Dear list!
I have a DNS related question.
I have server named bigbox.example.com
bigbox hosts LDAP and Kerberos KDC for domain .example.com
So there are three 'A' DNS entries that point to the same IP (in that order):
Abigbox.example.com 10.0.0.10
Adirectory.example.com
Hm, what does this question have to do with OpenLDAP software?
ldapsearch knows nothing about DNS or Kerberos. The behavior you're
seeing is Kerberos-specific, and has nothing to do with LDAP or OpenLDAP
software.
You are right. With simple bind (-x) ldapsearch does not do any of the
reverse loo
Dear, list!
I'm trying to implement dynamic posixGroup using dynlist overlay. The
problem is that both posixGroup and groupOfURLs are STRUCTURAL object
classes, i.e. do not stick together.
dyngroup.schema states:
"Dynamic Group schema (experimental), as defined by Netscape"
I've checked schemas
This description is semantically equivalent to that provided in
dynschema. That is, both describe the class as structural.
Thank you for reply. Back to original problem:
How can I implement "Dynamic posixGroup" - i.e. posixGroup with
memberURL atributte evaluated by dynlist overlay.
-- Kurt
Dear, list!
I'm using OpenLDAP with SASL GSSAPI.
If I leave minssf to be 56, all works smoothly, but when trying to set
minssf to something more then 56, for example 112, 128 or 256, I get
the following error:
ldapsearch -d 1 -Y GSSAPI -b "uid=foo,ou=people,dc=example,dc=com" -s base
ldap_
Dear List!
I have dynlist overlay configured in the following way:
dynlist-attrset groupOfURLs memberURL uniqueMember
Also I have this dynamic group:
dn: cn=audio,ou=PosixGroups,ou=Groups,dc=example,dc=com
cn: audio
description: All users eligible to use audio devices
objectClass:
This issue has been discussed many times, and it should be clear enough
from slapo-dynlist(5) man page. Your expectation does not comply with
the rationale of dynlist. In fact, for your expectation to hold,
dynamic list expansion should occur __before__ filtering. A first
adverse consequence is
On 10/6/06, Dan O'Reilly <[EMAIL PROTECTED]> wrote:
Using ldapsearch on a VMS system to attempt to do a directory lookup using
SSL to a non-OpenLDAP directory on another system. I verified the root CA
certificate is correct using:
Any ideas? I've been pulling my hair out over this for a coupl
On 10/6/06, Dan O'Reilly <[EMAIL PROTECTED]> wrote:
At 06:41 PM 10/5/2006, Hai Zaar wrote:
>On 10/6/06, Dan O'Reilly <[EMAIL PROTECTED]> wrote:
>>Using ldapsearch on a VMS system to attempt to do a directory lookup using
>>SSL to a non-OpenLDAP directory on
Dear list!
Is there any way to specify sasl-secprops separately for each transport type?
For ldapi:/// is want "sasl-secprops noanonymous,noplain",
and "sasl-secprops noanonymous,noplain,noactive" for the rest.
The idea is to require SASL GSSAPI for everyone with only exception
for clients conne
Why don't you just remove the SASL mechanisms you don't want? The
SASL/EXTERNAL will always be there
Does not look like that - if I set "sasl-secprops
noanonymous,noplain,noactive" then heimdal-kdc, which uses
SASL/EXTERNAL over slapi fails to connect (removing 'noactive' solves
that).
Karst
I have bash script that does this:
hostDN=( $(ldapsearch | grep '^dn' | cut -d ' ' -f 2) )
The problem is that if the 'dn' line is too long, ldapsearch splits it
to several lines according to LDIF rules.
Is there any way to tell ldapsearch not to split lines (or does it
depends on server si
2006/11/16, Buchan Milne <[EMAIL PROTECTED]>:
If I need to do something like this on the shell, I typically use something
like:
ldapsearch|perl -p0e 's/\n //g'|awk -F: '/^dn/' '{print $2}'
Thanks, I've tried to do the same with sed - did not work.
Not at present, some patches were proposed
13 matches
Mail list logo
