I don't know whether 2.3.43 is new enough to NOT be told to go to hell,
but it's the latest of the 2.3.x series and I can't get migrated to 2.4
until I get slurpd gone... and oddly enough, I think turning off slurpd
caused some of my problems.
This morning our two slaves and master server began
Hello,
does openldap implement sort of caching? Or does it completely rely on
the underlying database like bdb (default)? I'm noticing an intensive
i/o load while the complete slapcat export of our ldap data is only
about 34MB big so everything besides writing/updating should fit into
the
Marten Lehmann wrote:
Hello,
does openldap implement sort of caching?
Yes.
Or does it completely rely on
the underlying database like bdb (default)?
No.
Read the documentation.
I'm noticing an intensive
i/o load while the complete slapcat export of our ldap data is only
about 34MB big
Robert Henjes hen...@informatik.uni-wuerzburg.de writes:
Sorry for reopening / reasking the following issue.
[...]
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access
Robert Henjes wrote:
My proposed solution:
* All clients, which support client certificate verification, should
directly connect using TLS to the LDAP server.
You really want to use client authc during TLS negotiation with the client
having a private key and a public key cert? Note that this
Dieter Kluenter wrote:
There are adminstration
clients that do support tls and startTLS and most of extend
operations.
Well, one has to be careful regarding security aspects of TLS with client cert
authentication. No matter you use LDAP, HTTPS or whatever this only makes
sense if the clients
Robert,
please stay on the openldap-software list. Cc:-ed it again.
Robert Henjes wrote:
That's right. Concluding your recommendations and comments:
* ldaps is best choice for a public reachable LDAP server, when secure
transmission is required
IMHO yes. StartTLS is ok too if the number of
On 9/18/09 3:47 AM, Howard Chu wrote:
Brandon Hume wrote:
I don't know whether 2.3.43 is new enough to NOT be told to go to hell,
Nobody would ever tell you that. But 2.3.43 is over a year old and 2.4
has been the stable release for quite a long time. Insisting on using it
is the same as
Howard Chu wrote:
Nobody would ever tell you that. But 2.3.43 is over a year old and 2.4
has been the stable release for quite a long time. Insisting on using
it is the same as you telling us to go to hell with our bug fixes.
Moving to 2.4 is very, very much a priority for me. But I was under
On Fri, 2009-09-18 at 07:33 -0400, Francis Swasey wrote:
This is getting ridiculous from my perspective. We've had a rash of people
reporting problems
against older releases and being effectively told to go to hell (which is
what we hear when the
development team or some proxy for them
--On Friday, September 18, 2009 7:33 AM -0400 Francis Swasey
frank.swa...@uvm.edu wrote:
On 9/18/09 3:47 AM, Howard Chu wrote:
Brandon Hume wrote:
I don't know whether 2.3.43 is new enough to NOT be told to go to hell,
Nobody would ever tell you that. But 2.3.43 is over a year old and 2.4
On Fri, 18 Sep 2009, Francis Swasey wrote:
2.4 is not stable by any definition other than the OpenLDAP project has
designated it so.
I would disagree with this. I'm not at all involved in the official
project designations, and I can say that I gave a talk at Rutgers in March
2009 (2.4.15 at
Hello, My master is a freebsd 7.2 server running 2.3.38 at the moment.
I am trying to get the replication going to a 2.4 server. Using the
same configuration file, it is able to replicate to another 2.3 server
without a hitch so I am guessing I am doing something foolish. I
understand ACLs have
Michael,
What about this?
slapd -h ldap://127.0.0.1 ldaps://0.0.0.0
Yes this solution is working. As long as I deactivate my (until today
personally favoured) TLS encryption.
Thank you very much for your help. Have a nice weekend.
Best regards,
Robert
Brandon Hume wrote:
On Fri, 2009-09-18 at 07:33 -0400, Francis Swasey wrote:
This is getting ridiculous from my perspective. We've had a rash of people
reporting problems
against older releases and being effectively told to go to hell (which is
what we hear when the
development team or
Hey Andreas,
Andreas Hasenack wrote:
On Wed, Sep 16, 2009 at 17:42, Ryan Steele ry...@aweber.com wrote:
query returns nothing:
ldapsearch -x -w SECRET -D cn=admin,dc=example,dc=com -b
cn=testgroup,ou=Groups,dc=example,dc=com -LLL '(uid=user1)'
This filter doesn't look right. Try
Hello,
[I sent this message once but somehow it didn't get through so I
resend it -- my sincere apology if anyone received this twice]
I am trying to troubleshot a problem with entries being deleted on
consumer, exactly as described in this thread:
--On Friday, September 18, 2009 5:29 PM +0100 FRLinux frli...@gmail.com
wrote:
See comments below:
Now onto my LDAP slave, this is a Debian 5.0 install running their
packaged LDAP Server (2.4.11), here is my configuration:
You will need to upgrade your release to fix an issue with the
--On Friday, September 18, 2009 2:13 PM -0400 Ryan Steele
ry...@aweber.com wrote:
This filter doesn't look right. Try
(member=uid=user1,ou=Users,dc=example,dc=com)
Thanks for the advice - I think you're right about filtering on the
'member' attribute. However, doing so still returns the
--On Friday, September 18, 2009 7:37 PM +0100 Tony Smith
tony.smith@googlemail.com wrote:
Hello,
Hi Tony,
This is due to a common mistake of using attrs=*, which removes the
operational attributes that syncrepl uses to track changes. I really wish
I knew where people got this from,
This is how filters work in LDAP. It sounds to me like things are
working correctly. I.e., if I search for objectClass=joe objectClass,
it will return every entry that has an objectClass value of joe, and all
the values for objectClass.
If I search for
Ryan Steele wrote:
Brandon Hume wrote:
I realize that users ask stupid questions and run ancient versions, but
I also realize that sometimes those users are experiencing a catastrophe
and have eighty thousand users banging on the door demanding explanation
(ie: me). In that kind of situation
Ryan Steele wrote:
Hey Andreas,
Andreas Hasenack wrote:
On Wed, Sep 16, 2009 at 17:42, Ryan Steelery...@aweber.com wrote:
query returns nothing:
ldapsearch -x -w SECRET -D cn=admin,dc=example,dc=com -b
cn=testgroup,ou=Groups,dc=example,dc=com -LLL '(uid=user1)'
This filter doesn't look
23 matches
Mail list logo