Re: (ITS#7581) adding meta backend in cn=config with ldapadd / ldapmodify
by hyc@symas.com
hyc(a)symas.com wrote:
> dcoutadeur(a)linagora.com wrote:
>> Full_Name: dcoutadeur
>> Version: 2.4.35 / git
>> OS: openSuse 11.3 x86_64
>> URL:
>> Submission from: (NULL) (80.67.162.201)
>>
>>
>> I apologize in advance if this is not considered as a bug, but I thought this
>> ticket should help the community anyway...
>>
>> The problem is that it seems impossible to add meta backend in cn=config thanks
>> to ldapadd / ldapmodify clients. I thought the major interest for cn=config was
>> precisely to let administrators change the configuration in a remote way, but
>> maybe new database configuration is an exception ?
>
> Seems we need some rework here to allow this case. Currently bconfig assumes
> that the olcDatabaseConfig entry is sufficient by itself, and any child
> entries underneath are just optional. It doesn't handle the case where the
> olcDatabaseConfig entry is basically an incomplete config.
Should work now in git master, please test.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
7 years, 11 months
Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
by michael@stroeder.com
This is a cryptographically signed message in MIME format.
--------------ms090403020009030408070805
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
pa(a)marcelot.net wrote:
> It looks like it's not possible to modify the 'objectClass' attribute o=
f
> configuration entries.
>=20
> I have some code generating entries for OpenLDAP configuration from a U=
I utility
> and updating existing configuration entries in DIT.
> This code generates entries with the 'objectClass' attribute containing=
the full
> object class hierarchy (all the way to 'top') and not only the highest
> structural object class (which is the case of default OpenLDAP configur=
ation).
>=20
> When updating the configuration in the DIT, the code then tries to comp=
lete the
> 'objectClass' attribute with the full list of object classes.
> That operations ends with "error code 53- UnwillingToPerform".
>=20
>=20
> Here's an example on the "cn=3Dconfig" entry:
> #!RESULT ERROR
> #!CONNECTION ldap://10.211.55.13:389
> #!DATE 2013-05-22T14:56:03.039
> #!ERROR [LDAP: error code 53 - UnwillingToPerform]
> dn: cn=3Dconfig
> changetype: modify
> replace: objectClass
> objectClass: olcConfig
> objectClass: olcGlobal
> objectClass: top
It's not necessarily a bug.
I think LDAP clients should not act too "smart" and therefore should not
automagically add object classes from the structural object class chain i=
f
they are not already present. You will run into issues with various LDAP
server implementations - at least according to experiences I made with
conducting interop testing with web2ldap and several server implementatio=
ns.
A schema-aware client could auto-complete structural object class chain i=
f
adding a new entry though. But again: Don't be too smart.
May I ask which UI utility you're using?
Ciao, Michael.
--------------ms090403020009030408070805
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILHzCC
BT8wggQnoAMCAQICDwCmSwABAAIAivjZQ8SBvzANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQG
EwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21iSDElMCMGA1UECxMcVEMgVHJ1c3RD
ZW50ZXIgQ2xhc3MgMSBMMSBDQTEoMCYGA1UEAxMfVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMSBM
MSBDQSBJWDAeFw0xMjA2MDYxOTAyMTZaFw0xMzA2MDcxOTAyMTZaMCgxCzAJBgNVBAYTAkRF
MRkwFwYDVQQDDBBNaWNoYWVsIFN0csO2ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxXZGav40rnGNLxEggBW94MILWHlfC8a23Jew5U1gPlfRTXOjjzmoaZ1uCyGdgF6M
VvuO9T1aTQNGH+OdeGe3P7Tfc/NsLJFJ2wtd8blvhmodUgse2eypiWjNOd4gZuhalBhgsQ0K
b5D6/1foghII4E264iZlJ7AJ+UYcO+GxvFWT0YMTbLckgDkZk7c3qwTozdhYvXarvqx+8Ou/
kuxpQQhac/ebzxpu0N+RHSf2KIUS0g0tEGnPtGv6iL+9QNHc4JKo9Y9KKVw3tQy+Re+FQLxB
1fPE5F+qxuD3AUENpOwkMsqWLM94ohtx3CFqLpxfUPrnKFLAHOhHEbByYGvFPwIDAQABo4IC
EDCCAgwwgaUGCCsGAQUFBwEBBIGYMIGVMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3LnRydXN0
Y2VudGVyLmRlL2NlcnRzZXJ2aWNlcy9jYWNlcnRzL3RjX2NsYXNzMV9MMV9DQV9JWC5jcnQw
QAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1
c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAU6bgoHUbP/M34TpvF7ktg69g7P9EwDAYDVR0TAQH/
BAIwADBKBgNVHSAEQzBBMD8GCSqCFAAsAQEBATAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3
LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBS2
KAWfTfgJ/JQ63qLGwTXYLnI+LzBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8vY3JsLml4LnRj
Y2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUvY3JsL3YyL3RjX0NsYXNzMV9M
MV9DQV9JWC5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBwYK
KwYBBAGCNxQCAjAfBgNVHREEGDAWgRRtaWNoYWVsQHN0cm9lZGVyLmNvbTANBgkqhkiG9w0B
AQUFAAOCAQEAQ3bvVUpEq+cQrLpcogyt5BJNk/WvUvOHqhzyj28M9pg9hcDl1+MYl5qqj6tR
GSTLPQZyf287pcmbMwbcTGZO/gbW9v7RYcut6RauWdwKMCUmKC3J4fVfDq9ZETA2WOV68ef4
B3Gzdhghsbp3Rhp5dDmrCVKAHlafm6ZwJrEQ9P76fxnQZzRLgeKpZep5ePH5YHUB3+YaOQvJ
FG0bOXvfHhRiRG7/HW2G+yDgjHSxDz8AFzMWL/RFePqZ4pn6T/SM/qU6WEpW39MWyJNoH/Kx
QDYK8gGYuesn1ciMCTnjrvZQj0fonGTO4SfWekJRkuGrJ7dYSZRjYbDcWBBkdFLWzzCCBdgw
ggTAoAMCAQICDgboAAEAAkqWLSQM/sXJMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAkRF
MRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRl
ciBVbml2ZXJzYWwgQ0ExJjAkBgNVBAMTHVRDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJ
MB4XDTA5MTEwMzE0MDgxOVoXDTI1MTIzMTIxNTk1OVowfDELMAkGA1UEBhMCREUxHDAaBgNV
BAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJTAjBgNVBAsTHFRDIFRydXN0Q2VudGVyIENsYXNz
IDEgTDEgQ0ExKDAmBgNVBAMTH1RDIFRydXN0Q2VudGVyIENsYXNzIDEgTDEgQ0EgSVgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC75pBuz2Lp6QuqthDVR+V8XSsncZpozVVt
5KLv5P7yemMRwleKyH3PjmYfZUVL64Biab1GjovFblqVGCrep/EfdRonq20yU+P7TVhiLP8Z
5cegDZotIYhZhM0d8cPIij6w5d4IJM/8QCy6QSOUu4ASiTVItoYE4AFPjLqpmPwcie0fiqHH
hpgmHnJla/7PZdkMZEsaCfVDEWBmJuMzVprJPT40anjG5VBLyM2I5DlsUCaeQCy2O3w3sqf1
3dyzUcv03IICuNc63towXA31Qt0TaVNU6YAmQjMepdfMbspmCZ+G8D2+xophEPPR/1vkstst
smUMqX0XrLonTUJczglPAgMBAAGjggJZMIICVTCBmgYIKwYBBQUHAQEEgY0wgYowUgYIKwYB
BQUHMAKGRmh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2VydHNlcnZpY2VzL2NhY2VydHMv
dGNfdW5pdmVyc2FsX3Jvb3RfSS5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwLnRjdW5p
dmVyc2FsLUkudHJ1c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQ
dXMwEgYDVR0TAQH/BAgwBgEB/wIBADBSBgNVHSAESzBJMAYGBFUdIAAwPwYJKoIUACwBAQEB
MDIwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lczAO
BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOm4KB1Gz/zN+E6bxe5LYOvYOz/RMIH9BgNVHR8E
gfUwgfIwge+ggeyggemGRmh0dHA6Ly9jcmwudGN1bml2ZXJzYWwtSS50cnVzdGNlbnRlci5k
ZS9jcmwvdjIvdGNfdW5pdmVyc2FsX3Jvb3RfSS5jcmyGgZ5sZGFwOi8vd3d3LnRydXN0Y2Vu
dGVyLmRlL0NOPVRDJTIwVHJ1c3RDZW50ZXIlMjBVbml2ZXJzYWwlMjBDQSUyMEksTz1UQyUy
MFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/
Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAOcjE
m+6+mO5Icm+N53G2DpCM07LBFSGoRpBoX0oE8TrJaIQh2KXmBHVdn9LU8kt3QzLclctgvwJV
0KwcsMUUl5tlCsMPpR3s2Ek5lbWpvvr0HqtW56blAQiINV9nBd1EJFASIkRjefGbV2nOq9Yz
UU+N8HA7jq1ROhd/NZZraGhjthwKyfjfHV7PKxGlY+3M0MbTIG+q/GhIfm0euDpFqhKG88e9
ALXr/uoSn3MzeOcoOWjTpW3adtFO4VWVgKbgG7jNrFbvRVlHmFLbOm4msjE5aXWxLiTwpJ2X
iF4zKca1vAdAOgw9us90jEtOeiH6GzjNxEMvb7TfeO6Zkuc6HDGCA84wggPKAgEBMIGPMHwx
CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQLExxU
QyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRlciBD
bGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wCQYFKw4DAhoFAKCCAhMwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwNTIzMTcyNjAwWjAjBgkq
hkiG9w0BCQQxFgQUigp5LllXS15xuHzQioG6nuOqOi0wbAYJKoZIhvcNAQkPMV8wXTALBglg
hkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq
hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBoAYJKwYBBAGCNxAEMYGSMIGP
MHwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQL
ExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRl
ciBDbGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wgaIGCyqGSIb3DQEJEAILMYGS
oIGPMHwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYD
VQQLExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENl
bnRlciBDbGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wDQYJKoZIhvcNAQEBBQAE
ggEAKbzYGPYLZcAWjv0/WTjtlgavVd5dN7dbpT+jLvQpMT32iabw4pq+S4R1giJFoTpmy9PT
bhM6G4EI2k0G62FScEMTYSrARYtm4S6MafnNOqntIYFqEY0VrSzK7Zc0Xpcw49SIoNrSQ8zT
PlqtPVzvSMOLHFwYJSzdmvYgw2SYUGsibYaeG0VqlWzL693QVSDIb2Mn9jaCBvd7LHFwuOlN
stfl7ITPkm6eJ79LcA9l6NVx/bWnDx/sgSDFciFz3NvA5NCyzLmJq1ObFukvI3qPYUS2xtLY
glQ4lTiM7EbfGrXwKDO72J6FueGj6PLQ831+hh6gZr9PMKBvazoPhUvSEQAAAAAAAA==
--------------ms090403020009030408070805--
7 years, 11 months
Re: (ITS#7581) adding meta backend in cn=config with ldapadd / ldapmodify
by hyc@symas.com
dcoutadeur(a)linagora.com wrote:
> Full_Name: dcoutadeur
> Version: 2.4.35 / git
> OS: openSuse 11.3 x86_64
> URL:
> Submission from: (NULL) (80.67.162.201)
>
>
> I apologize in advance if this is not considered as a bug, but I thought this
> ticket should help the community anyway...
>
> The problem is that it seems impossible to add meta backend in cn=config thanks
> to ldapadd / ldapmodify clients. I thought the major interest for cn=config was
> precisely to let administrators change the configuration in a remote way, but
> maybe new database configuration is an exception ?
Seems we need some rework here to allow this case. Currently bconfig assumes
that the olcDatabaseConfig entry is sufficient by itself, and any child
entries underneath are just optional. It doesn't handle the case where the
olcDatabaseConfig entry is basically an incomplete config.
>
> Here are the technical elements :
>
> Content of meta.ldif :
>
> dn: olcDatabase={2}meta,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcMetaConfig
> olcDatabase: {2}meta
> olcSuffix: dc=foo,dc=com
>
> debug information in slapd, after the command :
> ldapadd -H "ldap://localhost:389" -D "cn=config" -W -f meta.ldif
>
> 518220f1 conn=1002 op=1 ADD dn="olcDatabase={2}meta,cn=config"
> 518220f1 meta_back_db_open: no targets defined
> 518220f1 backend_startup_one (type=meta, suffix="dc=foo,dc=com"): bi_db_open
> failed! (1)
> 518220f1 olcSuffix: value #0: <olcSuffix> failed startup (dc=foo,dc=com)!
>
> However, I can add this entry via slapadd :
>
> dn: olcDatabase={2}meta,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcMetaConfig
> olcDatabase: {2}meta
> olcSuffix: dc=foo,dc=com
> olcAddContentAcl: FALSE
> olcLastMod: TRUE
> olcMaxDerefDepth: 15
> olcReadOnly: FALSE
> olcSyncUseSubentry: FALSE
> olcMonitoring: FALSE
> olcDbOnErr: continue
> olcDbPseudoRootBindDefer: TRUE
> olcDbSingleConn: FALSE
> olcDbUseTemporaryConn: FALSE
> olcDbConnectionPoolMax: 16
> olcDbBindTimeout: 100000
> olcDbCancel: abandon
> olcDbChaseReferrals: FALSE
> olcDbNoRefs: FALSE
> olcDbNoUndefFilter: FALSE
> olcDbNretries: 10
> olcDbProtocolVersion: 3
> olcDbRebindAsUser: FALSE
> olcDbSessionTrackingRequest: FALSE
> olcDbTFSupport: no
> structuralObjectClass: olcMetaConfig
> entryUUID: cf8afa3a-a284-4ac8-b60e-9431b0807ed4
> creatorsName: cn=config
> createTimestamp: 20130430162302Z
> entryCSN: 20130430162302.509672Z#000000#000#000000
> modifiersName: cn=config
> modifyTimestamp: 20130430162302Z
>
> The fact is I don't have a metatarget configuration, because this is a subentry
> of olcDatabase={2}meta,cn=config, thus I must add the latter entry first.
>
>
> Also notice that I can't do a slapadd with just the meta configuration. (the
> ldif above). If I do this, I have an error :
> slapadd: could not add entry dn="olcDatabase={2}meta,cn=config" (line=1):
> autocreation of "olcDatabase={-1}frontend" failed
>
> I had to make a backup of the full configuration, and then add the meta
> configuration and import the resulting file.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
7 years, 11 months
Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
by pa@marcelot.net
On 23 mai 2013, at 16:31, Howard Chu <hyc(a)symas.com> wrote:
> pa(a)marcelot.net wrote:
>> Full_Name: Pierre-Arnaud Marcelot
>> Version: 2.4.35
>> OS: Linux Mint
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (78.226.4.211)
>>
>>
>> Hi,
>>
>> It looks like it's not possible to modify the 'objectClass' attribute of
>> configuration entries.
>
> Correct. The config DIT has very rigid schema and layout rules.
Indeed.
>> I have some code generating entries for OpenLDAP configuration from a UI utility
>> and updating existing configuration entries in DIT.
>> This code generates entries with the 'objectClass' attribute containing the full
>> object class hierarchy (all the way to 'top') and not only the highest
>> structural object class (which is the case of default OpenLDAP configuration).
>>
>> When updating the configuration in the DIT, the code then tries to complete the
>> 'objectClass' attribute with the full list of object classes.
>> That operations ends with "error code 53- UnwillingToPerform".
>
> Don't do that.
Sure, that's why I have a *bad* workaround to not update the 'objectClass' attribute even if the original and my generated one don't match.
Still, looking at LDAP standards, that doesn't seem to be a naughty operation at all and nothing is really wrong with the resulting entry.
Regards,
Pierre-Arnaud
>> Here's an example on the "cn=config" entry:
>> #!RESULT ERROR
>> #!CONNECTION ldap://10.211.55.13:389
>> #!DATE 2013-05-22T14:56:03.039
>> #!ERROR [LDAP: error code 53 - UnwillingToPerform]
>> dn: cn=config
>> changetype: modify
>> replace: objectClass
>> objectClass: olcConfig
>> objectClass: olcGlobal
>> objectClass: top
>> -
>>
>>
>
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
7 years, 11 months
Re: (ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
by hyc@symas.com
pa(a)marcelot.net wrote:
> Full_Name: Pierre-Arnaud Marcelot
> Version: 2.4.35
> OS: Linux Mint
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (78.226.4.211)
>
>
> Hi,
>
> It looks like it's not possible to modify the 'objectClass' attribute of
> configuration entries.
Correct. The config DIT has very rigid schema and layout rules.
> I have some code generating entries for OpenLDAP configuration from a UI utility
> and updating existing configuration entries in DIT.
> This code generates entries with the 'objectClass' attribute containing the full
> object class hierarchy (all the way to 'top') and not only the highest
> structural object class (which is the case of default OpenLDAP configuration).
>
> When updating the configuration in the DIT, the code then tries to complete the
> 'objectClass' attribute with the full list of object classes.
> That operations ends with "error code 53- UnwillingToPerform".
Don't do that.
> Here's an example on the "cn=config" entry:
> #!RESULT ERROR
> #!CONNECTION ldap://10.211.55.13:389
> #!DATE 2013-05-22T14:56:03.039
> #!ERROR [LDAP: error code 53 - UnwillingToPerform]
> dn: cn=config
> changetype: modify
> replace: objectClass
> objectClass: olcConfig
> objectClass: olcGlobal
> objectClass: top
> -
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
7 years, 11 months
(ITS#7605) Configuration entries (under cn=config) does not allow 'objectclass' attribute modification to include full object classes hierarchy
by pa@marcelot.net
Full_Name: Pierre-Arnaud Marcelot
Version: 2.4.35
OS: Linux Mint
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (78.226.4.211)
Hi,
It looks like it's not possible to modify the 'objectClass' attribute of
configuration entries.
I have some code generating entries for OpenLDAP configuration from a UI utility
and updating existing configuration entries in DIT.
This code generates entries with the 'objectClass' attribute containing the full
object class hierarchy (all the way to 'top') and not only the highest
structural object class (which is the case of default OpenLDAP configuration).
When updating the configuration in the DIT, the code then tries to complete the
'objectClass' attribute with the full list of object classes.
That operations ends with "error code 53- UnwillingToPerform".
Here's an example on the "cn=config" entry:
#!RESULT ERROR
#!CONNECTION ldap://10.211.55.13:389
#!DATE 2013-05-22T14:56:03.039
#!ERROR [LDAP: error code 53 - UnwillingToPerform]
dn: cn=config
changetype: modify
replace: objectClass
objectClass: olcConfig
objectClass: olcGlobal
objectClass: top
-
7 years, 11 months
(ITS#7596)
by nzipsi@gmail.com
--bcaec53af1e4a1ae7704dd5c4ab8
Content-Type: text/plain; charset=UTF-8
Tested my idea about patching it, and it didn't work. There's something,
somewhere, that doesn't like values of 0, and so doesn't include the
graceAuthN warning in the returned password control if ngut is 0. I still
believe what I have described above is an error, but I don't know enough
about C or the internal structure of OpenLDAP to figure out why it's not
working, and how (or even if) it can be fixed.
--bcaec53af1e4a1ae7704dd5c4ab8
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Tested my idea about patching it, and it didn't work. =
There's something, somewhere, that doesn't like values of 0, and so=
doesn't include the graceAuthN warning in the returned password contro=
l if ngut is 0. I still believe what I have described above is an error, bu=
t I don't know enough about C or the internal structure of OpenLDAP to =
figure out why it's not working, and how (or even if) it can be fixed.<=
/div>
--bcaec53af1e4a1ae7704dd5c4ab8--
7 years, 11 months
Re: (ITS#7597) migration of sunone 5.2 to openldap 2.4
by quanah@zimbra.com
--On Tuesday, May 21, 2013 8:38 AM +0000 univadisitisteam(a)hcl.com wrote:
> Full_Name: venkatesh
> Version: 2.4
> OS: RH5.6
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (155.91.28.231)
>
>
> HI Team,
>
> We have a requirement for migrating existing Sun One 5.2 DS to open ldap
> 2.4 Authentication.Please guide me how to do this migration.
The ITS system is for reporting bugs with OpenLDAP. For migration help, I
would advise you contact a company such as Symas (http://www.symas.com)
that specializes in helping people with such migrations. You could also
try asking for general help on -technical, but results may vary.
This ITS will be closed.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
7 years, 11 months