Colleagues,
Thanks a lot for the comprehensive explanations and examples.
There is one thing left: I don't understand why expanding the schema
is a violation of the RFC. Is it written somewhere that the list of
properties in the RFC is exhaustive?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip
Please test after applying <
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=a2cfb99c5288d5f8e390508ff1e307b79ec49c64
>
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
>
> Zimbra ::
I also have a META database that points to the two LDAP databases, so my
understanding of the flow of connections is as follows:
Client bind -> META -> LDAP1 & LDAP2 -> AD1 & AD2
, where AD1 & AD2 are the Active Directory domains that LDAP1 & LDAP2 databases
respectively point to.
I added to th
--On Tuesday, December 11, 2012 12:10 PM -0600 Kyle Harris
wrote:
Hello All,
I am new to OpenLDAP but have it up and running and have allowed users to
change their own password. I was about to start working on a Perl
script to grab the last password change date/time and email a user a few
d
On Windows 2008R2, here are the steps. This needs done on each DC I
believe.
As administrator in CMD on a DC:
ntdsutil
ldap policies
connections
connect to server DCNAME
q
set MaxConnIdleTime to TIMEVALUE (we used 3600 seconds)
commit changes
q
q
Hope that helps!
-Kyle
On Tue, Dec 11, 2012 at
Hello All,
I am new to OpenLDAP but have it up and running and have allowed users to
change their own password. I was about to start working on a Perl script
to grab the last password change date/time and email a user a few days
before it expires. I have done that before with Perl using Active
D
AD has an inactivity/idle default timeout of 900 seconds. I suspect you can
google to find the setting name, and where it's stored, in your AD server(s).
Hope that helps.
- Matthew
On Dec 10, 2012, at 8:35 PM, Bryce Powell wrote:
> Having done some more research, it appears that Active Direct
Victor Sudakov wrote:
> Philip Guenther wrote:
> > > You have lost me. The bad Outlook request is not about filtering,
> > > it's about sorting (ordering). It is ordering that is denied by
> > > the server. There is nothing about ordering in the link you have
> > > given.
> >
> > Let's look back a
2012/12/11 Philip Guenther
> On Tue, 11 Dec 2012, Victor Sudakov wrote:
> [...]
> > If I wanted to reproduce the Outlook's incorrect request, what
> > ldapsearch command line should that be?
>
> Just leave out the explicit rule:
> ldapsearch -E sss=cn '(cn=*)' cn
>
-E '!sss=cn'
The reque
On Tue, 11 Dec 2012, Victor Sudakov wrote:
> Philip Guenther wrote:
...
> > So, it would seem that a client should be able to portably request sorting
> > on the cn attribute in a case-insensitive fashion by sending the control
> > with that optional orderingRule filled in. That should work agai
Michael Str?der wrote:
> > "Be liberal in what you receive and conservative in what you send" is
> > a good old rule.
>
> If you change the subschema subentry you change something sent to the
> client.
> >>>
> >>> I still don't understand what's so bad about being able to re
Philip Guenther wrote:
> > You have lost me. The bad Outlook request is not about filtering, it's
> > about sorting (ordering). It is ordering that is denied by the server.
> > There is nothing about ordering in the link you have given.
>
> Let's look back at the message you're replying to, Mich
12 matches
Mail list logo
