Perhaps use iotop while you do a big search?
On Sat, Oct 29, 2011 at 11:11:44AM +0800, Adam Wale wrote:
> Hi,
>
> Thanks for the response, unfortunately we are already using loglevel 0, and
> are not using slapd -d.
>
>
> From: Hallvard Breien Furuseth [
Hi,
Thanks for the response, unfortunately we are already using loglevel 0, and are
not using slapd -d.
From: Hallvard Breien Furuseth [h.b.furus...@usit.uio.no]
Sent: Saturday, 29 October 2011 8:47 AM
To: Adam Wale
Cc: openldap-technical@openldap.org
Sub
Flack, Simon writes:
> Has anyone tried creating an index in openldap to speed-up inequality
> searches ( eg of the form modifyTimestamp>=20111025162408Z ) on the
> modifytimestamp or createtimestamp attributes ?
>
> If so, what type of index did you create,
I haven't tried recently, but use an '
You should embed the correct path by adding -R/usr/local/BerkeleyDB.4.6/lib
to your LDFLAGS at compile time, or set LD_RUN_PATH before compiling, which
works similarly.
It is unwise to leave location of BDB libraries to chance, as if you are
relying on OS provided default libraries, they will freq
Adam Wale writes:
> I'm observing an issue where a large number of searches against an
> openldap server results in a large amount of disk writes occurring.
Maybe you have set a high loglevel in slapd.conf, or you are using the
slapd '-d' argument.
Loglevel is what gets logged to syslog. Default
On a redhat 6, openldap 2.4 and cyrus-sasl 2.1.23.
I create a sasldb syncuser user, in my slapd.d configuration I add:
OlcAuthzRegexp: {0} " uid=syncuser, cn=DIGEST-MD5, cn=auth " " cn=syncuser,
dc=xxx, dc=fr "
I give the right of reading has the utisilsateur ldap on sasldb.
PB during a ldapsear
On 10/27/2011 12:05 PM, Braden McDaniel wrote:
On Thu, 2011-10-27 at 08:44 -0600, Rich Megginson wrote:
[snip]
What is your /etc/openldap/ldap.conf?
That question led me to a bogus setting for TLS_CACERTDIR. First, I
tried simply commenting the line out, figuring the value of
olcTLSCACertifi
On 10/27/2011 08:37 AM, Braden McDaniel wrote:
On Wed, 2011-10-26 at 22:28 -0500, Dan White wrote:
On 26/10/11 22:53 -0400, Braden McDaniel wrote:
I am trying to get OpenLDAP (2.4.24) working with NSS on Fedora 15. In
cn=config.ldif I have:
olcTLSCACertificatePath: /etc/pki/nssdb
Hi,
I'm observing an issue where a large number of searches against an openldap
server results in a large amount of disk writes occurring.
I have 10 hosts performing the same workload, the hosts are running slapd
2.4.21 under Ubuntu Lucid. If I stop searching against one of the hosts I see
dis
All,
Has anyone tried creating an index in openldap to speed-up inequality
searches ( eg of the form modifyTimestamp>=20111025162408Z ) on the
modifytimestamp or createtimestamp attributes ?
If so, what type of index did you create , did openldap perform reads
faster than with no index and
Dear community,
I would like to specify the complexity of the password for users.
For exemple a password must contain :
one specific character such as : !£"$%^&*()-_+=:;'@~#?<>
one capital letter
etc...
The password policy overlay only authorize to specify the number of character.
Is that poss
I am attempting to configure OpenVPN to use openldap to authenticate our Active
Directory users who are a member of our VPN group in AD. Here is my ldap config
for OpenVPN. Specifically I need the filter string to allow enabled users who
are a member of the _VPN group. The one you see below is f
I updated from 2.4.21 to 2.4.23 in some old Fedoras and also in a CentOS
5.4.
Before compiling, I run:
export LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.6/lib
export CPPFLAGS="-I/usr/local//BerkeleyDB.4.6/include"
export LDFLAGS="-L/usr/local/BerkeleyDB.4.6/lib"
and it compiles ok. But after inst
Ok thanks you all :)
A solution should be to create :
dn:
autoumountMapName=auto_master,cn=autoumountMap,dc=subnet,dc=example,dc=com
dn:
autoumountMapName=auto.master,cn=autoumountMap,dc=subnet,dc=example,dc=com
dn: autoumountMapName=auto.home,cn=autoumountMap,dc=subnet,dc=example,dc=com
and add
Cheap advice inline.
On Fri, Oct 28, 2011 at 11:44:25AM -0400, John Tobin wrote:
>Folks,
>
>I have openldap up, it supports vsftpd, sshd, and 5 client linux machines
>for remote login.
>
>I would like to get tls working. I would support either ldaps [port 636],
>or the tls av
After modifying a configuration file on Linux CentOS, the rpm updater
doesn't replace it anymore. It is good, and bad ! because most of these
worksations will be running almost 5 years without reinstallation.
Isn't it worth using some sort of back-relay+slapo-rwm ?
Cheers,
Rafael.
2011/10/28 Jam
Folks,
I have openldap up, it supports vsftpd, sshd, and 5 client linux machines
for remote login.
I would like to get tls working. I would support either ldaps [port 636], or
the tls available on port 389, I am aware of the differences in
implementation, and the fact that an administrator effect
Well, if your automount-informations are not the same on both OSes then you
clearly have to duplicate/arrange them ;).
People here use several programs which save the working directory for each
project. That (and the fact that users can log onto whatever worstation they
want to) makes me mount all
Hi,
On Friday, October 28, 2011 10:13:53 am Frava wrote:
>
> The entries contained in "automountMapName=auto_home" and
> "automountMapName=auto.home" will be exactly the same ones; SO
> what is the best way to implement it without duplicate them ? Using aliases
> or rwm+relay ?
As long as the au
OS X needs to have an "automountMapName=auto_master" and
"automountMapName=auto_home" located in
"cn=automountMap,dc=subnet,dc=example,dc=com"
Linux needs to have an "automountMapName=auto.master" and
"automountMapName=auto.home" located wherever I want in
"dc=subnet,dc=example,dc=com"
The en
Hello,
I'm configuring Autofs maps via OpenLDAP for some OS X (10.5/6/7) and Linux
CentOS (5/6) boxes, and I'm running into a little problem.
OS X needs to have an "automountMapName=auto_master" and
"automountMapName=auto_home" located in
"cn=automountMap,dc=subnet,dc=example,dc=com"
Linux needs
2011/10/28 Hugo Deprez :
> Hello,
>
> any idea ?
>
Hello Hugo,
you have to use a password checker module. Some of member of this list
have developped such modules, the one I used is here:
http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password
Clément.
Am 28.10.2011 09:44, schrieb Stewart Walters:
> On any given Linux system (assuming that's what your using), NSS and PAM do
> all the authentication.
>
> In terms of client tools, they link to (and therefore leverage) NSS and PAM,
> which OpemLDAP plugs in to.
>
> It's often irrelevant if you use
Pierangelo Masarati wrote:
> Time permitting, I think adding support for assertion, pre/post-read and so
> would be extremely useful; I'd like to work at it.
Regarding assertion control: ITS#6916 is still open...
BTW: I switched off using the assertion control for modify requests in
web2ldap if t
On 10/28/2011 09:35 AM, Michael Ströder wrote:
Howard Chu wrote:
masar...@aero.polimi.it wrote:
Michael Ströder wrote:
Does back-config support the Post Read Control? That would be handy for
retrieving the renumbered DN after an Add or Modify request.
Hmm, experiments shows that this does wo
Howard Chu wrote:
> masar...@aero.polimi.it wrote:
>>> Michael Ströder wrote:
Does back-config support the Post Read Control? That would be handy for
retrieving the renumbered DN after an Add or Modify request.
>>>
>>> Hmm, experiments shows that this does work. Server returns:
>>>
>>> "C
Hello,
any idea ?
Hugo
On 25 October 2011 10:06, Hugo Deprez wrote:
> Dear community,
>
> I would like to specify the complexity of the password for users.
>
> For exemple a password must contain :
> one specific character such as : !£"$%^&*()-_+=:;'@~#?<>
> one capital letter
>
> etc...
>
> Th
27 matches
Mail list logo