Re: Olc deployment vs slapd.conf based deployment

Howard Chu wrote: Michael Ströder wrote: Quanah Gibson-Mount wrote: b) Since cn=config is simply a tree, you could have your cn=config in git, commit your changes there, and use a tool like ldapdiff to create changesets to apply programatically. So instead of writing a single file (in one FS

Re: Olc deployment vs slapd.conf based deployment

Michael Ströder wrote: Quanah Gibson-Mount wrote: b) Since cn=config is simply a tree, you could have your cn=config in git, commit your changes there, and use a tool like ldapdiff to create changesets to apply programatically. So instead of writing a single file (in one FS transaction) after

Re: Olc deployment vs slapd.conf based deployment

Quanah Gibson-Mount wrote: So instead of writing a single file (in one FS transaction) after letting slaptest check it I have to write several files (multiple FS operations), diff that and then apply multiple LDAP operations. Hm? How is this any different really than tracking slapd.conf in

Re: Olc deployment vs slapd.conf based deployment

--On Monday, September 18, 2017 8:48 PM +0200 Michael Ströder wrote: b) Since cn=config is simply a tree, you could have your cn=config in git, commit your changes there, and use a tool like ldapdiff to create changesets to apply programatically. So instead of writing a

Re: Olc deployment vs slapd.conf based deployment

Quanah Gibson-Mount wrote: a) You could set up an accesslog database that stores the changes made to cn=config over time. If you had to have it in git, it shouldn't be particularly difficult to write a tool to parse those changes out into some format you desire This has two caveats: 1. Your

Re: Olc deployment vs slapd.conf based deployment

On 09/18/2017 07:25 PM, Quanah Gibson-Mount wrote: I'm not sure there's a solution to that that the OpenLDAP project can help you with. I'm afraid that I have just reached the same conclusion. -- Radovan Semancik Software Architect evolveum.com

Re: Olc deployment vs slapd.conf based deployment

On 09/18/2017 07:22 PM, Quanah Gibson-Mount wrote: --On Monday, September 18, 2017 8:11 PM +0200 Radovan Semancik wrote: Yes, git is great tool and it is standard. No doubt about that. But why there is no official OpenLDAP repo on github/gitlab? There is:

Re: Olc deployment vs slapd.conf based deployment

Radovan Semancik wrote: On 09/18/2017 06:25 PM, Quanah Gibson-Mount wrote: Numerous projects have BSD-style licenses, this isn't OpenLDAP specific. So yes, you should already have a legal team, if that's necessary in your case, that's familiar with dealing with FOSS licenses, to review them.

Re: Olc deployment vs slapd.conf based deployment

--On Monday, September 18, 2017 8:18 PM +0200 Radovan Semancik wrote: On 09/18/2017 06:25 PM, Quanah Gibson-Mount wrote: Numerous projects have BSD-style licenses, this isn't OpenLDAP specific. So yes, you should already have a legal team, if that's necessary

Re: Olc deployment vs slapd.conf based deployment

--On Monday, September 18, 2017 8:11 PM +0200 Radovan Semancik wrote: On 09/18/2017 06:27 PM, Quanah Gibson-Mount wrote: git is a pretty standard tool. Interestingly, numerous people seem to have no issue using git to check out the source, do a git format

Re: Olc deployment vs slapd.conf based deployment

On 09/18/2017 06:25 PM, Quanah Gibson-Mount wrote: Numerous projects have BSD-style licenses, this isn't OpenLDAP specific. So yes, you should already have a legal team, if that's necessary in your case, that's familiar with dealing with FOSS licenses, to review them. Not really. Not that

Re: Olc deployment vs slapd.conf based deployment

On 09/18/2017 06:27 PM, Quanah Gibson-Mount wrote: git is a pretty standard tool. Interestingly, numerous people seem to have no issue using git to check out the source, do a git format patch, and submit it for inclusion with the project. You can see this rather trivially by looking at my

Re: Olc deployment vs slapd.conf based deployment

--On Thursday, September 14, 2017 10:59 PM -0500 Andy Dorman wrote: Hi Andy, FWIW, we also need the git trail of changes over time. I have not figured out a good way to do that with OLC. Well, there are a few options I suppose: a) You could set up an accesslog

Re: Olc deployment vs slapd.conf based deployment

--On Monday, September 18, 2017 7:08 PM +0200 Radovan Semancik wrote: On 09/18/2017 05:20 PM, Howard Chu wrote: Radovan Semancik wrote: I would ... if this was a wiki, or github-like pull request and if there was an example of how a good result should look

Re: Olc deployment vs slapd.conf based deployment

--On Monday, September 18, 2017 7:13 PM +0200 Radovan Semancik wrote: That's incorrect.  It's a BSD-style license, it doesn't get much more basic than that. The point is that is may be BSD-style license. But it is

Re: Olc deployment vs slapd.conf based deployment

That's incorrect.  It's a BSD-style license, it doesn't get much more basic than that. The point is that is may be BSD-style license. But it is not a BSD license. I may need to run OpenLDAP license with our company lawyer to make sure it is

Re: Olc deployment vs slapd.conf based deployment

On 09/18/2017 05:20 PM, Howard Chu wrote: Radovan Semancik wrote: I would ... if this was a wiki, or github-like pull request and if there was an example of how a good result should look like. But it does not make sense for me to spend few hours just figuring out how to contribute

Instructions for Open LDAP library?

Hi People, I'm writing an application using Qt and wish to use the openldap library within my program to query an LDAP server. I have been searching for instructions on using the library from a client point of view but have not been successful. I tried using the man pages and I think I'm

Re: Olc deployment vs slapd.conf based deployment

On Thu, 2017-09-14 at 14:15 -0700, Quanah Gibson-Mount wrote: > --On Thursday, September 14, 2017 3:06 PM -0700 rammohan > ganapavarapu  > wrote: > > > > > Hi, > > > > > > I am trying to see what is the best and recommended way of > > deploying/starting ldap, OLC or

Re: slapd: null_callback : error code 0x14

--On Friday, September 15, 2017 8:48 PM -0700 "Paul B. Henson" wrote: So I've been putting off posting about this, but I recently upgraded to 2.4.45, stopped using the memberof overlay, no longer have a node with serverID 0, and overall think my ldap servers should be in good

Re: Olc deployment vs slapd.conf based deployment

--On Monday, September 18, 2017 6:02 PM +0200 Radovan Semancik wrote: Again, it would be probably already contributed to the project if the process was more user friendly. But what do I really need to do to contribute? First, I have to decide whether I'm OK to

Re: Olc deployment vs slapd.conf based deployment

Radovan Semancik wrote: Hi, On 09/18/2017 02:44 PM, Howard Chu wrote: These perennial arguments keep coming up. If you want things to improve, contribute. Anyone can write a manpage. Hardly anyone ever does. Everyone sits back and moans while waiting for someone else to fix things for them.

Re: Olc deployment vs slapd.conf based deployment

Hi, On 09/18/2017 02:44 PM, Howard Chu wrote: These perennial arguments keep coming up. If you want things to improve, contribute. Anyone can write a manpage. Hardly anyone ever does. Everyone sits back and moans while waiting for someone else to fix things for them. That's not what open

Re: Olc deployment vs slapd.conf based deployment

On Sat, Sep 16, 2017 at 04:24:36PM +0200, Daniel Pluta wrote: > On 16.09.2017 09:04, Michael Str??der wrote: > >Daniel Pluta wrote: > >>Call it strange, useless, insane, fine or whatever, but my customers > >>(also anybody who's interested in using a distinct service) should > >>be able to get a

Re: Olc deployment vs slapd.conf based deployment

Radovan Semancik wrote: Hi, The "cn=config" configuration method is clearly superior. However, there are serious practical issues. Firstly, the documentation leaves a lot to be desired. Until recently almost all examples shown the slapd.conf way, cn=config equivalent was simply missing.

Re: Unknown server id in contextCSN

Ahh, okay - that makes total sense now. Apologies for the mailing list noise. Cheers! On Mon, Sep 18, 2017 at 11:02 AM, Michael Ströder wrote: > Tim wrote: > >> The two instances have olcServerIds of 101 and 102.. >> >> Everything appears to be working fine - but each

Re: Unknown server id in contextCSN

Tim wrote: The two instances have olcServerIds of 101 and 102.. Everything appears to be working fine - but each of my providers now have replication cookies that seem to reference some other servers?? contextCSN: 20170918082017.961842Z#00#*/065/*#00 contextCSN:

Re: Olc deployment vs slapd.conf based deployment

Hi, The "cn=config" configuration method is clearly superior. However, there are serious practical issues. Firstly, the documentation leaves a lot to be desired. Until recently almost all examples shown the slapd.conf way, cn=config equivalent was simply missing. Unless I have missed

SASL Passthrough Kerberos Authentication Backend - Preauthentication

Hi all, i wanted to use SASL-Passthrough with kerberos-Backend to have a common Password for LDAP and Kerberos Authentication. LDAP-Authentication is only working with the preauthentication Flag disabled. Is this normal or did i make a mistake ? Do i have other possibilities to have a common

Unknown server id in contextCSN

Heya, Currently running OpenLDAP 2.4.40 (most recent Centos patch) in a MirrorMaster environment. The two instances have olcServerIds of 101 and 102.. Within the syncprepl, each server is using a RID of 999. Everything appears to be working fine - but each of my providers now have replication