On Mon, Dec 3, 2018 at 2:11 PM Quanah Gibson-Mount wrote:
> --On Monday, December 03, 2018 1:57 PM -0800 Daniel Howard
> wrote:
>
>
> > A potentially minor improvement along these lines could be a very nice
> > feature enhancement for OpenLDAP. Thank you for your c
On Wed, Nov 28, 2018 at 11:05 AM Quanah Gibson-Mount
wrote:
> --On Wednesday, November 28, 2018 10:16 AM -0800 Daniel Howard
> wrote:
>
> ># This file MUST be edited with the 'visudo' command as root.
> >
> > Perhaps this is a consideration that is already
On Tue, Nov 27, 2018 at 3:17 PM Quanah Gibson-Mount
wrote:
> --On Tuesday, November 27, 2018 2:22 PM -0800 Daniel Howard
> wrote:
>
> > I had been yearning for a config file, and it turns out I had them all
> > along!
>
> It's a database, not configura
Hello,
Back in April or May, I was trying to add and tweak a password policy,
invoking a command like this multiple times:
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -a -f ppolicy-overlay.ldif
This created multiple password policy overlays, and the LDAP server started
to crash with some frequen
On Thu, Apr 19, 2018 at 5:12 AM, Frank Swasey wrote:
>
> For future reference here's the procedure that I've worked up:
>
> shutdown slapd on all MMR members
> slapcat the database
> edit the database to remove all "pwd*" attributes and all entries that are
> pwd* objectClass
> edit the slapd.conf
Hello,
I have two issues. One is I gave myself redundant *ppolicy* overlays I
can't delete. The other is I don't know why I can not reset a user's
password.
The first is that in a rush, late at night, I ended up with multiple
(duplicate) Password Policy Overlays. I went back and tried to delete
t
Hello,
He have OpenLDAP replication set up based on the docs at
https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-server-replication
I noticed recently a symptom, whereby a new user exists only on the primary.
So, I started to debug:
Master: (ldap0)
0-16:23 djh@ldap0 ~$ lda
Followup: I had added a ppolicy module to Master but not to Consumer. Thus
the message about pwdChangeTime. Adding the module to consumer fixed
replication.
-danny
On Fri, Jan 12, 2018 at 4:33 PM, Daniel Howard wrote:
> Hello,
>
> He have OpenLDAP replication set up based on th
Unix doesn't really work that way but maybe you make your special ldap user
password script check if the user is in LDAP: if they are, do LDAP
password, if they are not, wrap around Unix password.
Easier lazy solution is to have a passwd-ldap and a passwd-unix command,
then replace passwd with a l
I reckon that either platform could give sufficient performance. Another
question to ask is which platform your technical contributors are going to
be most comfortable with. From what I have seen, developers are far more
likely to be comfortable with a traditional relational database like
postgres.
Hello,
Some thoughts I have had about OpenLDAP Documentation over the weekend
My overarching concern is one of process. My day job is Ops, and especially
at scale a documentation process is critical to success. And what this
boils down to is that:
- checking documentation is a part of th
On Apr 30, 2016 1:03 PM, "Quanah Gibson-Mount" wrote:
>
> --On Saturday, April 30, 2016 11:41 AM -0700 Daniel Howard <
danny...@toldme.com> wrote:
>
>>
>> My recent experience is OpenLDAP on Ubuntu. I thought I would go with
>> OpenLDAP's guide beca
My recent experience is OpenLDAP on Ubuntu. I thought I would go with
OpenLDAP's guide because they should know better, but the quick start was
for older versions or something and hadn't been updated.
I like documentation systems that allow for user feedback, comments, or
patches via github. If yo
er you can apply the whole LDIF at once or not ...
if it happens in one go you won't get locked out ...
In the mailing list archives I found a suggestion (no example) that you
could somehow insert a rule by number ...
On Mon, Mar 21, 2016 at 2:28 PM, Daniel Howard wrote:
> I would like to
I would like to allow users to ldapmodify a few of their attibutes ...
sshPublicKey,gecos ..
This does not appear to do the trick:
0-14:08 djh@ldap0 ~$
*sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \> cn=config
'(olcDatabase={1}hdb)' olcAccess*
dn: olcDatabase={1}hdb,cn=config
olcAccess: {
I have set up OpenLDAP per the nice tutorial at
https://help.ubuntu.com/lts/serverguide/openldap-server.html and on my
previous run-throughs, I succeeded at setting up replication via TLS. But
now that I'm implementing on the dedicated hardware, I am not able to
replicate via TLS.
SOLUTION: It tur
16 matches
Mail list logo