Am Freitag, 13. Oktober 2017 17:06 CEST, richard lucassen
<mailingli...@lucassen.org> schrieb:
> On Fri, 13 Oct 2017 14:29:23 +0200
> "Ralf Mattes" <r...@mh-freiburg.de> wrote:
>
> > > mail: us...@example.com
> > > mail: us...@example.com
> &g
rational server, why don't you use 'slapadd' (optionally with
the '-q -s' option in case you know your input is consistent)?
Cheers, Ralf Mattes
; the other mail: antries:
> <>
>
> Is there a way to tell ldapmodify to change just a particular entry?
A change of a single value equals a delete of that value plus an add of the new
value, doesn't it?
Cheers, Ralf Mattes
> R.
>
> --
> richard lucassen
> http://contact.xaq.nl/
>
ons regulate
MUST/MAY.
Cheers, Ralf Mattes
s, almost as if the
exec line was
copied from an init script that sourced something like /etc/defaults/slapd
Cheers, Ralf Mattes
??? What arew you all talking about?
Just give all executables a 770 permission and create a group per
software/software class.
Then, add all allowed users to said groups (this is the part LDAP _can_ help).
Rhat's all ...
Cheers, Ralf Mattes
P.S.: what happened to the good ol' unix culture? ;-)
that. Since you are using both, did you correctly "hash" the
> CA certs in the directory you pointed at?
Is this really the problem. I only use TLSCACertificateFile but still get all
the
intermediate certificats as well as the top level (German Telekpm) cert.
Cheers, Ralf Mattes
re often than you might expect).
- It wil fail for entries with more than one cn attribute, generating more
than one displayName attribute per entry.
Cheers, Ralf Mattes
ork for dn values that aren't encoded.
That's a trivial job for perl or python (or whatever). AWK operates
on character streams and that's a bad fit for LDIF.
Cheers, Ralf Mattes
> regards,
> Jephté
>
er (e.g., implementation specific) error
> Error number: 0x50 (LDAP_OTHER)
First, how do you try to add that entry?
Who reports that error number?
Do you really need pres and sub indices for a dn-syntax atribute?
IIRC, sub-indices aren't even allowed for the member attribute.
Try to
t the olcRootPW attribute of
the olcDatabase={0}config,cn=config entry (iff you really insist on using
password based access and not the way more flexible ACL based security).
HTH Ralf Mattes
> olcRootDN, olcRootPW
> How to use slapadd for it? Is slapadd not the right tool for
> this?
>
> many thanks,
> L.
>
Am Mittwoch, 04. Januar 2017 21:07 CET, "Ralf Mattes" <r.mat...@mh-freiburg.de>
schrieb:
>
> Since this search fails to find an entry that's the place debugging should
> start. N.B.: It looks like this query is
> used by the athenticator to map the uid t
(!(host=!elnath)))
(uid=le))
What program/tool did create that filter (note the redundant duplicated
subquery. A and A is always A) ?
Since this search fails to find an entry that's the place debugging should
start. N.B.: It looks like this query is
used by the athenticator to map the uid to a dn which would be needed for a
user bind.
HTH Ralf Mattes
to search for groupofnames and not
posixgroup?
Group ID numbers are usually used with POSIX groups and since both posixgroup
and
groupoufnames are structural groups they can't mix. It's actually pretty
unlikely that your server
holds groupofnames with a numeric group i
luck with doing that.
Worked pretty well over here.
Cheers, Ralf Mattes
need to
transform the attribute _values_ (i.e. I need to strip the DN-valued member
values to get
uids). From the existing documentation I can't find out how to restrict a
rwm-RewriteRule to
(certain) attributes. Any help?
TIA Ralf Mattes
file while it's usual size is normally about 43MB (1GB is
> the max configured and a slapcat semmed to dump the correct expected
> number of '^dn:' as grepped).
IIRC mdb files don't "grow", the start with the max size (but are sparse files,
sotheywon't eat up your disc).
Cheers,Ralf Mattes
Am Donnerstag, 29. September 2016 17:20 CEST, Dieter Klünter
<die...@dkluenter.de> schrieb:
> Am Thu, 29 Sep 2016 13:43:49 +0200
> schrieb "Ralf Mattes" <r.mat...@mh-freiburg.de>:
> [...]
> >
> > I usually consult the "full" docu
Am Donnerstag, 29. September 2016 10:20 CEST, Hallvard Breien Furuseth
<h.b.furus...@usit.uio.no> schrieb:
> On 29. sep. 2016 08:52, Ralf Mattes wrote:
> > Just a quick question: isit possible to control access to attributes based
> > on an attribute tag?
> >
Just a quick question: isit possible to control access to attributes based on
an attribute tag?
The idea is to hide certain attributes by adding a "...;x-hidden' tag.
TIA Ralf Mattes
:wq
s.ltb-project.org/projects/ltb/repository/show/openldap-deb/trunk/debian
Is this substantially different from
git://anonscm.debian.org/pkg-openldap/openldap.git
That one seems to compile fine on Debian stable and contains the patch for
back-relay that I need so urgent.
Cheers, Ralf Mattes
Am Sonntag, 18. September 2016 12:22 CEST, Michael Ströder
<mich...@stroeder.com> schrieb:
> Ralf Mattes wrote:
> >
> > Am Freitag, 16. September 2016 10:15 CEST, Michael Ströder
> > <mich...@stroeder.com> schrieb:
> >
> >
> >> [1]
Am Sonntag, 18. September 2016 14:46 CEST, Harry Jede <harry.j...@arcor.de>
schrieb:
> Ralf Mattes wrote:
> > Am Freitag, 16. September 2016 10:15 CEST, Michael Ströder
> <mich...@stroeder.com> schrieb:
> > > [1] http://ltb-project.org/wiki/document
Am Freitag, 16. September 2016 10:15 CEST, Michael Ströder
<mich...@stroeder.com> schrieb:
> [1] http://ltb-project.org/wiki/documentation/openldap-deb
Thanks, but that repository dpesn't seem to have sources for jessie.
Looks like I need to go with the Debian Git version.
Che
onglomerate
> olcRelay: o=ACME Corp
>
> dn: olcOverlay=rwm,olcDatabase={2}relay,cn=config
> objectClass: olcRwmConfig
> olcRwmRewrite: rwm-suffixmassage "o=ACME Corp"
>
Thanks, yes that works in the curren version but not in Debian's version.
BTW, that little snippet would be very useful in the manpage.
Cheers, Ralf Mattes
Am Donnerstag, 15. September 2016 22:19 CEST, "Ralf Mattes"
<r.mat...@mh-freiburg.de> schrieb:
> O.k. - I found the culprit (but not the solution).
> Trying to configure a olcRelay attribut whose value is a DN containing one
> ore more
> spaces will fail. I
Am Donnerstag, 15. September 2016 15:38 CEST, Dieter Klünter
<die...@dkluenter.de> schrieb:
> Am Thu, 15 Sep 2016 15:12:16 +0200
> schrieb "Ralf Mattes" <r.mat...@mh-freiburg.de>:
> > O.k. enough ranting and on with configuration.
O.k. - I found the culp
t is the whole point of an online configuration).
So, fornow, I'm stuck with a configured realy database or which I can't
configure the relay (server log complains about
"RESULT tag=103 err=19 text= extra cruft after "
Which is, if I might say, not the most revealing error message
Cheers, Ralf Mattes
First, juat to be clear: thank you for your valuable help and please don't
take my comments personally.
Am Donnerstag, 15. September 2016 09:46 CEST, Dieter Klünter
schrieb:
> >
> > I _knew_ I read about that at some time. This (slapd-relay) looks
> > exactly like what
Am Mittwoch, 14. September 2016 16:54 CEST, Dieter Klünter
<die...@dkluenter.de> schrieb:
> Am Wed, 14 Sep 2016 16:00:33 +0200
> schrieb "Ralf Mattes" <r...@mh-freiburg.de>:
>
> > ...
> > s there any to configure such an "alias suffix"?
>
uffix"?
TIA Ralf Mattes
he "null" indicates that there
was no uri provided. In
your case it shoul dshow your chain-uri.
HTH Ralf Mattes
in that
rule.
You really need to get the order of your rules right (and make use of pass
...)
HTH Ralf Mattes
33 matches
Mail list logo