September 2007 - openldap-software

by Pierangelo Masarati

Please reply on the list Luis Fernando C. Talora wrote: > Thank you, Mr. Pierangelo! I new that it would be a way to make that "readble", but I had no idea how to do it. > > I´m using it on a script. Do you know a way to find out when the string returned is encoded in base64 or not? When the attribute is base64 encoded, the value is separated from the name by "::", as clearly indicated in RFC 2849. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati(a)sys-net.it ---------------------------------------

16 years

1
0
0 / 0

ldapsearch and accented names

by Luís Fernando C. Talora

Friends, I´m having some trouble with ldapserach on Linux comunicating with a LDAP server. In fact, everything works just fine, until my query finds and object that has any accents on its name. For example: if I have an object named "Luis Talora", its shown OK; in oposite, if its name is "Luís Talora", with an acute accent, its distinguish name is shown like this: "Q049THXDrXMgRmVybmFuZG8gQy4gVGFsb3JhLE9VPVRJLE9VPUFSQSxPVT1Vc3VhcmlvcyxEQz1pbmVwYXIsREM9Y29tLERDPWJy". In Portuguese, is very common that people have accents in their names... Do anybody know a way to fix that behavior? Thanks a lot! LUÍS FERNANDO C. TALORA -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo.

16 years

3
3
0 / 0

SASL/OTP authentication started

by Le Trung Kien

Hi everybody, I want to use SASL/GSSAPI, but each time I try ldapwhoami or ldapadd, ldapmodify ... I get : SASL/OTP authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no OTP secret in database then I added "-Y GSSAPI" , I received: ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found more information: I have created a principal : ldapadmin@MYREALM to direct mapping rootdn. a principal for ldap service: ldap/host@MYREALM and have added a keytab file for ldap service, then I started slapd with option : -n ldap Please suggest me any idea. Thank you. -- Le Trung Kien.

16 years

2
1
0 / 0

Re: SASL/OTP authentication started (fixed)

by Le Trung Kien

Sorry, it's my fault in installing SASL, now it's ok: ... SASL/OTP authentication started ... My previous SASL installing is missing GSSAPI authentication. Thank you for your attention. 2007/9/10, Le Trung Kien <aloneattack(a)gmail.com>: > > Hi everybody, > I want to use SASL/GSSAPI, but each time I try ldapwhoami or ldapadd, > ldapmodify ... > I get : > > SASL/OTP authentication started > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-13): user not found: no OTP secret in database > > then I added "-Y GSSAPI" , I received: > > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: No worthy mechs found > > > more information: > I have created a principal : ldapadmin@MYREALM to direct mapping rootdn. > a principal for ldap service: ldap/host@MYREALM > and have added a keytab file for ldap service, then I started slapd with > option : -n ldap > > Please suggest me any idea. > Thank you. > > -- > Le Trung Kien. -- Le Trung Kien.

16 years

1
0
0 / 0

Re: [-SPAM-] Re: SASL/GSSAPI and SSL

by Howard Chu

Markus Moeller wrote: > Do other servers (Sun/MS AD) support this too ? I suggest you ask the kindly support folk at Sun and Microsoft, since none of that has anything to do with OpenLDAP Software, which is the charter for this mailing list. > > Thank you > Markus > > ----- Original Message ----- > From: "Howard Chu" <hyc(a)symas.com> > To: "Markus Moeller" <huaraz(a)moeller.plus.com> > Cc: <openldap-software(a)openldap.org> > Sent: Saturday, September 08, 2007 6:48 AM > Subject: [-SPAM-] Re: SASL/GSSAPI and SSL > > >> Markus Moeller wrote: >>> Is it possible to have an SSL encrypted session to an ldap server with >>> SASL/GSSAPI user authentication ? If so does Openldap support this ? >> Yes. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

16 years

1
0
0 / 0

Automatic referral chasing

by Taymour A. El Erian

Hi, I am trying to install openldap 2.3 to work as automatic referral chasing where all update queries should be automatically directed to my master server, I would really appreciate a sample config. The details: I need to setup a master server and a replica, and put both of them behind a load balancer. In case a write operations is sent to the slave, I need the slave to direct the client to the master server rather than having the client chase referrals manually. -- Taymour A El Erian System Division Manager RHCE, LPIC, CCNA, MCSE, CNA TE Data E-mail: taymour.elerian(a)tedata.net Web: www.tedata.net Tel: +(202)-33320700 Fax: +(202)-33320800 Ext: 1101

16 years

11
39
0 / 0

SASL/GSSAPI and SSL

by Markus Moeller

Is it possible to have an SSL encrypted session to an ldap server with SASL/GSSAPI user authentication ? If so does Openldap support this ? Thank you Markus

16 years

2
1
0 / 0

UserPassword attribute problem using Crypt

by Manuel Mely

Hi, One friend told me that he have a problem with his directory service using OpenLDAP 2.3.x. The problem is that UserPassword attribute only takes the first eight characters and the next characters until the password chain is not taken. For example: The clear password is p2gh467d2k31 (and the crypt, is other character chain.)and when he entered the clear password for some service, he can access only entering p2gh467d , so the other characters (2k31) is not taken. So he can use passwords like this: p2gh467d + 565rfgrgrt p2gh467d + hj544fsdfg ..... Why this? PD: Sorry for my english.

16 years

2
1
0 / 0

syncrepl debugging

by Emmanuel Dreyfus

Hello I have some objects that are not propagated by syncrepl. How this should be debugged? Is there a way to force a sync? Even if I stop slapd, rm /var/openldap/openldap-data/* and restart it, syncrepl will repopulate the databases, but I'll stil have some objects missing. It's 2.3.38, and here is syncrepl config stuf: provider=ldap://ldap0.example.net type=refreshAndPersist searchbase="dc=example,dc=net" starttls=critical bindmethod=sasl saslmech=EXTERNAL schemachecking=off retry=3,1,10,2,60,+ One odd thing: The root entryCSN is newer on the replica than on the master. Can it explains the mess? -- Emmanuel Dreyfus manu(a)netbsd.org

16 years

3
3
0 / 0

Re: Automatic referral chasing

by Gavin Henry

<quote who="Tony Earnshaw"> > Pierangelo Masarati skrev, on 06-09-2007 15:35: > >>>> I'll try that. "wip" is presumably ""Work In Progress", rather than >>>> the >>>> Dutch slang "wip" (which is something you probably didn't intend)? >>> >>> The former ;-) >> >> Would anybody mind providing a periphrasis for it for non-native >> English, non-native Dutch? :) > > Well, it's slang for "speedy copulation, a quick fuck". As it's slang, I > couldn't find anything suitable in Merriam Webster - there are British > English euphemisms like "a roll in the hay" and "a quicky" (army slang), > but I've been away from England so long that ... Just to confirm, I meant Work In Progress. > > --Tonni > > > -- > Tony Earnshaw > Email: tonni at hetnet dot nl >

16 years

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software September 2007