejection happens
On Wednesday, 4 July 2007, Brian Gaber wrote:
Took the slapcat output from version 2.0.27 (ldbm) to version 2.3.32
(bdm). Used /usr/local/bin/slapadd on 2.3.32 and am using Berkeley
4.5.20. The slapadd works fine. Then I issued chown ldap:ldap on the
/var/lib/ldap-2.3.32 directory and files.
On Wed, Jul 04, 2007 at 05:53:24PM +0200, Hallvard B Furuseth wrote:
The problem is that the rejection happens too late: the client
password was already sent to the server in clear test.
If you want to ensure it on the server side, all you can do is not
listen for ldap:// connections since
John M. Burian [EMAIL PROTECTED] writes:
Buchan Milne wrote:
But, SASL authentication does not use a DN, but a username (as
provided in the example Dieter gave you above). And you would need
to have configured slapd to map a SASL identity to a DN for the
bind to succeed.
I have an
Andreas Hasenack writes:
URI ldaps://fully.qualified.server-hostname/
TLS_CACERT file with the CA-certificate which signed the server cert
TLS_REQCERT demand
The only problem is that I really want start_tls, and not ldaps (which
is deprecated, right?).
Don't know. It's
quote who=Marcin Giedz
Is there any way to do something like this without copying all data many
times.
1) there is entry: uid=user1,ou=people,dc=xx,dc=x
The entry has objectClass = person, posixAccount etc.. So there is
attribute userPassword.
2) there are entries:
[EMAIL
quote who=Toby Blake
Hi all,
Hi Toby.
For largely historical reasons we run slapd servers on most clients
(this will probably change in the future - I'm just giving this
information as background).
Why?
We're seeing problems when some of these
machines are busy, particularly, it seems,
Gavin Henry napisaĆ(a):
quote who=Marcin Giedz
Is there any way to do something like this without copying all data many
times.
1) there is entry: uid=user1,ou=people,dc=xx,dc=x
The entry has objectClass = person, posixAccount etc.. So there is
attribute userPassword.
2) there are entries:
--On Wednesday, July 04, 2007 8:40 PM +0100 Gavin Henry
[EMAIL PROTECTED] wrote:
We're running openldap 2.3.35 with ITS#4924 and ITS#4925 patches with
a bdb backend running 4.2.52 with all 6 recommended patches.
I hope you mean 5, as there are only 5 listed on the Oracle site.
There are 6
And about your DBCONFIG? Is everything ok?
Cheers.
On 7/4/07, Quanah Gibson-Mount [EMAIL PROTECTED] wrote:
--On Wednesday, July 04, 2007 8:40 PM +0100 Gavin Henry
[EMAIL PROTECTED] wrote:
We're running openldap 2.3.35 with ITS#4924 and ITS#4925 patches with
a bdb backend running 4.2.52
On Wed, 4 Jul 2007, Andreas Hasenack wrote:
...
The only problem is that I really want start_tls, and not ldaps (which
is deprecated, right?).
Can't be done. The problem is that LDAP does not mandate that clients
perform any sort of capability negotiation before performing a bind.
Ergo,
17 matches
Mail list logo
