>> I'm really missing something: you configure slapo-dynlist with
>>
>> overlay dynlist
>> dynlist-attrset groupOfURLs memberURL member
>>
>> this means that the entryDN (i.e. the DN) of each entry matching the
>> search URI should be added to the group entry as "member" (the last
arg
>> to the dy
>> What are you trying to accomplish?
>>
>Add high availability to my master servers, avoiding replication.
Why avoid replication? Multimastering is not necessarily bad, if done
right. If you have two masters, but always write to one, with the
other as a hot standby, you have the high avai
>-Original Message-
>From: [EMAIL PROTECTED]
[mailto:openldap-software->[EMAIL PROTECTED]
rg] On Behalf Of John Madden
>Sent: Thursday, December 06, 2007 1:39 PM
>To: Howard Chu
>Cc: Buchan Milne; openldap-software@openldap.org; Taymour A. El Erian
>Subject: Re: Active/Active servers
>
>> I
> Howard Chu wrote:
>> Aaron Richton wrote:
>> Multimaster support is present in OpenLDAP 2.4.
>
>That's not quite the complete answer though. He's also talking about
two
>servers sharing the same storage. In general, that is not supported in
>BerkeleyDB and is certainly not supported by back-bdb
What did you use when you generated your certificate? Important thing is that
they match.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cristian Laufer
Sent: Thursday, December 06, 2007 9:50 AM
To: Quanah Gibson-Mount; openldap-software@openldap.org
S
>I'm not sure if this is truly a vulnerability, but I thought I'd put it
out there for discussion.
>
>I have set up so a default ppolicy such that 3 old passwords are stored
in a users pwdHistory attribute.
>
>When I back up the bdb database via slapcat -l backup.ldif the
userPassword field looks t
I believe you can just not create a rootdn (or not define a password for
it? Or maybe define a password like {crypt}*NOLOGIN* (or an
md5/sha/ssha equivalent) that can't be used (not a valid hash)?), so you
effectively disable the rootdn, but create a normal account that has
full access to everythi
>From: Hallvard Breien Furuseth [mailto:[EMAIL PROTECTED]
>Are you interested in non-RFC features in OpenLDAP that Sun does not
>have? First you say yes, then no.
>
>Also, are you interested in clients? The library? Otherwise don't say
>just "OpenLDAP", since that's both server, libraries and c
>Howard Chu <[EMAIL PROTECTED]> writes:
>> I suppose we need to update our published roadmap. I don't consider
SSS
>> or VLV to be particularly important or well-designed features. In
fact
>> OpenLDAP has an RFC-compliant implementation of SSS which is a pure
>> no-op; this is perfectly compliant
>> I see one valuable use for SSS - guaranteed search return order.
>> Regardless of the sort algorithm, knowing that searches will always
>> return entries in the same order allows for easy comparison, merge
>> sorts, or differentials with another list - as in necessary during
the
>> reconciliatio
>>> from reading the AdminGuide and a quick search through the
FAQ-o-Matic I
>>> couldn't gather how I'd insert a new ACL between the existing rules
2
>>> and 3...
>>
>> Reread section 5.3.6 of the Admin Guide. This has been documented for
>> more than a year.
>
>I took my time to read that secti
>Clowser, Jeff (Contractor) wrote:
>>
>> Unknown:
>
>I guess "unknown" means you couldn't determine the status of support in
>slapd.
Correct - means _I_ couldn't find it in the faq, admin guide, or man pages
(doesn't mean it wasn't ther
Looks like the trailing " (quotes) on the dn in your ldif file.
> why if i want to add user to base i have error: ldap_add: Invalid DN
syntax (34) , i can't find where can be problem :/ , somebody know which
mistake i do ?
>...
>// tester.ldif //
>dn: cn=test_5,ou=stud,dc=aaa,dc=ws,dc=com" //
>> Unknown features:
>> - Per user resource limits (sizelimit, timelimit, idletimeout, etc).
I
>> think Howard Chu said OpenLDAP has some of this, but I haven't seen
any
>> reference to it or how to use it in the docs (does this functionality
>> exist, and if so, is there any documentation?)
>
>man
I'm currently doing a review to see how OpenLDAP compares, *feature
wise* ATM, to other directory servers and specifically to the Sun DS -
i.e. to get a definitive list of features it's missing that Sun has and
what it has that Sun doesn't have, etc. For brevity, I haven't included
all the potenti
Your search was for "cn=NextFreeUnixId...", but then tried to update
"cn=NextFreeUnixIdPool...". Is the "Pool" on the end supposed to be
there - does THAT entry exist (that's not what your searched for)?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of
>> I suppose the *real* solution is to use the multi-mastering
capability
>> in 2.4 to keep it in sync, but use it as if it's mirror mode (i.e.
all
>> writes to a single master, with the second as a hot standby), with
the
>> MM conflict resolution kicking in if needed because someone wrote to
the
>Howard Chu wrote:
>> When a network partition occurs, there are a number of cases where
>> synchronization may still fail. I.e., we don't yet support
attribute-level
>> conflict resolution, so if multiple changes are made to the same
entry, even
>> if they are non-conflicting from a logical stand
I have a question about mirror mode, and how it's different from
"multimaster".
In servers like Sun or Red Hat's directory server, a simplified
description of what they term multimaster is that more than one server
can accept writes simultaneously, and it will then propogate all changes
to other s
Just as a refresher, here's your logs from a previous post (had to go
back and look em up):
Nov 2 11:15:07 pen slapd[18902]: conn=8 op=0 BIND
dn="cn=Manager,dc=ncl,dc=ac,dc=uk" method=128
Nov 2 11:15:07 pen slapd[18902]: conn=8 op=0 BIND
dn="cn=Manager,dc=ncl,dc=ac,dc=uk" mech=SIMPLE ssf=0
Nov
That's because ou=SOMETHING,o=SOMETHING and ou=something,o=something are
equivalent DNs.
In general, that's just plain a bad idea to design a tree where you have
dn's that are identical other than case (assuming it's even possible),
for the exact case you are running into. But... my guess would
In slapd.com, you have:
Suffix "dc=ggw,dc=nws,dc=noaa"
So your server is not defined to know anything above that. By
attempting to add the "dc=nws,dc=noaa" entry, you are effectively trying
to add something your server is not configured to serve. Try removing
that from your ldif file (or make th
22 matches
Mail list logo
