Re: [ldapmodify] multiple entries of the same attibute

Am Freitag, 13. Oktober 2017 17:06 CEST, richard lucassen <mailingli...@lucassen.org> schrieb: > On Fri, 13 Oct 2017 14:29:23 +0200 > "Ralf Mattes" <r...@mh-freiburg.de> wrote: > > > > mail: us...@example.com > > > mail: us...@example.com > &g

Re: Small tip to speed up large imports with ldapadd

rational server, why don't you use 'slapadd' (optionally with the '-q -s' option in case you know your input is consistent)? Cheers, Ralf Mattes

Re: [ldapmodify] multiple entries of the same attibute

; the other mail: antries: > <> > > Is there a way to tell ldapmodify to change just a particular entry? A change of a single value equals a delete of that value plus an add of the new value, doesn't it? Cheers, Ralf Mattes > R. > > -- > richard lucassen > http://contact.xaq.nl/ >

Re: country attribute

ons regulate MUST/MAY. Cheers, Ralf Mattes

Re: OpenLDAP not starting using "systemctl start" but runs fine invoking slapd directly

s, almost as if the exec line was copied from an init script that sourced something like /etc/defaults/slapd Cheers, Ralf Mattes

Re: Can I do this with openldap ?

??? What arew you all talking about? Just give all executables a 770 permission and create a group per software/software class. Then, add all allowed users to said groups (this is the part LDAP _can_ help). Rhat's all ... Cheers, Ralf Mattes P.S.: what happened to the good ol' unix culture? ;-)

Re: RE24 testing call (2.4.45) LMDB RE0.9 testing call (0.9.20)

that. Since you are using both, did you correctly "hash" the > CA certs in the directory you pointed at? Is this really the problem. I only use TLSCACertificateFile but still get all the intermediate certificats as well as the top level (German Telekpm) cert. Cheers, Ralf Mattes

Re: Script for mass updates

re often than you might expect). - It wil fail for entries with more than one cn attribute, generating more than one displayName attribute per entry. Cheers, Ralf Mattes

Re: Script for mass updates

ork for dn values that aren't encoded. That's a trivial job for perl or python (or whatever). AWK operates on character streams and that's a bad fit for LDIF. Cheers, Ralf Mattes > regards, > Jephté >

Re: How to add index for "member" of ldap groups

er (e.g., implementation specific) error > Error number: 0x50 (LDAP_OTHER) First, how do you try to add that entry? Who reports that error number? Do you really need pres and sub indices for a dn-syntax atribute? IIRC, sub-indices aren't even allowed for the member attribute. Try to

Re: fresh (distro's) installation and cn=config password

t the olcRootPW attribute of the olcDatabase={0}config,cn=config entry (iff you really insist on using password based access and not the way more flexible ACL based security). HTH Ralf Mattes > olcRootDN, olcRootPW > How to use slapadd for it? Is slapadd not the right tool for > this? > > many thanks, > L. >

Re: (host) and (uid) not indexed (after creating an account)

Am Mittwoch, 04. Januar 2017 21:07 CET, "Ralf Mattes" <r.mat...@mh-freiburg.de> schrieb: > > Since this search fails to find an entry that's the place debugging should > start. N.B.: It looks like this query is > used by the athenticator to map the uid t

Re: (host) and (uid) not indexed (after creating an account)

(!(host=!elnath))) (uid=le)) What program/tool did create that filter (note the redundant duplicated subquery. A and A is always A) ? Since this search fails to find an entry that's the place debugging should start. N.B.: It looks like this query is used by the athenticator to map the uid to a dn which would be needed for a user bind. HTH Ralf Mattes

Re: ldapsearch filter question

to search for groupofnames and not posixgroup? Group ID numbers are usually used with POSIX groups and since both posixgroup and groupoufnames are structural groups they can't mix. It's actually pretty unlikely that your server holds groupofnames with a numeric group i

Re: delta-synrepl consumer randomly delete objects

luck with doing that. Worked pretty well over here. Cheers, Ralf Mattes

slapo-rwm documentation

need to transform the attribute _values_ (i.e. I need to strip the DN-valued member values to get uids). From the existing documentation I can't find out how to restrict a rwm-RewriteRule to (certain) attributes. Any help? TIA Ralf Mattes

Re: Syncrepl and missing entries

file while it's usual size is normally about 43MB (1GB is > the max configured and a slapcat semmed to dump the correct expected > number of '^dn:' as grepped). IIRC mdb files don't "grow", the start with the max size (but are sparse files, sotheywon't eat up your disc). Cheers,Ralf Mattes

Re: Fine grained access to attributes

Am Donnerstag, 29. September 2016 17:20 CEST, Dieter Klünter <die...@dkluenter.de> schrieb: > Am Thu, 29 Sep 2016 13:43:49 +0200 > schrieb "Ralf Mattes" <r.mat...@mh-freiburg.de>: > [...] > > > > I usually consult the "full" docu

Re: Fine grained access to attributes

Am Donnerstag, 29. September 2016 10:20 CEST, Hallvard Breien Furuseth <h.b.furus...@usit.uio.no> schrieb: > On 29. sep. 2016 08:52, Ralf Mattes wrote: > > Just a quick question: isit possible to control access to attributes based > > on an attribute tag? > >

Fine grained access to attributes

Just a quick question: isit possible to control access to attributes based on an attribute tag? The idea is to hide certain attributes by adding a "...;x-hidden' tag. TIA Ralf Mattes :wq

Re: LTB Dwbian packages [was] Re: Creating suffix aliases with OpenLDAP

s.ltb-project.org/projects/ltb/repository/show/openldap-deb/trunk/debian Is this substantially different from git://anonscm.debian.org/pkg-openldap/openldap.git That one seems to compile fine on Debian stable and contains the patch for back-relay that I need so urgent. Cheers, Ralf Mattes

Re: LTB Dwbian packages [was] Re: Creating suffix aliases with OpenLDAP

Am Sonntag, 18. September 2016 12:22 CEST, Michael Ströder <mich...@stroeder.com> schrieb: > Ralf Mattes wrote: > > > > Am Freitag, 16. September 2016 10:15 CEST, Michael Ströder > > <mich...@stroeder.com> schrieb: > > > > > >> [1]

Re: LTB Dwbian packages [was] Re: Creating suffix aliases with OpenLDAP

Am Sonntag, 18. September 2016 14:46 CEST, Harry Jede <harry.j...@arcor.de> schrieb: > Ralf Mattes wrote: > > Am Freitag, 16. September 2016 10:15 CEST, Michael Ströder > <mich...@stroeder.com> schrieb: > > > [1] http://ltb-project.org/wiki/document

LTB Dwbian packages [was} Re: Creating suffix aliases with OpenLDAP

Am Freitag, 16. September 2016 10:15 CEST, Michael Ströder <mich...@stroeder.com> schrieb: > [1] http://ltb-project.org/wiki/documentation/openldap-deb Thanks, but that repository dpesn't seem to have sources for jessie. Looks like I need to go with the Debian Git version. Che

Re: Creating suffix aliases with OpenLDAP

onglomerate > olcRelay: o=ACME Corp > > dn: olcOverlay=rwm,olcDatabase={2}relay,cn=config > objectClass: olcRwmConfig > olcRwmRewrite: rwm-suffixmassage "o=ACME Corp" > Thanks, yes that works in the curren version but not in Debian's version. BTW, that little snippet would be very useful in the manpage. Cheers, Ralf Mattes

Re: Creating suffix aliases with OpenLDAP

Am Donnerstag, 15. September 2016 22:19 CEST, "Ralf Mattes" <r.mat...@mh-freiburg.de> schrieb: > O.k. - I found the culprit (but not the solution). > Trying to configure a olcRelay attribut whose value is a DN containing one > ore more > spaces will fail. I

Re: Creating suffix aliases with OpenLDAP

Am Donnerstag, 15. September 2016 15:38 CEST, Dieter Klünter <die...@dkluenter.de> schrieb: > Am Thu, 15 Sep 2016 15:12:16 +0200 > schrieb "Ralf Mattes" <r.mat...@mh-freiburg.de>: > > O.k. enough ranting and on with configuration. O.k. - I found the culp

Re: Creating suffix aliases with OpenLDAP

t is the whole point of an online configuration). So, fornow, I'm stuck with a configured realy database or which I can't configure the relay (server log complains about "RESULT tag=103 err=19 text= extra cruft after " Which is, if I might say, not the most revealing error message Cheers, Ralf Mattes

Re: Creating suffix aliases with OpenLDAP

First, juat to be clear: thank you for your valuable help and please don't take my comments personally. Am Donnerstag, 15. September 2016 09:46 CEST, Dieter Klünter schrieb: > > > > I _knew_ I read about that at some time. This (slapd-relay) looks > > exactly like what

Re: Creating suffix aliases with OpenLDAP

Am Mittwoch, 14. September 2016 16:54 CEST, Dieter Klünter <die...@dkluenter.de> schrieb: > Am Wed, 14 Sep 2016 16:00:33 +0200 > schrieb "Ralf Mattes" <r...@mh-freiburg.de>: > > > ... > > s there any to configure such an "alias suffix"? >

Creating suffix aliases with OpenLDAP

uffix"? TIA Ralf Mattes

Re: chain-uri with a blank?

he "null" indicates that there was no uri provided. In your case it shoul dshow your chain-uri. HTH Ralf Mattes

Re: ACL sanity check

in that rule. You really need to get the order of your rules right (and make use of pass ...) HTH Ralf Mattes