Re: Solved: Re: Possible ACL Issue while try to read Root DSE

Am Wed, 30 Nov 2011 22:05:24 +0100 schrieb Axel Birndt : > Hi @all & thanks for your help! > > Am 29.11.2011 12:28, schrieb Axel Birndt: > > > > > > Am 29.11.2011 10:10, schrieb Ondrej Kuznik: > > > >> On 11/29/2011 09:13 AM, Axel Birndt wrote: > >> You should expect a response exactly like this

Re: Solved: Re: Possible ACL Issue while try to read Root DSE

Axel Birndt wrote: > {0}to dn.base="" by * read > {1}to dn.base="cn=schema,cn=config" by * read > {2}to dn.base="cn=Subschema" by * read > > But, does the first rule meaning, that everone could read all in this > frontend?? dn.base="" limits the ACL to the root DSE which does not contain confide

Re: Solved: Re: Possible ACL Issue while try to read Root DSE

Hi Dieter, Am 01.12.2011 09:27, schrieb Dieter Klünter: Am Wed, 30 Nov 2011 22:05:24 +0100 schrieb Axel Birndt: Is this security conform? Or it is better to allow only authenticated Users to read this? Are there any best practices for this? dn.base="" exposes rootDSE which has to be read b

Re: unclean shutdown detected; attempting recovery - question

Hello, thanks a lot for your info. > You need to cleanly shut down slapd before rebooting. And/or fix your init > scripts to correctly shut down slapd when rebooting. Due to windows OS i cannot make sure that slapd.exe is not killed, after 40 secs at shutdown every process gets killed. > Ot

Overlay ordering and compatibility

Hello, We are using overlays: auditlog, dynlist, syncrprov and we would like to evaluate the deployment of MemberOf overlay as well. Is there a suggested ordering of the above overlays? (I've read that ordering matters.) In general: * Is there a suggested ordering list of all standard ove

Re: Solved: Re: Possible ACL Issue while try to read Root DSE

Am Thu, 01 Dec 2011 10:26:32 +0100 schrieb Axel Birndt : > Hi Dieter, > > Am 01.12.2011 09:27, schrieb Dieter Klünter: > > Am Wed, 30 Nov 2011 22:05:24 +0100 > > schrieb Axel Birndt: > > >> Is this security conform? Or it is better to allow only > >> authenticated Users to read this? > >> > >> A

pwdCheckModule not loaded

Hi together, I want to setup password policy in a small company. We’re using openldap for a while without any pw constraints. Now I got ppolicy working and pw update fails correctly on the defined constraints. But I am not able to load the pwdCheckModule. I implemented some basic

Re: pwdCheckModule not loaded

2011/12/1 Fabian Heinz > Hi together, > > ** ** > > I want to setup password policy in a small company. > > ** ** > > We’re using openldap for a while without any pw constraints. > > ** ** > > Now I got ppolicy working and pw update fails correctly on the defined > constraints.

Re: Security between server and client nodes.

On Wed, 30 Nov 2011 14:18:00 +0100 Raffael Sahli wrote: >On 11/30/2011 01:48 PM, Jayavant Patil wrote: > > > >>On 11/30/2011 08:01 AM, Jayavant Patil wrote: > >> > >> > >> On Tue, Nov 29, 2011 at 6:26 PM, Jayavant Patil > >> mailto:jayavant.pati...@gmail.com> >

SHELL env variable not red

Hello, I have configured nss/pam on a REDHAT6 box to authenticate users against an ldap : it works but I have a problem with getting my favorite user shell when I log in. The "loginShell" shell attribute sounds to not been used to provide users with their favorite shell when they log in : may be

Re: Security between server and client nodes.

On 12/01/2011 02:42 PM, Jayavant Patil wrote: On Wed, 30 Nov 2011 14:18:00 +0100 Raffael Sahli mailto:pub...@raffaelsahli.com>> wrote: >On 11/30/2011 01:48 PM, Jayavant Patil wrote: > > > >>On 11/30/2011 08:01 AM, Jayavant Patil wrote: > >> > >> > >> On Tue, Nov 29, 2011 at 6:26 PM, Jayavant Pa

Re: pwdCheckModule not loaded

Le 1 décembre 2011 14:53, Fabian Heinz a écrit : > > Hi > > Thanks for the fast reply. > > > > But didn’t help > > > > Modulepath points to /usr/lib/ldap > > > > I also tried to add a second modulepath, don’t know if this is correct… > > modulepath /usr/lib/ldap > > moduleload back_bdb.la

Re: pwdCheckModule not loaded

Le 1 décembre 2011 16:33, Fabian Heinz a écrit : > I already did that after your last mail > > => no effect > > Must there one modulepath or are there multiple possible > It seems like the second one but I better ask ... Please keep the list in copy! man slapd.conf: modulepath

Re: pwdCheckModule not loaded

Le 1 décembre 2011 17:00, Fabian Heinz a écrit : > Sorry ... > My outbox contains the mail with list, could be some problem with my > mailclient html vs txt > > It shows as text so I hope list will be kept... Fail. > I'm using Ubuntu 11.10 > And I have tried  blank and column separated with /usr

[***** SPAM 3.5 *****] Re: pwdCheckModule not loaded

Is OpenLDAP compiled with enable-modules? You should see something in the syslog with loglevel -1 or run the daemon in forderground. Are you sure your daemon reads the config file and not a config db? Clément OUDOT schrieb: >Le 1 décembre 2011 17:00, Fabian Heinz a écrit : >> Sorry ... >> My

Re: memberof overlay deployment

Hi, I tried the method suggested by Marco to populate memberOf attributes of existing entries: >> How would you recommend getting memberof values populated in the existing >> directory? > If you can afford a sequence of: > stop -> slapcat -> drop db -> slapadd > Everything gets populated as de

Re: memberof overlay deployment

Hi, actually it has been a while since I did it last time... it could be that my memory starts to faulting. But this behaviour could also be due to the oldness of your memberOf overlay. I cannot afford again the slapcat/drop/slapadd these days, sorry. Marco On Thu, Dec 1, 2011 at 5:36 PM, Bryce P

Re: memberof overlay deployment

> Hi, > > I tried the method suggested by Marco to populate memberOf attributes of > existing entries: > >>> How would you recommend getting memberof values populated in the >>> existing directory? > >> If you can afford a sequence of: >> stop -> slapcat -> drop db -> slapadd >> Everything gets pop

Re: memberof overlay deployment

> slapo-memberof(5) does not support tool mode; in order to populate the > memberOf attribute of an existing database you need to use ldapadd(1). > You could, for example, dump your group entries, remove them, and re-add > them via ldapadd(1). > Hi Ando, correct me if I'm wrong, but another method

Re: OpenLDAP syncrepl woes

On Wed, Nov 23, 2011 at 10:51 AM, Jeffrey Crawford wrote: > On Wed, Nov 23, 2011 at 10:13 AM, Quanah Gibson-Mount > wrote: >> --On Wednesday, November 23, 2011 9:26 AM -0800 Jeffrey Crawford >> wrote: >> >>> read that already: >>> >>> my original question was the following: >>> >>> Granted the

Re: memberof overlay deployment

masar...@aero.polimi.it wrote: > slapo-memberof(5) does not support tool mode; in order to populate the > memberOf attribute of an existing database you need to use ldapadd(1). > You could, for example, dump your group entries, remove them, and re-add > them via ldapadd(1). IIRC it is sufficient

Re: OpenLDAP syncrepl woes

--On Thursday, December 01, 2011 9:38 AM -0800 Jeffrey Crawford wrote: Humm that didn't seem to work. I'm rebuilding so I'll give that another try. Finally got to do another test. I tested by changing the permissions of the replication account permissions and tried restarting with slapd -c r

Failure while importing an exported ldif file

Hi @All, now while my ldapserver is working on my testmachine, i'am trying to import my ldif files. I read the thread http://www.openldap.org/lists/openldap-software/200711/msg00069.html but the import isn't working for me. abirndt@lvps83-169-33-218:~/openldap_2axels-company$ sudo slapadd -F

Re: Failure while importing an exported ldif file

--On Thursday, December 01, 2011 10:38 PM +0100 Axel Birndt wrote: Hi @All, now while my ldapserver is working on my testmachine, i'am trying to import my ldif files. I read the thread http://www.openldap.org/lists/openldap-software/200711/msg00069.html but the import isn't working for me.

Re: Security between server and client nodes.

On Thu, Dec 1, 2011 at 7:12 PM, Jayavant Patil wrote: > On Wed, 30 Nov 2011 14:18:00 +0100 Raffael Sahli > wrote: > >On 11/30/2011 01:48 PM, Jayavant Patil wrote: > > > > > > >>On 11/30/2011 08:01 AM, Jayavant Patil wrote: > > >> > > >> > > >> On Tue, Nov 29, 2011 at 6:26 PM, Jayavant Patil > >

Re: Security between server and client nodes.

On 12/02/2011 07:49 AM, Jayavant Patil wrote: On Thu, Dec 1, 2011 at 7:12 PM, Jayavant Patil mailto:jayavant.pati...@gmail.com>> wrote: On Wed, 30 Nov 2011 14:18:00 +0100 Raffael Sahli mailto:pub...@raffaelsahli.com>> wrote: >On 11/30/2011 01:48 PM, Jayavant Patil wrote: >