Hello,
I'm having a problem with OpenLDAP using Heimdal Kerberos via the
{K5KEY} entry in userPassword. The problem is with the second KDC, works
fine on the master LDAP/KDC just not the second one.
Some info:
This is an OpenLDAP server with Heimdal storing Kerberos stuff in LDAP.
Master (mbauth0
Kent Nasveschuk wrote:
Hello,
I'm having a problem with OpenLDAP using Heimdal Kerberos via the
{K5KEY} entry in userPassword. The problem is with the second KDC, works
fine on the master LDAP/KDC just not the second one.
Some info:
This is an OpenLDAP server with Heimdal storing Kerberos stuff
Although I specified in slapd.conf on the slave servers:
moduleload /opt/openldap-2.3.39/lib/smbk5pwd.la
I omitted:
overlay smbk5pwd
I'm guessing slapd never passed credentials to KDC, hence the (49) error
code.
1 more question, how does the smbk5pwd module handle a Kerberos passw
Hi;
I've recently installed Buchan's OpenLDAP rpms because I wanted to use
more features of OpenLDAP... mainly the overlays/modules. I downloaded
them from http://staff.telkomsa.net/packages/... and installation was
fine.
I've exported my database to LDIF format and when I try to import the
data
hello all,
i am working on my first installation of openldap, so please bear with me.
i assure you in advance i have been digging through the manual and only
resort to the mailing list after exhausting ability to understand how to
write
the access portion of slapd.conf by reading the administratio
Hello list.
We have a copier here with a scan-to-mail feature allowing to use LDAP
for extracting list of email adresses for users. Unfortunatly, the full
user list is retrieved, splitted in groups according to first letter of
their email adress, but any entries over 100 in a group are excluded
fr
Hi,
How to write a password filter for OpenLdap?
I want make a specific policy, I think that a password filter is the best way.
--On December 5, 2007 3:17:01 PM +0100 Cristian Laufer
<[EMAIL PROTECTED]> wrote:
Hello All,
syncrepl rid=123
starttls=yes
provider=ldap://ldapmaster:389
TLS generally required FQDN's. Fix your provider URL.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
-
If the copier has a Bind DN option, then something along the lines of...
access to dn.subtree="ou=Engineering,dc=example,dc=com"
by dn.exact="cn=EngineeringCopier,ou=Engineering,dc=example,dc=com" read
by [...everythingelse...]
access to *
by dn.exact="cn=EngineeringCopier,ou=Engineering,d
--On December 4, 2007 5:52:11 PM -0500 Nathan Nobbe
<[EMAIL PROTECTED]> wrote:
hello all,
i am working on my first installation of openldap, so please bear with me.
i assure you in advance i have been digging through the manual and only
resort to the mailing list after exhausting ability to
I have a custom schema for my site that has five fields.
During the LISA '07 conference I had an idea for two more
fields. I added the fields to the schema and restarted slapd.
The fields do not appear in the ldif output from ldapsearch
nor do the fields appear in phpLdapAdmin.
Do I need to slapca
Hello,
We need to configure recursive access control for groups in OpenLDAP server.
I will describe in details.
Currently we allow members of "System Administrator" group to modify
specific attributes by defining an ACL:
access to attrs=employeeType,employeeNumber
by self write
*b
If you just add the schema, they should only show up in cn=Subschema. You
have to actually add/modify the data in the directory, placing values in
the new attributes in some entries, before the attributes will start to
appear in OpenLDAP's slapcat/ldapsearch. (I can't speak to phpLdapAdmin.)
I
Hello All,
Im trying to setup syncrepl with TLS. But so far it won´t work.
Actually Im a bit confused because Provider.log says "TLS established"
and consumer.log "ldap_start_tls failed (-11)".
My settings are as follows:
provider slapd.conf:
overlay syncprov
syncprov-checkpoint 100 10
syncp
--On December 5, 2007 1:41:49 PM -0500 Nathan Nobbe
<[EMAIL PROTECTED]> wrote:
i have not read any material on ideal directory layout. can you refer me
to good
resource? the design i have created is based only on intuition. that,
and the schema
reference available in phpLdapAdmin. truth
--On December 5, 2007 8:21:20 AM +0100 RUMI Szabolcs <[EMAIL PROTECTED]>
wrote:
Hello!
I've got a syncrepl setup with the following settings:
What could be wrong?
Maybe it tries to authenticate by SASL despite bindmethod=simple?
Your log does not show it trying a SASL bind, and it clearl
Hello!
I've got a syncrepl setup with the following settings:
provider slapd.conf:
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
consumer slapd.conf:
syncrepl rid=100
provider="ldaps://ldap-master.com.com"
binddn="cn=syncrepl,ou=services,dc=com,dc=com"
--On December 5, 2007 1:41:49 PM -0500 Nathan Nobbe
<[EMAIL PROTECTED]> wrote:
i have not read any material on ideal directory layout. can you refer me
to good
resource? the design i have created is based only on intuition. that,
and the schema
reference available in phpLdapAdmin. truth
Kent Nasveschuk wrote:
Although I specified in slapd.conf on the slave servers:
moduleload /opt/openldap-2.3.39/lib/smbk5pwd.la
I omitted:
overlay smbk5pwd
I'm guessing slapd never passed credentials to KDC, hence the (49) error
code.
The README states quite clearly that the ov
I think this was discussed on the list (probably as part of 2.4 TLS
enhancements), but I don't recall the outcome.
My first evil idea, though, would be to try to kick your TLS config
using back-config...hopefully that rehashes everything?
On Wed, 5 Dec 2007, Matt Kelley wrote:
I am using Op
I am using OpenLDAP 2.3.39. I have enabled CRL checking by including
"TLSCRLCheck peer" in my slapd.conf file. I am having a problem when
CRLs expire. I find that, after retrieving an updated CRL, I must
restart slapd in order for it to be used. This seems to be true
whether using TLSCACertific
Buchan Milne skrev, on 05-12-2007 07:43:
I have to handle account locking on our directory, so as to keep
accounts from people not working here anymore. On Buchan's suggestion, I
used ppolicy sofar, with pwdAccountLockedTime attribute set to
0101Z to lock unused account. This is really
On Wed, 05 Dec 2007 06:42:51 -0800
Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
> Your log does not show it trying a SASL bind, and it clearly shows
> that starting TLS was successful. It also shows that it didn't even
> try to bind, so you have something else wrong somewhere. You don't
> real
thanks for your reply Quanah.
On Dec 5, 2007 1:26 PM, Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
> Just on a general note, I'd say this is a fairly poor design decision.
i have not read any material on ideal directory layout. can you refer me to
good
resource? the design i have created is
On Dec 5, 2007, at 2:10 PM, Matt Kelley wrote:
I am using OpenLDAP 2.3.39. I have enabled CRL checking by including
"TLSCRLCheck peer" in my slapd.conf file. I am having a problem when
CRLs expire. I find that, after retrieving an updated CRL, I must
restart slapd in order for it to be used.
R.B. skrev, on 04-12-2007 00:33:
Hi;
I've recently installed Buchan's OpenLDAP rpms because I wanted to use
more features of OpenLDAP... mainly the overlays/modules. I downloaded
them from http://staff.telkomsa.net/packages/... and installation was
fine.
I've exported my database to LDIF format
26 matches
Mail list logo
