Hi Ondrej,
thank you for your answer.
Am 02.04.24 um 10:47 schrieb Ondřej Kuzník:
I assume libsasl2 is linked to heimdal, which doesn't (yet?) support
KCM? And on Debian you might have been using heimdal as your libkrb5, so
no KCM cache used.
Then that's strange because I only installed
Hello Ulf,
thank you for your fast answer even on Easter Monday :-)
Am 01.04.24 um 16:48 schrieb Ulf Volmer:
/etc/krb5.conf.d/kcm_default_ccache is your friend.
That's what I changed to go back to FILE: but I can't get ldapsearch and
ldapwhoami working with KCM:
I did not changed anything
I normally use Debian for OpenLDAP and Kerberos, but now I have to uses
Alamalinux 9. When I create a Ticket with kinit I'm getting:
-
u1-prod@ldapserver1 ~]$ kinit
Password for u1-p...@example.net:
[u1-prod@ldapserver1 ~]$ klist
Ticket cache: KCM:10001
Default principal:
Hi Ulf,
Am 29.02.24 um 18:20 schrieb Ulf Volmer:
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
olcDynListAttrSet: groupOfURLs memberURL
uniqueMember+memberOf@groupOfUniqueNames
But these to entries are still for groupOfURLs and not groupOfNames or
groupOfUniqeNames.
Hi to all,
up to now I only used:
olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
to dynamically add the Attribute memberOf to all members of a
groupOfURLs. Is it possible to do the same with members for groupOfNames
and groupOfUniqueNames?
I yes, can someone please post
entryDN: cn=Christoph Pleger,ou=people,dc=cs,dc=tu-dortmund,dc=de
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Do I have to load additional modules like refint, dyngroup or memberof?
NO, you don't need any of
roupOfNames is unknown.
So, I have some questions:
1. Does dynlist work this way only in OpenLDAP 2.6?
2. If no, do I have to import additional overlay ldifs?
3. Do I have to load additional modules other than dynlist?
4. Do I have to set other overlay attributes for the dynlist overlay?
Regards
I you want add a second olcDlAttrSet do it this way:
-
dn: olcOverlay={1}dynlist,olcDatabase={1}mdb,cn=config
changetype: modify
add: olcDlAttrSet
olcDlAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
-
Am 18.12.23 um 13:50 schrieb Christoph Pleger:
Hello,
I
2023-12-13T14:26:31.504246+01:00 bea-chicago slapd[63531]: daemon: activity on
1 descriptor
2023-12-13T14:26:31.504301+01:00 bea-chicago slapd[63531]: daemon: activity on:
2023-12-13T14:26:31.504366+01:00 bea-chicago slapd[63531]:
2023-12-13T14:26:31.504420+01:00 bea-chicago slapd[63531]: send
Am 13.12.23 um 08:51 schrieb Jean-Luc Chandezon:
Hello dear community,
I’m trying to enable LDAPS. I don’t understanrd what is cause error. Is
anybody have an idea please?
OpenLDAP is 2.5.13, on Debian 12.
Here is our certificate chain definition:
dn: cn=config
add:
Am 11.12.23 um 18:10 schrieb Ondřej Kuzník:
On Wed, Dec 06, 2023 at 08:11:52PM +0100, Stefan Kania wrote:
Hi Ondrej,
I restarted with a new test.
Now I'm having 2 loadbalancer one is configured via cn=config and one over
slapd.conf. Both are configured exactly the same. Same binduser, same
Am 07.12.23 um 17:40 schrieb Quanah Gibson-Mount:
My question was more, once you add the database config block, if you
ldapsearch the cn=config database it generates, does it match what you
get from slatpest conversion.
Now I understand :-). so that's what I did now
adding
--
Am 06.12.23 um 22:12 schrieb Quanah Gibson-Mount:
--On Wednesday, December 6, 2023 8:11 PM +0100 Stefan Kania
wrote:
Hi Ondrej,
I restarted with a new test.
Now I'm having 2 loadbalancer one is configured via cn=config and one
over slapd.conf. Both are configured exactly the same. Same
showing the port 389 636 1389 1636 as
listing.
Trying to connect with "telnet 1636" to both, only on the
loadbalancer configured via slapd.conf I can see packages arriving in
tcpdump.
There is NO firewall at all running on both systems!
Any idea?
Am 04.12.23 um 14:51 schrieb Stef
Am 05.12.23 um 14:32 schrieb Uwe Sauter:
You need to at least also use "-W" or else it will fallback to anonymous:
That was someting I did not test, because it's mentioned in the manpage.
With -W it's working :-)
Sometimes live is so easy :-)
Now I'm going to fiddle around a little bit to
Am 05.12.23 um 13:50 schrieb Michael Wandel:
What options you are using with your ldapsearc command ?
just a "ldapsearch -x" so everything else should be read from .ldaprc.
smime.p7s
Description: Kryptografische S/MIME-Signatur
Am 05.12.23 um 13:45 schrieb Uwe Sauter:
Just a hunch: Are you actually running ldapsearch as a user (read: not root)?
It doesn't matter it's the same using a .ldaprc as root or as "normal"
user ldapsearch is always doing an anonymous search. I tested both ;-)
smime.p7s
Description:
Hi to all,
I just started to use my own .ldaprc file in $HOME:
-
URI ldaps://provider01.example.net ldaps://provider02.example.net
BASE dc=example,dc=net
BINDDN uid=repl-user,ou=users,dc=example,dc=net
TLS_REQCERT demand
TLS_CACERT /opt/symas/etc/openldap/cacert.pem
he remaining protocol.
Btw I get all the same errors when I convert the slapd.conf with
slaptest and use the result to start the loadbalancer. So I can't find
an error here.
At the moment I don't know where to look next
Stefan
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren j
ient connid=30
Dez 04 15:38:47 loadbalancer01 slapd[1623]: handle_one_request: received
unbind, closing client connid=30
-----
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertif
Now I did a check with tcpdump. Starting tcpdump on both systems I see,
that the tcp connection is established. But now packages send when doing
a ldapsearch.
Am 04.12.23 um 11:52 schrieb Ondřej Kuzník:
On Mon, Dec 04, 2023 at 11:40:29AM +0100, Stefan Kania wrote:
Hi to all,
when I setup
mple,dc=net" mech=SIMPLE bind_ssf=0 ssf=256
-
There must be something wrong with the bind configuration.
Stefan
Am 04.12.23 um 11:52 schrieb Ondřej Kuzník:
On Mon, Dec 04, 2023 at 11:40:29AM +0100, Stefan Kania wrote:
Hi to all,
when I setup the loadbalancer lloadd via slapd.con
Hi to all,
when I setup the loadbalancer lloadd via slapd.conf everything is
working fine. Here my slapd.conf
-
TLSCertificateFile /opt/symas/etc/openldap/example-net-cert.pem
TLSCertificateKeyFile /opt/symas/etc/openldap/example-net-key.pem
TLSCACertificateFile
Am 05.10.23 um 18:59 schrieb Ulf Volmer:
On 05.10.23 18:39, Stefan Kania wrote:
Am 05.10.23 um 07:02 schrieb Howard Chu:
Read tests/scripts/test066-autoca for examples of how to do that.
Does anyone has an answer for an non developer WITHOUT compiling the
software. I'm not a developer
Am 05.10.23 um 07:02 schrieb Howard Chu:
Stefan Kania wrote:
Hi to all,
I have autoca running with my own CA. And I can create certificates and keys
for users and hosts. But now I would like to use the certificate and key for
radius
802.1x authentication so I need to export the certificate
Hi to all,
I have autoca running with my own CA. And I can create certificates and
keys for users and hosts. But now I would like to use the certificate
and key for radius 802.1x authentication so I need to export the
certificate and the key. I know how to convert a DER certificate to a
pem
Am 04.10.23 um 18:56 schrieb Kaushal Shriyan:
Hi,
I am running the openldap server on Red Hat Enterprise Linux release 8.8
(Ootpa)
# rpm -qa | grep -i ldap
sssd-ldap-2.8.2-3.el8_8.x86_64
symas-openldap-servers-2.4.59-1.el8.x86_64
openldap-2.4.46-18.el8.x86_64
Am 21.09.23 um 19:13 schrieb Stefan Kania:
Thank you, now it's working. Would be nice if it documented somewhere,
maybe the manpage :-)
^.^ found it in the Manpage, it's late :-)
Am 21.09.23 um 18:08 schrieb Howard Chu:
Stefan Kania wrote:
Hi all,
I like to change the certificate
Thank you, now it's working. Would be nice if it documented somewhere,
maybe the manpage :-)
Am 21.09.23 um 18:08 schrieb Howard Chu:
Stefan Kania wrote:
Hi all,
I like to change the certificate and the key for autoca, but I can't find any
description how to do it. I tried the following
Hi all,
I like to change the certificate and the key for autoca, but I can't
find any description how to do it. I tried the following LDIF:
---
dn: dc=example,dc=net
changetype: modify
replace: cACertificate;binary
cACertificate;binary:< file:///root/mycert/cacert.pem
-
replace:
Thank's Michael,
that it. I was looking for ldap-utils (the name of the package on Debian
system) But on a SUSE system it's "openldap2-client".
I removed it and it is working.
I don't like SUSE :-)
Am 05.07.23 um 20:43 schrieb Michael Wandel:
rpm -qf $(which ldapsearch)
--
St
Hi to all,
I just installed openSUSE 15.5 and the actual symas packages. After
installing OpenLDAP I could start slapd but "ldapsearch -Y external -H
ldapi:///" is giving me a "can't connect to ldapserver"
I found out that the ldap-socket on SUSE is (the same a on Debian
systems) in
Thank's that solved my problem. Sometimes it's so easy ;-). I looked at
it several times but I didn't saw it
Am 09.05.23 um 15:33 schrieb Ondřej Kuzník:
On Sat, May 06, 2023 at 05:07:31PM +0200, Stefan Kania wrote:
2. ldif
---
dn: name={1}verw-tel,olcOverlay={2}variant,olcDatabase
Am 09.05.23 um 15:33 schrieb Ondřej Kuzník:
On Sat, May 06, 2023 at 05:07:31PM +0200, Stefan Kania wrote:
2. ldif
---
dn: name={1}verw-tel,olcOverlay={2}variant,olcDatabase={2}mdb,cn=config
objectClass: olcVariantRegex
olcVariantEntryRegex:
cn=(.+),ou=users,ou=verwaltung,ou=firma,dc
attribute
'olcVariantVariantAttribute' conflicts with value present in entry
So still not working.
Both olcVariantVariantAttribute uses different attributes.
so what is wrong?
Am 06.05.23 um 10:10 schrieb Stefan Kania:
Ok, I will do it. I already file a bug about the manpage of variant.
But you did not
, May 5, 2023 9:36 PM +0200 Stefan Kania
wrote:
And as you can see, adding the entry crashes the slapd.
If you crash slapd, you need to file a bug. :)
--Quanah
smime.p7s
Description: S/MIME Cryptographic Signature
Hi to all,
today I tried to set up the new overlay variant with OpenLDAP 2.6
(symas-packages) on a Debian 11 system
First step I loaded the module:
I added the Attribute "postaladdress" to an OU (ou=firma,dc=example,dc=net)
and the "mobile" attribute to (ou=firma,dc=example,dc=net)
Then I
to my. And you also wrote that you
have only two two hosts.
Am 27.04.23 um 19:41 schrieb Benjamin Renard:
Le 27/04/2023 à 19:28, Stefan Kania a écrit :
Why do you have two csn from 2019 and one from 2023?
Hum... I not sure to understand your question :( My two hosts was on the
same slapd
Why do you have two csn from 2019 and one from 2023?
Am 27.04.23 um 19:12 schrieb Benjamin Renard:
Hello,
Le 25/04/2023 à 18:48, Quanah Gibson-Mount a écrit :
--On Tuesday, April 25, 2023 7:40 PM +0200 Benjamin Renard
wrote:
OK, thanks for your advice. I will try to update it on the
Am 12.04.23 um 23:39 schrieb Quanah Gibson-Mount:
--On Wednesday, April 12, 2023 3:16 PM +0200 Stefan Kania
wrote:
Hi to all,
when I connect to openldap, with simple-bind I see:
---
mech=SIMPLE bind_ssf=0 ssf=256
So there is no security factor for a SIMPLE bind mechanism
Hi to all,
when I connect to openldap, with simple-bind I see:
---
mech=SIMPLE bind_ssf=0 ssf=256
---
When I connect to openldap with GSSAPI I see:
---
mech=GSSAPI bind_ssf=56 ssf=256
---
So I uses strong-bind via GSSAPI
there is no place where I can find
Same settings, same problem. I got the following error:
Apr 05 17:26:09 ldap-pp01 slapd[1773]: conn=1000 op=1 BIND dn="cn=karl
klammer,ou=users,dc=example,dc=net" method=128
Apr 05 17:26:09 ldap-pp01 slapd[1773]: slap_get_csn: conn=1000 op=1
generated new
Then create the folder /usr/local/etc/slapd.d first and THEN do the slapadd
Am 05.04.23 um 08:48 schrieb cxb2000...@gmail.com:
Hi all,
I am new to OpenLDAP, recently I am following the official quick-start guide
and finished the installation part.
However when configuring the database which
I don't know what you installed, I think at least the develpment-tools.
To get a straight system best would be to start from the beginning.So
you learn how to set up the system from the beginning.
Am 03.04.23 um 16:43 schrieb Eric Fetzer:
OK, so how do I uninstall what I have installed now?
Found my problem was a blank at the end of the line in a ldif-File.
But still ther is the problem with "cachesize 100" in slapd.conf. Can
it be that the manpage is wrong?
Am 01.04.23 um 11:31 schrieb Stefan Kania:
Am 31.03.23 um 20:05 schrieb Stefan Kania:
Hello,
I try to
Am 31.03.23 um 20:05 schrieb Stefan Kania:
Hello,
I try to configure a proxy-server with back_meta connecting to to
different AD-domains. I'm getting the result as expected if I do an
ldapsearch. But now I want to add caching for the data, so I configured
the following:
I now tried
/*
Then when I installed OpenLDAP they would be available to me. Sorry,
just learning all of this and it's like sucking a watermelon through a
straw...
On Fri, Mar 31, 2023 at 12:10 PM Stefan Kania <mailto:ste...@kania-online.de>> wrote:
Am 30.03.23 um 22:11 schrieb Er
Am 30.03.23 um 22:11 schrieb Eric Fetzer:
OK, getting a little further. I've come to the realization that I need
to uninstall, reconfigure to include a few overlays, then reinstall.
I'm on RHEL 8.7, and thus built from source. What do I need to do to
uninstall? Guessing the first thing I
Hello,
I try to configure a proxy-server with back_meta connecting to to
different AD-domains. I'm getting the result as expected if I do an
ldapsearch. But now I want to add caching for the data, so I configured
the following:
dn: cn=config
objectClass: olcGlobal
cn: config
Looking at the openldap.org adminhandbook to 2.6 I found
https://openldap.org/doc/admin26/overlays.html#The%20Proxy%20Cache%20Engine
The configuration for the databas for pcache:
dn: olcDatabase={0}mdb,olcOverlay={0}pcache,olcDatabase={2}ldap,cn=config
objectClass: olcMdbConfig
Done
https://bugs.openldap.org/show_bug.cgi?id=10031
Am 27.03.23 um 18:36 schrieb Quanah Gibson-Mount:
--On Saturday, March 25, 2023 12:59 PM +0100 Stefan Kania
wrote:
Hello,
I've got the following working slapd.conf:
Please file a bug in the ITS system and provide your working
Hi to all,
the manpage of the slapo-dynlist is showing the following example:
---
A dynamic group with dgIdentity authorization could be created
with an entry like
dn: cn=Dynamic Group,ou=Groups,dc=example,dc=com
objectClass: groupOfURLs
Hello,
I've got the following working slapd.conf:
include /opt/symas/etc/openldap/schema/core.schema
include /opt/symas/etc/openldap/schema/cosine.schema
include /opt/symas/etc/openldap/schema/inetorgperson.schema
include
Am 11.03.23 um 19:57 schrieb Jeffrey Walton:
Could you provide feedback to Syma's Support, please?
is, it's not my maschine, it belong to a customer and I don't have
the possibility to compile OpenLDAP on this maschine. What I can do, is
testing if new packages will solve the problem,
Am 10.03.23 um 20:36 schrieb Quanah Gibson-Mount:
--On Friday, March 10, 2023 7:37 PM +0100 Stefan Kania
wrote:
Am 10.03.23 um 19:24 schrieb Quanah Gibson-Mount:
Ok. I still don't know what 'changing the password via LDIF' means
though.
Generate a password with for example
Am 10.03.23 um 19:24 schrieb Quanah Gibson-Mount:
Ok. I still don't know what 'changing the password via LDIF' means though.
Generate a password with for example slappasswd or argon2 and replace
the attribute userPassword via a ldif-files
smime.p7s
Description: S/MIME Cryptographic
Am 10.03.23 um 09:25 schrieb Jeffrey Walton:
On Wed, Mar 8, 2023 at 8:30 AM Stefan Kania wrote:
Am 08.03.23 um 14:11 schrieb Ulrich Windl:
Maybe examine the compiler flags, compiler version and CPU running the binary.
I use the symas-packages from repository. I did not compile it on my
Am 09.03.23 um 20:49 schrieb Quanah Gibson-Mount:
--On Thursday, March 9, 2023 7:51 PM +0100 Stefan Kania
wrote:
Another strange thing about passwords on the same machine. As I told you
before, we switch to ssha as paswordhash.
SSHA is rather insecure. The Symas OpenLDAP builds ship
th Entropy in
vmWare but I can't remember what it was. Could this be my problem with
argon2 and slappasswd?
Am 08.03.23 um 15:38 schrieb Stefan Kania:
I think I found the problem:
The host has a 12 year old CPU Intel Xeon E5-2630 . Together with argon2
as passwordhash there is a problem. As
08.03.23 um 14:30 schrieb Stefan Kania:
Am 08.03.23 um 14:11 schrieb Ulrich Windl:
Maybe examine the compiler flags, compiler version and CPU running the
binary.
I use the symas-packeages from repository. I did not compile it on my
own ;-)
smime.p7s
Description: S/MIME Cryptographic Signature
Am 08.03.23 um 14:11 schrieb Ulrich Windl:
Maybe examine the compiler flags, compiler version and CPU running the binary.
I use the symas-packeages from repository. I did not compile it on my
own ;-)
smime.p7s
Description: S/MIME Cryptographic Signature
Hello,
I have the following configuration for my overlay ppolicy (OpenLDAP 2.6)
It's a testing system!
-
dn: olcOverlay={0}ppolicy,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyDefault:
DAP-Server
(and it's DNS-name) easy. I only need to change the SRV-record and don't
have to modify each ldap-server. Like in sssd and kerberos.
Stefan
Am 19.01.23 um 14:01 schrieb Ondřej Kuzník:
On Thu, Jan 19, 2023 at 11:48:45AM +0100, Stefan Kania wrote:
hi to all,
is it somehow possibl
hi to all,
is it somehow possible to finde the provider in "syncrepl" of a consumer
via DNS SRV-records.
If I have several providers with lloadd in front of it and the consumers
are only contacting the loadbalancer, the it would be nice to use the
SRV-Records of the DNS. I could then set up
Am 15.12.22 um 17:56 schrieb Quanah Gibson-Mount:
--On Thursday, December 15, 2022 3:02 PM +0100 Stefan Kania
wrote:
--
dn: cn=config
changetype: modify
replace: olcAuthzpolicy
olcAuthzpolicy: any
--
Since you only need it to be possible for the lloadd user
Am 15.12.22 um 16:38 schrieb Ondřej Kuzník:
Should be authzTo if you're adding it to the lloadd's identity, are you
sure uid=lloadd,ou=users,dc=example,dc=net has 'auth' (+x) access to
dc=example,dc=net and the uid attribute on the subtree?
Thank you for the push in right direction
I added
Am 15.12.22 um 14:24 schrieb Ondřej Kuzník:
It's not possible inside lloadd but when lloadd uses an identity A and a
client binds with identity B, then sends an operation to it, what the
backend receives is an operation with proxyauthz carrying B over a
connection bound to A. If authz-policy
Am 15.12.22 um 13:10 schrieb Ondřej Kuzník:
On Wed, Dec 14, 2022 at 09:20:14PM +0100, Stefan Kania wrote:
I now took the example configuration and changed it to my settings:
-
feature proxyauthz
bindconf bindmethod=simple
binddn=uid=lloadd,ou=users,dc=example,dc
Hi Ondřej,
thank you for your answer, that's what I wanted to know.
Stefan
Am 15.12.22 um 12:48 schrieb Ondřej Kuzník:
On Wed, Dec 14, 2022 at 06:57:05PM +0100, Stefan Kania wrote:
Am 14.12.22 um 18:17 schrieb Quanah Gibson-Mount:
--On Wednesday, December 14, 2022 5:58 PM +0100 Stefan Kania
I now took the example configuration and changed it to my settings:
-
TLSCertificateFile /opt/symas/etc/openldap/example-net-cert.pem
TLSCertificateKeyFile /opt/symas/etc/openldap/example-net-key.pem
TLSCACertificateFile /opt/symas/etc/openldap/cacert.pem
pidfile
Am 14.12.22 um 18:17 schrieb Quanah Gibson-Mount:
--On Wednesday, December 14, 2022 5:58 PM +0100 Stefan Kania
wrote:
Hi to all,
I want to test the "lloadd" as a standalone daemon. I'm using the symas
OpenLDAP 2.6 packages on a debian 11 system. I can only find the module
Hi to all,
I want to test the "lloadd" as a standalone daemon. I'm using the symas
OpenLDAP 2.6 packages on a debian 11 system. I can only find the module
"lloadd.la" but not the standalone daemon. If I want to us it, do I have
to compile it myself?
What would be the better way using the
I'm testing the openldap cache module pcache with OpenLDAP 2.6 on
Debian11 (symas-packages). The proxy has the following config:
(I'm testing caching so no security is set)
--
include /opt/symas/etc/openldap/schema/core.schema
include
Good morning,
we having a own schema with a lot of own attributes. We have a multi
provider replication of cn=config. What is the right way to add a new
attribute to our schema and get it into the configuration?
Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
That's what can be found in the FAQ on openldap.org:
https://www.openldap.org/faq/data/cache/605.html
I would trust this more then any rumors on any stack page ;)
Am 30.03.22 um 18:45 schrieb thomaswilliampritch...@gmail.com:
> At risk of beating a dead horse, I'd like to hear
Am 10.01.22 um 17:54 schrieb Quanah Gibson-Mount:
>
>
> --On Monday, January 10, 2022 5:46 PM +0100 Stefan Kania
> wrote:
>
>>
>>
>> Am 10.01.22 um 17:13 schrieb Quanah Gibson-Mount:
>>> And why the issue you filed has not been closed out.
>&
Am 10.01.22 um 17:13 schrieb Quanah Gibson-Mount:
> And why the issue you filed has not been closed out.
As RESOLVED and ???
FIXED is not right so which status should I choose?
--
smime.p7s
Description: S/MIME Cryptographic Signature
err=53"
"server unwilling to perform"
@Quanah: In your blog about mmr it's also with a small "m", maybe you
can change it.
Am 07.12.21 um 16:52 schrieb Stefan Kania:
> Hi to all,
>
> is it now save to use mmr of cn=config with OpenLDAP 2.6? I got it
> runnin
Am 03.01.22 um 18:19 schrieb Quanah Gibson-Mount:
>
>
> --On Monday, January 3, 2022 6:14 PM +0100 Michael Ströder
> wrote:
>
>> On 1/3/22 18:03, Quanah Gibson-Mount wrote:
>>> In general, "memberUID" is for use with posix groups (NOT LDAP groups).
>>> But again, it's generally deficient
Hi to all,
two years ago I tried to use dynamic groups as Posix-groups see post:
https://www.openldap.net/lists/openldap-technical/201911/msg00028.html
Now I tried it again with OpenLDAP 2.6 and the attribute memberUID is
still not showing up. Is it still not possible to search for memberUid?
hi to all,
with 2.4.x the only way to remove an overlay from cn=config was exort
cn=config edit the export and reimport it. I found a thread where it said:
-
This will probably be supported in OpenLDAP 2.5.
-
So is it possible somehow or do I still have to go the way with slapcat
nisms: OTP
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
--
Again, thank you all for the help, several tips got me to the point.
Stefan
Am 17.12.21 um 16:34 schrieb Stefan Kania:
> Hello to all,
>
> I'm trying to get GSSAPI aut
Am 22.12.21 um 13:01 schrieb Dieter Klünter:
> You probabely missed the header files, check /usr/include/gssapi/
> and /usr/include/krb5/
> and probabely some more.
> and check the libraries in /usr/lib64/sasl2/
>
I installed libkrb5-dev krb5-multidev libsasl2-dev
I found:
Am 22.12.21 um 13:18 schrieb Dieter Klünter:
> /* OpenLDAP SASL options */
> [...]
> /* OpenLDAP GSSAPI options */
> #define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT 0x6200
> #define LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL 0x6201
--
I did:
root@ldap25-p02:/opt/openldap-2.6.0# grep -ir
Am 22.12.21 um 10:31 schrieb Stefan Kania:
> either it's still a configuration problem, or it's missing. If it's a
> configuration problem, how can I fix it?
I now built OpenLDAP from source with this options:
--
./configure --enable-argon2 --with-argon2=libargon2 --with-cyru
Am 21.12.21 um 22:19 schrieb Michael Ströder:
>
> # ldd /opt/symas/lib/slapd
> [..]
> libgssapi.so.3 => /opt/symas/lib/libgssapi.so.3 (0x7f6d63716000)
> libkrb5.so.26 => /opt/symas/lib/libkrb5.so.26 (0x7f6d6347e000)
I don't know which packages you are using, but can't confirm
Am 21.12.21 um 14:14 schrieb Dieter Klünter:
> Am Sat, 18 Dec 2021 07:28:16 +0100
> schrieb Dieter Klünter :
>
>> Am Fri, 17 Dec 2021 16:34:41 +0100
>> schrieb Stefan Kania :
>>
>>> Hello to all,
>>>
>>> I'm trying to get GSSAPI authentic
Hi Dieter
Am 18.12.21 um 07:28 schrieb Dieter Klünter:
> /etc/sasl2/slapd.conf
> mech_list: gssapi digest-md5 cram-md5 external
> keytab: /etc/openldap/ldap.keytab
>
> /etc/ldap.conf
> KRB5_KTNAME=/etc/openldap/krb5.keytab
> SASL_MECH GSSAPI
> SASL_REALM My.SASL.REALM
The configuration is
Hello to all,
I'm trying to get GSSAPI authentication running with the symas-packages.
I generated a ldap.keytab file and it's readable for the ldap-user
running the slapd. With the Debian-packages I ad:
-
export KRB5_KTNAME="/path/to/ldap.keytab"
-
I don't want to use the system
Am 15.12.21 um 20:34 schrieb Quanah Gibson-Mount:
>
>
> --On Wednesday, December 15, 2021 8:23 PM +0100 Stefan Kania
> wrote:
>
>>
>>
>> Am 15.12.21 um 19:44 schrieb Quanah Gibson-Mount:
>>>
>>> Please file a bug.
>> How can I? Is t
Am 15.12.21 um 19:44 schrieb Quanah Gibson-Mount:
>
> Please file a bug.
How can I? Is there someting like bugzilla I know from the Samba project.
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphär
Am 15.12.21 um 10:11 schrieb Stefan Kania:
> I don't know
> where to look anymore.
I restarted from scratch and only did the basic configuration and the
replication of cn=config. When I do a change with the following ldif:
--
dn: olcDatabase={-1}frontend,cn=config
changetype:
Hello,
I'm still working on replication of cn=config. The replication of the
main DB is working with delta-syncrepl but I still have problems getting
mmr running for cn=config. As I use Ansible to configure it here my
question:
Is the order of setting up the replication relevant?
What I do at the
Now it's working. It was a syntax-problem in one of my Ansible templates
Am 09.12.21 um 15:42 schrieb Stefan Kania:
> by dn.exact="uid=repl-user,ou=users,dc={first_dc}},dc=net" read
This shoud be:
by dn.exact="uid=repl-user,ou=users,dc=example,dc=net" read
I forgot o
Hi to all,
I still experimenting with openldap 2.6 and the deltasyncrepl with four
hosts. I use debian 11 and the symas packages.
I set up all four hosts with the following ldif-files.
Starting with the basic settings:
---
dn: cn=config
objectClass: olcGlobal
Am 07.12.21 um 20:47 schrieb Quanah Gibson-Mount:
>
>
> --On Tuesday, December 7, 2021 7:15 PM +0100 Stefan Kania
> wrote:
>
>>
>>
>>
>>>
>>> The documentation clearly states that for cn=config replication, the
>>> serverID mus
Am 09.12.21 um 08:12 schrieb Ulrich Windl:
>>>> Stefan Kania schrieb am 07.12.2021 um 16:52 in
> Nachricht <37d8d0c0-fd4a-885d-7a8c-3874412ea...@kania-online.de>:
>
> ...
>> What I don't understand: Do I realy have to put all Servers in the
>> replic
>
> The documentation clearly states that for cn=config replication, the
> serverID must be in # URI format.
>
olcServerID: 1 ldap://ldap01.example.net
olcServerID: 2 ldap://ldap02.example.net
olcServerID: 3 ldap://ldap03.example.net
olcServerID: 4 ldap://ldap04.example.net
It's URI format
Hi to all,
is it now save to use mmr of cn=config with OpenLDAP 2.6? I got it
running with 4 server.
I'm installing all 4 server with Ansible so I created a basic configuration:
--
dn: cn=config
objectClass: olcGlobal
cn: config
olcLogLevel: sync
olcLogLevel: stats
olcPidFile:
Am 30.11.21 um 15:31 schrieb Ondřej Kuzník:
> Hi Stefan,
> if you don't want to get it from the keyservers, it's also kept here:
> https://repo.symas.com/repo/gpg/RPM-GPG-KEY-symas-com-signing-key
That's was i was looking for. Thank you
smime.p7s
Description: S/MIME Cryptographic Signature
1 - 100 of 158 matches
Mail list logo