how to enable crypt password in Openldap under Windows!!!
by Hang Zhang
Hi All,
I met a big problem! It is Ok when I use slappasswd -h {MD5}or {sha} but
when I use slappasswd -h {CRYPT}, it reminds me that the {CRYPT} scheme
not recognized! I search this problem in google and the answer to this
is --enable -crypt. However, how to do this under windows XP? I would
really appreciate any kinds of help!!
C:\OpenLDAP>slappasswd -h {CRYPT}
New password: Re-enter new password: Password generation failed for
scheme {CRYPT}: scheme not recognized
Hang
14 years, 9 months
Regarding Tree hierarchy in openLDAP
by Anjali Arora
Hi,
Actually i want to create a directory tree hierarchy. If i mention suffix as
dc=example,dc=com
and next time a want to add dn:
cn=file_name,ou=Development,dc=example,dc=com
and dn: cn=file2,ou=SoftwareDeveloper,dc=example,dc=com then server is not
allowing me to perform these kinds of operation server is giving ERROR:
server is umwilling to perform the operation. how to handle this situation
Please let me know as soon as possible.
Thanks and Regards,
Anjali
14 years, 9 months
Newbie Help Mapping Attributes
by Simon Kelsall
Hi,
I have set up LDAP to authenticate and work with Samba and a couple of
other things but I
am getting lost with the following.
We have 2 new printers that can pull their address book from LDAP. I
cant change the
seach filter they use but was hoping to map their attributes onto ones
in our directory.
So for example any referance to facsimileTelephoneNumber by them in
the search filter or
list of attributes to return would get changed to faxNumber.
Could someone point me in the right direction.
Thanks in advance
--
Simon Kelsall
Network Administrator
St James the Great R.C Primary & Nursery School
http://www.stjamesthegreat.org/
14 years, 9 months
Re: [Unofficial] OpenLDAP Weekly Newsletter Issue 2
by Gavin Henry
<quote who="Quanah Gibson-Mount">
> --On Sunday, November 04, 2007 8:52 PM +0000 Gavin Henry
> <ghenry(a)OpenLDAP.org> wrote:
>
>> - OpenLDAP 2.4.6 Released - The first stable release in the 2.4 branch
>
> I'm not usually pedantic about these types of things, but I'd like to
> note.
> OpenLDAP 2.4.6 is the first official release of OpenLDAP 2.4. It is *not*
> marked stable (not to say that it isn't stable for running). OpenLDAP
> 2.3.38 is, and remains, the current "stable release" of OpenLDAP. Please
> stop using stable to refer to 2.4.6. The Symas connexitor blog did this
> recently too in an entry since dropped for revision, so I hope that bit
> stays revised out. I think it needs to remain very clear what the project
> (and you are an official member and voice of that project) proclaims as
> the
> stable release.
I know, sorry for the confusion. It's not the first official though, as
we've had alpha and then Beta. They were officially released by our
project.
Should I say first non-beta?
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
14 years, 9 months
[Unofficial] OpenLDAP Weekly Newsletter Issue 2
by Gavin Henry
Dear All,
The second issue is out:
http://blog.suretecsystems.com
Summary:
- OpenLDAP 2.4.6 Released - The first stable release in the 2.4 branch
- OpenLDAP Performance Results published (Special thanks to our friends
on the Samba Project and at AMD)
- Hot off the press Google Announcement
- Selected user issues and solutions discussed (covering the past 2
weeks, as issue 1 excluded this).
Thanks,
Gavin.
--
Kind Regards,
Gavin Henry.
OpenLDAP Engineering Team.
E ghenry(a)OpenLDAP.org
Community developed LDAP software.
http://www.openldap.org/project/
14 years, 9 months
Re: OpenLDAP 2.4.6
by Gavin Henry
<quote who="Tony Earnshaw">
> I've built rpms for and and installed OL 2.4.6 on my Fedora FC6
> test/production machine. The rpms were built from a Mandriva cooker srpm
> built by Buchan Milne, with a slightly adapted spec file, which
> adaptations I've let Buchan know about.
>
> Experience to date suggests that 2.4.6 is a drop in for the 2.3.39 that
> it was running, with the exception that a few of the spec file
> parameters had to be changed for FC6, but more importantly that a couple
> of the basic ACLs had to be changed: It seems that 2.4 is more picky
> about ACLs than 2.3.
Yes, I noticed that with a:
by anonymous auth
on 2.3 this was ok, in 2.4 it was treated as "by auth". I've yet to report
this properly with some evidence to back my thoughts up.
>
> It's running well for basic user authentication, smtp and IMAP and
> coping as well as 2.3.39 did. Now I've got it running, I'm looking at
> the Administrator's Guide for 2.4. This is a fantastic, hugely amended
> and augmented document in comparison to the 2.3 Admin Guide. I suppose
> it was Gavin Henry (http://www.suretecsystems.com/) who is responsible
> for it but can't be sure.
With a few patches here and there. I started in April/May, but it's been a
slow 6 or so months, squeezing in bits.
There's still a lot to complete, but the PDF of 2.3 vs 2.4 has 80 pages
difference ;-)
Let's hope others read it.
> Anyway, it's going to cost me a couple of days
> to go through it and see what more OL 2.4 can mean for my production
> systems than 2.3.
>
> I trust than Buchan will provide an srpm for Red Hat/CentOS/Fedora
> people at http://staff.telkomsa.net/packages before long.
>
> Best,
>
> --Tonni
>
> --
> Tony Earnshaw
> Email: tonni at hetnet dot nl
>
14 years, 9 months
When to delete client content during RFC4533 synchronization?
by Erik van Oosten
Hello,
I am writing a RFC4533 client implementation based on JLDAP. I have a
question on how to interpret the rfc as a client, and secondly how the
OpenLDAP server interprets it.
My question is: how can the client determine that it must delete content
at the end of the refresh stage, when a refreshAndPersist is requested
with an initial cookie?
The problem is that I can not defer from the rfc how I can differentiate
between a server that sends an initial content poll and a server that
sends a content update poll. The RFC specifies that the server may choose
to ignore the initial cookie and the reloadHint flag, so either poll mode
may be choosen by the server.
In the case of a refreshOnly the RFC is clear: when refreshDeletes of
syncDoneValue is FALSE, content that is not added, changed, or indicated
as present must be deleted from the client copy (section 1.3.1 paragraph
8).
However, in the case of a refreshAndPersist, there is no similar flag in
the SyncInfoMessage that ends the refresh stage. SyncInfoMessage does have
values named refreshDelete and refreshDeletes, but these are used for
other purposes (see section 3.4.1 and section 3.3.2 paragraph 7 and 9).
Am I missing something?
What is the behavior of the OpenLDAP server in this matter? Does it ever
ignore the reloadHint of the sync request control?
Regards,
Erik.
--
Erik van Oosten
http://2008.rubyenrails.nl/
http://www.day-to-day-stuff.blogspot.com/
14 years, 9 months
OpenLDAP 2.4.6
by Tony Earnshaw
I've built rpms for and and installed OL 2.4.6 on my Fedora FC6
test/production machine. The rpms were built from a Mandriva cooker srpm
built by Buchan Milne, with a slightly adapted spec file, which
adaptations I've let Buchan know about.
Experience to date suggests that 2.4.6 is a drop in for the 2.3.39 that
it was running, with the exception that a few of the spec file
parameters had to be changed for FC6, but more importantly that a couple
of the basic ACLs had to be changed: It seems that 2.4 is more picky
about ACLs than 2.3.
It's running well for basic user authentication, smtp and IMAP and
coping as well as 2.3.39 did. Now I've got it running, I'm looking at
the Administrator's Guide for 2.4. This is a fantastic, hugely amended
and augmented document in comparison to the 2.3 Admin Guide. I suppose
it was Gavin Henry (http://www.suretecsystems.com/) who is responsible
for it but can't be sure. Anyway, it's going to cost me a couple of days
to go through it and see what more OL 2.4 can mean for my production
systems than 2.3.
I trust than Buchan will provide an srpm for Red Hat/CentOS/Fedora
people at http://staff.telkomsa.net/packages before long.
Best,
--Tonni
--
Tony Earnshaw
Email: tonni at hetnet dot nl
14 years, 9 months
New performance results
by Howard Chu
OpenLDAP 2.3 has been unrivaled as the fastest directory server in the world
for the past two+ years, but today that's no longer true. Now OpenLDAP 2.4
takes over as the most scalable, most reliable, highest performing directory
server.
Thanks to our friends on the Samba Project and at AMD, we've been able to do
some new benchmarks on an AMD quad-processor server. We tested OpenLDAP (2.4.5
and 2.4.6) on Linux as well as Microsoft's AD offerings on Windows 2003, and
the results are now summarized on the Connexitor blog.
http://connexitor.com/blog/
(The AD numbers aren't all in yet, we're still waiting for the directory
import to finish.)
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
14 years, 9 months
Re: setting up admin password on openldap
by Gavin Henry
<quote who="Naufal Sheikh">
> Vi ...
Come on, what sort of answer is that? How can we possibly help if you
don't provide concrete information.
What command do you type to make the modification?
ldapmodify?
What were the exact arguments?
>
> On 10/30/07, Gavin Henry <ghenry(a)suretecsystems.com> wrote:
>>
>> <quote who="Naufal Sheikh">
>> > Hello Piotr,
>> >
>> > I tried to do what you said. Initially my root dn just contained
>> > cn=nsadmin,
>> > and thus I caould not start slapd. Then I added to rootdn my suffix as
>> > well,
>> > and unhashed the rootpw line in slapd.conf. I tried using a clear text
>> > "secret" as well as hashed value created through slappasswd and
>> putting
>> it
>> > in the slapd.conf. In both cases, when I modify the entry and it asks
>> me
>> > to
>> > give ldap password, it says invalid credentials.
>>
>> How are you trying to modify? What tool?
>>
>
14 years, 9 months