ldap changes
by Daniel Lamb
Hi
I was wondering if there is a simple way to clear out the data within
ldap, the first time I do an install it asked for a password but even if
I try and reconfigure it, it does not ask for the password again, I have
installed it using "apt-get install slapd ldap-utils migrationtools" on
Ubuntu 8.04, the reason I would like to clear it out is so I can make a
distro which has the software installed and only needs the config files
changed.
Cheers,
Daniel
15 years, 4 months
nss_ldap error
by GanGan
hello all,
I have a ldap server and tls (all command on local in the server
ldap)
[root@srvtest3 /]# ldapsearch -x -H ldap://srvtest3.test.org -ZZ '*'
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: *
#
# midian.org
dn: dc=midian,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Midian
dc: midian
[...]
# search result
search: 3
result: 0 Success
# numResponses: 13
# numEntries: 12
tls is ok ? non ?
ps -ef | grep slapd :
root 32279 1 0 00:42 ? 00:00:02 /usr/sbin/slapd -4
in my log sshd :
July 08 10:13:11 srvtest3 sshd[1482]: nss_ldap: could not search
LDAP server - Server is unavailable
I do not see what side look
--
gangan
15 years, 5 months
Real idletimeout more than configured idletimeout
by Eric Déchaux
Dear openldap gurus,
I am hitting some strange behavior with the idle sessions timeout
feature. In my configuration this timeout is set to 60 seconds on 4
slaves that are behind a load balancer. This load balancer times-out
idle sessions after 90 seconds, which should be fine. Openldap version
is the stable one from Debian Etch r3.
I however encounter random connection issues that have been traced to
the load balancer timeouting and idle session *before* the ldap slave.
I have straced the slapd process and I found out the applyed idletimeout
was way above the configured one, please check the two following strace
output :
Output 1
futex(0x603428, FUTEX_WAKE, 1) = 1
select(16, [4 6 7], NULL, NULL, {300, 0}) = 1 (in [6], left {238,
132000})
accept(6, {sa_family=AF_INET, sin_port=htons(34103),
sin_addr=inet_addr("192.168.1.1")}, [4647729933731233808]) = 12
setsockopt(12, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
setsockopt(12, SOL_TCP, TCP_NODELAY, [1], 4) = 0
open("/etc/hosts.allow", O_RDONLY) = 15
fstat(15, {st_mode=S_IFREG|0644, st_size=677, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x2aaaaccb3000
read(15, "# /etc/hosts.allow: list of host"..., 4096) = 677
read(15, "", 4096) = 0
close(15) = 0
munmap(0x2aaaaccb3000, 4096) = 0
open("/etc/hosts.deny", O_RDONLY) = 15
fstat(15, {st_mode=S_IFREG|0644, st_size=901, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x2aaaaccb3000
read(15, "# /etc/hosts.deny: list of hosts"..., 4096) = 901
read(15, "", 4096) = 0
close(15) = 0
munmap(0x2aaaaccb3000, 4096) = 0
fcntl(12, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
sendto(3, "<167>Jul 1 09:14:14 slapd[2765]"..., 102, MSG_NOSIGNAL, NULL,
0) = 102
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 1 (in [12], left {15, 0})
read(12, "0b\2\1\1`]\2", 8) = 8
[ some uninteresting ldap stuff ]
futex(0x603428, FUTEX_WAKE, 1) = 1
read(12, 0x6f30ff, 8) = -1 EAGAIN (Resource temporarily unavailable)
futex(0x2b0db3b35dc8, FUTEX_WAKE, 1) = 1
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
write(5, "0", 1) = 1
shutdown(12, 2 /* send and receive */) = 0
close(12) = 0
Here, we can see 5 select system calls for a real idletimeout is 75
seconds instead of 60.
Output 2
futex(0x603428, FUTEX_WAKE, 1) = 1
select(16, [4 6 7], NULL, NULL, {300, 0}) = 1 (in [6], left {230,
828000})
accept(6, {sa_family=AF_INET, sin_port=htons(51692),
sin_addr=inet_addr("192.168.1.1")}, [4647729933731233808]) = 12
setsockopt(12, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
setsockopt(12, SOL_TCP, TCP_NODELAY, [1], 4) = 0
open("/etc/hosts.allow", O_RDONLY) = 15
fstat(15, {st_mode=S_IFREG|0644, st_size=677, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x2aaaaccb3000
read(15, "# /etc/hosts.allow: list of host"..., 4096) = 677
read(15, "", 4096) = 0
close(15) = 0
munmap(0x2aaaaccb3000, 4096) = 0
open("/etc/hosts.deny", O_RDONLY) = 15
fstat(15, {st_mode=S_IFREG|0644, st_size=901, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x2aaaaccb3000
read(15, "# /etc/hosts.deny: list of hosts"..., 4096) = 901
read(15, "", 4096) = 0
close(15) = 0
munmap(0x2aaaaccb3000, 4096) = 0
fcntl(12, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
sendto(3, "<167>Jul 1 09:19:21 slapd[2765]"..., 102, MSG_NOSIGNAL, NULL,
0) = 102
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 1 (in [12], left {15, 0})
read(12, "0b\2\1\1`]\2", 8) = 8
[ some uninteresting ldap stuff ]
futex(0x2b0db3b35dc8, FUTEX_WAKE, 1) = 1
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
select(16, [4 6 7 12], NULL, NULL, {15, 0}) = 0 (Timeout)
write(5, "0", 1) = 1
shutdown(12, 2 /* send and receive */) = 0
close(12) = 0
Here, we can see 5 select system call for a real idletimeout is 75
Here we have 6 select system calls for a real idletimeout of 90 seconds
which is enough for the session to expire on the load balancer.
I have checked the source code and the logic that choose either to
idletimeout the session or go into a "SLAP_EVENT_WAIT" (select) call is
the following :
from server/slap/daemon.c
now = slap_get_time();
if ( ( global_idletimeout > 0 ) &&
difftime( last_idle_check +
global_idletimeout/SLAPD_IDLE_CHECK_LIMIT, now ) < 0 )
{
connections_timeout_idle( now );
last_idle_check = now;
}
As I understand this, no connection should be tested against the
idletimeout before any "event wait loop" takes more time than the
idletimeout parameter / 4.
In my case, I need the "event wait loop" to last more than 15 seconds
for connections to be checked against aging.
If I am not mistaken, as the difftime call compares seconds, I need the
loop to last a least for 16 seconds for the connections_timeout_idle
procedure to be called.
Am I understanding everything the right way ?
If it is the case, shouldn't the difftime call be tested <= 0 to help
idle sessions to be cleaned sonner ?
Many thanks.
--
Eric Déchaux
Ingénieur Kébabiste
Sun Microsystems Services France
15 years, 5 months
Identifying replicas behind a load balancer
by Sean Burford
Hi,
To help with troubleshooting I would like to identify my replicas through
an ldap search, even when they are behind a load balancer. I was
wondering what method and attribute other people generally use for this
purpose.
The RootDSE may be unique for each host, I can add a RootDSE config
line to slapd.conf to insert an ldif into the root DSE, so it seems to
be the ideal spot for per server identification.
Other spots include cn=monitor, cn=config, cn=Subschema or the main
directory tree. The monitorConnectionPeerAddress attribute in
cn=monitor isn't useable for identifying the server, since the address
appears as IP=0.0.0.0:389. cn=config isn't generally accessible so
also isn't suitable. The subschema could conceivably be twisted for
this purpose. The main directory tree is replicated so is not
suitable for identifying unique servers.
The RootDSE schema specifies that it may have a cn. OpenLDAP does not
provide one by default. Is it safe to use cn=hostname.domain.name?
It seems easiest to use CN for the host name, if it isn't earmarked for
something else in the RootDN.
The alternative would be to supplement the rootDSE with one or more
new attributes. I've had a look at how Active Directory and Novell
Directory Service identify servers. They both use attributes with
similar names and definitions. Active Directory has three attributes
that are used in the root DSE to identify the host. Novell
Directory Service has the same three attributes with very similar
names and equivalent descriptions/usage. The attributes
are:
* dnsHostName: The DNS name of this DC.
* serverName: DN for the server object for this directory server as
defined in the Configuration container.
* ldapServiceName: The UPN (User Principal Name) of the domain
controller hosting this instance of RootDSE. Computer objects are just
special forms of User objects, so they can have UPNs. The dollar sign
is Microsoft shorthand dating back to classic NT and SAM. It indicates
a hidden or secret object.
eg:
$ ldapsearch -x -W -D unix.gurus(a)example.com -H ldaps://dc.example.com
-b "" -s base serverName dnsHostName ldapServiceName
dnsHostName: dc.example.com
serverName: CN=DC,CN=Servers,CN=Configuration,DC=example,DC=com
ldapServiceName: example.com:dc$@EXAMPLE.COM
The schema for these attributes is described in various places. The
existing schema is somewhat unsatisfactory with the dnsHostName OID
(1.2.840.113556.1.4.619) being a duplicate of the lazy commit control
OID and serverName syntax being a Directory String rather than a
Distinguished Name.
For my testing I've defined the following non standard attributes.
There doesn't seem to be a need for an equality matching rule since
these are single valued rootDSE attributes:
# Non standard AD dNSHostName attribute (defines a max length in the syntax)
attributetype ( 1.2.840.113556.1.4.619 NAME 'dNSHostName'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{256}'
DESC 'DNS name of the directory server hosting this RootDSE.'
SINGLE-VALUE )
# Non standard AD serverName attribute (DN syntax instead of Directory String)
attributetype ( 1.2.840.113556.1.4.223 NAME 'serverName'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.12'
DESC 'DN for the server object for this directory server.'
SINGLE-VALUE )
--
Thanks,
Sean Burford
15 years, 5 months
Trouble setting password
by Fred Zinsli
Hello everyone
Newby here. I am having trouble getting started with my new ldap install.
I got it installed on FC8 and am now attempting to configure it.
I am attempting to setup the default password and I am getting this message.
[root@dofiss ~]# ldappasswd
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in database
This is my second day on trying to sort this out so any comments would be
most helpful.
Regards
Fred
15 years, 5 months
[ldap with tls] installation problem
by GanGan
Hello all,
I try to install tls for ldap but without success :(
I make a CA (compiled openssl)
when i start ldap with : service ldap start i have this logs :
May 27 20:39:29 srvtest3 slapd[19546]: @(#) $OpenLDAP: slapd 2.3.27
(Jun 27 2007 08:48:26) $
brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUIL
D/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
May 27 20:39:29 srvtest3 slapd[19546]: nss_ldap: could not search
LDAP server - Server is unavailable
May 27 20:39:29 srvtest3 slapd[19546]: nss_ldap: could not search
LDAP server - Server is unavailable
May 27 20:39:29 srvtest3 slapd[19546]: /etc/openldap/slapd.conf:
line 39: rootdn is always granted unlimited privileges.
May 27 20:39:29 srvtest3 slapd[19546]: /etc/openldap/slapd.conf:
line 44: rootdn is always granted unlimited privileges.
May 27 20:39:29 srvtest3 slapd[19546]: main: TLS init def ctx
failed: -1
May 27 20:39:29 srvtest3 slapd[19546]: slapd stopped.
May 27 20:39:29
srvtest3 slapd[19546]: connections_destroy: nothing
to destroy.
my /etc/openldap/slapd.conf is :
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
# logs
loglevel 4
# needed for login_ldap
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=midian,dc=org"
rootdn "cn=god,dc=midian,dc=org"
rootpw {SSHA}EkM4ViGxzWnZQ2n5hKBBcfffFMTcCO-0E4
directory /var/lib/ldap
index objectClass eq
# ACL
access to attrs=userPassword
by self write
by anonymous auth
by dn="cn=god,dc=midian,dc=org" write
by * none
access to *
by self write
by dn="cn=god,dc=midian,dc=org" write
by * read
# CA signed certificate and server cert entries:
# TLS & SSL
TLSCertificateFile /etc/openldap/cacerts/srvtest3.test.org.pem
TLSCertificateKeyFile
/etc/openldap/cacerts/srvtest3.test.org.key
TLSCACertificateFile /etc/ssl/cacert.pem
TLSVerifyClient never
my /etc/openldap/ldap.conf
base dc=midian,dc=org
uri ldap//srvtest3.test.org/
ldap_version 3
TLS_CACERT /etc/ssl/cacert.pem
TLS_REQCERT demand
my /etc/ldap.conf
# SSL & TLS
ssl start_tls
#ssl on
#tls_checkpeer yes
# Afin que le client puisse valider l'identitéu serveur, on
doit le fournir la cléublique
# du CA avec laquelle il pourra éblir que le certificat du
serveur a bien é signéar
# la clérivéde cette mê CA.
TLS_CACERT /etc/openldap/cacerts/ldap.crt
# On demande élement au client de toujours valider
l'identitéu serveur.
TLS_REQCERT demand
# IP du serveur ldap
#host 127.0.0.1
uri ldap://srvtest3.test.org/
# Le DN de base pour effectuer les recherches
base dc=midian,dc=org
# Optimisation de recherche dans la base
scope=one
# Pour que le poste demarre meme si le server
ldap ne repond pas
bind_policy soft
# Version du protocole utilise
ldap_version 3
# Port ecoute serveur
port 389
# Filtres de validation dun utilisateur
pam_filter objectclass=account
pam_filter host=srvtest3.test.org
# Attribut compare avec lindentifiant de connexion de lutilisateur
pam_login_attribute uid
# Verification attribut host
pam_check_host_attr yes
# DN groupe auquel il faut appartenir pour acces machine locale
pam_groupdn ou=group,dc=midian,dc=org
# Definit lattribut dappartenance au groupe
pam_member_attribute member
# password envoi serveur
pam_password crypt
# Parametres nss-ldap de recherche
nss_base_passwd ou=user,dc=midian,dc=org?sub
nss_base_shadow ou=user,dc=midian,dc=org?sub
nss_base_group ou=group,dc=midian,dc=org?sub
nss_base_hosts ou=machines,dc=midian,dc=org?sub if
someone could help me it would be nice sorry for my bad english
- GanGan -
15 years, 5 months
Performance - keep connection open between operations?
by k bah
I have some code that connects do LDAP, and between LDAP operations for a connection made, I have to contact other server (not LDAP), I wanna know if closing the connection to LDAP and then making it again (and of course a new bind) will take more time (I guess so) than wait for the "other" server to respond, and keep the connection to LDAP open. On some tests, the whole code (connect to the other server, closing that connection, and after that connecting to LDAP), with similar operations (operations performed on the "other" server and on the LDAP server) take no more than 1 second. The test was made with a *test* LDAP server, serves just me, but the "other" server, is a production one, that "almost 1 second group of operations" was made on a test LDAP server, and a real "other" server(busy), our company has a huge network and that server is clustered, thousands of connections/minute.
I think it's best to connect to LDAP, bind, make operations on LDAP server, keep the connection open, query the "other" server, then get back with the LDAP operations, and just then close the connection to the LDAP server, what do you think?
thanks
=
Home Business Miracle
Discover How I Made $72,144.13. Last Month Giving Away Free Training.
http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=650f274a600e14d771ac3...
--
Powered by Outblaze
15 years, 5 months
Integrate openldap with postfix
by Aravind Arjunan
hi,
I had configured postfix for my mail server which is working fine.
I had configured openldap on the same server and added many entries in that.
It is also working fine.when i use ldapsearch i can able to view the entries
etc.
The users which i had created in ldap is already there in OS for postfix.
I had integrated openldap with postfix, to fetch the mail infromation from
openldap.
like mailid,mailQuota,mailbox location etc.
But when i send mail to user it is fetching from openldap at all.
It is strainght away delivering to mailbox.plz help me with this issue
This is my main.cf file parameters.
[root@master ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, *ldap:aliases
*command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = panafnet.com
myhostname = master.panafnet.com
mynetworks = 192.168.117.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = $mydestination
relayhost = $mydomain
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
*aliases_server_host = localhost
aliases_server_port = 389
aliases_search_base = dc=panafnet,dc=com
aliases_scope = sub
aliases_bind = no
aliases_query_filter = (&(objectClass=qmailUser)(mail=%s))
aliases_result_attribute = mailMessageStore
aliases_timeout = 10
aliases_version = 3*
15 years, 5 months
[ldap with tls] installation problem
by GanGan
Hello all,
I try to install tls for ldap but without success :(
I make a CA (compiled openssl)
when i start ldap with : service ldap start i have this logs :
May 27 20:39:29 srvtest3 slapd[19546]: @(#) $OpenLDAP: slapd 2.3.27
(Jun 27 2007 08:48:26) $
brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUIL
D/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
May 27 20:39:29 srvtest3 slapd[19546]: nss_ldap: could not search
LDAP server - Server is unavailable
May 27 20:39:29 srvtest3 slapd[19546]: nss_ldap: could not search
LDAP server - Server is unavailable
May 27 20:39:29 srvtest3 slapd[19546]: /etc/openldap/slapd.conf:
line 39: rootdn is always granted unlimited privileges.
May 27 20:39:29 srvtest3 slapd[19546]: /etc/openldap/slapd.conf:
line 44: rootdn is always granted unlimited privileges.
May 27 20:39:29 srvtest3 slapd[19546]: main: TLS init def ctx
failed: -1
May 27 20:39:29 srvtest3 slapd[19546]: slapd stopped.
May 27 20:39:29
srvtest3 slapd[19546]: connections_destroy: nothing
to destroy.
my /etc/openldap/slapd.conf is :
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
# logs
loglevel 4
# needed for login_ldap
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=midian,dc=org"
rootdn "cn=god,dc=midian,dc=org"
rootpw {SSHA}EkM4ViGxzWnZQ2n5hKBBcfffFMTcCO-0E4
directory /var/lib/ldap
index objectClass eq
# ACL
access to attrs=userPassword
by self write
by anonymous auth
by dn="cn=god,dc=midian,dc=org" write
by * none
access to *
by self write
by dn="cn=god,dc=midian,dc=org" write
by * read
# CA signed certificate and server cert entries:
# TLS & SSL
TLSCertificateFile /etc/openldap/cacerts/srvtest3.test.org.pem
TLSCertificateKeyFile
/etc/openldap/cacerts/srvtest3.test.org.key
TLSCACertificateFile /etc/ssl/cacert.pem
TLSVerifyClient never
my /etc/openldap/ldap.conf
base dc=midian,dc=org
uri ldap//srvtest3.test.org/
ldap_version 3
TLS_CACERT /etc/ssl/cacert.pem
TLS_REQCERT demand
my /etc/ldap.conf
# SSL & TLS
ssl start_tls
#ssl on
#tls_checkpeer yes
# Afin que le client puisse valider l'identitéu serveur, on
doit le fournir la cléublique
# du CA avec laquelle il pourra éblir que le certificat du
serveur a bien é signéar
# la clérivéde cette mê CA.
TLS_CACERT /etc/openldap/cacerts/ldap.crt
# On demande élement au client de toujours valider
l'identitéu serveur.
TLS_REQCERT demand
# IP du serveur ldap
#host 127.0.0.1
uri ldap://srvtest3.test.org/
# Le DN de base pour effectuer les recherches
base dc=midian,dc=org
# Optimisation de recherche dans la base
scope=one
# Pour que le poste demarre meme si le server
ldap ne repond pas
bind_policy soft
# Version du protocole utilise
ldap_version 3
# Port ecoute serveur
port 389
# Filtres de validation dun utilisateur
pam_filter objectclass=account
pam_filter host=srvtest3.test.org
# Attribut compare avec lindentifiant de connexion de lutilisateur
pam_login_attribute uid
# Verification attribut host
pam_check_host_attr yes
# DN groupe auquel il faut appartenir pour acces machine locale
pam_groupdn ou=group,dc=midian,dc=org
# Definit lattribut dappartenance au groupe
pam_member_attribute member
# password envoi serveur
pam_password crypt
# Parametres nss-ldap de recherche
nss_base_passwd ou=user,dc=midian,dc=org?sub
nss_base_shadow ou=user,dc=midian,dc=org?sub
nss_base_group ou=group,dc=midian,dc=org?sub
nss_base_hosts ou=machines,dc=midian,dc=org?sub if
someone could help me it would be nice sorry for my bad english
- GanGan -
15 years, 5 months
Quota and groupOfUniqueNames
by AlexanDER Franca
Hi all.
I have a Linux + ext3 system and I'm stuck in a situtation that I can't configure any quota of groups because all my groups are groupOfUniqueNames.
I'm using Plone/Zope, so, now it's essential to use groupOfUniqueNames (and not posixGroup).
Is there any way to fix this mess?
Maybe I'm telling stupid things (like it's not possible use groupOfUniqueNames and group quota), I really don't know.
Must I change schemas or something like that?
[]'s
Alexander
Brazil - Rio de Janeiro
15 years, 5 months