delete entries Delta syncrepl
by Julien Garnier
Hi,
Central ldap -----> ldap_relay ----->ldap
I retrieve information from a central ldap to my local relay
(ldap_relay). I can't modify these data.
I use delta syncrepl and multimaster (openldap 2.3.37) between
ldap_relay and my ldap (ldap) I can modify the last one and add some
atributes etc...
If someone update the central ldap i retrive the information in my
ldap_relay and in my ldap thats OK
If I add an attribute to my ldap and the central ldap is update, i
retreive the new ibnformations and my own attributes are not erase OK
If a person is deleted from the central ldap, she is not delete in my
ldap relay. NoOK
In a shorter way : all is OK for me exept when someone is deleted from
the central ldap
Someone have an idea in how I can resolve this probleme (via syncrepl or
other application)
And exuse me for my English ...
Thanks in advance
Julien
15 years, 5 months
Writing an ACL for Anonymous Searches
by Julius Squeezer
Hello
I am new to ldap and ACL but I need to write an ACL that will prevent
anonymous (cn=everyone?) users from viewing (read?) members of a certain
group (e.g. cn=restricted_group,ou=groups,o=xxx) in their search/dump
results. Any help or pointer to documentations is much appreciated. Thanks.
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
15 years, 5 months
Rewrite searchDN based on searchFilter
by Andrew Bidwell
Hi everyone,
I have a question regarding the best way to enable rewriting of the searchDN based on the searchFilter.
I have searched through the archives, and I see that my question was expressed in this 2004 email: http://www.openldap.org/lists/openldap-software/200401/msg00612.html. I couldn't seem to find any other relevent posts.
As this response is a number of years old, do those recommendations still stand? Is this operation slapd.conf configurable? Is the best way forward to develop a separate overlay to perform this operation? Any information greatly appreciated.
Thanks,
Andrew
15 years, 5 months
slapo-unique. several unique_base with different unique_attributes sets
by Dmitriy Kirhlarov
Hi, list
I have container in my tree 'ou=cyrus,ou=mail,o=domain' and I need check
'uniqueMember' attribute -- user can be membered only in one group.
Also, for 'ou=web,ou=groups,o=domain' with same types of objects, as
'ou=cyrus,ou=mail,o=domain' user can be membered in several groups, but
I need uniques check for 'gidNumber' inside 'ou=groups,o=domain'.
I need something:
unique_base ou=users,o=domain
uidNumber mail mailLocalAddress
unique_base ou=groups,o=domain
gidNumber
unique_base ou=cyrus,ou=mail,o=domain
uniqueMember
I'm using openldap 2.3.35
Is it possible with this version or, may be, with 2.4.x?
WBR.
Dmitriy
15 years, 5 months
FW: restricting attributes to become RDN , which objects are created
by Arunachalam Parthasarathy
Hello quanah,
Sorry that i had not sent mail to the group...
Below is the answer for your question
"Actually I was saying the above for an example, I asked in a view that, if
this restriction is there from server side. Then strict enforcement can be
done (if needed)"
Thanks a lot,
Arunachalam.
****************************************************************************
****************************
This e-mail and attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained herein in any way (including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient's) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!
-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
Sent: Monday, October 01, 2007 9:05 PM
To: arunachalamp(a)huawei.com; openldap-software(a)openldap.org
Subject: RE: restricting attributes to become RDN , which objects are
created
--On Monday, October 01, 2007 3:23 PM +0530 Arunachalam Parthasarathy
<arunachalamp(a)huawei.com> wrote:
>
>
> Hello Gavin,
>
> Thanks for the reply. If this restriction is not there, any of the users
> can create a dn with RDN as any attribute, which leads to non-uniformity
> (for instance, one user may create uid as RDN and other may use
> userPassword as RDN for inetOrgPerson)
Why do you let users create their own objects?
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
15 years, 5 months
restricting attributes to become RDN , which objects are created
by Arunachalam Parthasarathy
Hello all,
In objectclass, Is there a way to restrict (only) an attribute to be RDN?
For ex: only uid needs to be RDN , in organizational Unit
Thanks in advance,
Arunachalam.
****************************************************************************
****************************
This e-mail and attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained herein in any way (including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient's) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!
15 years, 5 months
changing a user's password
by Adam Williams
I'm trying to learn openldap. I have a user that I want to change their
password on, but I'm getting an error:
[testuser@gomer ~]$ ldappasswd -WS -D
"uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us"
New password:
Re-enter new password:
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
But the user does exist:
[root@gomer ~]# ldapsearch -D
'cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us' -b
"uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxx -x
# extended LDIF
#
# LDAPv3
# base <uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us>
with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# testuser, People, gomer.mdah.state.ms.us
dn: uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us
uid: testuser
cn: test user
telephoneNumber: 5766888
roomNumber: IS
homePhone: 3738042
givenName: test
sn: user
mail: testuser@dc=mdah,dc=state,dc=ms,dc=us
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 13705
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 501
gidNumber: 101
homeDirectory: /home/testuser
gecos: test user,IS,5766888,3738042
userPassword:: xxxxxxxxxxxxxx
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
15 years, 5 months
