Le mar. 7 mai 2024 à 19:32, Benjamin Renard a
écrit :
>
> @Clément: I also implemented a similar monitoring plugin :)
> (https://exchange.icinga.com/brenard/check_mdb). Don't forget to share
> your works on this great website (and possibly on
> https://exchange.nagios.org) ;)
>
>
Great, thanks
m a little
concerned about the duration on a database with approximately
1,000,000 entries.
Thank you in advance.
Hello Benjamin,
if it helps, we have created a monitoring script for this:
https://ltb-project.org/documentation/check_lmdb_usage.html
--
Clément Oudot | Identity Solutions Man
account has the
pwdReset flag set to TRUE and must reset its password. It is linked to
password policy.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks |https://www.worteks.com
Hello,
for people interested, the LDAP Tool Box project has published the
packages for OpenLDAP 2.5.15 and 2.6.5.
https://projects.ow2.org/view/ldaptoolbox/ltb-openldap-2-5-15-and-2-6-5-packages-released/
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks
he value
dn: uid=...
replace: pwdAccountLockedTime
pwdAccountLockedTime: 20221021135537Z
And even with dates in the future, but we are still able to connect.
With whoami command, or from a SOGo webmail connected to the LDAP server.
Any idea?
Thank in advance for your help.
Check that pwdLockout is set to T
Le mer. 21 juin 2023 à 08:39, cYuSeDfZfb cYuSeDfZfb
a écrit :
> Hi Quanah,
>
> Thanks for your answer and kind suggestions! We will implement them.
>
> And anyone here using zabbix, and has some scripting for monitoring laying
> around..?
>
>
Hello,
we provide some monitoring scripts in LDAP
Le 07/03/2023 à 06:58, forumforeign a écrit :
06.03.23 19:14, Clément OUDOT пише:
Le 06/03/2023 à 16:13, forumforeign a écrit :
'(&(objectClass=organizationalRole)(cn=developer)(uid=user1,ou=people,dc=domain,dc=com))'
RoleOccupant
'(&(objectClass=organizationalRole)(cn=developer)(u
",
and no entry else.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
dvice, please
Why are you using ldapi:// with ldapwhoami and ldap:// with ldapmodify ?
Did you check in your ACL that access to userPassword attribute is
allowed to authenticate users?
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks |https://www.worteks.com
to run a script
on entry creation/modification/deletion. But this may be too high-level
for an OpenLDAP server.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
#Metadirectory
Hello Jarett,
another approach would be to create a local OpenLDAP server and
synchronize it with Okta LDAP server with LSC: https://lsc-project.org/
You will then be able to easily manage local attributes.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
-schema.1.en.html
You can get away with it by using include directive with slapd.conf.
You can use olcInclude with cn=config.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Le sam. 5 févr. 2022 à 20:57, Quanah Gibson-Mount a
écrit :
>
>
> --On Friday, February 4, 2022 10:12 PM -0500 Dave Macias
>
> wrote:
>
> >
> >
> > https://www.ltb-project.org/documentation/ldap-stats.html
>
> Is that the one I used to help maintain? I don't believe it's been updated
> for 2.5
.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
be interesting to provide an upgrage LDIF file that we
could use to modify existing configuration?
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Hello,
LTB packages for OpenLDAP 2.4.59 are now availble
(Debian/Ubuntu/CentOS/RHEL).
More information on
https://projects.ow2.org/view/ldaptoolbox/ltb-openldap-2-4-59-packages-released/
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https
.
Regards,
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Hello,
LTB packages for OpenLDAP 2.4.58 are available:
https://projects.ow2.org/view/ldaptoolbox/ltb-openldap-2-4-58-packages-released/
Download: https://ltb-project.org/download#openldap
Thanks to OpenLDAP team and LTB team!
Clément.
. Adapt the settings
set_lg_regionmax / set_lg_max / set_lg_bsize
And obviously you are running an outdated version on an outdated distro.
The best advice is to use the latest OpenLDAP version and switch to MDB.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Le 18/01/2021 à 21:21, proj...@openldap.org a écrit :
> OpenLDAP 2.4.57 is now available for download as detailed on our download
> page:
LDAP Tool Box packages are available for Debian stretch / Debian buster
/ CentOS 7 / CentOS 8
See https://ltb-project.org/download#openldap
--
C
Hello,
Debian and RPM packages are now available on LTB repositories.See
https://ltb-project.org/download#openldap
Clément.
module? You've provided no information
> about your configuration.
>
> The correct way to change a user password is to use an LDAPv3 password
> modify operation, not an ldapmodify change. See the ldappasswd(1)
> command.
>
Note that we can't modify pwdReset attribute trough ldappassw
Le lun. 7 sept. 2020 à 17:37, a écrit :
>
> OpenLDAP 2.4.53 is now available for download as detailed on our download
> page:
>
> https://www.openldap.org/software/download/
LTB packages for OpenLDAP 2.4.53 are also available:
Le ven. 28 août 2020 à 19:46, a écrit :
>
> OpenLDAP 2.4.52 is now available for download
Hello,
LDAP Tool Box packages have been published (see announce:
https://projects.ow2.org/view/ldaptoolbox/ltb-openldap-2-4-52-packages-released/)
We dropped support for Debian Wheezy, Debian Jessie and
doesn't enable us to
> provide you the information necessary.
>
If you use the ppolicy overlay, you can use LTB Service Desk, a Web GUI.
See https://service-desk.readthedocs.io
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Le lun. 17 août 2020 à 16:28, Giuseppe De Marco
a écrit :
> Hi Clément, great job, awesome!
>
> Is there any possibilities to have in ltb the SQL backend in future
> releases?
>
> Official Deb packages lacks of this, It seems a little bit Buffy so ltb
> would be a great opportunità to have a
Hello,
LDAP Tool Box packages for OpenLDAP 2.4.51 are released. They can be
downloaded on https://ltb-project.org/download#openldap or installed
with yum/apt
Thanks again to OpenLDAP team for their great work!
Clément.
and-password-policy-in-openldap-and-discover-tools-to-manage-it
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
HA}wbMAL
>
This is your mistake. You must not directly edit the LDIF files. Use
ldapmodify or export/import your configuration.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
r/local/openldap/sbin/slapd-cli start
ExecStop=/usr/local/openldap/sbin/slapd-cli stop
[Install]
WantedBy=multi-user.target
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
re which password to give here .
>
>
>
> We have given the same credentials in the config file :
> olcDatabase={2}hdb.ldif
>
> olcRootDN: cn=Manager,dc=bpost,dc=be
>
> olcRootPW: **
>
>
>
Just to be sure, did you give the password in clear text in ldapadd command?
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Hello,
LDAP Tool Box packages for OpenLDAP 2.4.50 are available for
RedHat/CentOS/Debian/Ubuntu :
https://ltb-project.org/download#openldap
Thanks to David Coutadeur for the Debian packages.
Clément.
ackages for CentOS 7 and CentOS 8.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
the "manage" right to a service account, and then use
the relax or ManageDSAIT controls to force the change of a password
which is too short, it is always rejected. The modification is only
accepted if it is done by rootdn.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
lts.
>
> c) Open a bug at https://bugs.openldap.org, include your configuration
> (minus any passwords) and the full backtrace in the bug report.
>
Hello,
we also have quite similar issue with back-meta, even in 2.4.49, see
https://bugs.openldap.org/show_bug.cgi?id=9098
Maybe
Le 09/03/2020 à 10:31, Michael Ströder a écrit :
> On 3/9/20 10:19 AM, Clément OUDOT wrote:
>> Le 06/03/2020 à 17:47, Quanah Gibson-Mount a écrit :
>>> --On Friday, March 6, 2020 8:47 AM + Manuela Mandache
>>> wrote:
>>>> Thanks for your answer. Well,
AuthNLimit: 0
pwdInHistory: 4
pwdLockout: TRUE
pwdMaxAge: 31536000
pwdMaxFailure: 3
pwdMinAge: 0
pwdMinLength: 4
pwdMustChange: TRUE
pwdSafeModify: FALSE
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Le 05/03/2020 à 18:55, Dieter Klünter a écrit :
> Am Thu, 5 Mar 2020 18:15:41 +0100
> schrieb Clément OUDOT :
>
>> Le 05/03/2020 à 10:10, Dieter Klünter a écrit :
>>> Am Wed, 04 Mar 2020 13:36:08 +
>>> schrieb Manuela Mandache :
>>>
>>>
ed for
smbk5pwd overlay, but not for ppolicy overlay?
I just test a creation of an entry with a password when ppolicy overlay
is configured, and the pwdChangedTime is well created.
You may have a configuration issue.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Le jeu. 30 janv. 2020 à 19:27, OpenLDAP project a écrit :
>
> OpenLDAP 2.4.49 is now available for download as detailed on our download
> page:
Hello,
LDAP Tool Box packages for Debian and CentOS are now available:
https://ltb-project.org/download#openldap
Clément.
works, regression suite
could not be run until the end because I did not have enough disk space
on my virtual machine, but first tests were all ok.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
values are tested, and if one match, then the BIND is
successful. I don't see how you can select an order in the passwords.
But why is it a problem? With this setup, you can use SASL or regular
password for an entry, and the failback will work.
--
Clément Oudot
Worteks - https
Le 25/07/2019 à 10:43, Ondřej Kuzník a écrit :
> On Thu, Jul 25, 2019 at 10:14:36AM +0200, Clément OUDOT wrote:
>> Le 24/07/2019 à 20:01, Ondřej Kuzník a écrit :
>>> Let us know what the pain points have been with OpenLDAP when you were just
>>> starting, right now a
ation, let me know.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
alid DN, so the issue is not on
server side. Check your LDAP client configuration.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
em ?
This is a schema restriction, you can't mix structural object classes
inside an entry (unless they belong to the same chain, like
person/organizationalPerson/inetOrgPerson).
So you can't have groupOfNames and organizationalUnit. Choose one of them.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
ies occur. This directive
must appear before
any target specification; it affects all targets with the
same pattern.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
en
by any per-target
directive.
You can maybe give a try to "network-timeout" first.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Hello,
as said by others, you indeed need to configure the unique overlay. You
can also have a look to constraint overlay to add other checks, like
regexp or size.
https://www.openldap.org/software/man.cgi?query=slapo-constraint
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Le 05/04/2019 à 19:18, Martin Pittamitz a écrit :
> On 05/04/2019 16:33, Clément OUDOT wrote:
>>
>>
>> Le 05/04/2019 à 10:36, Olivier - a écrit :
>>> Hi all,
>>>
>>
>> Hello,
>>
>>
>>> I'm testing static group and dynami
r me. I have a newbie's question :
> can we have , for example, the mail attribute of all members of
> service Y in only one request ?
> I mean : make a request on service Y to have member's list and ,
> in the same action , have the member's mail.
>
You could do it
e C# DirectoryEntry /
DirectorySearcher objects. You need to use
System.DirectoryServices.Protocols to request an OpenLDAP directory.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
ntInterval: 1200
Hello Tom,
if you read the documentation, you will see that you need to configure
pwdLockoutDuration to set the time during which the account is locked.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Le 15/02/2019 à 04:08, Tian Zhiying a écrit :
>
> Clément Oudot,
>
>
>
> Thank you.
>
> I have changed the rootdn from root to other user, it’s still not
> working. I can modified the user password same with before.
>
>
>
First check that your are s
ied successfully.*
>
Check that the password modification is not done by the rootdn, as the
rootdn is bypassing password policy constraints.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Hello,
for information, LDAP Tool Box packages for OpenLDAP 2.4.47 are available:
* https://ltb-project.org/documentation/openldap-rpm
* https://ltb-project.org/documentation/openldap-deb
Thanks a lot to OpenLDAP community for this great software!
Clément.
>
> ldap_get_option($ldapconn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $_err);
>
> and $_err variable is empty.
This should be possible in PHP 7.3, see
https://bugs.php.net/bug.php?id=69437
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
with ppolicy overlay, or other
overlays (dynlist, memberof). I join a full debug log, maybe you can
find what is going wrong. We see that
"autogroup_member_search_modify_cb" function is called, but user entry
is not modified.
Do you think this configuration could work?
--
Clément Oudo
able: samba
>
> but when I changed the userPassword, the sambaNTPassword and
> sambaLMPassword attributes doesn't changed.
>
> What did I missed?
smbk5pwd overlay only works if password change has been made with
extended password modify operation (this operation is done with
ldappasswd, not with ldapmodify).
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Le 18/09/2018 à 23:10, Ervin Hegedüs a écrit :
> Hi,
>
> On Tue, Sep 18, 2018 at 10:34:55PM +0200, Clément OUDOT wrote:
>>
>> Le 18/09/2018 à 22:23, Ervin Hegedüs a écrit :
>>> But then I don't understand, why comes this error only few users
>>> (total nu
e some screenshots about the traffic, hope it
> seems that no other garbage:
>
> https://www.dropbox.com/sh/x8ol6cfc39zj7cp/AADCo3CgcHPQnvOre4hjuULpa
It would be be interesting to see how your OpenLDAP ACL are configured.
Are you sure that a user can modify userPassword and sambaNT/LM password
a
laced names and chars, so the match[dn0] numbers are not
> correct).
>
>
> Only few users can trigger this problem (don't know why), and
> only through PHP.
>
>
> What's the problem here?
Hello,
I would say that the PHP application is sending some garbage to the
directory. What application are you using for password change, is it LTB
Self Service Password ?
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
Hello,
There is an important event about free software and open source in
Paris in december, with topics about identity management. The CFP is
here: http://cfp.opensourcesummit.paris/
It should close friday but I think the deadline will be reported.
Feel free to propose technical talks or
he overlay on the consumers too.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
a new LDAP
directory that is synchronized with your remote data. You can use for
example LSC (https://lsc-project.org/) to do this.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
gt;
> Any advice is appreciated.
>
>
>
You are using mdb backend but it is not loaded in cn=modules. Did you
recompile slapd to have mdb in slapd binary?
MDB backend is very performant by default, but you can tune it with some
options like maxreaders or envflags.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
should test with ldapsearch or ldapwhoami command to understand the
behavior of OpenLDAP ppolicy. Then you can configure pam/sssd to fit
your needs.
--
Clément Oudot | Identity Solutions Manager
Worteks | https://www.worteks.com
t's something else?
It's not a bug. If pwdReset is set to TRUE, the BIND will be successful
but you will not be allowed to do another operation but changing
password. If your application is doing a SEARCH just after the BIND, you
will be denied.
--
Clément Oudot | Identity Solutions Manage
Hi,
LDAP Tool Box project just released packages for OpenLDAP 2.4.46, that
can be downloaded here: https://ltb-project.org/download#openldap
You can also use our yum and apt repositories to install them.
Changes on packaging can be found here:
*
2018-01-15 10:05 GMT+01:00 Michael Ströder <mich...@stroeder.com>:
> Jephte Clain wrote:
>> 2018-01-15 10:38 GMT+04:00 Clément OUDOT <clem.ou...@gmail.com>:
>>> I would like to use the N-way mutlimaster mode and a virtual IP to
>>> manage fa
Hello,
I would like to use the N-way mutlimaster mode and a virtual IP to
manage failover for applications. The virtual IP will be configured
trough keepalived.
To work with N-way mutlimaster, we must start OpenLDAP process on the
LDAP URI defined in cn=config olcServerID parameter. So we can't
2017-12-15 11:32 GMT+01:00 John Lewis :
> I was looking for something like this. Can it do email-based self-
> registration?
No, it just handles password modification (and SSH key modification).
The SSO software LemonLDAP::NG has a this feature, but it is a big
2017-12-14 18:56 GMT+01:00 Douglas Duckworth :
> 2) Has anyone found other solutions besides PWM that do the same thing?
Hello,
I am the developer of LTB Self Service Password:
* https://ltb-project.org/documentation/self-service-password
*
2017-11-20 11:59 GMT+01:00 Turbo Fredriksson :
> You’ve never had the issue I’m having? Or heard about it?
No but I don't use Kerberos authentication.
2017-11-19 18:09 GMT+01:00 Turbo Fredriksson :
> Have anyone tried running OpenLDAP behind HAProxy? Anything special
> one needs to do?
I do this often, without any particular issue. If you use LDAPS, you
can add option ssl-hello-chk.
Here is a sample configuration file:
ou have one in
dc=core,dc=hdt,dc=hu and the other in dc=mycompany,dc=hu. Just set read
right to the appropriate user
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot
Le 12/10/2017 à 16:39, Ervin Hegedüs a écrit :
Hi Clément,
thanks for your help,
On Thu, Oct 12, 2017 at 09:16:24AM +0200, Clément OUDOT wrote:
Le 11/10/2017 à 17:31, Ervin Hegedüs a écrit :
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous
auth by * none
none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to dn.children="ou=ABC Customer,dc=mycompany,dc=hu" by
self write by group.exact="cn=groupabcadmin,ou=ABC
Customer,dc=mycompany,dc=hu" write by * none
olcAccess: {3}to * by * read
--
Clément OUDOT
Consultant e
and store data in
the LDAP directory, see
https://lemonldap-ng.org/documentation/latest/register
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot
Le 13/09/2017 à 16:29, Clément OUDOT a écrit :
Hello,
I am playing with overlay rwm to try to change the base DN of a search
depending on a value in search filter.
The goal is to rewrite base "dc=example,dc=com" to
"dc=test,dc=example,dc=com" if I have (uid=login@test)
by using the
hashing method corresponding to the current password value.
Can you check in your server ACLs (olcAccess parameter) that anonymous
users have the 'auth' right on userPassword attribute?
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
Hello,
I am playing with overlay rwm to try to change the base DN of a search
depending on a value in search filter.
The goal is to rewrite base "dc=example,dc=com" to
"dc=test,dc=example,dc=com" if I have (uid=login@test) in the LDAP
filter. Has someone already done this?
My
do that:
https://lsc-project.org/documentation/start
Hope it helps,
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot
Le 08/09/2016 à 09:45, Clément OUDOT a écrit :
Le 08/09/2016 à 04:52, Ryan Tandy a écrit :
On Wed, Sep 07, 2016 at 11:10:30PM +0200, MegaBrutal wrote:
I also figured that memberOf would need groupOfNames groups, while I
need posixGroup type groups. I evaluated the possibility to use
Hello,
the LDAP Tool Box team has published RPM and Debian packages for
OpenLDAP 2.4.45.
You can download them directly or use APT/YUM repositories:
https://ltb-project.org/download
Documentation:
* https://ltb-project.org/documentation/openldap-deb
*
2017-05-30 8:10 GMT+02:00 Ulrich Windl :
> I have one question: Why is hte AD admin accound needed to authenticate? I see
> a problem with the AD admin password being stored in cleartext in the
> saslauthd
> configuration...
You don't need AD admin password,
2017-05-29 19:00 GMT+02:00 Dan White :
> On 05/29/17 23:36 +0900, Alexandre Rosenberg wrote:
>>
>> I am in a environment where we use both OpenLDAP and Active Directory.
>> All Linux servers authenticate against OpenLDAP where we have user group,
>> unix group (...)
>
>
2017-05-26 11:18 GMT+02:00 Dieter Klünter :
> Am Tue, 23 May 2017 17:16:22 +
> schrieb Roelof Wobben :
>
>> Hello,
>>
>>
>> My boss wants to run everything from a server.
>>
>> But he wants also that I can take care of that some of the software
>> is
2017-04-12 13:37 GMT+02:00 mailing lists :
> Hello all,
>
> What I'm trying to do is enable the lastbind module in a centos7 server, so I
> applied this patch to the rpmbuild process:
>
>
>
> # cat /root/rpmbuild/SOURCES/openldap-lastbind-overlay.patch
> ---
umentation/general/sasl_delegation
To synchronize AD entries to OpenLDAP, you can use LSC, see
https://lsc-project.org/
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot
2017-02-21 15:09 GMT+01:00 Saša-Stjepan Bakša :
> Hi,
>
> I have access to LDAP server which doesn't have any groups defined. All
> users have only attributes which are used to distinguish to which type of
> users they belong and for application which I have intention to use
2016-12-20 23:40 GMT+01:00 Quanah Gibson-Mount :
> Actually to start with, try using the correct db_recover binary while in the
> data directory. If that fails, then remove the alock file and see if slapd
> will start. Sadly not uncommon for alock to report problems
2016-12-20 22:35 GMT+01:00 Singley, Norman :
> Thanks. Here are the results. I can start googling this result, but I am
> kind of a newbie at openldap, so if you know something obvious, let me know.
> Thank you very much.
>
>
> # service slapd debug
> slapd: [INFO]
2016-12-20 19:34 GMT+01:00 Singley, Norman :
> Hi Folks –
>
>
>
> I am getting the No PID file for openLDAP error when starting/stopping
> slapd.
>
>
>
> run]# /etc/init.d/slapd stop
>
> slapd: [INFO] Using /etc/default/slapd for configuration
>
> slapd: [INFO] Halting
2016-09-18 11:29 GMT-04:00 Ralf Mattes <r.mat...@mh-freiburg.de>:
>
> Am Sonntag, 18. September 2016 16:55 CEST, Clément OUDOT
> <clem.ou...@gmail.com> schrieb:
>
>
>>
>> Hi,
>>
>> you are right, we did not publish sources as Debian source pa
#openldap
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot
://www.lsc-project.org).
With this, you only manage POSIX groups, and standard groups are updated
automatically. You can then use the memberOf overlay on groupOfNames.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003
should be
added to userPassword as clear text.
Note that this option does not alter the normal user
applications handling of userPassword during LDAP Add, Modify, or other
LDAP operations. This
setting is only allowed in the frontend entry.
--
Clément OUDOT
in structuralObjectClass operational attribute).
You can do it with the relax extension if needed, else, simply remove
and add the entry.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot
version of OpenLDAP from www.openldap.org,
and then any write to the database should write a fresh contextCSN...
If you are stuck in CentOS 5 and want to install a recent OpenLDAP with
packages, take a look at http://ltb-project.org/wiki/download#openldap
--
Clément OUDOT
Consultant en
1 - 100 of 277 matches
Mail list logo