RE: Issues deploying openldap 2.6.4 Proxy on RHEL 8.7

--On Thursday, May 4, 2023 8:24 AM + Vikram Sharma wrote: Hello Support, This is not an official support channel, it's a free advice channel. Please do not include random CC's in your emails to the list. We are trying to deploy Openldap proxy from the available package from t

Re: Unable to filter only group name

--On Sunday, April 30, 2023 2:40 AM +0530 BANDANI MAHARANA wrote: Hi team, I am facing problem with filtering the group names in Ad server using openldap libraries. I am using ldap search api to get the list of group.  My requirement is, with the provided input, i need to display all

Re: olcPPolicyForwardUpdates not working

--On Friday, April 28, 2023 10:57 AM +0200 Benjamin Renard wrote: Le 27/04/2023 à 19:53, Stefan Kania a écrit : Your log is telling that you have three server 000, 001 and 003 csn=20190213173033.952331Z#00#000#00;20230427155638.609257Z# 00#001#00;20190916120217.913828Z#000

Re: olcPPolicyForwardUpdates not working

--On Thursday, April 27, 2023 8:12 PM +0200 Benjamin Renard wrote: Apr 27 18:45:35 gavotte slapd[1086351]: conn=1224 op=1 syncprov_op_search: registered persistent search Apr 27 18:45:35 gavotte slapd[1086662]: Stopping OpenLDAP: slapd. This shows two completely different PIDs for slapd?

Re: olcPPolicyForwardUpdates not working

--On Tuesday, April 25, 2023 7:40 PM +0200 Benjamin Renard wrote: Le 25/04/2023 à 18:15, Quanah Gibson-Mount a écrit : --On Tuesday, April 25, 2023 6:40 PM +0200 Benjamin Renard wrote: The Debian security team always maintain the 2.4 version, even if there have not been many

Re: olcPPolicyForwardUpdates not working

--On Tuesday, April 25, 2023 6:40 PM +0200 Benjamin Renard wrote: The Debian security team always maintain the 2.4 version, even if there have not been many security updates since the switch to 2.4 : https://metadata.ftp-master.debian.org/changelogs//main/o/openldap/openld ap_2.4.57+dfsg-

Re: olcPPolicyForwardUpdates not working

--On Tuesday, April 25, 2023 4:00 PM +0200 Benjamin Renard wrote: Hello, You'r right, 2.5 is available in backports, but I still preferred to used stable version for fast delivery of security update. The next release of Debian is coming soon, I will update my installations at this time.

Re: olcPPolicyForwardUpdates not working

--On Saturday, April 22, 2023 6:07 PM +0200 Benjamin Renard wrote: you failed to provide any OpenLDAP version information. You'r right, I'm using slapd 2.4.57+dfsg-3+deb11u1 (on Debian stable). Hi, As a side note, OpenLDAP 2.4 series is historic and no longer supported. I believe

Re: olcPPolicyForwardUpdates not working

--On Friday, April 21, 2023 2:36 PM +0200 Benjamin Renard wrote: Hello, I have problem with the olcPPolicyForwardUpdates option that seem not Do you have any idea of what I doing wrong ? Hello, you failed to provide any OpenLDAP version information. --Quanah

Re: RE: Use of olcTLSECName directive returns ʽwrong attibuteTypeʼ error

--On Thursday, April 20, 2023 4:58 PM + "Lemons, Terry" wrote: but in the slapd-config man page that comes with the openldap2-2.4.41-22.16.1.x86_64 Personally I avoid SLES like the plague given their history of making non-backwards compatible changes to libc in patch releases. I'd

Re: Use of olcTLSECName directive returns 'wrong attibuteType' error

--On> ldpdd041:/tmp # cat set-ecname.ldif dn: cn=config changetype: modify add: olcTLSECName olcTLSECName : secp384r1 The above does not appear to be a valid ldap modify statement. In particular, you seem to have a space that should not be there. I.e., olcTLSSECName: secp38r41 NOT

Re: Argon2-Support or secure hashing

--On Friday, April 14, 2023 8:54 PM + Lukas Adrian Kron wrote: Hello Quanah, thank you for your response. I read through the documentation and I verified that in the path "/usr/lib/ldap" under olcModulePath there are Argon2 files. argon2-2.5.so.0 argon2-2.5.so.0.1.9 argon

Re: Argon2-Support or secure hashing

--On Thursday, April 13, 2023 9:05 PM + Lukas Adrian Kron wrote: Hi dear, I was able to find out the Version. On Ubuntu 20.04 2.4.49+dfsg-2ubuntu1.9 Which is the newest avaliable through apt-tools. As Argon-2 was not installed there I launched a new testing environment on Ubuntu 22.

Re: How to get detailed connection error information?

--On Thursday, April 13, 2023 6:33 PM + Jordan Brown wrote: I'm already dumping that.  But it is not very detailed.  I believe that's what ldapsearch is dumping; here's some sample output in various error cases: Those are the result codes that are provided to the client per RFC. Fee

Re: Argon2-Support or secure hashing

--On Thursday, April 13, 2023 2:05 PM -0400 Braiam wrote: On Thu, Apr 13, 2023 at 12:19 PM Quanah Gibson-Mount wrote: This is an annoying bit about the Debian/Ubuntu builds as they strip that information out of the binary. I was curious about that, and Debian doesn't strip

Re: How to get detailed connection error information?

--On Thursday, April 13, 2023 5:22 PM + Jordan Brown wrote: On 4/13/2023 9:20 AM, Quanah Gibson-Mount wrote: --On Tuesday, April 11, 2023 3:54 AM + Jordan Brown wrote: How can I get detailed information about connection errors - host not found, timed out, connection refused

Re: How to get detailed connection error information?

--On Tuesday, April 11, 2023 3:54 AM + Jordan Brown wrote: How can I get detailed information about connection errors - host not found, timed out, connection refused, various TLS errors, et cetera? Generally, use stats level logging and then parse the logs for them. --Quanah

Re: Argon2-Support or secure hashing

--On Tuesday, April 11, 2023 9:17 PM + Lukas Adrian Kron wrote: As there is no other secure usable password hashing installed the LDAP Server is right now insecure and I cannot move it to production You've not really provided any information on how you're configuring it, or if the O

Re: pcache not working with dirx

--On Wednesday, April 12, 2023 11:31 AM +0200 "A. Schulze" wrote: One upstream server is DirX, No idea what DIRX is. One glitch I found in the Documentation at https://www.openldap.org/doc/admin26/guide.html#The%20Proxy%20Cache%20Eng ine Under "12.9.2.4. Example for slapd.conf" the is

Re: meaning of bind_ssf

--On Thursday, April 13, 2023 10:31 AM +0200 Stefan Kania wrote: Because the SSF of GSSAPI is hard coded to be 56.  With MIT kerberos they eventually fixed this, but it's still not fixed in Heimdal (last I checked, but haven't checked the status of that bug report in a while). Once that is

Re: meaning of bind_ssf

--On Wednesday, April 12, 2023 3:16 PM +0200 Stefan Kania wrote: Hi to all, when I connect to openldap, with simple-bind I see: --- mech=SIMPLE bind_ssf=0 ssf=256 So there is no security factor for a SIMPLE bind mechanism. The *overall* security factor of the connection is 256

Re: Slow Search?

--On Tuesday, April 11, 2023 3:56 PM + Bradley T Gill wrote: I have an ou with 3.2M users. Doing a simple search of 1 attribute with a scope of 1 and a base of that flat ou is taking 6.2 Seconds. In a replica database, I have attempted to remove all other indexes but the attribut

Re: How to build argon2.so ?

--On Wednesday, April 5, 2023 11:38 AM -0700 Scott Classen wrote: Hello, According to: servers/slapd/pwmods/README.argon2 Building 1) Customize the OPENLDAP variable in Makefile to point to the OpenLDAP source root. For initial testing you might also want to edit DEFS to defin

Re: Uninstall

--On Friday, March 31, 2023 4:03 PM -0600 Eric Fetzer wrote: From what I read, there are no repositories for RHEL 8.7.  They were there for RHEL 7 but not 8.  I read this in several places including here: https://medium.com/@fengliplatform/setup-openldap-2-6-server-on-rhel-8-4- d8640b7f

Re: Adding to the schema

--On Wednesday, March 29, 2023 1:24 PM -0600 Eric Fetzer wrote: So I'm still on this.  Since I'm running cn=config rather than slapd.conf, I'm confused as to where to put the: overlay ppolicy I don't have a:  database mdb Then that would be the first thing you need to fix? :) You m

Re: Up To Date Documentation

--On Wednesday, March 29, 2023 1:47 PM -0600 Eric Fetzer wrote: Where can I go for documentation on modern versions of OpenLDAP?  I've been reading the guide at https://www.zytrax.com/books/ldap/ch1/ but it appears to be out of date from what I'm finding when trying to use it. https://w

Re: Are there plans to support OpenSSL 3.0.x in OpenLDAP v2.5?

--On Friday, March 17, 2023 3:54 AM + Soichiro Shishido wrote: Are there plans to support OpenSSL 3.0.x in OpenLDAP v2.5? OpenSSL 1.1.1 will be discontinued this year on 2023-09-11. Also, according to the OpenLDAP Project Release Maintenance Policy, it appears that v2.6 will not be LT

Re: overlay pcache and cn=config

--On Saturday, March 25, 2023 12:59 PM +0100 Stefan Kania wrote: Hello, I've got the following working slapd.conf: Please file a bug in the ITS system and provide your working slapd.conf. This looks like an issue with conversion. Thanks! --Quanah

Re: Problems with syncrepl and password changes

--On Thursday, March 16, 2023 4:45 PM +0100 Manolo Garcia Alvarez wrote: You're right, sorry.  We are running version 2.4.44: OpenLDAP: slapd 2.4.44 (Jan 29 2019 17:42:45) You need to upgrade to a current, supported release. Numerous fixes to replication have been made since 2.4.4

Re: slapd.conf or OLC (cn=config)

--On Thursday, March 16, 2023 9:30 AM -0600 Eric Fetzer wrote: Options: Environment="SLAPD_URLS=ldap:/// ldapi:/// ldaps:///" Environment="SLAPD_OPTIONS=-F /etc/openldap/slapd.d" ExecStart=/usr/libexec/slapd -u ldap -g ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS Yes, there is a slapd.d dire

Re: Antw: [EXT] invalid opcode

--On Thursday, March 16, 2023 11:29 AM -0400 Jeffrey Walton wrote: This doesn't make sense. You should be using an ldapv3 password modify operation on the user account in question and letting the server do the hashing (and also allows password policies, if deployed, to be used). If I un

Re: Problems with syncrepl and password changes

--On Thursday, March 16, 2023 11:12 AM +0100 Manolo Garcia Alvarez wrote: Hello. We're having some problems with replication and password changes. Let me explain... In our institution we are using Shibboleth to provide SSO to the users. The credentials are stored in OpenLDAP, but due to

Re: slapd.conf or OLC (cn=config)

--On Wednesday, March 15, 2023 10:11 AM -0600 Eric Fetzer wrote: Looking at my slapd.conf file, I have a bunch of olc settings in it.  Does that mean I'm OLC?  I installed it using this site:  https://computingforgeeks.com/install-configure-openldap-server- centos/ What options is slapd

Re: Antw: [EXT] invalid opcode

--On Saturday, March 11, 2023 7:51 PM +0100 Stefan Kania wrote: For a rootdn --- dn: olcDatabase={2}mdb,cn=config changetype: modify replace: olcRootPW olcRootPW: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$ZGJmZ2lrbmpiZHZzZ3NhdmRzZw$J6eXYSxY4 tDs4l8SdBkIwcAU0OqEEdR0gpFNJ5MSqQs --

Re: Antw: [EXT] invalid opcode

--On Friday, March 10, 2023 7:37 PM +0100 Stefan Kania wrote: Am 10.03.23 um 19:24 schrieb Quanah Gibson-Mount: Ok.  I still don't know what 'changing the password via LDIF' means though. Generate a password with for example slappasswd or argon2 and replace the attribu

Re: Antw: [EXT] invalid opcode

--On Friday, March 10, 2023 9:00 AM +0100 Stefan Kania wrote: Am 09.03.23 um 20:49 schrieb Quanah Gibson-Mount: --On Thursday, March 9, 2023 7:51 PM +0100 Stefan Kania wrote: Another strange thing about passwords on the same machine. As I told you before, we switch to ssha as

Re: Adding to the schema

--On Thursday, March 9, 2023 2:16 PM -0700 Eric Fetzer wrote: If the other moduleload in there is back_mdb.la, should I also go with ppolicy.la or should I stick with .so? .so will always exist. .la depends on the packager. --Quanah

Re: Antw: [EXT] invalid opcode

--On Thursday, March 9, 2023 7:51 PM +0100 Stefan Kania wrote: Another strange thing about passwords on the same machine. As I told you before, we switch to ssha as paswordhash. SSHA is rather insecure. The Symas OpenLDAP builds ship with ARGON2 support which is advised to use. I've n

Re: Adding to the schema

--On Wednesday, March 8, 2023 7:21 AM -0700 Eric Fetzer wrote: Is the ... where I set the policy? As documented in the slapo-ppolicy(5) man page, policies are stored in the database associated with the overlay as ldap entries. --Quanah

Re: Adding to the schema

--On Tuesday, March 7, 2023 12:16 PM -0700 Eric Fetzer wrote: I'm using 2.6.4.  Sorry, brand new at this, how do I enable it?  I don't see any references to it in the slapd.conf...  I'm in the process of converting an ISDS db to OpenLDAP.  Kind of daunting so far... Generally speaking:

Re: RoleOccupant filter

--On Monday, March 6, 2023 5:13 PM +0200 forumforeign wrote: Hello. I have LDAP groups which keep users inside. Here an example of group: A few things: a) I'd suggest using 'member' to define group memberships and using the 'groupOfMembers' objectClass from rfc2307bis b) If you want

Re: Adding to the schema

--On Monday, March 6, 2023 11:23 AM -0700 Eric Fetzer wrote: Hi All, I need to add to my schema on my freshly built server. If you're using OpenLDAP 2.5 or later, the ppolicy schema is built into the ppolicy overlay and you should not be loading it separately at all. I would note t

Re: ch_malloc of 0 bytes failed on Meta backend

--On Tuesday, February 28, 2023 6:50 PM + sumanba...@gmail.com wrote: Hi, We have been using Meta backend with multiple AD domain controllers as targets. OpenLDAP version is 2.4.56 As an aside, I would note that OpenLDAP 2.4 is historic and out of support. I'd also note that numerous

Re: dynlist modul pageresult bug

--On Monday, February 27, 2023 1:59 PM +0100 Andreas Ladanyi wrote: Hi, is the pageresult issue of dynlist solved in the new 2.5.14 release of slapd or will it be solved in the near future ? If you can provide an example of paged results breaking dynlist in 2.5.14 that would help with

Re: ACL issue

--On Thursday, February 23, 2023 11:19 AM + eric.innoce...@univ-avignon.fr wrote: Hi, Read the slapd.access(5) man page, particularly the section titled "OPERATION REQUIREMENTS" and the pseudo-attribute "entry". --Quanah

Re: Using Ppolicy in a provider peer cluster can trigger consumer refresh condition

--On Wednesday, February 22, 2023 2:17 PM -0600 James Rawlins wrote: Hi there, My ldap consists of a cluster of 3 providers that all replicate to each other, and a fleet of consumers replicating from them, and we have ppolicy installed on our providers and consumers both, though we're

Re: Trying to migrate from ldap 2.4.x to 2.6.x and having an issue.

--On Wednesday, February 8, 2023 3:10 PM -0500 Matthew Goebel wrote: I used slapcat/slapdd  The two boxes are using different backend databases so I don't think I can copy the data files? Right, heh. I forgot you were still on hdb/bdb. I'll try to get some time to read over the f

Re: Trying to migrate from ldap 2.4.x to 2.6.x and having an issue.

--On Tuesday, February 7, 2023 4:56 PM -0500 Matthew Goebel wrote: Config file attached ...  Sorry I haven't had time to review the config yet, but a question popped into my mind -- How did you migrate the data between the two instances? I.e., did you copy the MDB file, or use slapc

Re: Trying to migrate from ldap 2.4.x to 2.6.x and having an issue.

--On Tuesday, February 7, 2023 4:27 PM -0500 Matthew Goebel wrote: I don't have anything on the old server from the actual config files ...  Use slapcat to export the config db in its entirety: slapcat -n 0 -F /path/to/slapd.d -l /tmp/slapd-conf.ldif Then redact passwords. --Quana

Re: Trying to migrate from ldap 2.4.x to 2.6.x and having an issue.

--On Tuesday, February 7, 2023 10:55 AM -0500 Matthew Goebel wrote: dn: olcDatabase=mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: mdb olcDbMaxSize: 1073741824 olcSuffix: dc=my-domain,dc=com olcRootDN: cn=Manager,dc=my-domain,dc=com # Cleartext p

Re: Trying to migrate from ldap 2.4.x to 2.6.x and having an issue.

--On Monday, February 6, 2023 4:58 PM -0500 Matthew Goebel wrote: directory8.emich.edu : redhat ES 8 : hand rolled from source code ldap [r...@directory8.emich.edu:/root]# /usr/local/libexec/slapd -V @(#) $OpenLDAP: slapd 2.6.X (Nov 15 2022 16:59:29) $ That's the engineering branch. It'

Re: Setting acl on cn=accesslog (accesslog overlay)

--On Thursday, February 2, 2023 3:57 PM +0100 Simon Kainz wrote: Hello, i am looking for a way to set an ACL entry for cn=accesslog, which is where i am logging the slapo-accesslog overlay entries to. I tried to set set it with the following: dn: olcDatabase{1}mdb,cn=config changeType:

Re: Requesting information about libraries/ldap_r

--On Wednesday, February 1, 2023 2:18 PM + jjrob...@lexmark.com wrote: We are upgrading our stack from using openldap 2.4.57 to 2.5.12 and one of our dependencies is missing lldap_r. I searched and only really found this, which gives me some idea of its purpose: https://marc.info/?l=ope

RE26 testing call (2.6.4) #3

This is the third testing call for OpenLDAP 2.6.4. Depending on the results, this may be the final testing call. Generally, get the code for RE26: Extract, configure, and build. E

RE25 testing call (2.5.14) #3

This is the third testing call for OpenLDAP 2.5.14. Depending on the results, this may be the final testing call. Generally, get the code for RE25: Extract, configure, and build.

Re: Any chance to include ITS#9990 fix in 2.5.14?

--On Thursday, January 26, 2023 9:20 PM -0500 Kartik Subbarao wrote: I ran into a passwd exop overlay problem this week when upgrading from 2.4.57 to 2.5.13 and was able to track it down (ITS#9990). Fortunately the fix is very simple, just revert the changes to passwd.c made in ITS#8698. I

Re: "container" structural class

I would add that if you are wanting your DIT to comply with actual LDAP standards then you wouldn’t be using that objectClass since it is an MS specific item and not part of an RFC. > On Jan 25, 2023, at 5:22 PM, Howard Chu wrote: > > Timothy Stonis wrote: >> Hi All, >> >> I’ve searched th

Re: Help moving from old server with bdb, etc.

--On Sunday, January 22, 2023 1:51 PM -0700 Chandler Sobel-Sorenson wrote: Now just getting a permissions error that I don't understand yet, but I'll try upgrading to 2.5 first. Version 2.5.13+dfsg-2~bpo11+1 is in bullseye-backports! Biggest thing is you'll need to remove the ppolicy sch

Re: Help moving from old server with bdb, etc.

--On Saturday, January 21, 2023 5:14 PM -0700 Chandler Sobel-Sorenson wrote: Ryan Tandy wrote on 1/21/23 2:59 PM: Try "olcModuleLoad: back_bdb" (under "cn=module{0},cn=config"). Oh, thank you! but when I try that, it can't get past that part now: slapadd: could not add entry dn="cn=mo

Re: using SRV-records in syncrepl

--On Friday, January 20, 2023 3:33 PM + Norman Gray wrote: Ondřej, hello. On 20 Jan 2023, at 10:47, Ondřej Kuzník wrote: That said, patches implementing some kind of SRV are welcome. The easiest way might be to introduce an lloadd tier implementation that manages its backend coll

RE26 testing call (2.6.4) #2

This is the second testing call for OpenLDAP 2.6.4. Depending on the results, this may be the final testing call. Generally, get the code for RE26: Extract, configure, and build.

RE25 testing call (2.5.14) #2

This is the second testing call for OpenLDAP 2.5.14. Depending on the results, this may be the final testing call. Generally, get the code for RE25: Extract, configure, and build.

Re: Antw: [EXT] Re: Slow Mod operations on LDAP

--On Thursday, January 19, 2023 8:25 AM +0100 Ulrich Windl wrote: Quanah Gibson-Mount schrieb am 18.01.2023 um 14:50 in Nachricht <3D6804DEBBC5413284159965@[192.168.1.14]>: ... I would note that it is not advised to use XFS with back-mdb. Would you explain why? Here we use X

Re: Slow Mod operations on LDAP

--On Wednesday, January 18, 2023 7:30 PM +0530 Bhanush Mehta wrote: Hi Quanah, We have 80 GB RAM on the system and 300 GB SSD disk allocated for the directory. I'm pruning the huge list of people from flipkart, it's not really appropriate for the list, you can send them any answers yo

Re: Slow Mod operations on LDAP

--On Wednesday, January 18, 2023 6:31 PM +0530 Bhanush Mehta wrote: Hi Quanah The current mdb data file is GB on disk. We are using XFS, we tried with ext2 and ext4, we saw the same behavior for slow mods. 2376455:/var/lib/ldap$ sudo du -sh data.mdb 11G data.mdb 2376455:/var/lib/ldap$

Re: Slow Mod operations on LDAP

--On Monday, January 16, 2023 10:47 AM +0530 Bhanush Mehta wrote: Hi Quanah, We see the same issue with 2.4.58 (compiled from source).  I am able to debug that mod operations are fast on a fresh mdb, but after a certain number of operations the mdb size is going from 300 MB to 10 GB.

Re: ldap clients

--On Monday, January 16, 2023 8:46 AM -0300 Gustavo Rios wrote: Hi folks, i am looking for a tutorial on how to write ldap clients using C language. May someone in this list give me a reference tutorial ? The OpenLDAP software ships with several clients written in C. I would sugges

Re: Queries regarding Openldap migration from 2.4.51 to 2.6.2

--On Wednesday, January 11, 2023 5:33 AM + "Nagesh Nikavade (EXT-NSB)" wrote: Hi Team, We are migrating openldap from 2.4.51 to 2.6.2 and we have the following queries • What is the End of life date for 2.4.x series? It has already reached EOL from the project perspective.

Re: Help for filter in openldap server

--On Tuesday, December 20, 2022 5:52 PM +0800 baalchina wrote: For example, when I searching by 'sn=*', or 'sn=Jim', which jim is the exact name of my user, I will got the correct result. But when I searching by 'inetUserStatus=Inactive' or 'inetUserStatus=Active', nothing happens. I also

Re: Slow Mod operations on LDAP

--On Friday, December 23, 2022 9:06 PM +0530 Bhanush Mehta wrote: Hi All, We are seeing very slow MOD operations on our ldap (250 MB data dump), while using mdb (data.mdb is 6.4 Gb). The average MOD operation is going to 8-9 seconds. We are seeing 1k disk ops and 6-7MB/s writes. The disk

Re: OpenLDAP stats logging performance degradation

--On Friday, December 30, 2022 11:35 PM + Christopher Paul wrote: Using the oldie but goodie LDAP performance testing tool, SLAMD, I've been doing performance tests. What I found was that stats logging (olcLogLevel: 256) degrades performance significantly. A pity, because it is recomme

Re: Question about Persistent Search

--On Thursday, December 15, 2022 7:13 PM +0100 pham lan wrote: https://bugs.openldap.org/show_bug.cgi?id=8983 That bug clearly notes it is implemented in OpenLDAP 2.5+ I would advise using a current supported release of OpenLDAP, as the 2.4 series is historic and has no support. You

Re: Question about Persistent Search

--On Thursday, December 15, 2022 5:08 PM + Howard Chu wrote: pham lan wrote: Hello, I am new to OpenLDAP. May I ask if Persistent Search is supported in any version of OpenLdap Server? Yes. I installed version 2.4.46 from Rocky repo and it does not seem to support persistent sear

Re: lloadd Proxied Authorization Denied (123)

--On Thursday, December 15, 2022 3:02 PM +0100 Stefan Kania wrote: -- dn: cn=config changetype: modify replace: olcAuthzpolicy olcAuthzpolicy: any -- Since you only need it to be possible for the lloadd user to assume other identities, I'd use a policy of 'to' in

Re: lloadd standalone daemon

--On Wednesday, December 14, 2022 6:57 PM +0100 Stefan Kania wrote: You can run lloadd as a standalone slapd instance that loads the lloadd module. That's ok but the manpage for lloadd is telling me: -

Re: lloadd standalone daemon

--On Wednesday, December 14, 2022 5:58 PM +0100 Stefan Kania wrote: Hi to all, I want to test the "lloadd" as a standalone daemon. I'm using the symas OpenLDAP 2.6 packages on a debian 11 system. I can only find the module "lloadd.la" but not the standalone daemon. If I want to us it, do

Re: Q: Length of {SSHA} encoded passwords

--On Monday, December 5, 2022 8:02 AM +0100 Ulrich Windl wrote: Hi! Examining changes of the database via LDIF, I noticed one thing: -userPassword: {SSHA}XY94+nfFELR3iy0AYTsS0DHqxIOwFNz79zcnniA== +userPassword: {SSHA}yt98Od1WHak3kYIyZWYoCewg4D+f9ffp I had thought that the encoded SSHA pa

RE: [EXTERNAL] Re: Syncrepl has stopped 24 hours ago

--On Thursday, December 1, 2022 4:02 PM + Bradley T Gill wrote: 2.4GB is the maxsize, it was at 2.1GB. I checked the logs any maxsize errors. We combed through the logs looking for errors and didn't find anything unusual. I'm not aware of any maxsize errors that get written to the

RE: [EXTERNAL] Re: Syncrepl has stopped 24 hours ago

--On Tuesday, November 29, 2022 8:05 PM + Bradley T Gill wrote: Thanks for the reply Quanah, We are using OpenLDAP 2.4.59 We are using delta-sync We are logging Sync and Stats I don't see any mapsize errors in the logs. What is the configured maxsize o

Re: Syncrepl has stopped 24 hours ago

--On Tuesday, November 29, 2022 3:01 PM + Bradley T Gill wrote: Our accesslog mdb is 2GB and syncrepl has been 'late' (according to Nagios) on all of our servers for 24 hours now. We are in the middle of Significant Incident and am asking for suggestions of what to look for in the l

Re: Push replication issue for the pwdHistory attribute

--On Tuesday, November 8, 2022 9:15 PM +0100 Daniel Hoffend wrote: Hello, I'm using a master ldap instance with a push replication instance to external slaves using the ldap backend on Debian 11 (2.4.57) and I came across some replication issues that forces me to drop the slave dbs and do

Re: SSSD looking for password policy: "unrecognized control"

--On Wednesday, November 2, 2022 2:41 AM -0500 Jarett DeAngelis wrote: You could simply load the ppolicy overlay in you configuration so that the control is available, regardless of whether you intend to use it. How is this done? In the LTB distribution there is a ppolicy ldif in the sch

Re: SSSD looking for password policy: "unrecognized control"

--On Tuesday, November 1, 2022 7:16 PM + jar...@bioteam.net wrote: Hi, I am attempting to have SSSD do logins to my OpenLDAP 2.6.3 installation, however, I get "permission denied" when trying to log in because SSSD is asking for a password policy, which the server does not appear to have

Re: Two notes on slapppasswd (old version)

--On Monday, October 31, 2022 12:23 PM +0100 Ulrich Windl wrote: Hi! When using an old version (from 2.4.41) of slapasswd, I noticed two things: 1) Using "-h SSHA", slappasswd was asking for passwords first, then telling me: "Password generation failed for scheme SSHA: scheme not recogni

Re: cn=config TLS Configuration Problem

--On Wednesday, October 19, 2022 2:46 PM -0400 Timothy Stonis wrote: This is what I tried: sudo slapmodify -F /var/openldap/openldap-data/ -q -l [LDIF file] The ldif file had: dn: cn=config changetype: modify delete: olcTLSCertificateFile - delete: olcTLSCertificateKeyFile - The err

Re: cn=config TLS Configuration Problem

--On Wednesday, October 19, 2022 11:34 AM -0700 Quanah Gibson-Mount wrote: I checked with Howard, this was apparently implemented at the same time as slapo-autoca, but the docs on how to do this appear to be missing, will see if an issue needs to be raised for a doc update. Filed

Re: cn=config TLS Configuration Problem

--On Wednesday, October 19, 2022 2:25 PM -0400 Timothy Stonis wrote: Thanks for the suggestion. Prior, I tried using slapmodify to make the change, but I got the message the database was not writeable even running as root. Is there an ACL I need to set on cn=config to get slapmodify to wo

Re: cn=config TLS Configuration Problem

--On Wednesday, October 19, 2022 1:24 PM -0400 Timothy Stonis wrote: Hi, I am trying to setup an OpenLDAP 2.6.3 server and I'd like to only use olc configuration (no slapd.conf file). So far things are going okay, but I'm having a problem with TLS configuration. I am able to enable TLS us

Re: replacement of memberof by dynlist.. questions..

--On Monday, October 17, 2022 6:07 PM +0200 Frédéric Goudal wrote: Hello, Thanks I have found the correct documentation, read it 5 times (well english is not natural for me). So, If I have only static groups should I use only this : olcDynListAttrSet: myPerson labeledURI myMemberOf@Grou

Re: replacement of memberof by dynlist.. questions..

--On Monday, October 17, 2022 4:51 PM +0200 Frédéric Goudal wrote: Hello, We have to install a product which use ldap and that seems to need memberof overlay. As I have read this overlay is deprecated is cause trouble with replication. So I have dug to found a replacement solution, and wh

Re: RE25 testing call (2.5.14)

--On Tuesday, October 4, 2022 8:22 PM -0300 Alceu Rodrigues de Freitas Junior wrote: Not sure if OpenBSD should be supported, but I gave it a try and the second test failed. OpenBSD has no unified buffer cache, which makes LMDB unusuable on that platform. You would need to disable back

Re: RE25 testing call (2.5.14)

--On Tuesday, October 4, 2022 5:26 PM -0300 Alceu Rodrigues de Freitas Junior wrote: Hello Quanah, I would like to help but his is the first time I run the tests. Is there a guideline/howto to follow up? I executed the tests and go no errors, should I provide back the results? Is there

RE25 testing call (2.5.14)

This is the first testing call for OpenLDAP 2.5.14. Depending on the results, this may be the only testing call. Generally, get the code for RE25: Extract, configure, and build. E

RE26 testing call #1 (2.6.4)

This is the first testing call for OpenLDAP 2.6.4. Depending on the results, this may be the only testing call. Generally, get the code for RE26: Extract, configure, and build. Ex

Re: Antw: [EXT] Re: how to add index in replication scenario

--On Friday, September 16, 2022 9:27 AM +0200 Ulrich Windl wrote: Quanah Gibson-Mount schrieb am 15.09.2022 um 18:09 in Nachricht <1F341BC71D7ADCBA8A4880D3@[192.168.1.17]>: ‑‑On Thursday, September 15, 2022 5:49 PM +0100 Howard Chu wrote: There's nothing to wait

Re: Antw: [EXT] Re: how to add index in replication scenario

--On Thursday, September 15, 2022 5:49 PM +0100 Howard Chu wrote: There's nothing to wait for. Index generation is in a background thread, it doesn't block cn=config. -- On a large DB, it can take several hours until the index is actually ready for use. So if you need it to be functional

Re: Antw: [EXT] Re: how to add index in replication scenario

--On Thursday, September 15, 2022 8:55 AM +0200 Ulrich Windl wrote: I wasn't sure wether indexing would be sync'd between servers. Using cn=config with replcated configs it's sufficient to add the index to the config: The index is created on each server then. He already stated he's usi

Re: how to add index in replication scenario

--On Wednesday, September 14, 2022 6:03 PM +0200 Uwe Sauter wrote: Dear list, I need to add an index for a new attribute in an active-active replication scenario. I know I need to run slapindex to create the index for existing entries after I changed the configuration file (yes, still on

RE: Openldap policy not working on Ubuntu 22.04

--On Tuesday, September 6, 2022 10:13 AM +0300 Mehmet Sağdıç wrote: Hi, Is there anyone who can help on this issue? First, don't spam multiple lists trying to get help. Second, I suggest carefully reading the release announcement in regard to ppolicy, specifically section B.2 in

Re: Q: "Error: Invalid DN syntax (34), additional info: invalid new RDN"

--On Friday, August 26, 2022 4:09 PM -0400 "John C. Pfeifer" wrote: Doesn't it need to be: newrdn: cn=subntbcst-tftp@247/tcp Good catch! --Quanah

<    1   2   3   4   5   6   7   8   9   10   >