.
> Jun 20 11:54:57 huttonlinux slapd[15029]: conn=3 op=2 RESULT tag=97
> err=53 text=control unavailable in context
>
> A detailed log (-d 9) gives this:
>
> slap_global_control: unavailable control: 1.3.6.1.4.1.42.2.27.8.5.1
> (seems to be ppolicy related control)
> send_ldap
ccess Control Model is described in draft-legg-ldap-acm-bac-xx.txt,
which is an adaption of the X.500 Basic Access Control and Simple Access
Control scheme to LDAP.
Note, however that both drafts expired already some time ago.
--
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-9040
At least that
is how I interpreted the man-pages and how my test setup behaved.
So you probably want to restrict the idassert-authzFrom option in your
enviroment.
> What "service/[EMAIL PROTECTED]" gets mapped to on the remote server
> IS "cn=mailrouter,cn=service,cn=applications,dc=stanford,dc=edu" by the
> authz-regexp rule on the remote server.
--
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - [EMAIL PROTECTED]
>> just the last part of the output. Let me know if I need more. For
> >>> what it is worth, I did the 'he' search shown at the bottom below
> >>> and it did not fail Thanks!
> >>>
> >>> -Original Message-
> >>>
On Friday 30 March 2007 07:41, Tony Earnshaw wrote:
> Matthew Hardin wrote, on 29. mar 2007 19:13:
>
> [...]
>
> > Those are not your only two options. In fact, many Linux distributions
> > are notorious about lagging many releases behind current OpenLDAP. Buchan
> > Milne and one or two others kee
On Thursday 12 April 2007 10:38, Joachim Hergeth wrote:
> Hello list,
>
> I have an OpenLDAP provider/consumer installation on two SLES10 systems.
> One is set up as a provider LDAP, the second is a consumer LDAP using
> "refreshOnly" synrepl synchronization. The LDAP provides user
> information fo
On Tuesday 17 April 2007 23:33, Quanah Gibson-Mount wrote:
> --On Tuesday, April 17, 2007 5:29 PM -0400 Andrew Scott
>
> <[EMAIL PROTECTED]> wrote:
> > Confused is a very apt description of what I am right now.
> >
> > I'm wading through the nightmare that is getting Linux machines to auth
> > with
On Tuesday 19 June 2007 14:57, Eder wrote:
> Hello all,
>
> I am having problems to compile the code below with C++, in the
> version oldest of the OpenLdap I did not have this problem.
>
> =code
[..]
> end
>
> % c++ -I/usr/local/inclu
On Tuesday 24 July 2007 21:18, Emmanuel Dreyfus wrote:
> Howard Chu <[EMAIL PROTECTED]> wrote:
> > When you run OpenLDAP's configure script you will see:
> >
> > checking OpenSSL library version (CRL checking capability)... no
> >
> > indicating that your OpenSSL library doesn't support it. Otherwi
Am Do 26 Jul 2007 18:39:22 CEST schrieb Donn Cave <[EMAIL PROTECTED]>:
On Jul 26, 2007, at 1:28 AM, Ralf Haferkamp wrote:
[... re CRL checks ...]
They should work with 0.9.7d. IIRC that was the version I used when
implementing CRL support.
Right.
Note: As stated in the man
ERY NOT CACHEABLE
>
> Jul 23 14:54:16 host1 slapd[26671]: conn=49 op=1 SEARCH RESULT tag=101
> err=0 nentries=0 text=
>
> Note that there's no 'SRCH attr=' line.
>
> I've tried proxyattrset of the following forms...
>
> proxyattrset 1 *
> proxyattr
On Freitag, 27. Juli 2007, Toby Blake wrote:
> Bad form replying to myself, I know, but...
>
> > http://www.openldap.org/lists/openldap-bugs/200610/msg00090.html
> >
> > which claims, in slapd.conf comments, that "Only one
> > proxyattrset definition may appear for any cache set".
>
> Which wa
On Mittwoch, 12. September 2007, Dieter Kluenter wrote:
> Hi,
>
> Quanah Gibson-Mount <[EMAIL PROTECTED]> writes:
> > --On Tuesday, September 11, 2007 5:26 PM +0200 Dieter Kluenter
> >
> > <[EMAIL PROTECTED]> wrote:
> >> Hi,
> >> OpenLDAP-2.4.5beta
> >> SuSE-10.2
> >> db-4.4.20
> >> glibc-2.5.25
>
On Samstag, 3. November 2007, Keagle, Chuck wrote:
> Are there any available openldap-2.3.38.spec files out there for SLES
> 9.3?
I regulary build the latest OpenLDAP version for many of our products (SLES9
among them) through the openSUSE build service. For SLES9 you can get the
latest packages
On Mittwoch, 21. November 2007, Nathan Morrow wrote:
> Since they were listed as warnings I wouldn't have expected slapd to exit.
> Just not cache anything. But I can understand how it would have no effect.
>
> But I guess I am still lost. BTW, thanks for all the help so far.
>
> The errors say 1
endecke was talking about at LDAPcon
> 2007 regarding enumeration of groups. See his slides:
>
>
http://www.guug.de/veranstaltungen/ldapcon2007/slides/ldapcon_lendecke.pdf
If that really is the problem. How about disabling getgrent for
nss_ldap. nss_ldap supports that since some version
On Freitag, 11. April 2008, Rick Stevens wrote:
> Howard Chu wrote:
> > Chris G. Sellers wrote:
> >> Rick,
> >>
> >> try
> >>
> >> ldapsearch -{normal stuff here} cn= '*' '+'
> >>
> >> And then man ldapsearch and read the 'operational' section of the
> >> manpage (near the top)
> >>
> >> On Apr 1
On Montag, 11. August 2008, Emmanuel Dreyfus wrote:
> Howard Chu <[EMAIL PROTECTED]> wrote:
> > Get a gdb backtrace of the hang.
> >
> > Show us your nsswitch.conf...
>
> Here is nsswitch.conf:
> group: files ldap
> group_compat: nis
> hosts: files dns
> netgroup: files [n
Am Mittwoch 12 November 2008 17:27:30 schrieb Gavin Henry:
> Hi All,
>
> I'm just writing up the small overlay section on slapo-syncprov (not much
> to it), but the man page has confused me:
>
>syncprov-sessionlog
> Specify a session log for recording information about
>
Am Freitag 21 November 2008 00:33:03 schrieb Maykel Moya:
> slapd is giving me unwilling to perform when I try to delete an overlay
> (slapo-syncprov or slapo-accesslog) using cn=config. How can I delete
> them?
Compile a recent 2.4 release (or HEAD) with -DSLAP_CONFIG_DELETE that should
give you
Am Samstag 22 November 2008 07:53:27 schrieb Brett @Google:
> I am getting a strange problem on SuSE 10.2.
>
> When build RE24, approx since the last two releases, and make test fails
> (but the openldap itself works).
>
> laptop:/home/myuser/keep-ldap/openldap-src # make test
> cd tests; make test
Am Sonntag 23 November 2008 20:57:46 schrieb Howard Chu:
> Most likely you are both seeing a bug in glibc, documented in our ITS#5251.
To workaround the problem remove "localhost", from the "::1" line in
/etc/hosts. The underlying glibc problem will be fixed with openSUSE 11.1.
regards,
R
Am Donnerstag 11 Dezember 2008 16:39:24 schrieb Andrzej Jan Taramina:
> Howard replied:
> > This was just discussed on -technical as well. You can delete
> > individual
> > schema elements using ldapmodify. You cannot delete entire cn=config
> > entries
> > (using ldapdelete). There are no plans to
Am Freitag 27 März 2009 08:51:57 schrieb Michal Rejda:
> Hello,
>
> Im trying to delete olcDatabase={1}bdb,cn=config using ldapmodify:
>
> dn: olcDatabase={1}bdb,cn=config
> changetype: delete
>
> But the server answer is:
>
> deleting entry "olcDatabase={1}bdb,cn=config"
> ldap_delete: Server is
Am Montag 30 März 2009 09:41:30 schrieb Michal Rejda:
> > Am Freitag 27 März 2009 08:51:57 schrieb Michal Rejda:
> > > Hello,
> > >
> > > Im trying to delete olcDatabase={1}bdb,cn=config using ldapmodify:
> > >
> > > dn: olcDatabase={1}bdb,cn=config
> > > changetype: delete
> > >
> > > But the ser
Am Dienstag 09 März 2010 09:02:53 schrieb Dieter Kluenter:
> Hi,
> when adding a subtree object, it is occasionally not properly created,
> instead only a glue object is created:
>
> ,[ created glue object ]
>
> | dn: o=x,dc=abook,dc=example,dc=com
> | entryUUID: a3a1368a-a12f-102e-941f-a
Hi,
Am Mittwoch 21 April 2010 17:50:31 schrieb Frank Swasey:
> We are setting up a new service that is going to actually hold
> passwords in the OpenLDAP database instead of using Kerberos (via
> sasl and saslauthd). To that end, I'm investigating ppolicy.
>
> However, what I haven't found in th
On Thursday 30 March 2006 19:47, Fran Fabrizio wrote:
> I am having a bit of trouble getting an ACL set correctly and could
> use an extra set of eyes to look at this and help me debug what the
> problem is. ACLs are not my strong point and I am in a jam with this
> today. Thanks.
>
> Here is the
es (gcc,libtool,
> autoconf, etc.) there and ran make.. voila!
Could you please try againg with gcc and the current sources from cvs HEAD? I
just recreated the autoconf/automake and libtool related files there. If it
still doesn't work please report it via the ITS.
--
thanks,
Ralf
On Wednesday 07 June 2006 12:17, Lise Didillon wrote:
> At 17:01 06/06/06 -0700, Kurt D. Zeilenga wrote:
> >At 08:14 AM 6/6/2006, Lise Didillon wrote:
> > >I use now openldap-2.3.19.
> > >Why do I have to "#define LDAP_DEPRECATED 1" in my program (writen for
> >
> > openldap 2.0.27) to use ldap_in
On Tuesday 13 June 2006 23:21, Jonathan Abbey wrote:
> On Thu, Jun 08, 2006 at 10:23:36AM +0200, Lise Didillon wrote:
> | Thank you very much, I've no more questions about ldap_deprecated. It's a
> | very good documentation
>
> How long have the functions that are guarded by LDAP_DEPRECATED been
>
On Wednesday 02 August 2006 15:19, Jakob Breivik Grimstveit wrote:
> Suddenly my small SLES9 OpenLDAP server stopped responding, and
> restarting does not help. Even telnet localhost 389 on the server fails.
>
> /var/log/messages only says
>
> Aug 2 15:03:01 bgnl1-2 slapd[18263]: @(#) $OpenLDAP: s
g/OpenLDAP
There is a back-perl subpackage available as well (but as Quanah already
mentioned back-perl is experimental and more or less unmaintained currently).
The packages have module support and pproxy is included.
Btw, this might also be worth a look:
http://www.openldap.org/faq/data/cac
On Sunday 17 September 2006 10:18, Howard Chu wrote:
[..]
>
> The chaining overlay will allow any slave (slurpd or syncrepl) to
> forward writes to the master. Matthew is asking for something slightly
> different, he wants the receiving slave to update its own database
> immediately, while forwardi
On Tuesday 26 September 2006 12:50, Moire wrote:
[..]
> Am 20.09.2006 um 19:19 schrieb Darko Delinac:
> > Limit the search scope to base (-s base) and as a base use the DN,
> > something like this:
> >
> > ldapsearch -x -h my_ldap_server -b "cn=Michael
> > Voss,ou=Eng,o=Firm,dc=domain,dc=org" -s ba
ble in a single database with current code.
Even if you want to replicate only to a subtree of a database the whole
database is handled as a read-only shadow copy.
You might try to split your data to multiple database and glue them together
with backglue. But there seem to be other issues. See e.g. ITS#4626 or recent
posts on this list.
--
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
On Thursday 11 January 2007 16:37, Pierangelo Masarati wrote:
> Andreas Taschner wrote:
> > We have a setup with a very high number of binds, so running with
> > loglevel 256 floods the log file. According to
> > http://www.openldap.org/lists/openldap-software/200205/msg00120.html John
> > Dalbec w
amp;hostres)) != LDAP_SUCCESS) {
> fprintf(stderr,"Cannot find entry");
> return -1;
> }
>
> if((hostent = ldap_first_entry(ld, hostres))== NULL) {
> fprintf(stderr, "No matchinh entry found");
> return -1;
> }
>
> hostdn = ldap_get_dn(ld,hostent);
> printf("\n Result is out succssfully:%s\n",hostdn);
> return 1;
> }
>
>
> -Kalyan
--
regards,
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
38 matches
Mail list logo
