You can setup lload or haproxy and point the offending apps to the new
endpoints
On Wed, Sep 24, 2025, 08:37 Marc wrote:
> Exactly! It seems very difficult to get developers to understand even the
> basics...
>
>
> >
> > In most cases, these problems are caused by poorly developed LDAP
> > integ
the slave from succeeding via this
path.
Everything is now functioning as expected.
I wanted to share this resolution in case it could help others who might
encounter a similar debugging scenario in the future.
Thanks for your work and patience.
Regards,
On Thu, May 15, 2025 at 2:02 PM Óscar Re
there some way to check where it is trying to bind?
I don't know where else to look in order to find out what 's wrong.
Anyone have any tips?
Thank you so much for your help.
[1]
https://kb.symas.com/en_US/configuration/configuring-ppolicy-for-openldap-25
[2] https://kb.symas.com/e
Hi,
Some background; a Windows user of my open source ETL software
complained about the huge files. Under Linux I don't have any issues,
but I wanted to resolve this issue by implementing automatic growth via
a pattern: MapFullError, set_mapsize, apply writing batch again.
This week I enter
As taken from elsewhere on this list:
The primary issue is that if a server goes into REFRESH mode, the order in
which the entries are sent back may not allow the slapo-memberOf overlay to
rebuild the groups correctly.
Details:
https://bugs.openldap.org/show_bug.cgi?id=8613
For dynlist:
Take th
I see this on our consumers when waiting on writes to be accepted by the
provider/ or when it's unreachable.
leave
Hi,
Take a look at TLSCipherSuite
Erik
On Wed, Dec 14, 2022, 07:23 Andre Rodier wrote:
> Hello,
>
> I have configured OpenLDAP using SSL certificate, but I have a few issues.
>
> Here the TLS configuration, especially "olcTLSProtocolMin: 3.3"
>
> > # AUTO-GENERATED FILE - DO NOT EDIT!! Use lda
Try "NORMAL:-RSA"
Your version is probably build against gnutls instead of openssl
See: the manual on TLSCipherSuite
On Wed, Dec 14, 2022, 08:41 Andre Rodier wrote:
> On 14/12/2022 07:32, Erik de Waard wrote:
> > Hi,
> >
> > Take a look at TLSCipherSuite
>
Not sure if OpenBSD should be supported, but I gave it a try and the
second test failed.
$ uname -a
OpenBSD cpan-smoker-openbsd 7.1 GENERIC.MP#465 amd64
> Starting test001-slapadd for mdb...
running defines.sh
Running slapadd to build slapd database...
Segmentation fault (core dumped)
slapa
Em 04/10/2022 18:17, Quanah Gibson-Mount escreveu:
Generally, if you can let us know what OS you ran the tests on, and if
they all passed (or failed) and if you can also run "make its" in the
test suite directory after running "make test" to check that there are
no failures in the regressio
Hello Quanah,
I would like to help but his is the first time I run the tests. Is there
a guideline/howto to follow up?
I executed the tests and go no errors, should I provide back the results?
Is there any infrastructure to report the tests, something like
https://qa.perl.org/?
I went quic
I guess I failed to express myself properly.
I do know memberOf is not a requirement: regular exporting data from
/etc/passwd, /etc/shadow and /etc/group as LDIF files are working as
expected.
But wouldn't it be a better option to use it instead of handling data in
multiple places (users and
Greetings,
For a matter of studying OpenLDAP, I decided to create a CLI in Golang
that is based on the migrationtools
(https://gitlab.com/future-ad-laboratory/migrationtools), which is
written in Bash and (very old) Perl code.
All the Golang module is available here:
https://github.com/gl
I guess you need to install the development package of OpenSSL on CentOS
7, the "regular" one won't do it. Double check that.
Besides that, I suggest quitting using CentOS 7: look for Rocky Linux
and AlmaLinux.
On 09/08/2022 03:01, vmaidar...@gmail.com wrote:
Hi Team,
I'm compiling OpenLDAP
Hi,
So I'm not really sure if this is a bug or a limitation. Or
misconfiguration on my part. But If someone from Sysmas could clarify it.
I'd appreciate it :D
if your app allows filter modification you can work around it by making an
unnested filter like so:
ldapsearch -H ldap:/// -LLL -x -b 'dc
$OpenLDAP: slapd 2.5.11
Hi, i've a weird case where olcLastBind defaults to TRUE.
When using convert (slaptest) method.
and explicit lastbind to off/false has no effect.
#Initialize slapd with convert method
slaptest -f /etc/openldap/slapd.conf.init -F /etc/openldap/slapd.d/
slapcat -n0 | grep La
;
> I agree with your suggestion: it seems more interresting for the given
> pwdChangedTime to take precedence over the one computed by the password
> policy.
>
> If it is ok for you, I can create an issue.
>
> >
> >> Could you define this behaviour somewhere?
>
Great, I wrote these
https://github.com/peppelinux/ansible-slapd-eduperson2016/tree/master/roles/slapd_configure
Il sab 29 ago 2020, 18:49 Stefan Kania ha scritto:
> I wrote some Ansible roles to set up a testing environment, mybe someone
> is interested in testing the roles. You can find all fi
Bad news Quanah,
I think that there would the need to have many pluggable storages with an
abstract layer in between.
NoSQL, SQL and others (like elastic search) are so many important storage
engines nowadays, It would be awesome to have them in slapd.
Replication would works only on mdb, because
Hi Clément, great job, awesome!
Is there any possibilities to have in ltb the SQL backend in future
releases?
Official Deb packages lacks of this, It seems a little bit Buffy so ltb
would be a great opportunità to have a well supported sql backend without
SRC compilations
Regards
Il lun 17 ago
You can find slapd 2.4.50 in buster-backports
https://github.com/peppelinux/ansible-slapd-eduperson2016#debian-10-2447-memory-leakage
Il mar 11 ago 2020, 20:38 Shaheena Kazi ha
scritto:
> My product is a security product and hence I would like to stick to 2.4.44
> or a version provided by buste
Ciao kumar,
A fully working example, configurable with ansible with delta syncrepl
ready to go, for studies and prototyping, Is here:
https://github.com/peppelinux/ansible-slapd-eduperson2016
Run as It come in a container, for a replica node see delta repl readme,
Have fun and don't give up
Il
Hi guys,
I wrote this simple script to have human readable olaAccess lists
https://github.com/peppelinux/slapd_acl
hope you'll enjoy
--
Dott. Giuseppe De Marco
CENTRO ICT DI ATENEO
University of Calabria
87036 Rende (CS) - Italy
Phone: +39 0984 496961
e-mail: giuseppe
on Python 80)
> >
> > I look at django-ldapdb but project is almost dead and does not have
> > all that I need.
>
>
> openldapjs
> https://github.com/6labs/openldapjs.git
> perl Net::LDAP
> python-ldap
> https://stroeder.com/software.html
>
> -Dieter
>
On 1/29/20, Howard Chu wrote:
>
> Most likely slapd ran out of filedescriptors, as the BSD default for the
> nfiles
> ulimit tends to be small. Raising your ulimit should allow this to pass.
Easy enough to check. Will do as soon as I get a chance to start up that server.
Probably not an OpenLDAP
On 1/28/20, Quanah Gibson-Mount wrote:
> This is the second testing call for OpenLDAP 2.4.49. Depending on the
> results, this may be the only testing call.
>
Under NetBSD 8.1 (i386) compilation was eventually successful:
- SASL is not in the distribution, so the "/usr/pkg" prefix was needed
in a
This Is quite cute,
https://github.com/P-H-C/phc-winner-argon2
Regards
Il mer 8 gen 2020, 03:08 Quanah Gibson-Mount ha scritto:
>
>
> --On Tuesday, January 7, 2020 11:25 PM +0100 Michael Ströder
> wrote:
>
> > AFAICS RFC 3112 was never implemented in OpenLDAP. Thus I'd consider
> > this to be r
https://sha-mbles.github.io/
Probably it's time to consider the deprecation of SHA1
Il mar 7 gen 2020, 23:28 Michael Ströder ha scritto:
> On 1/7/20 10:47 PM, Quanah Gibson-Mount wrote:
> > --On Tuesday, January 7, 2020 10:33 PM +0100 Michael Ströder
> > wrote:
> >
> >> On 1/7/20 9:22 PM, Quan
Ho
I made SSHA512 as default this way
dn: olcDatabase={-1}frontend,cn=config
replace: olcPasswordHash
olcPasswordHash: SSHA512
EOF
Once pw-sha2 module was loaded
https://github.com/peppelinux/ansible-slapd-eduperson2016/blob/master/roles/slapd_configure/templates/modules/pw-sha2.ldif
Il ma
Try to connect to ldaps://localhost:636
Cn must be localhost if that's configured in the certs, but... Are you sure
that localhost should be the fqdn?
Il gio 2 gen 2020, 17:39 Dunne, Kenneth ha
scritto:
> All
>
>
>
> I am able to connect to my home-built OpenSSL installation (from Dec-19
> sou
Probably that error is something regarding socket read/write permissions
Il giorno gio 5 set 2019 alle ore 17:14 Giuseppe De Marco <
giuseppe.dema...@unical.it> ha scritto:
> Hi Shiva,
>
> Here you should find what you're looking for:
> https://github.com/peppelinux/pyMult
erlayConfig
> objectClass: olcOvSocketConfig
> olcOverlay: {0}sock
> olcDbSocketPath: /tmp/sockoverlay-listener1
> olcDbSocketExtensions: binddn peername ssf
> olcOvSocketOps: bind unbind search
>
> Eagerly waiting for the reply.
>
> Thanks,
> Shiva
>
--
Hi Marc,
Slapd-proxy or slapd-meta could be the solution
Il dom 25 ago 2019, 14:42 Marc Roos ha scritto:
>
> Anyone having some experience using socat (or something similar?) to
> connect to a remote slapd server tcp/tls with a local socket? I have a
> client that requires the local ldapi socket
Il ven 16 ago 2019, 12:20 Michael Ströder ha scritto:
> On 8/16/19 12:02 PM, Marc Roos wrote:
> > Is it possible to reference an environment variable in olcSyncrepl:
> > {0}rid= ?
>
> No.
>
> My recommendation is to use a decent config managment (ansible, chef,
> puppet, salt, ..) for the job.
>
On 8/7/19, David Magda wrote:
>
> That is an argument for timed releases. The OpenBSD project is a good
> example: they release twice a year. If a feature cannot be made stable in
> time for one release, they either back it out or do not commit in the first
> place, and simply try to make it work
ood it was a silly ACL problem behind this.
I just added an ACL as follow and everything works fine!
export BASEDC="dc=myorganization,dc=it"
ldapadd -Y EXTERNAL -H ldapi:/// < ha scritto:
> On 7/25/19 11:31 AM, Giuseppe De Marco wrote:
> > I made a configuration to g
8051,
to get it to work in Debian10 ?
or
Am I facing a bug present in openldap 2.4.47 ?
Thank you in advance for everything you would tell me,
Cheers
[1]
https://github.com/openldap/openldap/blob/master/servers/slapd/back-sock/searchexample.pl
--
Dott. Giuseppe De Marco
CENTR
Il giorno gio 25 lug 2019 alle ore 11:31 Giuseppe De Marco <
giuseppe.dema...@unical.it> ha scritto:
>
> My doubts:
> Is there any need to change configuration, following ITS#8714 and
> ITS#8051, to get it to work in Debian10 ?
> or
> Am I facing a bug present in openlda
m and it also blocked efforts on my part to port the client tools
from OpenLDAP 2.4: I just felt I was not up to the task.
That's my CV in a few sentences. If you can find a role for me to play
towards 2.5, I'll help. The price is dealing with scratchy personality
and some very fixed i
On 2019/04/08 09:06, Mikael Bak wrote:
Since there seems to be no concept of private OID space, then I will
start the procedure to register the Hungarian National Library with IANA
to obtain OID number.
I once went through the process and it seemed very simple. But it lapsed
as it was prematur
Abdelkader Chelouah wrote:
> > Hi,
> >
> > slapd 2.4.44
> >
> > OpenLDAP instance configure as a proxy (back-ldap)
> >
> >
> > From time to time, bind operations can take more than 5 sec. These
> > latencies do not seem to come from a CPU or memory problem. I'm trying to
> > see if the network
>
On 2019/02/11 16:14, Hallvard Breien Furuseth wrote:
No. We could document that as a recommendation for opening existing DBs.
That just proves my point, I suppose: it usually suffices for
documentation to be complete, whereas what is happening here is that OP
overlooked something that would
On 2019/02/11 16:25, Howard Chu wrote:
There's nothing subtle here, the doc is quite explicit. Wasting additional
paragraphs
only brings complaints from users that "the docs are too big to read."
For every such complaint, Howard, I am confident that there are dozens
of users who are grateful
On 2019/02/11 09:22, Howard Chu wrote:
*Opening* a DBI handle can only be done by one transaction.*Using* an open
DBI handle
can be done by any transactions.
That still means that the "opening transaction" must complete before the
handle becomes public. I guess (I really am applying commons
KxMAUhDf4cFLUwUDFPoUC0SoDWQoG6NsKE5YQg==base64: invalid input
It's not what you want, is it?
$ echo '{SSHA}KxMAUhDf4cFLUwUDFPoUC0SoDWQoG6NsKE5YQg==' | base64
e1NTSEF9S3hNQVVoRGY0Y0ZMVXdVREZQb1VDMFNvRFdRb0c2TnNLRTVZUWc9PQo=
Was that "o" near the end a cut-n-paste error?
--
Lucio De Re
On 11/7/18, Frank Swasey wrote:
>
> I'm justifying it to myself by saying that schemachecking is on on the
> producer, and as long as the consumer works correctly (and has no local
> writes), the data being valid on the producer is more important than the
> schema being valid on the replica.
>
I g
On 11/7/18, Frank Swasey wrote:
> [ ... ]
> With schemachecking off, the only problem is inside my head.
>
But also in mine, as I would assume that turning schemachecking off
should be reserved for short burst of special purpose (recovery, for
example) activities, not for production operation.
I
On 11/6/18, Frank Swasey wrote:
> [ ... ]
> It actually turns out that it is best to leave the objectClass values there
> (I've discovered I have customers who are using the presence of the
> objectClass value as an indicator of eligibility for some service).
>
I thought you said that this caused
Hello everybody,
I am getting a lot of these slap_global_control messages in my syslog.
I searched online and tried adding the bellow to my /etc/ldap/slapd.conf
but it did not help.
Does somebody know how to resolve these messages?
Kind regards,
Jelle de Jong
include /etc/ldap
?
Kind regards,
Jelle de Jong
Jun 15 12:39:29 stayce smbd[9632]: [2017/06/15 12:39:29.549569, 0]
lib/smbldap.c:1225(smbldap_connect_system)
Jun 15 12:39:29 stayce smbd[9632]: failed to bind to server
ldap://localhost with dn="cn=admin,dc=companyone,dc=nl" Error: Can't
cont
Someone know how to search a object DN and return a CN ? I have this object
DN ( Q049c3Vwb3J0ZTNkYiBzdXBvcnRlIGRhIDNkYixPVT1Vc3XDoXJpb3MsREM9Y2hlc3BhZ
) and i need the CN of object.
(8) +
slapadd(8)) and start replicating from your actual servers.
And then, after some testing, you can make the switch between servers.
Regards,
*Oscar Remírez de Ganuza Satrústegui*
IT Services
Universidad de Navarra
Tel. +34 948425600 x803130
http://www.unav.edu/web/it/
ldap-a-compar
>> ison-of-back-mdb-and-back-hdb-performance/> and <
>> https://wiki.zimbra.com/wiki/OpenLDAP_MDB_vs_HDB_performance>.
>>
>> --Quanah
>>
>>
*Oscar Remírez de Ganuza Satrústegui*
IT Services
Universidad de Navarra
Tel. +34 948425600 x803130
http://www.unav.edu/web/it/
On Fri, Aug 19, 2016 at 7:52 PM, Michael Ströder
wrote:
> Óscar Remírez de Ganuza Satrústegui wrote:
> > * We have adapted our nagios script so that it now checks both contextCSN
> > and last modified entry's entryCSN values in order to know if slave
> > replication is
e will have to live with this issue then:
* We have adapted our nagios script so that it now checks both contextCSN
and last modified entry's entryCSN values in order to know if slave
replication is working ok.
* We are also checking on cn=Tasklist,cn=Threads,cn=Monitor if the
replicatio
Good morning,
I am writting from IT Services from Universidad de Navarra.
We have recently upgraded our openldap servers from openldap 2.4.34 with
BDB 5.3.21 to openldap 2.4.44 with MDB databases.
We have got configured replication from the master server [1] to some slave
servers [2] (syncrepl
On 05/01/15 00:08, Howard Chu wrote:
Michael Ströder wrote:
Howard Chu wrote:
Now - nameForms only specify a structuralObjectClass that they
control. It's
up to the DIT Structure Rule to define where in the DIT they take
effect.
But there is no reference from a DIT structure rule to the stru
On 04/30/15 22:02, Howard Chu wrote:
Michael Ströder wrote:
Howard Chu wrote:
Michael Ströder wrote:
On 2015-04-30 13:37, Howard Chu wrote:
No. Name forms are only used when a DIT Structure Rule references
them.
Are you sure? If yes, then please point out what's missing herein:
PS: you sh
On 05/01/15 01:37, Michael Ströder
wrote:
Howard
Chu wrote:
There can only be one DIT Structure Rule
for an entry, and a DIT
Structure Rule can only reference one nameForm. For any given
entry, only one
n
Suppose a name form is attached to a structural object class. Then, when
referring to entries belonging to that object class (which has no DIT
Structure Rules associated to it), is using the MUST attributes as
defined in the name form to construct AVA still necessary?
No DIT Structure Rules re
On 04/28/15 13:22, Christian Kratzer wrote:
Hi,
On Mon, 27 Apr 2015, Quanah Gibson-Mount wrote:
--On Tuesday, April 28, 2015 10:58 AM +0530 dE
wrote:
Yes, so subclasses do not define MAY; it's defined by the MAY of the
top
object class.
The "top" objectClass does not co
On 04/28/15 11:18, Dario Zanzico wrote:
On Tue, Apr 28, 2015, at 07:21 AM, dE wrote:
From https://tools.ietf.org/html/rfc4512
it
can be said that an object class inherits the sets of *allowed*
and
required attributes from its superclasses
Therefore the top
From https://tools.ietf.org/html/rfc4512
it
can be said that an object class inherits the sets of *allowed* and
required attributes from its superclasses
Therefore the top object class contains all possible attributes? OR
A subclasses cannot contain any attribute which is not i
On 04/19/15 11:42, dE wrote:
As per https://tools.ietf.org/html/rfc4512#section-3.3
When creating an entry or adding an 'objectClass' value to an entry,
all superclasses of the named classes SHALL be implicitly added as
well if not already present.
That means the top object
On 04/27/15 02:07, Dieter Klünter wrote:
Am Sun, 26 Apr 2015 21:05:44 +0530
schrieb dE :
On 04/26/15 17:13, Michael Ströder wrote:
dE wrote:
Super this is the superclass chain --
A->B
A is defined by MUST ObjectClass MAY ( cn abc xyz cxy )
B is defined by MUST ObjectClass MAY ( cn
On 04/21/15 15:36, Andrew Findlay wrote:
On Mon, Apr 20, 2015 at 11:06:07AM +0530, dE wrote:
I'm concerned about the attributes. Does adding of the top object
class (or person) add all attributes to the entry?
No. 'top' is defined in RFC4512:
( 2.5.6.0 NAME
On 04/21/15 11:43, Ulrich Windl wrote:
dE schrieb am 20.04.2015 um 07:36 in Nachricht
<55349047.7020...@gmail.com>:
On 04/20/15 00:59, Ryan Tandy wrote:
On Sun, Apr 19, 2015 at 11:42:16AM +0530, dE wrote:
As per https://tools.ietf.org/html/rfc4512#section-3.3
When creating an en
es. Might it be possible that dE (miss)reads 'SUB' as 'subprdinate' when it
actually
means 'subclass'? When talking about LDAP the term 'subordinate' does have a
well
defined meaning (that is irrelevant to this discussion).
The possible attributes that any
On 04/27/15 01:13, Mattes wrote:
Am Sonntag, 26. April 2015 20:07 CEST, Michael Ströder schrieb:
Also I don't understand what the term "significance of subordinate classes"
means to you in this context.
Yes. Might it be possible that dE (miss)reads 'SUB'
On 04/26/15 23:37, Michael Ströder wrote:
dE wrote:
On 04/26/15 17:13, Michael Ströder wrote:
dE wrote:
Super this is the superclass chain --
A->B
A is defined by MUST ObjectClass MAY ( cn abc xyz cxy )
B is defined by MUST ObjectClass MAY ( cn cxy )
Then an entry belonging to B (expli
On 04/26/15 17:13, Michael Ströder wrote:
dE wrote:
Super this is the superclass chain --
A->B
A is defined by MUST ObjectClass MAY ( cn abc xyz cxy )
B is defined by MUST ObjectClass MAY ( cn cxy )
Then an entry belonging to B (explicit) and A (implicit,
automatically added)
cannot h
On 04/26/15 15:27, Michael Ströder wrote:
dE wrote:
On 04/20/15 22:56, Michael Ströder wrote:
dE wrote:
Does adding of the top object class (or
person) add all attributes to the entry?
Nope. Which text in RFC 4512 leads to your presumption?
Sorry for the late response. I was out of town
On 04/26/15 10:46, Howard Chu wrote:
dE wrote:
On 04/20/15 22:10, Quanah Gibson-Mount wrote:
--On Monday, April 20, 2015 12:06 PM +0530 dE
wrote:
I'm concerned about the attributes. Does adding of the top object
class
(or person) add all attributes to the entry?
No. Look u
On 04/20/15 22:10, Quanah Gibson-Mount wrote:
--On Monday, April 20, 2015 12:06 PM +0530 dE
wrote:
I'm concerned about the attributes. Does adding of the top object class
(or person) add all attributes to the entry?
No. Look up the difference between "MUST" and "M
On 04/20/15 22:56, Michael Ströder wrote:
dE wrote:
Does adding of the top object class (or
person) add all attributes to the entry?
Nope. Which text in RFC 4512 leads to your presumption?
Ciao, Michael.
Sorry for the late response. I was out of town.
From the responses, it appears the
On 04/20/15 01:37, Michael Ströder wrote:
dE wrote:
Suppose this is the superclass chain --
A -> B -> C -> D -> E -> F -> G
Then for D, the superclass chain is A -> B -> C, and in this chain D
is the
most subordinate.
Yes.
For F, the superclass chain is A -> B
On 04/20/15 00:59, Ryan Tandy wrote:
On Sun, Apr 19, 2015 at 11:42:16AM +0530, dE wrote:
As per https://tools.ietf.org/html/rfc4512#section-3.3
When creating an entry or adding an 'objectClass' value to an entry,
all superclasses of the named classes SHALL be implicitly added as
On 04/20/15 01:44, Michael Ströder wrote:
dE wrote:
On 04/18/15 03:24, Michael Ströder wrote:
dE wrote:
On 04/15/15 19:31, Howard Chu wrote:
dE wrote:
According to RFC 4512
An entry can belong to any subset of the set of auxiliary object
classes allowed by the DIT content rule
On 04/18/15 03:19, Michael Ströder wrote:
dE wrote:
On 04/15/15 19:28, Michael Ströder wrote:
dE wrote:
"An object or alias entry is characterized by precisely one
structural object class superclass chain which has a single
structural object class as the most subordinate o
As per https://tools.ietf.org/html/rfc4512#section-3.3
When creating an entry or adding an 'objectClass' value to an entry,
all superclasses of the named classes SHALL be implicitly added as
well if not already present.
That means the top object class will always be there.
Or is it that o
On 04/18/15 03:19, Michael Ströder wrote:
dE wrote:
On 04/15/15 19:28, Michael Ströder wrote:
dE wrote:
"An object or alias entry is characterized by precisely one
structural object class superclass chain which has a single
structural object class as the most subordinate o
On 04/18/15 03:24, Michael Ströder wrote:
dE wrote:
On 04/15/15 19:31, Howard Chu wrote:
dE wrote:
According to RFC 4512
An entry can belong to any subset of the set of auxiliary object
classes allowed by the DIT content rule associated with the
structural object class of the entry
On 04/15/15 19:31, Howard Chu wrote:
dE wrote:
According to RFC 4512
An entry can belong to any subset of the set of auxiliary object
classes allowed by the DIT content rule associated with the
structural object class of the entry.
From what I understand, this means auxiliary classes
On 04/15/15 19:28, Michael Ströder wrote:
dE wrote:
"An object or alias entry is characterized by precisely one
structural object class superclass chain which has a single
structural object class as the most subordinate object class.
This structural object class is ref
"An object or alias entry is characterized by precisely one
structural object class superclass chain which has a single
structural object class as the most subordinate object class.
This structural object class is referred to as the structural
object class of the entry."
T
According to RFC 4512
An entry can belong to any subset of the set of auxiliary object
classes allowed by the DIT content rule associated with the
structural object class of the entry.
From what I understand, this means auxiliary classes do not 'augment';
the no. of attributes which are p
I was reading https://tools.ietf.org/html/rfc4512; there is a mention of
attribute description, but there is no mention of 'attribute name'; or
the name using which attributes are referred to.
Does such a thing exist or is one of the attribute options used as the
name to refer to it or is it i
On 04/12/15 09:21, dE wrote:
I was reading https://tools.ietf.org/html/rfc4512; there is a mention
of attribute description, but there is no mention of 'attribute name';
or the name using which attributes are referred to.
Does such a thing exist or is one of the attribute options u
On 04/06/15 23:39, Michael Ströder wrote:
dE wrote:
I was reading RFC 4512, here there is a mention of 'object' for the
first time
in "Object identifiers (OIDs) [X.680] are represented in".
Question is what is an object?
Is it an entry (aka directory) in the
Hi!
I was reading RFC 4512, here there is a mention of 'object' for the
first time in "Object identifiers (OIDs) [X.680] are represented in".
Question is what is an object?
Is it an entry (aka directory) in the server?
Hi list,
First off, best wishes for 2014.
I've been looking into the deref control that was pointed out here (in
the Oracle OpenLDAP PPolicy ppolicy and the hierarchy thread).
With some trail and error I got things working so I thought to document
what I did in the hopes that it may be useful fo
On Thu, 2013-12-26 at 07:41 -0800, Howard Chu wrote:
> This was developed at the request of the Samba team, and some of those
> developers also worked on SSSD, so it has already been implemented in
> significant volumes.
libraries/libldap/deref.c contains ldap_create_deref_control() which
uses LDA
On Wed, 2013-12-25 at 16:44 +0100, Michael Ströder wrote:
> Furthermore there's slapo-deref which seems to work. The client
> control can be used to retrieve all the 'uid' values in member
> entries. The NSS provider has to extract the 'uid' values from the
> response control value.
>
> See https:
On Wed, 2013-12-25 at 15:27 +0100, Michael Ströder wrote:
> Arthur de Jong wrote:
> > Additionally, if you plan to use the contents of the tree
> > as Unix users and want to have reasonable performance for
> > large trees, you should either:
> >
> > - use memberUi
On Mon, 2013-12-23 at 22:52 +0100, Dieter Klünter wrote:
> You use attribute type uniqueMember without any additional UID in order
> to enforce uniqueness. The syntax of uniqueMember attribute type is
> Name and optional UID. But without any additional UID any sort of
> uniqueness cannot be provide
I have a configuration somewhat similar to the one below and the ACLs
seem to be applied using the non-rewritten DN which causes the self
specifier to never match.
We are in the process of configuring a more secure LDAP server with
stricter ACLs and extra security checks without affecting existing
On Fri, 2013-11-01 at 19:30 +0530, slacker lnx wrote:
> But on one of the client, I am unable to login (through ssh) using the
> ldap userids. When I login as root and try to switch user I get a
> message 'user does not exist' (getent passwd and ldapsearch shows the
> user).
One thing that could a
On Tue, Sep 17, 2013 at 9:49 PM, Quanah Gibson-Mount wrote:
> --On Tuesday, September 17, 2013 9:06 PM -0300 Listas de Correo <
> toshiro.lis...@gmail.com> wrote:
>
> Would you mind to provide me more details about the bugs and potential
>> problems of using Debian packag
Hi Quanah,
On Tue, Sep 17, 2013 at 12:21 PM, Quanah Gibson-Mount wrote:
> It is always interesting to me when someone emails the technical list,
> asking for guidance from people who know the most about the software, and
> then ignore it.
I know what you mean, I've suffered that myself :) but t
1 - 100 of 134 matches
Mail list logo