Re: "olcSizeLimit: size.prtotal=disabled" ignored?

Thank you. Will try to understand the man page. Appreciate your help. On Wed, Sep 2, 2015 at 4:59 PM, Dieter Klünter wrote: > Am Wed, 2 Sep 2015 15:59:28 +0300 > schrieb Igor Shmukler : > >> $ slapd -V >> @(#) $OpenLDAP: slapd (Ubuntu) (Mar 17 2014 21:20:08) $ >> >

Re: "olcSizeLimit: size.prtotal=disabled" ignored?

$ slapd -V @(#) $OpenLDAP: slapd (Ubuntu) (Mar 17 2014 21:20:08) $ I tried olcSizeLimit, before adding olcSizeLimits. Perhaps there is a bug. On Wed, Sep 2, 2015 at 3:55 PM, Dieter Klünter wrote: > Am Wed, 2 Sep 2015 14:27:39 +0300 > schrieb Igor Shmukler : > >> Hi DIeter,

Re: "olcSizeLimit: size.prtotal=disabled" ignored?

# # sssvlv.com dn: dc=sssvlv,dc=com objectClass: top Does it mean there is a bug? Sincerely, Igor Shmukler On Wed, Sep 2, 2015 at 1:26 PM, Dieter Klünter wrote: > Am Wed, 2 Sep 2015 12:50:59 +0300 > schrieb Igor Shmukler : > >> Hello DIeter, >> >> Thank you for the clari

Re: "olcSizeLimit: size.prtotal=disabled" ignored?

critical control: size=5 # # sssvlv.com dn: dc=sssvlv,dc=com objectClass: top Is there a requirement to apply olcLimits before olcSizeLImit? Sincerely, Igor Shmukler On Wed, Sep 2, 2015 at 11:05 AM, Dieter Klünter wrote: > Am Wed, 2 Sep 2015 08:38:42 +0300 > schrieb Igor Shmukler : >

Re: "olcSizeLimit: size.prtotal=disabled" ignored?

2.4.x, or did I incorrectly understand the documentation? If it is a bug, should it be filed? How would one go about disabling simple paged results [having the OpenLDAP server respond with critical extension unavailable or similar]? Is restricting access to the control with an ACL is the way to go?

"olcSizeLimit: size.prtotal=disabled" ignored?

receive something like "Unavailable Critical Extension" as a response. Is what I am attempting to do expected to disable simple paged results for all clients [and DITs]? Is it even possible? Am I going right about disabling paging control? Thank you, Igor Shmukler

Re: disable simple paged results control support?!

Aaron, I don't know what is happening, hence tried to tap into collective wisdom. My LDIF was written to disable paged search for everyone, hence dn: cn=config If I knew how the rule should be written, I would not bother smart people. Sincerely, Igor Shmukler On Thu, Aug 27, 2015 at 5:

Re: disable simple paged results control support?!

able paged results. Sincerely, Igor Shmukler On Thu, Aug 27, 2015 at 4:37 PM, Aaron Richton wrote: > On Thu, 27 Aug 2015, Igor Shmukler wrote: > >> olcSizeLimit: size.prtotal=disabled >> >> What is wrong with the LDIF? It was successfully applied using >> ldapmodify(1

Re: disable simple paged results control support?!

throw an unsupported control, instead providing clients with paged results. Thank you. On Thu, Aug 27, 2015 at 2:23 PM, Igor Shmukler wrote: > OK, I might have found the setting: > olcSizeLimit: size.prtotal=disabled > > Thank you > > On Thu, Aug 27, 2015 at 1:46 PM, Igor

Re: disable simple paged results control support?!

OK, I might have found the setting: olcSizeLimit: size.prtotal=disabled Thank you On Thu, Aug 27, 2015 at 1:46 PM, Igor Shmukler wrote: > Hello, > > I am trying to make my client, developed for OpenLDAP also compatible > with Oracle DSEE. > Oracle DSEE is missing support f

disable simple paged results control support?!

saved me many times, in past. Can OpenLDAP be configured to do what I need, so I could test my fallback code in the client using an OpenLDAP server? Thank you, Igor Shmukler

Re: olcHidden breaks slapcat? possible bug in slapcat(8)?

Hello Ulrich, Not to me, it does not answer the question. How do I connect olcHIdden set to TRUE throwing an error, and FALSE does not? Would you mind making the connection for me, please. Sincerely, Igor Shmukler On Fri, Apr 17, 2015 at 9:38 AM, Ulrich Windl wrote: >>>> I

olcHidden breaks slapcat? possible bug in slapcat(8)?

rootdn is under suffix slapcat: bad configuration file! Is this a bug, or the desired behavior? Sincerely, Igor Shmukler

Re: Re: Can domain admins be filtered out with ACLs?

. For my goal, I am going to use olcHidden to achieve what I need instead. If I cannot properly suspend a DIT, I get close to desired results by hiding the database. Sincerely, Igor Shmukler On Fri, Apr 17, 2015 at 8:15 AM, Ulrich Windl wrote: >>>> Quanah Gibson-Mount schrieb am 16.0

Re: Can domain admins be filtered out with ACLs?

re pointed this out for me. Sincerely, Igor Shmukler On Wed, Apr 15, 2015 at 5:41 PM, Igor Shmukler wrote: > Hello, > > I tried to filter out everyone except cn=config when my ACL filter > rule is true (a NAME type attribute matches a value), so that password > authentication for

Can domain admins be filtered out with ACLs?

uspended) by dn="cn=config" write by * none olcAccess: {4}to * filter=(!(serviceLevel=suspended)) by self write by dn="cn=admin,dc=directory,dc=com" write by dn="cn=config" write by * read Is there something special about LDAP administrator, by design? Thank you, Igor Shmukler

disable logins with ACLs

ror, likely due to messed-up syntax or something. The additional info: handler exited with 1 Michael's example is not written for OLC, so I managed to do something wrong. Any ideas? Thank you, Igor Shmukler

Re: sane ppolicy choices

rd [for each user in the group] field? If works, this should probably disable login, yet be reversible. Is this totally crazy? Sincerely, Igor Shmukler On Thu, Mar 5, 2015 at 7:56 PM, Michael Ströder wrote: > Igor Shmukler wrote: >> On Thursday, March 5, 2015, Dieter Klünter wrote

Re: installing slapd no_configuration true

could not figure out how to update/modify objectClass, it made sense [to me] to try to move things around. :) Otherwise, I would love to mess with OpenLDAP as little as possible/necessary. Sincerely, Igor Shmukler On Mon, Mar 30, 2015 at 12:29 PM, Mattes wrote: > > Am Montag, 30. März 2015

Re: installing slapd no_configuration true

Hello Dieter and Ralf, Thank you for clarifications. Sincerely, Igor Shmukler On Mon, Mar 30, 2015 at 12:17 PM, Mattes wrote: > > Am Montag, 30. März 2015 10:33 CEST, Igor Shmukler > schrieb: > >> Hello, >> >> I have been trying to install slapd without confi

installing slapd no_configuration true

experienced to comment. What would be the easiest way to install slapd, ideally with config database setup, without a DIT database? I want to manually add DIT database[s] later. I got that part down. Sincerely, Igor Shmukler

Re: can't run ldapsearch and slapadd command after install openldap

4 468476 ? Ssl 11:10 0:00 > /opt/libexec/slapd > root 7574 0.0 0.0 103252 840 pts/0S+ 14:59 0:00 grep slapd > > > > -Original Message- > From: Igor Shmukler [mailto:igor.shmuk...@gmail.com] > Sent: Wednesday, March 25, 2015 12:40 PM > To: Wang,

changing objectClass in 2.4

. Sincerely, Igor Shmukler

Re: olcObjectClasses: user-defined ObjectClass has inappropriate SUPerior: "dcObject"

Hello Michael, Thank you. It worked. Sincerely, Igor Shmukler On Tue, Mar 24, 2015 at 6:14 PM, Michael Ströder wrote: > Igor Shmukler wrote: >> >>SUP dcObject STRUCTURAL > > > This won't work because you cannot derive a new STRUCTURAL object class fr

olcObjectClasses: user-defined ObjectClass has inappropriate SUPerior: "dcObject"

should be mandatory. Yet, it is probably not the reason for the error, is it?! Please advise, Sincerely, Igor Shmukler

Re: Re: what is wrong with my permissions?

the second time.] Sincerely, Igor Shmukler On Mon, Mar 23, 2015 at 4:43 PM, Ulrich Windl wrote: >>>> Igor Shmukler schrieb am 19.03.2015 um 15:03 in > Nachricht > : >> Hi Ferenc, >> >> I am still getting the same error with both by and your versions. Please

Re: OpenLDAP permissions question

I >> have to start changing the architecture so I can show something on >> Monday. :) > > Good luck with that! Thank you. I need it. Otherwise, I will have to do a huge rewrite on Sunday. I would rather not have to do the marathon thing. Sincerely, Igor Shmukler

Re: OpenLDAP permissions question

ompensation. If I don't get to a result by Sunday morning, I have to start changing the architecture so I can show something on Monday. :) Sincerely, Igor Shmukler On Fri, Mar 20, 2015 at 1:09 PM, Marc Patermann wrote: > Igor, > > Igor Shmukler schrieb (20.03.2015 11:59 Uhr): >

Re: OpenLDAP permissions question

idNumber=0,cn=peercred,cn=external,cn=auth" > "cn=root,dc=example,dc=com" > > uid 0 (from your system) maps to ldap entry cn=root,dc=example,dc=com. I don't understand how this COULD work. Please explain why admin in DIT 1 would have manage right to DIT 2. Sincerely, Igor Shmukler

Re: OpenLDAP permissions question

r problems. Apparently, my ability to clearly explain what I need is not much better than the ability to comprehend OpenLDAP docs. Sincerely, Igor Shmukler On Fri, Mar 20, 2015 at 10:19 AM, Ferenc Wagner wrote: > Igor Shmukler writes: > >> olcAccess: {0}to attrs=userPassword,shadowLastC

Re: OpenLDAP permissions question

ppears to me that remapping anything for olcDatabase={0}config,cn=config would not help me either. I have multiple DITs each managed by a separate RootDN. What am I doing wrong? Sincerely, Igor Shmukler On Fri, Mar 20, 2015 at 9:47 AM, Michael Ströder wrote: > Igor Shmukler wrote: >> >&g

Re: OpenLDAP permissions question

chitecture. Obviously OpenLDAP works well, but if I am not smart enough to get it to work as needed, it is not much good to me. Sincerely, Igor Shmukler On Friday, March 20, 2015, Michael Ströder wrote: > > Igor Shmukler wrote: >> >> If there is no way to grant access to all

Re: OpenLDAP permissions question

by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by self write by dn="cn=admin,dc=ldap,dc=com" wr ite by * read This does not get me what I need. Thank you, Igor Shmkuler On Fri, Mar 20, 2015 at 6:42 AM, Igor Shmukler wrote: > Hello Brendan, > >

Re: OpenLDAP permissions question

this. Not sure it will help someone like myself, but I will certainly try. Thank you, Igor Shmukler On Fri, Mar 20, 2015 at 2:07 AM, Brendan Kearney wrote: > On Thu, 2015-03-19 at 23:35 +0200, Igor Shmukler wrote: >> Hello Dan and Michael, >> >> I have a server with a conf

Re: OpenLDAP permissions question

of suggestions, many of which I don't fully understand. Nothing worked so far. Specifically, I cannot understand why should not the below applied to the config database does not work, if I did set the password. olcAccess: {0}to * by dn="cn=config" manage Sincerely, Igor Shmukler

Re: OpenLDAP permissions question

prepared scripts, so go back to the point where my settings made more sense. I have been experimenting for a bit too long without refreshing the environment. I am concerned that something stale is causing my problems. Sincerely, Igor Shmukler On Thu, Mar 19, 2015 at 10:42 PM, Dan White wrote: >

Re: OpenLDAP permissions question

, Igor Shmukler On Thu, Mar 19, 2015 at 10:13 PM, Dieter Klünter wrote: > Am Wed, 18 Mar 2015 23:28:35 +0200 > schrieb Igor Shmukler : > >> Hello, >> >> I have been spamming this list, looking for insights into why I cannot >> configure OpenLDAP to use cn=confi

Re: what is wrong with my permissions?

hy script terminates and the line is never reached. Either way, I am still getting the error: ldap_delete: Insufficient access (50) additional info: no write access to parent Is there something that I could check to figure what is wrong? Sincerely, Igor Shmukler

Re: what is wrong with my permissions?

dc=com " write by * read olcAccess: {3}to * by dn.exact=cn=config olcLastMod: TRUE olcRootDN: cn=admin,dc=directory,dc=com On Thu, Mar 19, 2015 at 4:03 PM, Igor Shmukler wrote: > Hi Ferenc, > > I am still getting the same error with both by and your versions. Please > adv

Re: what is wrong with my permissions?

ldapdelete -x -D cn=config -W cn=john,dc=directory,dc=com ldap_delete: Insufficient access (50) additional info: no write access to parent I even tried stripping the first line, so the rule was: {0}to * by dn.exact=cn=config Still gives me the same error. Please advise, Igor Shmukler On T

Re: what is wrong with my permissions?

ot;cn=config" manage Basically, I want dn=cn=config to have full root access over everything. I also want this password ideally to be password protected. Does it make sense? Can it be done? Sincerely, Igor Shmukler On Thu, Mar 19, 2015 at 2:13 PM, Ferenc Wagner wrote: > Igor Shm

Re: what is wrong with my permissions?

Shmukler On Thu, Mar 19, 2015 at 1:30 AM, Ferenc Wagner wrote: > Igor Shmukler writes: > >> I understood that manage is the LDIF version of full permissions. > > Yes, that goes further than write permission by allowing (eg.) the > relax rules control. I couldn't find d

OpenLDAP permissions question

parent I do the same using domain administrator credentials and below and it works fine: $ ldapdelete -D cn=admin,dc=directory,dc=google,dc=com -W -x cn=john,dc=directory,dc=com Why LDAPI does not work? What can be done? Thank you, Igor Shmukler

olcAccess syntax

ite access to parent Please advise. I thank everyone on the openldap-technical who has been reading my messages. People on this list have been extremely helpful. Sorry to continue being a nag. Sincerely, Igor Shmukler

what is wrong with my permissions?

re valid, yet do not result in the desired configuration. Instead, when ldapdelete(1) is invoked, I get: ldap_delete: Insufficient access (50) additional info: no write access to parent Please advise. I thank everyone on who has been reading my messages. People on this list have been extremely helpfu

Re: ppolicy configuration

rrors, for now. :) Sincerely, Igor Shmukler On Tue, Mar 10, 2015 at 9:06 AM, Angel L. Mateo wrote: > > El 09/03/15 a las 12:10, Igor Shmukler escribió: >> >> I also have an LDIF for default policy, added as: $ldapadd -x -D >> cn=admin,dc=example,dc=com -W -f default_p

Re: ppolicy configuration

Right. Now, it works. Thank you. On Mon, Mar 9, 2015 at 2:37 PM, Michael Ströder wrote: > Igor Shmukler wrote: >> I have ppolicy.schema is /etc/ldap/schema/ppolicy.schema - hopefully >> the correct location. > > You need to use ppolicy.ldif also installed by OpenLDAP

Re: ppolicy configuration

way to load ppolicy.schema. I could probably convert the ppolicy.schema file, using the schema2ldif script; then load the resulting ldif using ldapi. Is that how ppolicy.schema is typically "entered" into an OpenLDAP server? Thank you, Igor Shmukler On Mon, Mar 9, 2015 at 1:39 PM, Igo

Re: ppolicy configuration

Hello Michael, I did not, explicitly. At least, not since I last rebuilt my server. I will look into this. Thank you, Igor Shmukler On Mon, Mar 9, 2015 at 1:34 PM, Michael Ströder wrote: > Igor Shmukler wrote: >> adding new entry "olcOverlay=ppolicy,olcDatabase={2}hdb,cn=confi

ppolicy configuration

bjectClass. How can I find out which one is triggering the error? Any suggestions where I should start looking?! Thank you, Igor Shmukler

Re: sane ppolicy choices

Hi Dieter, Thank you for the suggestion. This certainly is one way to go. Your approach is simple. That's always good. I just need to think whether disallowing password change for trial users is acceptable. Sincerely, Igor Shmukler On Thursday, March 5, 2015, Dieter Klünter wrote: >

Re: sane ppolicy choices

ounts. Please share your insights! On Thu, Mar 5, 2015 at 11:35 AM, Igor Shmukler wrote: > Hello, > > I am trying to implement a trial [period] for new customers, using the > OpenLDAP password policy overlay. > > I was thinking about setting a combination of pwdMaxA

sane ppolicy choices

advise. Sincerely, Igor Shmukler

Re: using cn=config to retrieve DIT records

ow: 1. change my OpenLDAP server configuration so cn=config can be successfully authenticated using password. 2. retrieve records from non-config database[s] [over network, for example giving ldapsearch -D cn=config -W] Sincerely, Igor Shmukler On Mon, Mar 2, 2015 at 12:26 PM, Michael Ströder

using cn=config to retrieve DIT records

om working? $ldapsearch -D cn=config -h IPADRRESS -W -b dc=example,dc=com Suggestions? Sincerely, Igor Shmukler

Re: ldapadd(1) second DIT

ely, Igor Shmukler On Wednesday, February 4, 2015, Dieter Klünter wrote: > Am Wed, 4 Feb 2015 10:35:30 +0200 > schrieb Igor Shmukler >: > > > Hello, > > > > I am having a problem executing the ldapadd(1) through ldapi for the > > below LDIF: > > dn: olcDatab

ldapadd(1) second DIT

apadd: invalid format (line 12) entry: "olcDatabase=hdb" The line 12 contains: olcRootDN, it seems. I successfully tried a similar setup earlier. Please advise what should I check for clues. Sincerely, Igor Shmukler

Re: replace: olcAccess

Hello Ryan, I followed your advice to set selections. Did what I needed. Thank you, Igor Shmukler On Tuesday, January 6, 2015, Ryan Tandy wrote: > Hi Igor, > > On Tue, Jan 06, 2015 at 01:56:23PM +0100, Igor Shmukler wrote: > >> I install the server with apptitude and ha

Re: replace: olcAccess

nodomain and one for cn=admin,dc=nodomain and after chaining suffix, I get: 32 No such object I have two databases - config and records. For some reason, ldapmodify(1) updates config [-n 0], but entries [-n 1] still have dc=nodomain suffix. How do I change this? Sincerely, Igor Shmukler On Tue

replace: olcAccess

olcRootDN: cn=admin,dc=example,dc=com I don't see any errors. Nothing throws me off when I run slapcat(8). Please advise. Thank you, Igor Shmukler

Re: Antw: adding a custom attribute

ummy-server user' SUP inetOrgPerson STRUCTURAL MAY ipPhone ) Is this right? Sincerely, Igor Shmukler On Tue, Dec 9, 2014 at 5:31 PM, Michael Ströder wrote: > Ulrich Windl wrote: >> I thought a schema having a OID is the same everywhere; would a modified >> schema need a ne

Re: adding VLV support to OpenLDAP 2.4.31

Hello, I want to thank everyone who reads this mailing list and especially those who provided advice, which helped me to finally configure my server. You are amazing. Thank you

manually editing LDIF files with schema

, removing structuralObjectClass, entryUUID, creatorsName, createTimestamp, entryCSN, modifiersName and modifyTimestamp. Is this the recommended way of adding a schema? Sincerely, Igor Shmukler

Re: adding a custom attribute

Hello Quanah, Thank you for your reply. Do I create a new schema file for my new attribute as in ${new_attribute}.schema and another for the new object using this new attribute? Sincerely, Igor Shmukler On Tue, Dec 2, 2014 at 11:05 PM, Quanah Gibson-Mount wrote: > --On Tuesday, December

adding a custom attribute

5.121.1.15 for UTF-8 coded strings. Is editing core.schema the correct way to go? I am eagerly looking for advice. Thank you for reading my question this far. I have been saved twice by people on this list. Appreciate your help very much. Sincerely, Igor Shmukler

LDAP wire protocol analysis with Wireshark

a size of 0. The cookie is returned according to the RFC 2696 specification, but size is not. Please advise what I am missing. Thank you, Igor Shmukler

Re: debugging OpenLDAP client

Hello Andrew, Thank you for the Wireshark tip. I have solved the problem, which I had yesterday. Still, I am sure there will be a need for an analysis tool down the road. It is exactly what I wanted to find. Sincerely, Igor Shmukler On Wednesday, November 19, 2014, Andrew Findlay

Re: debugging OpenLDAP client

Well, I raised this subject stating that -1 does not do what I need. On Tuesday, November 18, 2014, Aaron Richton wrote: > On Tue, 18 Nov 2014, Igor Shmukler wrote: > > Well, the question is what log level will print out ASNs? >> > > I don't know what you're l

Re: debugging OpenLDAP client

Well, the question is what log level will print out ASNs? On Tuesday, November 18, 2014, Aaron Richton wrote: > On Tue, 18 Nov 2014, Igor Shmukler wrote: > > Dieter, >> >> I understand that if strace(1) is available, it can be used. I want to >> learn how to lift the

Re: debugging OpenLDAP client

request, or the unexpected response is due to its' decoding error. Sincerely, Igor Shmukler On Tue, Nov 18, 2014 at 2:01 PM, Dieter Klünter wrote: > Am Tue, 18 Nov 2014 12:39:42 +0200 > schrieb Igor Shmukler : > >> Hello, >> >> I wrote a client to make RFC 2696 (pa

debugging OpenLDAP client

o syslog(3). Is there a way to have separate values that go into the packets printed out? I see that there is an option for BER 0x10 and parse 0x800 as well as others. Thank you, Igor Shmukler

Re: adding VLV support to OpenLDAP 2.4.31

2014 at 4:23 PM, Igor Shmukler wrote: > Hello, > > Well, I sort of jumped the gun on worked. The script worked fine. No > errors. However, the sssvlv is unable. I did lsof and the module is > not loaded. Just in case, I restarted slapd(8), but that did not help. > > What can t

Re: adding VLV support to OpenLDAP 2.4.31

Hello, Well, I sort of jumped the gun on worked. The script worked fine. No errors. However, the sssvlv is unable. I did lsof and the module is not loaded. Just in case, I restarted slapd(8), but that did not help. What can this mean? How does one go about this? Sincerely, Igor Shmukler On

Re: adding VLV support to OpenLDAP 2.4.31

Hello Feri, Yes. This worked. Thank you. I cannot even express how grateful I am for your help. Well, everyone's really. Yet, you actually managed to solve my problem. You are the man. Thank you again, Igor Shmukler On Thu, Nov 13, 2014 at 4:07 PM, Ferenc Wagner wrote: > Igor

Re: adding VLV support to OpenLDAP 2.4.31

Hi Chris, Thank you for your continues help. I appreciate it very much. I have a question regarding the line: olcRootPW: secret Should secret be used literally (as in secret), or do I put a password hash there? Sincerely, Igor Shmukler On Thu, Nov 13, 2014 at 3:18 PM, Chris Card wrote

Re: adding VLV support to OpenLDAP 2.4.31

svlv,olcDatabase={1}hdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5 It was composed by Chris, as your's truly has to clue what needs to go there. Please advise. I am totally stumbled. Thank you, Igor Shmukler On Wed, Nov 12, 2014 at 7:41 PM, Quanah Gibs

Re: adding VLV support to OpenLDAP 2.4.31

Shmukler On Wed, Nov 12, 2014 at 1:11 PM, Andrew Findlay wrote: > On Wed, Nov 12, 2014 at 12:41:46PM +0200, Igor Shmukler wrote: > >> I am also curious about another part of the olcDatabase parameter. >> How do I know whether to use bdb or hdb? I don't care either way of >>

Re: adding VLV support to OpenLDAP 2.4.31

Hello, I am also curious about another part of the olcDatabase parameter. How do I know whether to use bdb or hdb? I don't care either way of course. I just need my test server to work, so I could proceed with my main duty - programming. Sincerely, Igor Shmukler On Wed, Nov 12, 2014 at

Re: adding VLV support to OpenLDAP 2.4.31

Chris, I am guess making wild guesses... Could it be that I need to adjust the below line: dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config Should I perhaps replace cn=config with dc=nodomain or something else? Thank you, Igor Shmukler On Wed, Nov 12, 2014 at 12:30 PM, Igor Shmukler wrote

Re: adding VLV support to OpenLDAP 2.4.31

Hello Chris, Yes, I am now sure that slapd.d is being used. Last night, Andrew explained how this can be checked. Sincerely, Igor Shmukler On Wed, Nov 12, 2014 at 12:28 PM, Chris Card wrote: > >> vq@vq-HVM-domU:~$ ldapsearch -x -w Vq0106%% -D "cn=admin,dc=nodomain&qu

Re: adding VLV support to OpenLDAP 2.4.31

cn=admin,dc=nodomain" -b dc=nodomain" version works fine and I do in fact get results. Sincerely, Igor Shmukler On Wed, Nov 12, 2014 at 11:47 AM, Chris Card wrote: > > > >> Hi Chris, >> >> Sorry to bother you again. >> >>>>>>> ldap

Re: adding VLV support to OpenLDAP 2.4.31

r/share/slapd/sssvlv.ldif ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax Please advise. Thank you, Igor Shmukler

Re: adding VLV support to OpenLDAP 2.4.31

Where should I put the ldif file, then? On Wed, Nov 12, 2014 at 10:53 AM, Chris Card wrote: > > > >> >> On Wed, Nov 12, 2014 at 10:38 AM, Chris Card wrote: >>> It is clear from the man slapo-sssvlv(5) page that when slapd.conf is being used, the options should appear after the overlay

Re: adding VLV support to OpenLDAP 2.4.31

for being stupid.] Sincerely, Igor Shmukler On Wed, Nov 12, 2014 at 10:38 AM, Chris Card wrote: > Hi Igor > >> It is clear from the man slapo-sssvlv(5) page that when slapd.conf is >> being used, the options should appear after the overlay directive. >> Even I got t

Re: adding VLV support to OpenLDAP 2.4.31

t this. Where those options should go when cn=config is used? I do not understand it from the man page. Is this something to be specified using ldapmodify? Please advise. Sincerely, Igor Shmukler

Re: adding VLV support to OpenLDAP 2.4.31

Does this mean like Quanah said that my OpenLDAP from Ubuntu server is broken? On Wed, Nov 12, 2014 at 1:00 AM, Quanah Gibson-Mount wrote: > > > --On November 12, 2014 at 12:47:10 AM +0200 Igor Shmukler > wrote: > >> Thank you Andrew and Quanah. I appreciate your help. >&g

Re: adding VLV support to OpenLDAP 2.4.31

orrow. On Wed, Nov 12, 2014 at 12:41 AM, Andrew Findlay wrote: > On Tue, Nov 11, 2014 at 11:48:59PM +0200, Igor Shmukler wrote: > >> Thank you for your answer. I spent quite a lot of time reading various >> man pages including the one for slaps.conf(5), of course. >> As I m

Re: adding VLV support to OpenLDAP 2.4.31

s it possible that system is configured cn=config without it? Is there a way to determine whether slapd.conf is used and where the daemon is trying to find it, short of doing a system call trace? Also, is there a command to list loadable modules in use? Sincerely, Igor Shmukler

adding VLV support to OpenLDAP 2.4.31

tem. Hence, I am assuming that slapd.conf is being used. Please advise what I am missing and/or doing wrong. Any suggestions are welcome If this is a totally wrong place to ask, please direct me to an appropriate resource. The server fault forums did not produce immediate results. Thank you, I