Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Michael Ströder
Howard Chu wrote: Michael Ströder wrote: Quanah Gibson-Mount wrote: b) Since cn=config is simply a tree, you could have your cn=config in git, commit your changes there, and use a tool like ldapdiff to create changesets to apply programatically. So instead of writing a single file (in one FS

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Howard Chu
Michael Ströder wrote: Quanah Gibson-Mount wrote: b) Since cn=config is simply a tree, you could have your cn=config in git, commit your changes there, and use a tool like ldapdiff to create changesets to apply programatically. So instead of writing a single file (in one FS transaction) after

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Michael Ströder
Quanah Gibson-Mount wrote: So instead of writing a single file (in one FS transaction) after letting slaptest check it I have to write several files (multiple FS operations), diff that and then apply multiple LDAP operations. Hm? How is this any different really than tracking slapd.conf in

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Quanah Gibson-Mount
--On Monday, September 18, 2017 8:48 PM +0200 Michael Ströder wrote: b) Since cn=config is simply a tree, you could have your cn=config in git, commit your changes there, and use a tool like ldapdiff to create changesets to apply programatically. So instead of writing a

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Michael Ströder
Quanah Gibson-Mount wrote: a) You could set up an accesslog database that stores the changes made to cn=config over time. If you had to have it in git, it shouldn't be particularly difficult to write a tool to parse those changes out into some format you desire This has two caveats: 1. Your

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Radovan Semancik
On 09/18/2017 07:25 PM, Quanah Gibson-Mount wrote: I'm not sure there's a solution to that that the OpenLDAP project can help you with. I'm afraid that I have just reached the same conclusion. -- Radovan Semancik Software Architect evolveum.com

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Radovan Semancik
On 09/18/2017 07:22 PM, Quanah Gibson-Mount wrote: --On Monday, September 18, 2017 8:11 PM +0200 Radovan Semancik wrote: Yes, git is great tool and it is standard. No doubt about that. But why there is no official OpenLDAP repo on github/gitlab? There is:

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Howard Chu
Radovan Semancik wrote: On 09/18/2017 06:25 PM, Quanah Gibson-Mount wrote: Numerous projects have BSD-style licenses, this isn't OpenLDAP specific. So yes, you should already have a legal team, if that's necessary in your case, that's familiar with dealing with FOSS licenses, to review them.

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Quanah Gibson-Mount
--On Monday, September 18, 2017 8:18 PM +0200 Radovan Semancik wrote: On 09/18/2017 06:25 PM, Quanah Gibson-Mount wrote: Numerous projects have BSD-style licenses, this isn't OpenLDAP specific. So yes, you should already have a legal team, if that's necessary

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Quanah Gibson-Mount
--On Monday, September 18, 2017 8:11 PM +0200 Radovan Semancik wrote: On 09/18/2017 06:27 PM, Quanah Gibson-Mount wrote: git is a pretty standard tool. Interestingly, numerous people seem to have no issue using git to check out the source, do a git format

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Radovan Semancik
On 09/18/2017 06:25 PM, Quanah Gibson-Mount wrote: Numerous projects have BSD-style licenses, this isn't OpenLDAP specific. So yes, you should already have a legal team, if that's necessary in your case, that's familiar with dealing with FOSS licenses, to review them. Not really. Not that

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Radovan Semancik
On 09/18/2017 06:27 PM, Quanah Gibson-Mount wrote: git is a pretty standard tool. Interestingly, numerous people seem to have no issue using git to check out the source, do a git format patch, and submit it for inclusion with the project. You can see this rather trivially by looking at my

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Quanah Gibson-Mount
--On Thursday, September 14, 2017 10:59 PM -0500 Andy Dorman wrote: Hi Andy, FWIW, we also need the git trail of changes over time. I have not figured out a good way to do that with OLC. Well, there are a few options I suppose: a) You could set up an accesslog

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Quanah Gibson-Mount
--On Monday, September 18, 2017 7:08 PM +0200 Radovan Semancik wrote: On 09/18/2017 05:20 PM, Howard Chu wrote: Radovan Semancik wrote: I would ... if this was a wiki, or github-like pull request and if there was an example of how a good result should look

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Quanah Gibson-Mount
--On Monday, September 18, 2017 7:13 PM +0200 Radovan Semancik wrote: That's incorrect.  It's a BSD-style license, it doesn't get much more basic than that. The point is that is may be BSD-style license. But it is

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Radovan Semancik
That's incorrect.  It's a BSD-style license, it doesn't get much more basic than that. The point is that is may be BSD-style license. But it is not a BSD license. I may need to run OpenLDAP license with our company lawyer to make sure it is

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Radovan Semancik
On 09/18/2017 05:20 PM, Howard Chu wrote: Radovan Semancik wrote: I would ... if this was a wiki, or github-like pull request and if there was an example of how a good result should look like. But it does not make sense for me to spend few hours just figuring out how to contribute

Instructions for Open LDAP library?

2017-09-18 Thread Martin van den Nieuwelaar
Hi People, I'm writing an application using Qt and wish to use the openldap library within my program to query an LDAP server. I have been searching for instructions on using the library from a client point of view but have not been successful. I tried using the man pages and I think I'm

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread John Lewis
On Thu, 2017-09-14 at 14:15 -0700, Quanah Gibson-Mount wrote: > --On Thursday, September 14, 2017 3:06 PM -0700 rammohan > ganapavarapu  > wrote: > > > > > Hi, > > > > > > I am trying to see what is the best and recommended way of > > deploying/starting ldap, OLC or

Re: slapd: null_callback : error code 0x14

2017-09-18 Thread Quanah Gibson-Mount
--On Friday, September 15, 2017 8:48 PM -0700 "Paul B. Henson" wrote: So I've been putting off posting about this, but I recently upgraded to 2.4.45, stopped using the memberof overlay, no longer have a node with serverID 0, and overall think my ldap servers should be in good

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Quanah Gibson-Mount
--On Monday, September 18, 2017 6:02 PM +0200 Radovan Semancik wrote: Again, it would be probably already contributed to the project if the process was more user friendly. But what do I really need to do to contribute? First, I have to decide whether I'm OK to

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Howard Chu
Radovan Semancik wrote: Hi, On 09/18/2017 02:44 PM, Howard Chu wrote: These perennial arguments keep coming up. If you want things to improve, contribute. Anyone can write a manpage. Hardly anyone ever does. Everyone sits back and moans while waiting for someone else to fix things for them.

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Radovan Semancik
Hi, On 09/18/2017 02:44 PM, Howard Chu wrote: These perennial arguments keep coming up. If you want things to improve, contribute. Anyone can write a manpage. Hardly anyone ever does. Everyone sits back and moans while waiting for someone else to fix things for them. That's not what open

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Brian Reichert
On Sat, Sep 16, 2017 at 04:24:36PM +0200, Daniel Pluta wrote: > On 16.09.2017 09:04, Michael Str??der wrote: > >Daniel Pluta wrote: > >>Call it strange, useless, insane, fine or whatever, but my customers > >>(also anybody who's interested in using a distinct service) should > >>be able to get a

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Howard Chu
Radovan Semancik wrote: Hi, The "cn=config" configuration method is clearly superior. However, there are serious practical issues. Firstly, the documentation leaves a lot to be desired. Until recently almost all examples shown the slapd.conf way, cn=config equivalent was simply missing.

Re: Unknown server id in contextCSN

2017-09-18 Thread Tim
Ahh, okay - that makes total sense now. Apologies for the mailing list noise. Cheers! On Mon, Sep 18, 2017 at 11:02 AM, Michael Ströder wrote: > Tim wrote: > >> The two instances have olcServerIds of 101 and 102.. >> >> Everything appears to be working fine - but each

Re: Unknown server id in contextCSN

2017-09-18 Thread Michael Ströder
Tim wrote: The two instances have olcServerIds of 101 and 102.. Everything appears to be working fine - but each of my providers now have replication cookies that seem to reference some other servers?? contextCSN: 20170918082017.961842Z#00#*/065/*#00 contextCSN:

Re: Olc deployment vs slapd.conf based deployment

2017-09-18 Thread Radovan Semancik
Hi, The "cn=config" configuration method is clearly superior. However, there are serious practical issues. Firstly, the documentation leaves a lot to be desired. Until recently almost all examples shown the slapd.conf way, cn=config equivalent was simply missing. Unless I have missed

SASL Passthrough Kerberos Authentication Backend - Preauthentication

2017-09-18 Thread Uli Tehrani
Hi all, i wanted to use SASL-Passthrough with kerberos-Backend to have a common Password for LDAP and Kerberos Authentication. LDAP-Authentication is only working with the preauthentication Flag disabled. Is this normal or did i make a mistake ? Do i have other possibilities to have a common

Unknown server id in contextCSN

2017-09-18 Thread Tim
Heya, Currently running OpenLDAP 2.4.40 (most recent Centos patch) in a MirrorMaster environment. The two instances have olcServerIds of 101 and 102.. Within the syncprepl, each server is using a RID of 999. Everything appears to be working fine - but each of my providers now have replication