Am 24.04.24 um 12:40 schrieb Marc:
> I am testing a bit with bind's. With consecutive binds with the same test
> account I always get 'result not in cache'. How can I get this in cache?
>
> access_allowed: result not in cache (userPassword)
>
> 6628dba5.0659c27a 0x7ff072843b38 conn=1023 op=0 BIN
re it doesn't
really matter.
Regards,
Uwe
Am 17.04.24 um 16:24 schrieb Jeffrey Walton:
On Wed, Apr 17, 2024 at 3:21 AM Uwe Sauter mailto:uwe.sauter...@gmail.com>> wrote:
Hi all,
one of my Rocky Linux 8 servers was updated automatically to 2.6.7 this
night fro
Hi all,
one of my Rocky Linux 8 servers was updated automatically to 2.6.7 this night
from the Symas repo.
The install script seems to include an automated restart of the service but
that failed with:
main: TLS init def ctx failed: -1 error:0A00018E:SSL routines::ca md too weak
As this is an i
Hi all,
I was wondering if there is any best practice when to use extensibleObject in
contrast to creating
new objectClasses within a local schema.
E.g. I have the need to filter the visibility of posixGroups depending on some
attribute when sssd
is accessing the directory.
What I could do is
I got about 5 addressed to my Gmail account.
Contraty to the message's content no sample was attached.
Am 19.01.24 um 09:29 schrieb Marc:
> Any one else getting ~20 messages?
>
>> -Original Message-
>> From: openldap-technical-
>> bounces+c0b8b5a8faa7db954b532a84b16686b22acfe...@openlda
Dear Symas team,
Happy new year!
Whenever there are issues with distribution provided packages you are promoting
your own
repositories at https://repo.symas.com .
I was wondering if there are any plans to provide an OpenLDAP 2.6 repo for
Debian 12 Bookworm?
I understand that you save the effo
Am 05.12.23 um 14:32 schrieb Uwe Sauter:
> Am 05.12.23 um 14:24 schrieb Stefan Kania:
>>
>>
>> Am 05.12.23 um 13:50 schrieb Michael Wandel:
>>> What options you are using with your ldapsearc command ?
>>
>> just a "ldapsearch -x" so everything e
Am 05.12.23 um 14:24 schrieb Stefan Kania:
>
>
> Am 05.12.23 um 13:50 schrieb Michael Wandel:
>> What options you are using with your ldapsearc command ?
>
> just a "ldapsearch -x" so everything else should be read from .ldaprc.
You need to at least also use "-W" or else it will fallback to ano
Am 05.12.23 um 13:41 schrieb Stefan Kania:
> Hi to all,
>
> I just started to use my own .ldaprc file in $HOME:
> -
> URI ldaps://provider01.example.net ldaps://provider02.example.net
> BASE dc=example,dc=net
> BINDDN uid=repl-user,ou=users,dc=example,dc=net
> TLS_REQCERT demand
>
This totally depends on whether cn=config is replicated from the primary to the
read-only servers.
If cn=config is specific to each host you need to configure the monitoring
backend on each host.
But you could try this easily. Just configure the backend on the primary and
try to access cn=mon
Hi all,
in the ACL chapter of the online documentation to OpenLDAP 2.6 (and likely the
versions before)
there might be a mismatch of singular/plural usage of the "users" keyword.
In chapter 8.3.2 "who to grant access to" table 5.3 lists specifier "users" as
"authenticated users"
entities. This
Am 27.10.23 um 09:51 schrieb Alejandro Imass:
> Thank you for answering my question, comments below:
>
> On Thu, Oct 26, 2023 at 10:52 PM Uwe Sauter <mailto:uwe.sauter...@gmail.com>> wrote:
>
>
> when comparing the LDIF you used to initialize with the slapcat o
Hi,
when comparing the LDIF you used to initialize with the slapcat output, what I can see is that you have no distict
definition of olcDatabase={0}config,cn=config. I suspect that OpenLDAP then used default vaules, including the "to * by
* none" ACL.
How mission critical is this server? Can
Am 26.09.23 um 16:23 schrieb Uwe Sauter:
Am 26.09.23 um 15:38 schrieb Marc:
I'm currently experimenting with (MIT) Kerberos and got to the point where
I need to add the Kerberos definitions to
LDAP (krb5-kdc.ldif). (This is on Rocky Linux 9 with symas-openldap-
servers-2.6.6-1.el9.x
Am 26.09.23 um 15:38 schrieb Marc:
I'm currently experimenting with (MIT) Kerberos and got to the point where
I need to add the Kerberos definitions to
LDAP (krb5-kdc.ldif). (This is on Rocky Linux 9 with symas-openldap-
servers-2.6.6-1.el9.x86_64.)
First question: is this the correct schema
Dear all,
I'm currently experimenting with (MIT) Kerberos and got to the point where I need to add the Kerberos definitions to
LDAP (krb5-kdc.ldif). (This is on Rocky Linux 9 with symas-openldap-servers-2.6.6-1.el9.x86_64.)
First question: is this the correct schema file or should I use the on
Norman,
did you try to provide a hostname in the URI?
ldapsearch -x -H 'ldap:///dc=example,dc=net' '(cn=foo)'
instead of
ldapsearch -x -H 'ldap:///dc=example,dc=net' '(cn=foo)'
?
Regards,
Uwe
Am 20.02.23 um 14:19 schrieb Norman Gray:
>
> Ede, hello.
>
> On 20 Feb 2023, at 12:49,
> Stop server 1
> change slapd.conf
> slapindex -q -f /path/to/slapd.conf -b "your base"
> start server 1
>
> stop server 2
> change slapd.conf
> slapindex -q -f /path/to/slapd.conf -b "your base"
> start server 2
>
>
> Neither server cares about the indexing in place on the other server. The
Dear list,
I need to add an index for a new attribute in an active-active replication
scenario.
I know I need to run slapindex to create the index for existing entries after I
changed the
configuration file (yes, still on 2.4 with slapd.conf). But what is the correct
procedure to update
both s
As far as I understand, everybody with write access to the userPassword
attribute can set this to any value.
In order to involve the ppolicy module you need to use extended
ldapmodify functionality (ldappasswd, ldapmodify -E ppolicy or a
properly configured passwd/PAM stack).
Am 24.06.22 um
Dear list,
is there a way to configure slapd to not emit messages regarding
"connection_read(XXX): no connection!"?
Currently the configuration contails "loglevel none" but these messages are
sent to syslog
local4.debug regardless.
In case the version is relevant, this is 2.4.59 on RHEL 8.4. s
Am 18.03.21 um 17:36 schrieb Michael Ströder:
> On 3/18/21 5:06 PM, Uwe Sauter wrote:
>> Am 18.03.21 um 16:13 schrieb Dale Thompson - NOAA Federal:
>>> There is a slightly sneaky way to get openldap to support any crypt
>>> the native OS will support with the {CRYPT
Am 18.03.21 um 16:13 schrieb Dale Thompson - NOAA Federal:
> There is a slightly sneaky way to get openldap to support any crypt the
> native OS will support with
> the {CRYPT} option. Change the openldap option password-crypt-salt-format. On
> my servers the value
> is set to "$6$%.8s" which giv
thus the test succeeds.
Regards,
Uwe
Am 05.02.21 um 08:40 schrieb Uwe Sauter:
Good morning,
I'm trying to restrict access to the operational attributes that are provided
by the ppolicy overlay
(e.g. pwdChangedTime, pwdHistory).
When I add the following to my ACL configuration
2.4.47:
Fixed slapo-ppolicy with multi-provider replication (ITS#8927)
2.4.48:
Fixed slapo-ppolicy behavior when pwdInHistory is changed (ITS#8349)
2.4.49:
Fixed slapo-ppolicy when used with slapauth (ITS#8629)
Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime
Am 06.02.21 um 00:29 schrieb Quanah Gibson-Mount:
--On Saturday, February 6, 2021 12:06 AM +0100 Uwe Sauter
wrote:
Yes it is. Account locking after failed attempts, password changes
honoring configured rules, password history etc. all works since this was
set up in 2017. Back then I
Am 5. Februar 2021 22:15:47 MEZ schrieb Liam Gretton :
>On 2021-02-05 18:55, Uwe Sauter wrote:
>> # slaptest
>> 601d92d6 /etc/openldap/acl.conf: line 84: unknown attr "pwdHistory"
>in to clause
>> […]
>> slaptest: bad configuration file!
>>
>&g
Am 05.02.21 um 20:03 schrieb Michael Ströder:
On 2/5/21 7:55 PM, Uwe Sauter wrote:
Am 05.02.21 um 17:31 schrieb Michael Ströder:
On 2/5/21 8:40 AM, Uwe Sauter wrote:
I'm trying to restrict access to the operational attributes that are
provided by the ppolicy overlay
(e.g. pwdChange
Hi Michael.
Am 05.02.21 um 17:31 schrieb Michael Ströder:
On 2/5/21 8:40 AM, Uwe Sauter wrote:
I'm trying to restrict access to the operational attributes that are provided
by the ppolicy overlay
(e.g. pwdChangedTime, pwdHistory).
When I add the following to my ACL configuration file an
Good morning,
I'm trying to restrict access to the operational attributes that are provided
by the ppolicy overlay
(e.g. pwdChangedTime, pwdHistory).
When I add the following to my ACL configuration file and try to verify the
configuration an error
occurs:
ACL
access to attrs=pwdHistory
30 matches
Mail list logo