Re: How to properly monitor MDB usage

Le mar. 7 mai 2024 à 19:32, Benjamin Renard a écrit : > > @Clément: I also implemented a similar monitoring plugin :) > (https://exchange.icinga.com/brenard/check_mdb). Don't forget to share > your works on this great website (and possibly on > https://exchange.nagios.org) ;) > > Great, thanks

Re: How to properly monitor MDB usage

m a little concerned about the duration on a database with approximately 1,000,000 entries. Thank you in advance. Hello Benjamin, if it helps, we have created a monitoring script for this: https://ltb-project.org/documentation/check_lmdb_usage.html -- Clément Oudot | Identity Solutions Man

Re: Group ACLs

account has the pwdReset flag set to TRUE and must reset its password. It is linked to password policy. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks |https://www.worteks.com

LTB packages available for OpenLDAP 2.5.15 and 2.6.5

Hello, for people interested, the LDAP Tool Box project has published the packages for OpenLDAP 2.5.15 and 2.6.5. https://projects.ow2.org/view/ldaptoolbox/ltb-openldap-2-5-15-and-2-6-5-packages-released/ -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks

Re: pwdAccountLockedTime does not have any impact

he value dn: uid=... replace: pwdAccountLockedTime pwdAccountLockedTime: 20221021135537Z And even with dates in the future, but we are still able to connect. With whoami command, or from a SOGo webmail connected to the LDAP server. Any idea? Thank in advance for your help. Check that pwdLockout is set to T

Re: migration 2.4 -> 2.5 (bdb -> mdb) | monitoring & health checks

Le mer. 21 juin 2023 à 08:39, cYuSeDfZfb cYuSeDfZfb a écrit : > Hi Quanah, > > Thanks for your answer and kind suggestions! We will implement them. > > And anyone here using zabbix, and has some scripting for monitoring laying > around..? > > Hello, we provide some monitoring scripts in LDAP

Re: RoleOccupant filter

Le 07/03/2023 à 06:58, forumforeign a écrit : 06.03.23 19:14, Clément OUDOT пише: Le 06/03/2023 à 16:13, forumforeign a écrit : '(&(objectClass=organizationalRole)(cn=developer)(uid=user1,ou=people,dc=domain,dc=com))' RoleOccupant '(&(objectClass=organizationalRole)(cn=developer)(u

Re: RoleOccupant filter

", and no entry else. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Checking users password

dvice, please Why are you using ldapi:// with ldapwhoami and ldap:// with ldapmodify ? Did you check in your ACL that access to userPassword attribute is allowed to authenticate users? -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks |https://www.worteks.com

Re: Fwd: [OldapWS] -> Proposal of a REST Web Service for CRUD Operations

to run a script on entry creation/modification/deletion. But this may be too high-level for an OpenLDAP server. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: need help to make OpenLDAP work as "this other directory, plus"

#Metadirectory Hello Jarett, another approach would be to create a local OpenLDAP server and synchronize it with Okta LDAP server with LSC: https://lsc-project.org/ You will then be able to easily manage local attributes. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Official way to import schema with cn=config

-schema.1.en.html You can get away with it by using include directive with slapd.conf. You can use olcInclude with cn=config. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: log analysis tools

Le sam. 5 févr. 2022 à 20:57, Quanah Gibson-Mount a écrit : > > > --On Friday, February 4, 2022 10:12 PM -0500 Dave Macias > > wrote: > > > > > > > https://www.ltb-project.org/documentation/ldap-stats.html > > Is that the one I used to help maintain? I don't believe it's been updated > for 2.5

Re: Evolution of slapd 2.5 configuration over time ?

. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Evolution of slapd 2.5 configuration over time ?

be interesting to provide an upgrage LDIF file that we could use to modify existing configuration? -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

LTB packages for OpenLDAP 2.4.59 [was: OpenLDAP 2.4.59 available]

Hello, LTB packages for OpenLDAP 2.4.59 are now availble (Debian/Ubuntu/CentOS/RHEL). More information on https://projects.ow2.org/view/ldaptoolbox/ltb-openldap-2-4-59-packages-released/ -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https

[Open Source Experience] Call for Papers is open

. Regards, -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

OpenLDAP LTB packages for 2.4.58 are available

Hello, LTB packages for OpenLDAP 2.4.58 are available: https://projects.ow2.org/view/ldaptoolbox/ltb-openldap-2-4-58-packages-released/ Download: https://ltb-project.org/download#openldap Thanks to OpenLDAP team and LTB team! Clément.

Re: Issue on backup on Open LDAP 2.4.38

. Adapt the settings set_lg_regionmax / set_lg_max / set_lg_bsize And obviously you are running an outdated version on an outdated distro. The best advice is to use the latest OpenLDAP version and switch to MDB. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

LTB packages (was: OpenLDAP 2.4.57 available)

Le 18/01/2021 à 21:21, proj...@openldap.org a écrit : > OpenLDAP 2.4.57 is now available for download as detailed on our download > page: LDAP Tool Box packages are available for Debian stretch / Debian buster / CentOS 7 / CentOS 8 See https://ltb-project.org/download#openldap -- C

LTB OpenLDAP 2.4.56 (was:OpenLDAP 2.4.56 available)

Hello, Debian and RPM packages are now available on LTB repositories.See https://ltb-project.org/download#openldap Clément.

Re: Issues with resetting user password

module?  You've provided no information > about your configuration. > > The correct way to change a user password is to use an LDAPv3 password > modify operation, not an ldapmodify change.  See the ldappasswd(1) > command. > Note that we can't modify pwdReset attribute trough ldappassw

LDAP Tool Box packages (was: OpenLDAP 2.4.53 available)

Le lun. 7 sept. 2020 à 17:37, a écrit : > > OpenLDAP 2.4.53 is now available for download as detailed on our download > page: > > https://www.openldap.org/software/download/ LTB packages for OpenLDAP 2.4.53 are also available:

OpenLDAP LTB packages (was: OpenLDAP 2.4.52 available)

Le ven. 28 août 2020 à 19:46, a écrit : > > OpenLDAP 2.4.52 is now available for download Hello, LDAP Tool Box packages have been published (see announce: https://projects.ow2.org/view/ldaptoolbox/ltb-openldap-2-4-52-packages-released/) We dropped support for Debian Wheezy, Debian Jessie and

Re: Enable and Disable a user account in OpenLDAP using various methods, CLI, GUI, etc.

doesn't enable us to > provide you the information necessary. > If you use the ppolicy overlay, you can use LTB Service Desk, a Web GUI. See https://service-desk.readthedocs.io -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: LDAP Tool Box packages [was: OpenLDAP 2.4.51 available, LMDB 0.9.26 available]

Le lun. 17 août 2020 à 16:28, Giuseppe De Marco a écrit : > Hi Clément, great job, awesome! > > Is there any possibilities to have in ltb the SQL backend in future > releases? > > Official Deb packages lacks of this, It seems a little bit Buffy so ltb > would be a great opportunità to have a

LDAP Tool Box packages [was: OpenLDAP 2.4.51 available, LMDB 0.9.26 available]

Hello, LDAP Tool Box packages for OpenLDAP 2.4.51 are released. They can be downloaded on https://ltb-project.org/download#openldap or installed with yum/apt Thanks again to OpenLDAP team for their great work! Clément.

Re: [Question]: Looking for updated ppolicy in v2.4.50

and-password-policy-in-openldap-and-discover-tools-to-manage-it -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: OpenLDAP help - Import issue

HA}wbMAL > This is your mistake. You must not directly edit the LDIF files. Use ldapmodify or export/import your configuration. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: OpenLDAP, systemd and EL 7.7

r/local/openldap/sbin/slapd-cli start ExecStop=/usr/local/openldap/sbin/slapd-cli stop [Install] WantedBy=multi-user.target -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: OpenLDAP help - Import issue

re which password to give here . > >   > > We have given the same credentials in the config file : > olcDatabase={2}hdb.ldif > > olcRootDN: cn=Manager,dc=bpost,dc=be > > olcRootPW: ** > >   > Just to be sure, did you give the password in clear text in ldapadd command? -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

LTB packages for OpenLDAP 2.4.50 (was: OpenLDAP 2.4.50 available)

Hello, LDAP Tool Box packages for OpenLDAP 2.4.50 are available for RedHat/CentOS/Debian/Ubuntu : https://ltb-project.org/download#openldap Thanks to David Coutadeur for the Debian packages. Clément.

Re: 2.4.50 and pw-argon2

ackages for CentOS 7 and CentOS 8. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: rootdn & password policy

the "manage" right to a service account, and then use the relax or ManageDSAIT controls to force the change of a password which is too short, it is always rejected. The modification is only accepted if it is done by rootdn. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: [EXT] Slapd unexpectedly shutdown

lts. > > c) Open a bug at https://bugs.openldap.org, include your configuration > (minus any passwords) and the full backtrace in the bug report. > Hello, we also have quite similar issue with back-meta, even in 2.4.49, see https://bugs.openldap.org/show_bug.cgi?id=9098 Maybe

Re: pwdChangedTime not defined when creating new entry

Le 09/03/2020 à 10:31, Michael Ströder a écrit : > On 3/9/20 10:19 AM, Clément OUDOT wrote: >> Le 06/03/2020 à 17:47, Quanah Gibson-Mount a écrit : >>> --On Friday, March 6, 2020 8:47 AM + Manuela Mandache >>> wrote: >>>> Thanks for your answer. Well,

Re: pwdChangedTime not defined when creating new entry

AuthNLimit: 0 pwdInHistory: 4 pwdLockout: TRUE pwdMaxAge: 31536000 pwdMaxFailure: 3 pwdMinAge: 0 pwdMinLength: 4 pwdMustChange: TRUE pwdSafeModify: FALSE -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: pwdChangedTime not defined when creating new entry

Le 05/03/2020 à 18:55, Dieter Klünter a écrit : > Am Thu, 5 Mar 2020 18:15:41 +0100 > schrieb Clément OUDOT : > >> Le 05/03/2020 à 10:10, Dieter Klünter a écrit : >>> Am Wed, 04 Mar 2020 13:36:08 + >>> schrieb Manuela Mandache : >>> >>>

Re: pwdChangedTime not defined when creating new entry

ed for smbk5pwd overlay, but not for ppolicy overlay? I just test a creation of an entry with a password when ppolicy overlay is configured, and the pwdChangedTime is well created. You may have a configuration issue. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

LTB Debian and CentOS builds (was: OpenLDAP 2.4.49 available, LMDB 0.9.25 available)

Le jeu. 30 janv. 2020 à 19:27, OpenLDAP project a écrit : > > OpenLDAP 2.4.49 is now available for download as detailed on our download > page: Hello, LDAP Tool Box packages for Debian and CentOS are now available: https://ltb-project.org/download#openldap Clément.

Re: RE24 testing call (2.4.49) LMDB RE0.9 testing call (0.9.25)

works, regression suite could not be run until the end because I did not have enough disk space on my virtual machine, but first tests were all ok. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Is there a way to set a preference on entries with multiple userPassword attributes?

values are tested, and if one match, then the BIND is successful. I don't see how you can select an order in the passwords. But why is it a problem? With this setup, you can use SASL or regular password for an entry, and the failback will work. -- Clément Oudot Worteks - https

Re: OpenLDAP 2.5 plans and community engagement

Le 25/07/2019 à 10:43, Ondřej Kuzník a écrit : > On Thu, Jul 25, 2019 at 10:14:36AM +0200, Clément OUDOT wrote: >> Le 24/07/2019 à 20:01, Ondřej Kuzník a écrit : >>> Let us know what the pain points have been with OpenLDAP when you were just >>> starting, right now a

Re: OpenLDAP 2.5 plans and community engagement

ation, let me know. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Invalid DN reported during authentication

alid DN, so the issue is not on server side. Check your LDAP client configuration. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: ObjectClass auxiliary - Beginner's question

em ? This is a schema restriction, you can't mix structural object classes inside an entry (unless they belong to the same chain, like person/organizationalPerson/inetOrgPerson). So you can't have groupOfNames and organizationalUnit. Choose one of them. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Issue with OpenLDAP as a proxy to multiple Windows DCs backends

ies occur.  This directive must appear  before   any target specification; it affects all targets with the same pattern. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Issue with OpenLDAP as a proxy to multiple Windows DCs backends

en  by  any  per-target   directive. You can maybe give a try to "network-timeout" first. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Open LDAP - How to define an additionnal "uid" like attribute equivalent to a RDMS unique key index

Hello, as said by others, you indeed need to configure the unique overlay. You can also have a look to constraint overlay to add other checks, like regexp or size. https://www.openldap.org/software/man.cgi?query=slapo-constraint -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: reverse search in dymanic group ?

Le 05/04/2019 à 19:18, Martin Pittamitz a écrit : > On 05/04/2019 16:33, Clément OUDOT wrote: >> >> >> Le 05/04/2019 à 10:36, Olivier - a écrit : >>> Hi all, >>> >> >> Hello, >> >> >>> I'm testing static group and dynami

Re: reverse search in dymanic group ?

r me. I have a newbie's question : > can we have , for example, the mail attribute of all members of > service Y in only one request  ? > I mean : make a request on service Y to have member's list and , > in the same action , have the member's mail. > You could do it

Re: LDAP authentication with just sAMAccountName

e C# DirectoryEntry / DirectorySearcher objects. You need to use System.DirectoryServices.Protocols to request an OpenLDAP directory. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Expected operation of pwdFailureCountInterval

ntInterval: 1200 Hello Tom, if you read the documentation, you will see that you need to configure pwdLockoutDuration to set the time during which the account is locked. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: 答复: 答复: Forbidden account password reuse of the last 5 password

Le 15/02/2019 à 04:08, Tian Zhiying a écrit : > > Clément Oudot, > >   > > Thank you. > > I have changed the rootdn from root to other user, it’s still not > working. I can modified the user password same with before. > >   > First check that your are s

Re: 答复: Forbidden account password reuse of the last 5 password

ied successfully.* > Check that the password modification is not done by the rootdn, as the rootdn is bypassing password policy constraints. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: OpenLDAP 2.4.47 available, LMDB 0.9.23 available

Hello, for information, LDAP Tool Box packages for OpenLDAP 2.4.47 are available: * https://ltb-project.org/documentation/openldap-rpm * https://ltb-project.org/documentation/openldap-deb Thanks a lot to OpenLDAP community for this great software! Clément.

Re: Password policy messages - how can I pass back

> > ldap_get_option($ldapconn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $_err); > > and $_err variable is empty. This should be possible in PHP 7.3, see https://bugs.php.net/bug.php?id=69437 -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Using ppolicy and autogroup to apply policy to a group a users

with ppolicy overlay, or other overlays (dynlist, memberof). I join a full debug log, maybe you can find what is going wrong. We see that "autogroup_member_search_modify_cb" function is called, but user entry is not modified. Do you think this configuration could work? -- Clément Oudo

Re: Trigger-like function

able: samba > > but when I changed the userPassword, the sambaNTPassword and > sambaLMPassword attributes doesn't changed. > > What did I missed? smbk5pwd overlay only works if password change has been made with extended password modify operation (this operation is done with ldappasswd, not with ldapmodify). -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Insufficient acces in some cases

Le 18/09/2018 à 23:10, Ervin Hegedüs a écrit : > Hi, > > On Tue, Sep 18, 2018 at 10:34:55PM +0200, Clément OUDOT wrote: >> >> Le 18/09/2018 à 22:23, Ervin Hegedüs a écrit : >>> But then I don't understand, why comes this error only few users >>> (total nu

Re: Insufficient acces in some cases

e some screenshots about the traffic, hope it > seems that no other garbage: > > https://www.dropbox.com/sh/x8ol6cfc39zj7cp/AADCo3CgcHPQnvOre4hjuULpa It would be be interesting to see how your OpenLDAP ACL are configured. Are you sure that a user can modify userPassword and sambaNT/LM password a

Re: Insufficient acces in some cases

laced names and chars, so the match[dn0] numbers are not > correct). > > > Only few users can trigger this problem (don't know why), and > only through PHP. > > > What's the problem here? Hello, I would say that the PHP application is sending some garbage to the directory. What application are you using for password change, is it LTB Self Service Password ? -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Call fo Papers - Paris Open Source Summit

Hello, There is an important event about free software and open source in Paris in december, with topics about identity management. The CFP is here: http://cfp.opensourcesummit.paris/ It should close friday but I think the deadline will be reported. Feel free to propose technical talks or

Re: replicating memberOf attribute

he overlay on the consumers too. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: Meta backend and attributes mapping

a new LDAP directory that is synchronized with your remote data. You can use for example LSC (https://lsc-project.org/) to do this. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: performance problem

gt; > Any advice is appreciated. > >   > You are using mdb backend but it is not loaded in cn=modules. Did you recompile slapd to have mdb in slapd binary? MDB backend is very performant by default, but you can tune it with some options like maxreaders or envflags. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com

Re: pwdRESET not working

should test with ldapsearch or ldapwhoami command to understand the behavior of OpenLDAP ppolicy. Then you can configure pam/sssd to fit your needs. -- Clément Oudot | Identity Solutions Manager Worteks | https://www.worteks.com

Re: pwdRESET not working

t's something else? It's not a bug. If pwdReset is set to TRUE, the BIND will be successful but you will not be allowed to do another operation but changing password. If your application is doing a SEARCH just after the BIND, you will be denied. -- Clément Oudot | Identity Solutions Manage

LDAP Tool Box RPM and Debian packages for OpenLDAP 2.4.46

Hi, LDAP Tool Box project just released packages for OpenLDAP 2.4.46, that can be downloaded here: https://ltb-project.org/download#openldap You can also use our yum and apt repositories to install them. Changes on packaging can be found here: *

Re: Using virtual IP and N-way mutlimaster mode

2018-01-15 10:05 GMT+01:00 Michael Ströder <mich...@stroeder.com>: > Jephte Clain wrote: >> 2018-01-15 10:38 GMT+04:00 Clément OUDOT <clem.ou...@gmail.com>: >>> I would like to use the N-way mutlimaster mode and a virtual IP to >>> manage fa

Using virtual IP and N-way mutlimaster mode

Hello, I would like to use the N-way mutlimaster mode and a virtual IP to manage failover for applications. The virtual IP will be configured trough keepalived. To work with N-way mutlimaster, we must start OpenLDAP process on the LDAP URI defined in cn=config olcServerID parameter. So we can't

Re: Openldap Password Reset Portal

2017-12-15 11:32 GMT+01:00 John Lewis : > I was looking for something like this. Can it do email-based self- > registration? No, it just handles password modification (and SSH key modification). The SSO software LemonLDAP::NG has a this feature, but it is a big

Re: Openldap Password Reset Portal

2017-12-14 18:56 GMT+01:00 Douglas Duckworth : > 2) Has anyone found other solutions besides PWM that do the same thing? Hello, I am the developer of LTB Self Service Password: * https://ltb-project.org/documentation/self-service-password *

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-11-20 11:59 GMT+01:00 Turbo Fredriksson : > You’ve never had the issue I’m having? Or heard about it? No but I don't use Kerberos authentication.

Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server

2017-11-19 18:09 GMT+01:00 Turbo Fredriksson : > Have anyone tried running OpenLDAP behind HAProxy? Anything special > one needs to do? I do this often, without any particular issue. If you use LDAPS, you can add option ssl-hello-chk. Here is a sample configuration file:

Re: Admin roles by group membership per OU

ou have one in dc=core,dc=hdt,dc=hu and the other in dc=mycompany,dc=hu. Just set read right to the appropriate user -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 137 boulevard de Magenta - 75010 PARIS Blog: http://sflx.ca/coudot

Re: Admin roles by group membership per OU

Le 12/10/2017 à 16:39, Ervin Hegedüs a écrit : Hi Clément, thanks for your help, On Thu, Oct 12, 2017 at 09:16:24AM +0200, Clément OUDOT wrote: Le 11/10/2017 à 17:31, Ervin Hegedüs a écrit : olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none

Re: Admin roles by group membership per OU

none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to dn.children="ou=ABC Customer,dc=mycompany,dc=hu" by self write by group.exact="cn=groupabcadmin,ou=ABC Customer,dc=mycompany,dc=hu" write by * none olcAccess: {3}to * by * read -- Clément OUDOT Consultant e

Re: Email based self registration

and store data in the LDAP directory, see https://lemonldap-ng.org/documentation/latest/register -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 137 boulevard de Magenta - 75010 PARIS Blog: http://sflx.ca/coudot

Re: Using overlay rwm to rewrite search base depending on search filter

Le 13/09/2017 à 16:29, Clément OUDOT a écrit : Hello, I am playing with overlay rwm to try to change the base DN of a search depending on a value in search filter. The goal is to rewrite base "dc=example,dc=com" to "dc=test,dc=example,dc=com" if I have (uid=login@test)

Re: Getting ldappasswd and PAM in the same page under CentOS 7

by using the hashing method corresponding to the current password value. Can you check in your server ACLs (olcAccess parameter) that anonymous users have the 'auth' right on userPassword attribute? -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux

Using overlay rwm to rewrite search base depending on search filter

Hello, I am playing with overlay rwm to try to change the base DN of a search depending on a value in search filter. The goal is to rewrite base "dc=example,dc=com" to "dc=test,dc=example,dc=com" if I have (uid=login@test) in the LDAP filter. Has someone already done this? My

Re: OpenLDAP as Proxy

do that: https://lsc-project.org/documentation/start Hope it helps, -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 137 boulevard de Magenta - 75010 PARIS Blog: http://sflx.ca/coudot

Re: How to enable memberOf overlay with posixGroup?

Le 08/09/2016 à 09:45, Clément OUDOT a écrit : Le 08/09/2016 à 04:52, Ryan Tandy a écrit : On Wed, Sep 07, 2016 at 11:10:30PM +0200, MegaBrutal wrote: I also figured that memberOf would need groupOfNames groups, while I need posixGroup type groups. I evaluated the possibility to use

OpenLDAP 2.4.45 LTB packages available

Hello, the LDAP Tool Box team has published RPM and Debian packages for OpenLDAP 2.4.45. You can download them directly or use APT/YUM repositories: https://ltb-project.org/download Documentation: * https://ltb-project.org/documentation/openldap-deb *

Re: Re: OpenLDAP / Active directory cohabitation

2017-05-30 8:10 GMT+02:00 Ulrich Windl : > I have one question: Why is hte AD admin accound needed to authenticate? I see > a problem with the AD admin password being stored in cleartext in the > saslauthd > configuration... You don't need AD admin password,

Re: OpenLDAP / Active directory cohabitation

2017-05-29 19:00 GMT+02:00 Dan White : > On 05/29/17 23:36 +0900, Alexandre Rosenberg wrote: >> >> I am in a environment where we use both OpenLDAP and Active Directory. >> All Linux servers authenticate against OpenLDAP where we have user group, >> unix group (...) > >

Re: Can I do this with openldap ?

2017-05-26 11:18 GMT+02:00 Dieter Klünter : > Am Tue, 23 May 2017 17:16:22 + > schrieb Roelof Wobben : > >> Hello, >> >> >> My boss wants to run everything from a server. >> >> But he wants also that I can take care of that some of the software >> is

Re: Unable to load the lastbind module with 2.4.44 (custom build)

2017-04-12 13:37 GMT+02:00 mailing lists : > Hello all, > > What I'm trying to do is enable the lastbind module in a centos7 server, so I > applied this patch to the rpmbuild process: > > > > # cat /root/rpmbuild/SOURCES/openldap-lastbind-overlay.patch > ---

Re: "Dynamic" authentication passthrough?

umentation/general/sasl_delegation To synchronize AD entries to OpenLDAP, you can use LSC, see https://lsc-project.org/ -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 137 boulevard de Magenta - 75010 PARIS Blog: http://sflx.ca/coudot

Re: Dynamic groups/lists

2017-02-21 15:09 GMT+01:00 Saša-Stjepan Bakša : > Hi, > > I have access to LDAP server which doesn't have any groups defined. All > users have only attributes which are used to distinguish to which type of > users they belong and for application which I have intention to use

Re: PID File

2016-12-20 23:40 GMT+01:00 Quanah Gibson-Mount : > Actually to start with, try using the correct db_recover binary while in the > data directory. If that fails, then remove the alock file and see if slapd > will start. Sadly not uncommon for alock to report problems

Re: PID File

2016-12-20 22:35 GMT+01:00 Singley, Norman : > Thanks. Here are the results. I can start googling this result, but I am > kind of a newbie at openldap, so if you know something obvious, let me know. > Thank you very much. > > > # service slapd debug > slapd: [INFO]

Re: PID File

2016-12-20 19:34 GMT+01:00 Singley, Norman : > Hi Folks – > > > > I am getting the No PID file for openLDAP error when starting/stopping > slapd. > > > > run]# /etc/init.d/slapd stop > > slapd: [INFO] Using /etc/default/slapd for configuration > > slapd: [INFO] Halting

Re: LTB Dwbian packages [was] Re: Creating suffix aliases with OpenLDAP

2016-09-18 11:29 GMT-04:00 Ralf Mattes <r.mat...@mh-freiburg.de>: > > Am Sonntag, 18. September 2016 16:55 CEST, Clément OUDOT > <clem.ou...@gmail.com> schrieb: > > >> >> Hi, >> >> you are right, we did not publish sources as Debian source pa

Re: enforce TLS 1.2 in OpenLDAP server side

#openldap -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 87, rue de Turbigo - 75003 PARIS Blog: http://sflx.ca/coudot

Re: How to enable memberOf overlay with posixGroup?

://www.lsc-project.org). With this, you only manage POSIX groups, and standard groups are updated automatically. You can then use the memberOf overlay on groupOfNames. -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 87, rue de Turbigo - 75003

Re: Change Defaulth ssha passoword encryption algorithm

should be added to userPassword as clear text. Note that this option does not alter the normal user applications handling of userPassword during LDAP Add, Modify, or other LDAP operations. This setting is only allowed in the frontend entry. -- Clément OUDOT

Re: Modification of objectClass failing: how can I get details?

in structuralObjectClass operational attribute). You can do it with the relax extension if needed, else, simply remove and add the entry. -- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux 87, rue de Turbigo - 75003 PARIS Blog: http://sflx.ca/coudot

Re: ContextCSN showing Junk Characters

version of OpenLDAP from www.openldap.org, and then any write to the database should write a fresh contextCSN... If you are stuck in CentOS 5 and want to install a recent OpenLDAP with packages, take a look at http://ltb-project.org/wiki/download#openldap -- Clément OUDOT Consultant en

  1   2   3   >