Re: Multiple LDAP admins

the DNs of the users who should have administrative access as members, and then give that ldap group the administrative access via acls. I'd suggest using groupOfNames as the objectClass for the ldap group. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Pac

Re: Antw: [EXT] Re: memberof Overlay not showing in base search

memberOf, there is no RFC, so we match how Microsoft has set the attribute, since they originated it. They marked it operational. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Index seems to return wrong amount of candidate causing really poor search performance

f it is <https://bugs.openldap.org/show_bug.cgi?id=7743> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: groupOfNames vs. groupOfUniqueNames

DAP groups, which is a different concept than *NIX posix groups. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Index seems to return wrong amount of candidate causing really poor search performance

th back-bdb, it's deprecated and removed from 2.5+. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Resyncing basic question..

hat's necessary. I was hoping Howard would answer, since he's dealt with push based the most. ;) --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: how to clean old multiple CSN ?

s for other than #00a#, and then reload the DB on all servers. It's been on my to-do to file an ITS that allows one to forcefully reset all serverIDs with slapadd to a single serverID, so I should probably go file that. ;) Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas C

RE: Now combining acl attribute access with regular access fails

gt; Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: OpenLDAP and Ansible

instead of standard syncrepl. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Index seems to return wrong amount of candidate causing really poor search performance

etc) b) The schema definition of the attribute in question. Thanks, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

RE24 testing call #2 (OpenLDAP 2.4.52)

(ITS#9324) Fixed slapd syncrepl regression that could trigger an assert (ITS#9329) Fixed slapd-mdb index error with collapsed range (ITS#9135) Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions po

Re: RE24 testing call #1 (OpenLDAP 2.4.52)

--On Thursday, August 27, 2020 8:57 AM -0700 Quanah Gibson-Mount wrote: Starting its9282 ... ldapsearch on ldap://localhost:9012/ failed with error 32. ./data/regressions/its9282/its9282 failed (exit 32) Thanks for the report! Will see if I can get this to reproduce as well. There was a

Re: RE24 testing call #1 (OpenLDAP 2.4.52)

--On Thursday, August 27, 2020 4:58 PM +0300 openldap-techni...@kolttonen.fi wrote: On Wed, 26 Aug 2020, Quanah Gibson-Mount wrote: This is the first testing call for OpenLDAP 2.4.52. On Red Hat Enterprise Linux Server release 7.8 (Maipo), with all the latest updates installed, "

Re: RE24 testing call #1 (OpenLDAP 2.4.52)

--On Thursday, August 27, 2020 7:30 AM -0400 Braiam wrote: On Wed, Aug 26, 2020 at 7:07 PM Quanah Gibson-Mount wrote: Execute the test suite (via make test) after it is built. Optionally, cd tests && make its to run through the regression suite. Can't run the reg

RE24 testing call #1 (OpenLDAP 2.4.52)

egression that could trigger an assert (ITS#9329) Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: HDB to MDB migration results in higher CPU usage on openldap consumers

e. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Have daemon reload rotated certs

like change the logging level on the fly w/o having to stop and start the service. If gitops means preventing people from being able to gather useful information from a running process, I'd definitely avoid it. -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, cert

Symas OpenLDAP for Linux RHEL7 & RHEL8 2.4.51-1 now available

Symas OpenLDAP for Linux on RHEL7 and RHEL8 for OpenLDAP 2.4.51-1 are now available. As previously noted, the RHEL8 packages differ from the Red Hat packages in that they do not contain Red Hat's patch violating RFC 4513 and RFC 6125. Regards, Quanah -- Quanah Gibson-Mount Pr

Re: Have daemon reload rotated certs

--On Friday, August 21, 2020 8:47 PM -0500 David Arnold wrote: # yes, really read-only! readonly on restrict write That's... really really dumb. It should absolutely be possible to tweak things in the cn=config db. --Quanah -- Quanah Gibson-Mount Product Architect

Re: Have daemon reload rotated certs

reload the certificates that are configured for the syncrepls? No, you'd need to do a replace op on the olcSyncrepl attribute for that database as well. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powe

Re: Have daemon reload rotated certs

etype: modify replace: olcTLS.. olcTLS...: original value For the slapd.conf configuration to enable the cn=config db just have: database config rootpw somepassword and then you can bind to it w/ that password. Alternatively, you can set up an authz-regexp, etc. Regards, Quanah -- Quanah G

Symas OpenLDAP for Linux on RHEL 8 divergence

.4.51-1 release. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Enable and Disable a user account in OpenLDAP using various methods, CLI, GUI, etc.

that tracks the account status, and then an ACL that blocks access to the userPassword attribute if an account has been disabled. I.e., the information you have provided so far doesn't enable us to provide you the information necessary. Regards, Quanah -- Quanah Gibson-Mount Product

Re: Question: rfc2307 vs rfc2307bis with multimaster replication

I had a long list of questions related to your previous questions. Without answers to those questions, I can't say much more. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Question: rfc2307 vs rfc2307bis with multimaster replication

plication? Not clear to me how this would affect MPR replication. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

RE: [EXTERNAL] Re: Multi Master Replication Error - Got Search Entry Without Sync State Control

--On Monday, August 17, 2020 2:24 PM -0700 Quanah Gibson-Mount wrote: --On Monday, August 17, 2020 8:53 PM + "Jarrard, Alex" wrote: Also, if you use SLES based systems, Michael Stroeder has updated builds: <https://build.opensuse.org/package/show/home:stroeder:

RE: [EXTERNAL] Re: Multi Master Replication Error - Got Search Entry Without Sync State Control

). The LTB project also has free builds for RHEL/CentOS at: <https://ltb-project.org/documentation/openldap-rpm#yum_repository> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Multi Master Replication Error - Got Search Entry Without Sync State Control

has been stopped (and subsequently brought back online): What version of OpenLDAP are you using? Replication in OpenLDAP is only safe when using delta-syncrepl and avoiding fallback due to ITS#8125. This does not appear to be a delta-sync MMR configuration. Regards, Quanah -- Quanah Gibson

Re: LDAP Tool Box packages [was: OpenLDAP 2.4.51 available, LMDB 0.9.26 available]

, then feel free to show them this way. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: LDAP Tool Box packages [was: OpenLDAP 2.4.51 available, LMDB 0.9.26 available]

maintain and fix it to a functional state, it will likely be removed entirely at some point in the future. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Disabling memberOf as a built-in

--On Friday, August 14, 2020 10:20 AM -0700 Quanah Gibson-Mount wrote: --On Friday, August 14, 2020 5:10 PM + sv...@uic.edu wrote: Is there a configuration flag I can use to allow me to define memberOf in the schemas, rather than having it be a 'built-in' of OpenLDAP.

Re: Disabling memberOf as a built-in

--On Friday, August 14, 2020 5:10 PM + sv...@uic.edu wrote: Is there a configuration flag I can use to allow me to define memberOf in the schemas, rather than having it be a 'built-in' of OpenLDAP. No. What are you attempting to do? --Quanah -- Quanah Gibson-Mou

Re: Race condition with groupOfNames using syncrepl

--On Wednesday, August 12, 2020 9:56 PM -0700 "Paul B. Henson" wrote: On Tue, Aug 04, 2020 at 12:20:35PM -0700, Quanah Gibson-Mount wrote: There's been significant work for OpenLDAP 2.5 to allow slapo-dynlist to be an alternative to slapo-memberOf in a replicated environ

Re: Acl for admin group

--On Thursday, August 13, 2020 9:31 AM + Клеусов Владимир Сергеевич wrote: member: uid=test,ou=Users,dc=domain,dc=com dn: cn=test,ou=Users,dc=domain,dc=com Study the above. It's pretty clear what the problem is. ;) Regards, Quanah -- Quanah Gibson-Mount Product Architect

Re: Acl for admin group

x27;t show the DN of the group, so there's no way to map it to the ACLs you provided. Provide actual text data of the entries in question (the group and the user) in addition to the current ACLs. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified

Re: Acl for admin group

use the groupOfNames objectClass and have member attributes. The member attribute contains the full DN of the entries that are members. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Acl for admin group

--On Wednesday, August 12, 2020 9:56 AM + Клеусов Владимир Сергеевич wrote: 2) Is it possible to make an acl for POSIX group in a different way ? OpenLDAP ACLs deal with LDAP groups, not posix groups. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged

Re: TLSv1.3 support on openldap 2.4.44

seriously, it should use the latest release. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: TLSv1.3 support on openldap 2.4.44

most current release, not one that's over four years old. Build OpenLDAP 2.4.50, and it has TLS 1.3 support as long as the SSL library does. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by Ope

Re: Acl for admin group

--On Tuesday, August 11, 2020 1:55 PM + Клеусов Владимир Сергеевич wrote: by group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com write You're missing an end quote. group.exact="cn=ldap_admins,ou=Groups,dc=domain,dc=com" <- --Quanah -- Quan

Re: OpenLDAP crashes with search from PC

know that are not many information, but has anybody an idea how I can find out why the OpenLDAP server is crashing when accessed from a Windows 10 machine? Not without logs. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP

Re: LASTVALIDATIONDATE | Attribute error

oking at the schema files it uses. This is not from any schema that ships with OpenLDAP indiciating a custom schema was in place. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: RE24 testing call #2 (OpenLDAP 2.4.51, LMDB 0.9.26)

27;m just missing some dependencies.(?) The difference with test064 is it requires /bin/bash instead of /bin/sh. On my FreeBSD box I just made it a symlink to /usr/local/bin/bash --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP s

RE24 testing call #2 (OpenLDAP 2.4.51, LMDB 0.9.26)

ah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Race condition with groupOfNames using syncrepl

r which is why I'm asking for the exact configuration. It could be useful in the future for testing. There's been significant work for OpenLDAP 2.5 to allow slapo-dynlist to be an alternative to slapo-memberOf in a replicated environment as it does not suffer from the replication re

Re: Removing Overlay entry from cn=config

th slapadd -n 0 --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Race condition with groupOfNames using syncrepl

"cn=mygroup", and there is a constraint violation of some sort. You'd need to provide significantly more detail about your setup as you seem to have some set of overlays in use that you haven't disclosed. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas

Re: slapd daemon stop issue

--On Friday, July 31, 2020 9:50 PM +0200 Technology Server wrote: note - We don't have any script which could bring it up when it goes down slapd will not start itself, so you have something that is bringing it back up. --Quanah -- Quanah Gibson-Mount Product Architect

Re: RE24 testing call #1 (OpenLDAP 2.4.51, LMDB 0.9.26)

--On Thursday, July 30, 2020 10:09 AM +0200 Geert Hendrickx wrote: On Wed, Jul 29, 2020 at 13:56:24 -0700, Quanah Gibson-Mount wrote: --On Wednesday, July 29, 2020 12:21 PM +0200 Geert Hendrickx wrote: > > All tests succeed for me on CentOS 8.2.2004, tested with 1 and 2 vCPU

Re: RE24 testing call #1 (OpenLDAP 2.4.51, LMDB 0.9.26)

--On Wednesday, July 29, 2020 12:21 PM +0200 Geert Hendrickx wrote: On Tue, Jul 28, 2020 at 14:56:54 +0300, openldap-techni...@kolttonen.fi wrote: On Mon, 27 Jul 2020, Quanah Gibson-Mount wrote: > What is the virtualization software and version? VMware ESXi 6.5.0 build-16207

Re: RE24 testing call #1 (OpenLDAP 2.4.51, LMDB 0.9.26)

--On Tuesday, July 28, 2020 3:56 PM +0300 openldap-techni...@kolttonen.fi wrote: On Mon, 27 Jul 2020, Quanah Gibson-Mount wrote: What is the virtualization software and version? VMware ESXi 6.5.0 build-16207673 Ok thanks. I'm trying to see if I can get a copy of VMware to

Re: LDAP error, server says:,(8) Strong(er) authentication required

on on authentication would be in the server config, not ldap.conf. My guess is there's a security requirement that ldb is meeting when it does the connection that LAM is not. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: RE24 testing call #1 (OpenLDAP 2.4.51, LMDB 0.9.26)

--On Sunday, July 26, 2020 8:48 PM +0300 openldap-techni...@kolttonen.fi wrote: On Sat, 25 Jul 2020, Quanah Gibson-Mount wrote: Ok thanks. I did that as well on my centos 8.2 box and ran it through 100 loops with BDB as the backend and no luck reproducing. Are you able to reproduce it

Re: RE24 testing call #1 (OpenLDAP 2.4.51, LMDB 0.9.26)

--On Saturday, July 25, 2020 7:20 PM +0300 openldap-techni...@kolttonen.fi wrote: Hi, On Fri, 24 Jul 2020, Quanah Gibson-Mount wrote: Thanks for the report. Can you provide your configure options? I'd like to try and reproduce. I did simply: ./configure && make &

Re: RE24 testing call #1 (OpenLDAP 2.4.51, LMDB 0.9.26)

--On Friday, July 24, 2020 7:48 PM +0300 openldap-techni...@kolttonen.fi wrote: Hello, On Thu, 23 Jul 2020, Quanah Gibson-Mount wrote: Subject correction -- 2.4.51. ;) "make test" crashes on Red Hat Enterprise Linux release 8.2 (Ootpa): Thanks for the report. Can you pr

Re: RE24 testing call #1 (OpenLDAP 2.4.51, LMDB 0.9.26)

Subject correction -- 2.4.51. ;) --Quanah --On Thursday, July 23, 2020 4:02 PM -0700 Quanah Gibson-Mount wrote: This is the first testing call for OpenLDAP 2.4.51. Depending on the results, this may be the only testing call. Generally, get the code for RE24: <https://git.openldap.

RE24 testing call #1 (OpenLDAP 2.4.50, LMDB 0.9.26)

) LMDB 0.9.26 Engineering ITS#9278 fix robust mutex cleanup for FreeBSD -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Q about add accesslog entry

the primary DB. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Upgrade from 2.4.44 to 2.4.45+

use ppolicy, you will want to reload your database after upgrading to 2.4.50 due to a database format change for the pwdChangedTime attribute (I.e., slapcat your db, then slapadd it back in after you're done with the upgrade). Regards, Quanah -- Quanah Gibson-Mount Product Architect

Re: invalid credentials when userPassword hash in SSHA-512

sword hashes are supported the argon2 password module, and they are considered more secure than SSHA512. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: invalid credentials when userPassword hash in SSHA-512

t;) c) No client should care how userPassword is stored. If it does, then the client is implemented incorrectly. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Documentation: mapping from slapd.conf to slapd database

in the code for the overlay. <https://git.openldap.org/openldap/openldap/-/blob/master/servers/slapd/overlays/syncprov.c#L3160> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Antw: Re: [EXT] Re: syncrepl does not work as expected

--On Thursday, July 16, 2020 8:58 AM +0200 Ulrich Windl wrote: Could you give more details on that? Is it a bug by design, or is it a bug in the implementation? I've referenced the underlying bug for years. ITS#8125. --Quanah -- Quanah Gibson-Mount Product Architect

Re: Antw: [EXT] Re: Q: Stable output of slapcat?

Net::LDAP:LLDIF can sort attribute names. I'll try that to sort the slapcat output. Still it may be an interesting option for slapcat itself... Not really, LDIF has no specific ordering. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified

Re: Antw: [EXT] Re: Q: Added pwdMaxRecordedFailure in pwdPolicy schema

old schema and import the updated ppolicy.ldif file. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Antw: Re: [EXT] Re: syncrepl does not work as expected

long as the purge interval is frequent enough, it's not even noticeable. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: [EXT] Re: syncrepl does not work as expected

://www.openldap.org/doc/admin24/dbtools.html#The%20{{EX:slapadd}}%20program https://www.openldap.org/doc/admin24/dbtools.html#The%20{{EX:slapcat}}%20program Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP

Re: Ldap Entry - Invalid syntax (21)

., missing from the server schema. I would suggest you start there. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: [EXT] Re: syncrepl does not work as expected

which has various bugs and the resulting DB may be deficient. If you have a consumer that is that far behind, the only safe solution is to slapcat the provider and import on the consumer. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and

Re: Q: Stable output of slapcat?

from 2020. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Q: Added pwdMaxRecordedFailure in pwdPolicy schema

x27;s nearly 5 years old to be recent, no. Shouldn't the OID of the objectclass change then? No, the OID of the parent objectClass should not be changed. Anyway, how should I upüdate the schema using cn=config? You could use ldapmodify. You could use slapcat/slapadd. Regards, Quana

Re: [EXT] Re: syncrepl does not work as expected

est a frequent purge interval. This is because slapd essentially pauses while a purge is ongoing. For most environments, a 4 hour purge interval is not noticable. I've gone to as frequent as every 2 hours for extremely active sites. Regards, Quanah -- Quanah Gibson-Mount Product Architect S

Re: ldap_modify: Other (e.g., implementation specific) error (80) when adding new certificates

e log provided any indication of what specifically the problem was. It was an educated guess based off of past reports. ;) Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: ldap_modify: Other (e.g., implementation specific) error (80) when adding new certificates

--On Wednesday, July 8, 2020 6:58 PM +0100 Sami Ait Ali Oulahcen wrote: Hi Quanah, It was -1. Ok, there's definitely an issue somewhere there with your certs. Other permission type things to check include selinux/apparmor etc. Regards, Quanah -- Quanah Gibson-Mount Pr

Re: ldap_modify: Other (e.g., implementation specific) error (80) when adding new certificates

e the log? --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: OpenLDAP in different directories

depends on how it is built. You can entirely self contain it in your own local user directory if needed. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: Ppolicy control missing from supportedControl

Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: [EXT] Re: syncrepl does not work as expected

ed to make adjustments accordingly. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: anonymize data

ow to achieve this found here: <https://uit.stanford.edu/service/directory/aclexamples> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: [EXT] Re: syncrepl does not work as expected

after the objectClass value. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

RE: slapd 2.4.44 Performance problems

--On Monday, July 6, 2020 4:13 PM + daniel.zun...@gmail.com wrote: We ended up sticking to the RH/CentOS7 distribution of OpenLDAP but updated to whatever their latest supported release is. I strongly advise using a current release. --Quanah -- Quanah Gibson-Mount Product Architect

Re: [EXT] Re: syncrepl does not work as expected

advise you to really read the output of ./configure --help. It explicitly tells you what overlays are and are not enabled by default. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <h

Re: [EXT] Re: syncrepl does not work as expected

--On Friday, July 3, 2020 4:09 PM -0400 kumar rahul wrote: Hi Quanah     How do I include accesslog module in slapd ? Depends on how you built it, since you seem to be building your own. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged

Re: [EXT] Re: syncrepl does not work as expected

ot part of your slapd binary. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: [EXT] Re: syncrepl does not work as expected

namic module, you don't need to load it. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: [EXT] Re: syncrepl does not work as expected

ly vs statically. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: [EXT] Re: syncrepl does not work as expected

statically, which is likely why you currently do not have a module{0} section for loading modules. You'll also have to verify where on disk the accesslog overlay exists so that the moduleload statement pulls from the right directory. Regards, Quanah -- Quanah Gibson-Mount Product Arch

Re: slapd 2.4.44 Performance problems

--On Wednesday, July 1, 2020 2:38 PM + daniel.zun...@gmail.com wrote: We are using the version that comes with CentOS/RHEL7. Will try a new deployment using back-mdb. Note that it's still critical to update to a current release. Regards, Quanah -- Quanah Gibson-Mount Pr

Re: slapd 2.4.44 Performance problems

.com/sofl/> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: [EXT] Re: syncrepl does not work as expected

n24/replication.html#Delta-syncrepl> And a blog post I wrote that gives some example configs: <https://mishikal.wordpress.com/2019/04/23/configuring-mmr-using-delta-syncrepl-in-openldap-updating-an-existing-standalone-configuration/> Regards, Quanah -- Quanah Gibson-Mount Product Arc

Re: [EXT] Re: syncrepl does not work as expected

lthough I'm initially filing a separate bug in case it is a different problem, issue #9282 (<https://bugs.openldap.org/show_bug.cgi?id=9282>). You can add yourself to the CC of the issue to track its status and resolution. Regards, Quanah -- Quanah Gibson-Mount Product Architect Syma

Re: [EXT] Re: syncrepl does not work as expected

--On Tuesday, June 23, 2020 5:04 PM -0400 kumar rahul wrote: Hi Quanah Hi Kumar, I was able to reproduce the issue, thanks for the report. I'll file a bug for it. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported

Re: [Question]: centos8 install - looking for migrationtools package

repository for the migrationtools package and port it for CentOS8 and then build it yourself. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: OpenLDAP results limited via SSL?

I've seen come up over the years. I'd assume you have an active directory admin on site who can help with this, or perhaps contact microsoft support? Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions p

Re: OpenLDAP results limited via SSL?

is talking to? This behavior is not uncommon with AD and would require a change to AD made by the AD administrator. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: [EXT] Re: syncrepl does not work as expected

replicated back to both nodes. Note that I do have a paid job that keeps me busy, so this is a best effort when I have time available to investigate. Thanks, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: syncrepl does not work as expected

t provided it. To re-iterate: Full configuration of both servers, not config snippets or LDAP modify change code. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: ldapsearch filter behaviour

he%20search%20base> Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: syncrepl does not work as expected

verId olcServerId: 1 Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

Re: syncrepl does not work as expected

cannot accurately provide what you're doing. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

<    5   6   7   8   9   10   11   12   13   14   >