On Tue, 11 May 2010, ST Wong (ITSC) wrote:
I currently set thread in slapd.conf to 32 (default x 2). While I think
shouldn't modify SLAP_MAX_WORKER_THREADS, I tried to increase no. of
threads, at the cost of read performance. Besides, after increasing
thread to over 32, say 100, I got warnin
On Tue, 4 May 2010, mark.hendri...@humboldt.edu wrote:
We are running slapd 2.3.43 (Using bdb db4-4.3.29-10.el5) with one provider and
two consumers and syncrpl (kerberos/SASL based).
Occasionally when heavy changes to the provider are made, the consumer bdb logs
go crazy and fill up the bdb v
On Thu, 15 Apr 2010, john espiro wrote:
1) In /etc/openldap/ldap.conf, I currently have:
URI ldapi://127.0.0.1/
What value should I have there? Do I need the server name such as:
URI ldapi://mydomain.com/
Basically, whatever you run slapd's listeners on is what your clients
should be di
On Wed, 14 Apr 2010, Jorgen Lundman wrote:
Perhaps it is time to go to a newer version of OpenLDAP. The 2.3.41 version
was recommended to us about 3 years ago on this list. What is the
recommended/most-stable version at the moment? Should we also upgrade
BerkeleyDB?
The official recommendati
On Wed, 7 Apr 2010, Torsten Schlabach (Tascel eG) wrote:
What would I do to find out how that could have happened?
Perhaps you could read the output of "loglevel sync" -- admittedly this
might not be of help after the fact, but perhaps for next time...
What would I do to fix this? (Other t
On Thu, 1 Apr 2010, Itay Moav wrote:
I see under /var/lib/ldap the file log.1 which seems to be a binary
file.
How do I read it, or is there a different way to see a log of what the server
does (something like the mysql.log)
Those are Berkeley DB transaction logs; they're not a good
On Wed, 31 Mar 2010, Itay Moav wrote:
Where can I see the list of built in objectClasses and attributes the OpenLDAP
ships with?
If you mean what I think you mean, ldap-src/servers/slapd/schema_prep.c.
On Wed, 24 Mar 2010, Ryan Steele wrote:
I actually realized that my logic was slightly faulty - since each of the six
masters is capable of performing the write
operation, the referral will never be chased. Given that, is it impossible to
have an N-Way MultiMaster configuration
in which write
On Tue, 16 Mar 2010, Brett @Google wrote:
A hack might be to add the "external" name to /etc/hosts on each
syncrepl client with the correct ip for each syncrepl server, but was
hoping for something better.
Proper answers for the scenario you set out have already been discussed,
but on this "
On Wed, 10 Mar 2010, Klemens Kittan wrote:
Mar 1 14:45:15 ldap1 slapd[25320]: warning: /etc/hosts.allow, line 19:
cannot open /etc/hosts.allow: Too many open files
cat /proc/sys/fs/file-max:
203609
cat /proc//limits:
Max open files 4096 4096 files
Sounds like you're mostly on the right tr
On Mon, 1 Mar 2010, Alan Batie wrote:
I'm a little puzzled by the openldap replication docs; in particular
rid, entryuuid, entrycsn, contextcsn fields that I see referenced a lot.
[...]
Basically, I'd like to understand the replication process at a slightly
higher level than http://www.openlda
On Tue, 2 Feb 2010, Tim Mooney wrote:
grep'ing the source for '{KERBEROS}', the only place that shows up is
in contrib/slapd-modules/passwd/kerberos.c.
[...]
I understand the warning at the end of the section in the admin guide,
that using a krb5 KDC as a fancy network-based password checking da
Please keep replies on the list.
On Thu, 7 Jan 2010, Konstantinos Tripolitis wrote:
Thank you very much for your quick input! You've been most helpful.
"slapd -d 256 > logfile 2>&1 &" does work, but I do not get timestamps:
[...cut...]
Any idea/suggestion on how I can get timestamps as well?
On Thu, 7 Jan 2010, Konstantinos Tripolitis wrote:
I have already tried editing syslog.conf with local4.* and restarting
syslogd. This works fine, but requires root access and I am interested in
enabling ldap logging as a non-root user.
Well, to configure, yes; but typically not to actually us
On Tue, 29 Dec 2009, med s wrote:
hi
I have compiled the module using the CFLGS it compiled fine but when
seraching using component matching it doesn't return output
Please keep replies on the list.
If you're at the point where the module loads clean, you're doing better
than I might have e
On Mon, 21 Dec 2009, med s wrote:
Thank you the libtool error is solved. Now i am having trouble making
the comp match module. it has errors when compiling the componentlib.c
file.Is there anything else the includes in the makefile that i should
add?
Please keep replies on the list.
I'm not s
On Thu, 17 Dec 2009, med s wrote:
Hello am using openldap 2.4
I want my server to support componnet matching
when i run it like this
env CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include"
LDFLAGS="-L/usr/local/BerkeleyDB.4.7/lib" ./configure -enable-modules=yes
it gives error could not locate libto
On Thu, 17 Dec 2009, Brett @Google wrote:
Oddly, this only happens for me on an older not-patched box
myunhappyserver, and NOT a more recently patched box myhappyserver (same
slapd/bdb binaries and libraries)
What makes you believe that you haven't figured this out in full (i.e.
root cause i
On Wed, 9 Dec 2009, Marten Lehmann wrote:
How do I tell OpenLDAP to authenticate against cn=,ou=users,dc=mail
and its userPassword attribute?
Depends slightly on what program from the OpenLDAP Software you're using,
but one simple example would be:
$ ldapwhoami -xH ldap://server.host.domain
On Wed, 9 Dec 2009, Marten Lehmann wrote:
userPassword={MD5}wzNncBURtPYCDsYd7TUgWQ==
But when I retrieve the userPassword content later, I get this value:
e01ENX13ek5uY0JVUnRQWUNEc1lkN1RVZ1dRPT0=
What has openldap done to it?
http://www.openldap.org/faq/data/cache/1346.html -- you seem to h
On Thu, 3 Dec 2009, Emmanuel Dreyfus wrote:
Most likely it's not. Since almost nobody uses SASL OTP with OpenLDAP, it's
never gotten much attention.
What do people use, then?
For what it's worth, our OTP sequences are upstream of OpenLDAP (when
encountering an OTP user, OpenLDAP merely work
On Fri, 13 Nov 2009, Gilberto Nunes wrote:
ldapsearch -LLL -x -b dc=selbetti,dc=local -H ldap://host -D proxy_user
'(|(objectClass=person)(objectClass=user))' -w password
This command bring me all entries.
I like filter only two attributes: cn and mail.
I'm going off on a very dangerous limb
On Thu, 5 Nov 2009, Torsten Schlabach (Tascel eG) wrote:
1. How do I query a master for the cookie?
2. How do I query a slave for the coolie?
$ ldapsearch -xLLLH ldap://localhost/ -s base -b "dc=rutgers,dc=edu" contextCSN
dn: dc=rutgers,dc=edu
contextCSN: 20070613170816.00Z#00#000#
On Thu, 29 Oct 2009, Edward Capriolo wrote:
So does anyone know the truth about this? Is ldaps considered
deprecated in some circles?
As a rule of thumb, implicit-SSL protocols are not IETF Standards Track,
and their StartTLS brethren are. In the case of LDAP,
http://www.openldap.org/faq/dat
On Thu, 22 Oct 2009, Quanah Gibson-Mount wrote:
1) On each replica, create a single syncrepl stanza that points to the
load balancer VIP.
2) On each replica, creates two syncrepl stanzas, each one pointing to
a different master.
I don't know the answer, but let me know when you figure it out.
On Thu, 22 Oct 2009, Andreas Schoe wrote:
Is it possible to copy/configure the behavior from dynamic groups to reverse
group membership?
I have some applications that use searches with
'(uniquemember=uid={uid},dc=example)'. These applications need the static
entries.
Have you considered the
Please keep replies on the list.
On Mon, 19 Oct 2009, Edward Capriolo wrote:
[...cut...]
As you have said .*managed people are never able to auth, one that
rule is put in place. So If I understand you correctly I should do
this:
access to
dn.regex="mail=.*.mana...@jointhegrid.com,ou=user,ou=jo
slapd -d acl (or the same through loglevel directives) is really helpful
if you're not already using that...
First off, "attr=" is not preferred, please see slapd.access man page.
This should be logged at LDAP_DEBUG_ANY; are you reading your startup
logs? You might as well do a "slaptest -d co
On Wed, 7 Oct 2009, iz1ksw iz1ksw wrote:
What is the fastest way (in terms of openldap settings) to perform a
massive load (~200MB ldif file) of data into openldap directory?
Try "slapadd -q" (read slapadd(8) man page to get started).
On Tue, 6 Oct 2009, Brandon Hume wrote:
You're running a large process on a low-memory machine. I strongly
suspect CentOS isn't giving slapd enough time to shut down properly.
I think you've hit this head on. The only other suggestion I might make is
to consider the checkpointing configurati
On Mon, 21 Sep 2009, Evgeniy wrote:
Openldap 2.4.18, master-slave replication .
Slave server successfully replicates all data, except hashed {sha} passwords.
It is not problem with "access to attrs=userPassword " - I test ithis.
[...]
attrs="*"
syncrepl needs operational attributes, but those
On Fri, 18 Sep 2009, Francis Swasey wrote:
2.4 is not "stable" by any definition other than the OpenLDAP project has
designated it so.
I would disagree with this. I'm not at all involved in the official
project designations, and I can say that I gave a talk at Rutgers in March
2009 (2.4.15 a
On Wed, 16 Sep 2009, Ronie Gilberto Henrich wrote:
Isn't it the same as setting loglevel 128 (access control list
processing) in /etc/openldap/slapd.conf ?
Yes, that should have the same effect...
slapd[19439]: <= check a_set_pat: user/allowedDomain & $2
As Pierangelo pointed out, that's t
On Wed, 16 Sep 2009, omall...@msu.edu wrote:
The ISCA answer is:? You might try run everything under Valgrind instead of gdb
as it might be easier.
You can try that, but unless the fault is a memory error of some sort, I
don't know that valgrind has the right tools for it (or maybe I just do
On Tue, 15 Sep 2009, Ronie Gilberto Henrich wrote:
I think you mean "slapacl -D"
No, I mean "slapd -d acl", not to say that slapacl isn't useful too. The
key to slapacl is knowing what the proper input should be, and history has
shown that "slapd -d acl" often proves enlightening to discover
On Tue, 15 Sep 2009, Ronie Gilberto Henrich wrote:
Any ideas about what I should do for this to work?
Start with "slapd -d acl" and go from there...
On Thu, 3 Sep 2009, Jittinan Suwanrueangsri wrote:
I have seen configuration which sasl get password from sasldb .I must run
saslpasswd2 to create user and password for authentication but Is it possible
to configure openldap and sasl verify authentication by getting password from
openldap self
On Thu, 3 Sep 2009, Olivier Nicole wrote:
Because of a sputid script I wrote that was unduly modifying my LDAP
directory, I endup exhausting my disk space with Berkeley DB log files
of the type log.0.
My LDAP uses a database of type bdb, I have the option
dbconfig set_flags DB_LOG_A
On Tue, 25 Aug 2009, Lepoutre Lionel wrote:
My problem is that some data are not synchronised on one of my server and I
have some "log." files in my var/openldap-data/ directory.
The "log." are BerkeleyDB transaction log files. They should be
automagically replayed as needed in the 2.
On Sat, 22 Aug 2009, Guillaume Rousse wrote:
to let the ldap server in a bad mood. Isn't there any way to replay answer
parsing from the network capture ?
Sometimes it's not that easy. A lot of things are timing-dependent, or
need a particular memory access (such that the prior contents and/o
On Thu, 30 Jul 2009, sgm...@mail.bloomfield.k12.mo.us wrote:
want the machines. How can I slapcat machines only? I guess that I am
just wanting to get ou=Computers or something.
I noticed that the manpage on both servers shows slapcat(8C), and the new
server has an option '-a' that looks like
On Tue, 28 Jul 2009, Andi Gorhan wrote:
some ldapsearches and everything works fine except the search with
filters. If I do a search for example "uid=abc*" LDAP hangs and does not
respond. Searching for exact DNs are working fine. What happended here?
Sounds like your indexes are corrupted. J
On Sun, 26 Apr 2009, Adrian St. John-Bee wrote:
I am attempting to make an ldap_modify_s from an Objective C
Does Objective C perform automagic allocations?
[...]
char** vals0;
[...]
vals0[0] = "e...@ntu.ac.uk";
I'd have to ask that because I don't do Objective C. But in C99...well,
try
On Mon, 13 Apr 2009, Scott Koranda wrote:
Is there a loglevel that will show me the value being
sent by the client for the attribute that is being
modified?
Well, yeah, loglevel packets ;)
Suggest you consider slapo-accesslog(5). Try
http://www.openldap.org/lists/openldap-software/200901/ms
On Mon, 13 Apr 2009, Scott Koranda wrote:
I want to set 'loglevel' in slapd.conf so that I will
be able to see the details of what a client is
sending to slapd when it modifies entries for a dn.
Specifically I would like to see which attributes the
client is requesting to modify for the dn and t
On Fri, 20 Mar 2009, Francis Swasey wrote:
This morning, my replica's were out of sync again, so I have now restarted
Just out of curiosity, what determines "out of sync" in your environment?
I assume you're seeing something more insidious than a simple contextCSN
mismatch.
Schema parsing (which you can check with "-d config") isn't going to
affect a bdb_open. There's a chance that your db4 libraries aren't
appropriate for your system (I note the mutex error; perhaps you or your
distro autoconf'd the wrong option for your architecture).
I'm a big believer in checking the obvious first...are you reusing the
database and/or logs directory from your 4.6 installation?
i.e., rm data/base/*db* data/base/alock data/logs/log*
being VERY VERY careful to NOT delete the "file.ldif"
then slapadd file.ldif again, to your known-clean direc
Well, it doesn't really matter if you get the right output. Check your
slapd i.e.:
bash-2.05$ elfdump /usr/bin/sparcv9/ps | grep e_machine
e_machine: EM_SPARCV9 e_version:EV_CURRENT
bash-2.05$ elfdump /usr/bin/sparcv7/ps | grep e_machine
e_machine: EM_SPARCe_versio
On Wed, 11 Mar 2009, Brett @Google wrote:
/data/openldap/backups/ldap_090302.ldif: Value too large for defined data
type
man lfcompile, and/or switch to 64-bit binaries?
On Tue, 17 Feb 2009, Peter Mogensen wrote:
With slapd.conf you had to be root on the host to reconfigure slapd.
However, with cn=config anyone who can authenticate as rootdn for cn=config
can reconfigure slapd.
Is it in anyway possible to set up cn=config, so only root on the host can
make c
On Thu, 5 Feb 2009, James Bagley wrote:
One of the State's agencies changed it's name. I want to be able to alias
the old name to the new one so searches on the old agency name still work. I
[...]
The container object is:
dn: dc=oprd,dc=state,dc=or,dc=us
[...]
The desired end result is to
On Tue, 3 Feb 2009, Francis Swasey wrote:
failure mode. It works with ldaps://ldap.uvm.edu and fails with
ldaps://.uvm.edu. Which is "OK" for my purposes.
I'd really like to be able to have both work, but perhaps cyrus-sasl will
change at some point in the future to support the kind of tric
On Mon, 26 Jan 2009, John Center wrote:
your OpenLDAP spec file useful, also. You use pkgbuild to maintain your
software?
We use undergraduates :)
If you want to look at the finished product, OpenLDAP and its dependency
graph (actually, all of our Solaris binaries) are served at
http://rpm
On Mon, 26 Jan 2009, Jonathan Knight wrote:
[...cut...]
I'm battling the Blackboard WebCT Vista product which allows me to specify
attributes to look up for the username, but does not allow me to specifically
define the search filter.
My plan is to use the rewrite/remap overlay to create a fa
On Sun, 25 Jan 2009, Technical Home wrote:
[given]
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
olcTLSCertificateFile: /etc/ssl/certs/SERVER.crt
olcTLSCertificateKeyFile: /etc/ssl/private/cakey.pem
[we get]
r...@server:~# slapd -h 'ldap://127.0.0.1:389 ldaps://192.168.1.200:636' -g
openld
On Sat, 24 Jan 2009, John Center wrote:
I think I could use some more black magic... ;-) I get the compile to
complete now - Thanks! - but I noticed in SLAPD_PERL_LDFLAGS, SLAPD_LIBS
& PERL_CPPFLAGS an "-xarch=v9" flag is being set somewhere. I'd like to
set this to the actual xarch/m64 flag
On Wed, 21 Jan 2009, John Center wrote:
cc: Warning: -xarch=v9 is deprecated, use -m64 to create 64-bit programs
ld: fatal: file .libs/slapdS.o: wrong ELF class: ELFCLASS32
As you diagnosed, you're missing a -m64.
I think slapdS.c is generated dynamically by ltmain.sh, seen in the line:
On Thu, 15 Jan 2009, Steven Truong wrote:
credentials="SunShine"
Please change this before you go into production...
I did a ldapsearch and got nothing but "ldap_result: Can't contact
LDAP server (-1)"
Good debugging, and definitely something to fix first.
I forgot to include the log de
On Wed, 14 Jan 2009, Andi Gorhan wrote:
another LDAP question from my side. If a LDAP DB crashes and I use the
db_recover command. What is LDAP doing? Do I need the "checkpoint"
paramter in slapd.conf or does LDAP manage the Backup with the
Transactionlogs? Is it possible to recover a DB witho
Please keep replies on the list.
From your source directory (and note that if you're using syncrepl, this
really should be the latest 2.4, not 2.4.11), cd into tests, then "./run
test048". The test will occur in the "testrun" directory -- you can find
slapd.1.conf and slapd.2.conf there.
On
On Fri, 2 Jan 2009, Jose G. Torres wrote:
not the other way around because my slave/consumer is behind a firewall
and do not allow outbound connections.?? I would like to replicate my
Look at test048 (the really good parts are in the slapd.1.conf).
Basically, drop the port 9013 configuration,
On Fri, 19 Dec 2008, Sean Loaring wrote:
1.3.6.1.4.1.4203.1.9.1.1 control seems to be missing.
Do you have the syncprov overlay loaded?
On Fri, 19 Dec 2008, Terry Haley wrote:
remember correctly, I had an issue with the LDAP server and may have tried to
delete the most recent log file at that time. However, there is a log file
only a month or so old that should be ok. What are the steps I need to do in
Recovery isn't guarante
On Mon, 15 Dec 2008, Alexey Lobanov wrote:
group of Debian servers. Everything works fine except userPassword,
sambaLMPassword and sambaNTPassowrd attributes; the replicas (two of
two) just don't have those attributes in any downloaded entries.
Are sambaLMPassword/sambaNTPassword visible on th
On Tue, 2 Dec 2008, Brett @Google wrote:
Hi All,
I was wondering how i go about giving LESS access than the default ACL rule.
Lets assume some default permissions set from the FAQ-o-matic :
access to attr=userpassword
by self =xw
by anonymous auth
access to *
by self write
by us
On Wed, 19 Nov 2008, John Morrissey wrote:
For client operations, doesn't syncrepl operate as the rootdn, which is
exempt from size/time limitations?
Internally, syncrepl acts as the rootdn. However, when going over the wire
to the provider, it must be configured with a binddn and credentials
On Wed, 19 Nov 2008, Dmitriy Kirhlarov wrote:
Could somebody recommend me how to debug this issue or change some
parameters?
Well, first, make sure you're up to patch. 2.4.12, and maybe if there's
anything in the ITS that looks relevant, you should make some local
additions.
"loglevel sync
On Wed, 12 Nov 2008, Gavin Henry wrote:
Ah, in-memory. That reads like it's a physical log. Should we add in-memory log
to avoid
confusion for others like me? ;-)
That could be clearer (I don't remember being confused by this, but lots
of times what I read in the man pages is foreshadowed on
Assuming you're still seeing this in 2.4.12/HEAD, I'd suggest an ITS for
discussion/tracking...
On Fri, 17 Oct 2008, Guillaume Rousse wrote:
[EMAIL PROTECTED] ~]# slapcat -b dc=msr-inria,dc=inria,dc=fr
...
bdb(dc=msr-inria,dc=inria,dc=fr): pthread lock failed: Invalid argument
bdb(dc=msr-inria
On Fri, 17 Oct 2008, Łukasz Wąsikowski wrote:
about sizelimit, but I don't want to raise it (because I don't know how
big my database will grow). The question is - why consumer won't get
Of course you don't want to specify an explicit number, which is why
there's the keyword "none." Try:
li
On Mon, 6 Oct 2008, Amanda Swearngin wrote:
I am unable to add any entries to my Openldap server. Here is the error message
that I'm getting:
ldap_bind: Server is unwilling to perform (53)
additional info: operation not supported within naming context
I have no idea what this means.
On Thu, 25 Sep 2008, Howard Chu wrote:
Brett @Google wrote:
I was wondering if anybody is using syncrepl in the context of a
hardware content switch or redundant environment.
Yes.
I am considering the edge case where a connection is redirected to a
client, and :
a) client has no current da
On Thu, 25 Sep 2008, Proskurin Kirill wrote:
LDAP salve makes a search to master in some time interval to sync with it. It
is like a "pull" method.
Can i say to Master to "push" slave - to start a sync?
For example im want slave updatetins right after im update master.
If I"m understanding y
On Thu, 25 Sep 2008, Proskurin Kirill wrote:
[...]
syncrepl rid=123
provider=ldap://172.16.1.2:389
type=refreshOnly
[...]
But slave ldap dont start with this error:
slapd[43092]: /usr/local/etc/openldap/slapd.conf: line 65: Error: Malformed
"syncrepl" line in slapd config file, missing provid
On Thu, 4 Sep 2008, John Nietzsche wrote:
i am setting my ldap configuration. I read that includes are
deprecated. What is it supposed to be the replacement?
The concept of an include doesn't fit well with the concept of
back-config's dynamic configuration. Therefore, there is no direct
repl
On Thu, 4 Sep 2008, John Nietzsche wrote:
reading documentation for ldap administration version 2.3 and 2.4 i
realized the figure 5.1 are different! Which one is the correct one?
I'd guess that the 2.3 guide is correct if you're trying to deploy version
2.3, and the 2.4 guide is correct if yo
On Thu, 4 Sep 2008, John Nietzsche wrote:
My question is: is there something wrong, that should not work?
Well, we *could* all try to parse your configuration file by hand. But why
don't you give slaptest(8) a try?
On Wed, 3 Sep 2008, Howard Chu wrote:
Specifically, are 2.3 slaves and 2.4 providers expected to interact well?
Yes, if it's a new enough 2.3.
Where/how are the differences handled? (There are differences, right, like
entryCSN time resolution?) "New enough 2.3" has smarts to read these? Or
Are there any wire-visible changes to syncprov in the 2.4 series?
Specifically, are 2.3 slaves and 2.4 providers expected to interact well?
On Thu, 14 Aug 2008, Craig Worgan wrote:
Is there any 'official' documentation describing how to build OpenLDAP
for Windows? I can't find anything on the OpenLDAP site or on the
mailing lists.
I think the mailing lists have discussed that MinGW is the officially
unofficial method. Or maybe t
On Wed, 6 Aug 2008, Jeff Blaine wrote:
Is there really no LDAP schema repository website? I've
Assuming that your license is compatible, you're welcome to contribute it
to OpenLDAP via an ITS. (See full details on www.openldap.org.) Even if it
doesn't qualify to be distributed with the core
On Tue, 5 Aug 2008, Pat Riehecky wrote:
access to dn.sub="dc=testldap,dc=iwu,dc=edu" attrs.regex="IWU.*"
Am I right? Is there no way to do attrs regex matching?
So says slapd.access(5):
attrs=[ val[/matchingRule][.]=]
Notice that modifies val, not attrs.
On Wed, 30 Jul 2008, [EMAIL PROTECTED] wrote:
Hi - is there a way (dangerous though) to clear a directory and start
again? I am having an issue by which I can search for an entry, but not
delete it.
The entire directory? Stop slapd and use rm on *bdb* alock log.*, assuming
back-{b,h}db. Make
On Tue, 29 Jul 2008, Michael Ströder wrote:
I have two suffixes with two bdb backends, in the first suffix you find
internal and in the second suffix you find external users.
You could glue the suffixes together under a common suffix if it does not
violate your security requirements and place
On Fri, 25 Jul 2008, Guillaume Rousse wrote:
First, using a distinct database doesn't allow to provide a virtual view
from a branch in my original database to another branch in the same
database. Meaning, I can't have ou=telephony,dc=myprefix a virtual view
of ou=users,dc=myprefix, I need to use
On Fri, 25 Jul 2008, Norman Gaywood wrote:
Jul 25 14:24:54 janus slapd[15043]: conn=19 op=1 RESULT tag=107 err=80 text=DN
index delete failed
[...]
http://www.openldap.org/lists/openldap-software/200801/msg00257.html
That all happened around the same time I hit some extremely odd
corruptio
On Wed, 23 Jul 2008, [EMAIL PROTECTED] wrote:
So the problem must be somewhere in the "make install" step - in a simplistic
Good experimentation. I think we're on the right track but pointing at the
wrong program. You're probably still getting hit by GNU binutils, but not
ld -- it's strip. (
On Thu, 24 Jul 2008, Kick, Claus wrote:
One "easy" way to ensure this would be to use the (free as in beer) Sun
Studio compilers, http://developers.sun.com/sunstudio/. They are known
to work with OpenLDAP.
That is useful information - could that be stored somewhere in the
OpenLDAP FAQs? IIRC,
On Wed, 23 Jul 2008, Kick, Claus wrote:
I know it is a weird question, but we had huge problems with compiling
things with the standard sun ldd.
I don't think you mean ldd, I think you mean ld. I'm not aware of any ldd
reimplementation -- who reimplements the dynamic linker for Solaris?
(Don
On Mon, 14 Jul 2008, Jeff Adams wrote:
-- what does "rscxd" mean? Is this line really saying that only read access
Read about the "priv access model" in slapd.access(5).
On Thu, 12 Jun 2008, Erich Weiler wrote:
noticing is that is I restart slapd on the master server, it seems that the
slave server stops syncing properly. i.e. if I make a change on the master,
Modify sysctl's such as net.ipv4.tcp_keepalive_time,
net.ipv4.tcp_keepalive_intvl, and net.ipv4.tc
On Thu, 12 Jun 2008, Sven Buchstaller wrote:
i need an user "it" they can modify on my ldap the passwords for all users.
atm my settings in the acl.conf are:
[cut]
can i do like this:
access to dn.subtree="ou=users,dc=server1,dc=intern"
by self write
by dn="uid=intern,ou=users,dc=server1,dc=inte
The better way would be to change limits.c...we've seen a few requests for
this over time...
Your workaround sounds plausible. I'd consider using a back-ldap on the
limited server that proxies to the unlimited server.
The sizelimit directive is marked ARG_MAY_DB. So one workaround that may
o
I added the following to my schema directory:
dn: cn=schema
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who
may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
[...etc...]
and referenced
On Fri, 23 May 2008, Paul Stephens wrote:
[sol10, gcc 3.4.6, and]
os-ip.c:522: error: `AF_INET' undeclared (first use in this function)
Based off my Sol9 systems, it looks like you're missing sys/socket.h. Did
autoconf properly pick up HAVE_SYS_SOCKET_H?
My gut feeling is that autoconf is O
On Wed, 7 May 2008, Mark W Apperson wrote:
I would like to keep plain text passwords out of config files. We are
I think we've discussed this quite a bit on the list. You'll need to use
some mechanism other than a simple shared secret (perhaps certificates or
Kerberos) if you've got reason
On Tue, 6 May 2008, Daniel Durgin wrote:
What is the best way to convert .schema files into schema.ldif files?
I'd use slaptest, i.e.
$ echo include /etc/openldap/schema/core.schema > convertme.conf
$ mkdir outputdir
$ slapd -T test -f convertme.conf -F outputdir
config file testing succeeded
I'm not entirely sure, but I think you're asking to rewrite attribute
values (aka "right hand sides"), e.g.:
[on disk you have]
attribute: value=something,base=oldBase
[but you want the clients to see]
attribute: value=something,base=newBase
You should be able to do this by rewriting searchAt
Given:
overlay "syncprov" not found
with the availability of
/usr/lib/ldap/syncprov-2.4.so.2 /usr/lib/ldap/syncprov-2.4.so.2.0.3
/usr/lib/ldap/syncprov.la /usr/lib/ldap/syncprov.so
you likely want "modulepath /usr/lib/ldap" and "modulepath syncprov" in
your configuration.
1 - 100 of 533 matches
Mail list logo
