Andrew Findlay wrote:
> Which version of slapd are you using? When I try this on 2.4.35 the
> extra value from the RDN gets copied into the entry so although the
> LDIF being loaded is not strictly correct it does result in a
> conformant entry. What does your entry look like when you read it
> b
--On Thursday, May 02, 2013 5:09 PM -0400 d...@ccs.neu.edu wrote:
That's great information, thanks. Anything special if you plan to use MDB?
I would use the current RE24 source to pick up some fixes since 2.4.35.
It's finally been stable for me with that in place. You may or may not
want to
On May 2, 2013, at 4:53 PM, Quanah Gibson-Mount wrote:
> There is not a whole lot to it.
>
> a) Link to OpenSSL, not gnutls (debian/ubuntu default) or NSS (rhel default)
>
> b) If you are going to use BDB as your underlying database software and are
> on Linux, make sure to pass the following
--On Thursday, May 02, 2013 12:58 PM -0400 David Blank-Edelman
wrote:
On May 2, 2013, at 12:53 PM, Quanah Gibson-Mount
wrote:
The distribution maintainers are quite aware of the objections to the
way in which they build their software. Their decisions have little to
do with needs of the e
--On Thursday, May 02, 2013 8:18 PM +0200 Simone Piccardi
wrote:
On 05/02/2013 06:10 PM, Quanah Gibson-Mount wrote:
Sorry, as someone who used to maintain some 600 servers for a major
university running a very wide variety of services, I disagree. If you
can't figure out an easy way to build
On 30.04.2013. 17:09, jeevan kc wrote:
Thanks for checking on 2.4.35 . Is there any way to fix the chaining
overlay so it works even after restarting the slapd. I need to initiate
a password policy for the directory but the chaining needs to be there
for it to take effect. Any help / suggestion i
On 05/02/2013 06:10 PM, Quanah Gibson-Mount wrote:
Sorry, as someone who used to maintain some 600 servers for a major
university running a very wide variety of services, I disagree. If you
can't figure out an easy way to build and distribute your own packages
in an automated fashion, you are pu
[ Keep copying to the openldap-technical@openldap.org list ]
On Thu, May 02, 2013 at 02:15:02PM +, Emmanuel Dreyfus wrote:
> It almost works. My only concern is that it is possible to create an
> object where LHS of DN is not in object's attributes. Like this:
>
> dn: foo=x,o=org
> objectCl
On May 2, 2013, at 12:53 PM, Quanah Gibson-Mount wrote:
> The distribution maintainers are quite aware of the objections to the way in
> which they build their software. Their decisions have little to do with
> needs of the end users.
Ok, then perhaps guidelines for the rest of us? I know I
--On Thursday, May 02, 2013 12:35 PM -0400 David Blank-Edelman
wrote:
Yes, it is a big bummer. Has the OpenLDAP foundation ever considered
publishing any official guidelines that could be used both by these
distributions and individuals who want to do their own packages? Just two
lists of "Do
Hi Quanah-
On May 2, 2013, at 12:12 PM, Quanah Gibson-Mount wrote:
> The OpenLDAP foundation has zero input or control into how distribution
> providers build their OpenLDAP packages. Thus the end users are at the mercy
> of the distribution provider's decisions on building OpenLDAP, which ar
Simone Piccardi wrote:
On 05/02/2013 04:08 PM, Quanah Gibson-Mount wrote:
--On Thursday, May 02, 2013 8:32 AM +0200 Denny Schierz
wrote:
but than you have to download, patch and update security fixes by your
self.
Yep. Part of being a competent sys admin anyhow.
Sorry, I disagree.
A compe
--On Thursday, May 02, 2013 5:52 PM +0200 Simone Piccardi
wrote:
I'm sorry to hear that Debian OpenLDAP packages are in a such bad state,
but if, as it seems, there no distribution getting OpenLDAP right (I
heard complaints also about RedHat), then I start thinking that something
is not workin
--On Thursday, May 02, 2013 5:52 PM +0200 Simone Piccardi
wrote:
On 05/02/2013 04:08 PM, Quanah Gibson-Mount wrote:
--On Thursday, May 02, 2013 8:32 AM +0200 Denny Schierz
wrote:
but than you have to download, patch and update security fixes by your
self.
Yep. Part of being a competent s
On 05/02/2013 04:08 PM, Quanah Gibson-Mount wrote:
--On Thursday, May 02, 2013 8:32 AM +0200 Denny Schierz
wrote:
but than you have to download, patch and update security fixes by your
self.
Yep. Part of being a competent sys admin anyhow.
Sorry, I disagree.
A competent sysadmin has to mak
--On Thursday, May 02, 2013 8:32 AM +0200 Denny Schierz
wrote:
but than you have to download, patch and update security fixes by your
self.
Yep. Part of being a competent sys admin anyhow.
I have now build Openldap 2.4.35 with the system libs. In a few weeks
Wheezy is out and I hope, that
Hi,
I am running LDAP server and NFS server on CentOS 6, is it true that
LDAP can be used to control NFS exports authentication, uid and gid
setting without needing to specifie client IP addresses , anonuid and
anongid on NFS exports file?
I saw some sample such as to define "/tmp/nfs2
@mynetgrp(
On Thu, May 02, 2013 at 07:21:25AM +, Emmanuel Dreyfus wrote:
> 1) Is it possible to allow entry creation on a branch while preventing
> renaming? I understand I need to give write access to
> - attrs=chidren on parent
> - attrs=entry on created entry
> - attrs=
You could do this by preventi
Dear Philip
Its working perfectly fine. Thanks...
*Thanks & Regards
Geo P.C.
www.geopc.co.cc*
On Thu, May 2, 2013 at 2:34 PM, Philip Colmer wrote:
> This is how I've done it:
>
> Edit /etc/pam.d/sshd and uncomment
>
> account required pam_access.so
>
> Edit /etc/security/access.conf an
Am Thu, 2 May 2013 14:16:55 +0530
schrieb "Geo P.C." :
> By installing libnss-ldap we are able to integrate an Ubuntu server
> with ldap (openldap). But we are unable to configure ldap group based
> authentication.
>
> We need to configure in such a way that user from a particular group
> need on
This is how I've done it:
Edit /etc/pam.d/sshd and uncomment
account required pam_access.so
Edit /etc/security/access.conf and add this line at the bottom:
-:ALL EXCEPT root sysadmin ubuntu (name of ssh group):ALL
The group can be an LDAP group. Users will still authenticate but they will
Hi,
Thank you so much .. Fixed the issue as suggested.
Regards,
/Neo
Sent from my iPhone
On 02-May-2013, at 12:26 PM, Dieter Klünter wrote:
> Am Wed, 1 May 2013 21:30:31 +0530
> schrieb pradyumna dash :
>
>> Hi,
>>
>> Am facing an issue while configuring OpenLDAP. My suffix looks like
>> be
By installing libnss-ldap we are able to integrate an Ubuntu server with
ldap (openldap). But we are unable to configure ldap group based
authentication.
We need to configure in such a way that user from a particular group need
only to login.
Please let me know is it possible configure it and ple
HI
Two ACL questions:
1) Is it possible to allow entry creation on a branch while preventing
renaming? I understand I need to give write access to
- attrs=chidren on parent
- attrs=entry on created entry
- attrs=
Last item include the attributes used for RHS part of the DN. That suggests
renami
24 matches
Mail list logo
