openldap-software October 2007

openldap-software@openldap.org

84 participants
107 discussions

delete entries Delta syncrepl
by Julien Garnier 02 Oct '07

02 Oct '07

Hi, Central ldap -----> ldap_relay ----->ldap I retrieve information from a central ldap to my local relay (ldap_relay). I can't modify these data. I use delta syncrepl and multimaster (openldap 2.3.37) between ldap_relay and my ldap (ldap) I can modify the last one and add some atributes etc... If someone update the central ldap i retrive the information in my ldap_relay and in my ldap thats OK If I add an attribute to my ldap and the central ldap is update, i retreive the new ibnformations and my own attributes are not erase OK If a person is deleted from the central ldap, she is not delete in my ldap relay. NoOK In a shorter way : all is OK for me exept when someone is deleted from the central ldap Someone have an idea in how I can resolve this probleme (via syncrepl or other application) And exuse me for my English ... Thanks in advance Julien

3 3

Writing an ACL for Anonymous Searches
by Julius Squeezer 02 Oct '07

02 Oct '07

Hello I am new to ldap and ACL but I need to write an ACL that will prevent anonymous (cn=everyone?) users from viewing (read?) members of a certain group (e.g. cn=restricted_group,ou=groups,o=xxx) in their search/dump results. Any help or pointer to documentations is much appreciated. Thanks. _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

3 2

Rewrite searchDN based on searchFilter
by Andrew Bidwell 02 Oct '07

02 Oct '07

Hi everyone, I have a question regarding the best way to enable rewriting of the searchDN based on the searchFilter. I have searched through the archives, and I see that my question was expressed in this 2004 email: http://www.openldap.org/lists/openldap-software/200401/msg00612.html. I couldn't seem to find any other relevent posts. As this response is a number of years old, do those recommendations still stand? Is this operation slapd.conf configurable? Is the best way forward to develop a separate overlay to perform this operation? Any information greatly appreciated. Thanks, Andrew

3 3

slapo-unique. several unique_base with different unique_attributes sets
by Dmitriy Kirhlarov 02 Oct '07

02 Oct '07

Hi, list I have container in my tree 'ou=cyrus,ou=mail,o=domain' and I need check 'uniqueMember' attribute -- user can be membered only in one group. Also, for 'ou=web,ou=groups,o=domain' with same types of objects, as 'ou=cyrus,ou=mail,o=domain' user can be membered in several groups, but I need uniques check for 'gidNumber' inside 'ou=groups,o=domain'. I need something: unique_base ou=users,o=domain uidNumber mail mailLocalAddress unique_base ou=groups,o=domain gidNumber unique_base ou=cyrus,ou=mail,o=domain uniqueMember I'm using openldap 2.3.35 Is it possible with this version or, may be, with 2.4.x? WBR. Dmitriy

3 4

FW: restricting attributes to become RDN , which objects are created
by Arunachalam Parthasarathy 02 Oct '07

02 Oct '07

Hello quanah, Sorry that i had not sent mail to the group... Below is the answer for your question "Actually I was saying the above for an example, I asked in a view that, if this restriction is there from server side. Then strict enforcement can be done (if needed)" Thanks a lot, Arunachalam. **************************************************************************** **************************** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! -----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Monday, October 01, 2007 9:05 PM To: arunachalamp(a)huawei.com; openldap-software(a)openldap.org Subject: RE: restricting attributes to become RDN , which objects are created --On Monday, October 01, 2007 3:23 PM +0530 Arunachalam Parthasarathy <arunachalamp(a)huawei.com> wrote: > > > Hello Gavin, > > Thanks for the reply. If this restriction is not there, any of the users > can create a dn with RDN as any attribute, which leads to non-uniformity > (for instance, one user may create uid as RDN and other may use > userPassword as RDN for inetOrgPerson) Why do you let users create their own objects? --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

restricting attributes to become RDN , which objects are created
by Arunachalam Parthasarathy 01 Oct '07

01 Oct '07

Hello all, In objectclass, Is there a way to restrict (only) an attribute to be RDN? For ex: only uid needs to be RDN , in organizational Unit Thanks in advance, Arunachalam. **************************************************************************** **************************** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

7 9

changing a user's password
by Adam Williams 01 Oct '07

01 Oct '07

I'm trying to learn openldap. I have a user that I want to change their password on, but I'm getting an error: [testuser@gomer ~]$ ldappasswd -WS -D "uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" New password: Re-enter new password: Enter LDAP Password: SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database But the user does exist: [root@gomer ~]# ldapsearch -D 'cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us' -b "uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" -w xxxxxx -x # extended LDIF # # LDAPv3 # base <uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us> with scope subtree # filter: (objectclass=*) # requesting: ALL # # testuser, People, gomer.mdah.state.ms.us dn: uid=testuser,ou=People,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us uid: testuser cn: test user telephoneNumber: 5766888 roomNumber: IS homePhone: 3738042 givenName: test sn: user mail: testuser@dc=mdah,dc=state,dc=ms,dc=us objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 13705 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 501 gidNumber: 101 homeDirectory: /home/testuser gecos: test user,IS,5766888,3738042 userPassword:: xxxxxxxxxxxxxx # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1

2 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software October 2007