Please reply on the list
Luis Fernando C. Talora wrote:
> Thank you, Mr. Pierangelo! I new that it would be a way to make that "readble", but I had no idea how to do it.
> I´m using it on a script. Do you know a way to find out when the string returned is encoded in base64 or not?
When the attribute is base64 encoded, the value is separated from the
name by "::", as clearly indicated in RFC 2849.
Ing. Pierangelo Masarati
OpenLDAP Core Team
via Dossi, 8 - 27100 Pavia - ITALIA
Office: +39 02 23998309
Mobile: +39 333 4963172
I´m having some trouble with ldapserach on Linux comunicating with a LDAP server. In fact, everything works just fine, until my query finds and object that has any accents on its name. For example: if I have an object named "Luis Talora", its shown OK; in oposite, if its name is "Luís Talora", with an acute accent, its distinguish name is shown like this: "Q049THXDrXMgRmVybmFuZG8gQy4gVGFsb3JhLE9VPVRJLE9VPUFSQSxPVT1Vc3VhcmlvcyxEQz1pbmVwYXIsREM9Y29tLERDPWJy". In Portuguese, is very common that people have accents in their names...
Do anybody know a way to fix that behavior?
Thanks a lot!
LUÍS FERNANDO C. TALORA
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
I want to use SASL/GSSAPI, but each time I try ldapwhoami or ldapadd,
I get :
SASL/OTP authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no OTP secret in database
then I added "-Y GSSAPI" , I received:
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy mechs found
I have created a principal : ldapadmin@MYREALM to direct mapping rootdn.
a principal for ldap service: ldap/host@MYREALM
and have added a keytab file for ldap service, then I started slapd with
option : -n ldap
Please suggest me any idea.
Le Trung Kien.
Sorry, it's my fault in installing SASL, now it's ok:
SASL/OTP authentication started
My previous SASL installing is missing GSSAPI authentication.
Thank you for your attention.
2007/9/10, Le Trung Kien <aloneattack(a)gmail.com>:
> Hi everybody,
> I want to use SASL/GSSAPI, but each time I try ldapwhoami or ldapadd,
> ldapmodify ...
> I get :
> SASL/OTP authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> additional info: SASL(-13): user not found: no OTP secret in database
> then I added "-Y GSSAPI" , I received:
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available: No worthy mechs found
> more information:
> I have created a principal : ldapadmin@MYREALM to direct mapping rootdn.
> a principal for ldap service: ldap/host@MYREALM
> and have added a keytab file for ldap service, then I started slapd with
> option : -n ldap
> Please suggest me any idea.
> Thank you.
> Le Trung Kien.
Le Trung Kien.
Markus Moeller wrote:
> Do other servers (Sun/MS AD) support this too ?
I suggest you ask the kindly support folk at Sun and Microsoft, since none of
that has anything to do with OpenLDAP Software, which is the charter for this
> Thank you
> ----- Original Message -----
> From: "Howard Chu" <hyc(a)symas.com>
> To: "Markus Moeller" <huaraz(a)moeller.plus.com>
> Cc: <openldap-software(a)openldap.org>
> Sent: Saturday, September 08, 2007 6:48 AM
> Subject: [-SPAM-] Re: SASL/GSSAPI and SSL
>> Markus Moeller wrote:
>>> Is it possible to have an SSL encrypted session to an ldap server with
>>> SASL/GSSAPI user authentication ? If so does Openldap support this ?
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
I am trying to install openldap 2.3 to work as automatic referral
chasing where all update queries should be automatically directed to my
master server, I would really appreciate a sample config.
The details: I need to setup a master server and a replica, and put both
of them behind a load balancer. In case a write operations is sent to
the slave, I need the slave to direct the client to the master server
rather than having the client chase referrals manually.
Taymour A El Erian
System Division Manager
RHCE, LPIC, CCNA, MCSE, CNA
One friend told me that he have a problem with his directory service
using OpenLDAP 2.3.x.
The problem is that UserPassword attribute only takes the first eight
characters and the next characters until the password chain is not
The clear password is p2gh467d2k31 (and the crypt, is other character
chain.)and when he entered the clear password for some service, he can
access only entering p2gh467d , so the other characters (2k31) is not
taken. So he can use passwords like this:
p2gh467d + 565rfgrgrt
p2gh467d + hj544fsdfg
PD: Sorry for my english.
I have some objects that are not propagated by syncrepl. How this should
be debugged? Is there a way to force a sync?
Even if I stop slapd, rm /var/openldap/openldap-data/* and restart it,
syncrepl will repopulate the databases, but I'll stil have some objects
It's 2.3.38, and here is syncrepl config stuf:
One odd thing: The root entryCSN is newer on the replica than on the master.
Can it explains the mess?
<quote who="Tony Earnshaw">
> Pierangelo Masarati skrev, on 06-09-2007 15:35:
>>>> I'll try that. "wip" is presumably ""Work In Progress", rather than
>>>> Dutch slang "wip" (which is something you probably didn't intend)?
>>> The former ;-)
>> Would anybody mind providing a periphrasis for it for non-native
>> English, non-native Dutch? :)
> Well, it's slang for "speedy copulation, a quick fuck". As it's slang, I
> couldn't find anything suitable in Merriam Webster - there are British
> English euphemisms like "a roll in the hay" and "a quicky" (army slang),
> but I've been away from England so long that ...
Just to confirm, I meant Work In Progress.
> Tony Earnshaw
> Email: tonni at hetnet dot nl