openldap-technical August 2008

openldap-technical@openldap.org

63 participants
81 discussions

implicit context attribute in add request
by Wolfgang Bergbauer 12 Aug '08

12 Aug '08

Hi all, I have a problem with the standard JNDI LDAP bind request and wanted to know if OpenLdap behaves differently: e.g. when creating and object with a LDAP addRequest with a context of umObjectGUID=0, OU=People, DC=avaya then I will automatically get a attribute: umObjectGUID with value "0". So this is implicit, I do not specify this attribute. Unfortunately the ldap server then responds that this attribute is readOnly. Can anyone tell me if OpenLdap also add this implicit context attribute, or perhaps what other options do I have here? Thanks a lot, Wolfgang

1 0

ACL's for admin users
by Aravind Arjunan 12 Aug '08

12 Aug '08

hi, In my openldap i created a OU called india under this ou there are many users and one administrator as admin. I want this admin user to add and modify the users details only in this ou. for that i need to set the access control list. Can any one plz help me how to set acl's for this case. Remaining users have only read only permissions. eg: ou=india cn=admin---administrator cn=sachin cn=rahul cn=saurav cn=anil

2 1

allow admin group to write excluding specific users
by Stelios A. 12 Aug '08

12 Aug '08

Hello, I have a group called IT and another one called LDAP Admins. There are 5 users under IT and 2 under LDAP Admins. I'm looking for an acl where members of IT (groupOfUniqueNames) can modify/write anywhere under ou=Users.... apart from those users under the LDAP Admins group. Can anyone give me a help about this please. I've found only how to give access to IT group but not how to exclude LDAP Admins (2 in total) where those 2 exist also under IT group. Any ideas? Thanks

1 0

Re: mail Routing thorugh openldap attribute
by Santosh Balan 11 Aug '08

11 Aug '08

Hi, Create an MX record in your DNS server with the IP of the server, to which you need to divert your mails to and then give the host's name in mailHost attribute of LDAP. Regards Santosh Balan > ----- Original Message ----- > From: "Dieter Kluenter" <dieter(a)dkluenter.de> > To: openldap-technical(a)openldap.org > Subject: Re: mail Routing thorugh openldap attribute > Date: Thu, 07 Aug 2008 14:18:31 +0200 > > > "Aravind Arjunan" <aravind.arjunan(a)gmail.com> writes: > > > hi, > > > > I had configured mailserver in postfix and integrated openldap with postfix. > > All my users information is in openldap. > > > > Now i need to route my mail for particular user to his respective mail box. > > eg: > [...] > > > > So when i send mail to user1 , it will first check the mail > > address is correct or not from ldap entries > > and check mailHost for the particular user and must go the > > particular SMTP server where i had mentioned > > in mailHost attribute in ldap. > > > > But for me it is checking the mailHost attribute and i had > > mentioned the IP of the SMTP server in my LDAP > > for mailHost attribute.So for me it checks the mailHost attribute > > and delivering the mail in the same > > SMTP server by creating the IP as the username and droping the mail > > > > Any body plz guide me home to route the mail to the particular user > > . > > http://www.postfix.org/LDAP_README.html > > -Dieter > > -- > Dieter Klünter | Systemberatung > http://www.dkluenter.de > GPG Key ID:8EF7B6C6 > 53°08'09,95"N > 10°08'02,42"E > = -- Powered by Outblaze

1 0

Help with authz-regexp mapping kerberos identity to dn ....SASL
by Chavez, James R. 11 Aug '08

11 Aug '08

Hello all, My plan is to use Kerberos and LDAP as a replacement for NIS. My issue is that I need my kerberos credentials to map to a user in LDAP so I can avoid permission issues when logging in with kerberos creds. All the perms are based on the UNIX/LDAP users and groups. Thing is the user id's are different between kerberos and LDAP. The kerberos names consist of firstname_lastname@REALM. The ldap entries are in the format of standard Unix user names or first letter of first name and up to 7 characters of the last name (jmontana). I migrated the LDAP entries from my existing NIS maps. Now I understand that I can use SASL and authz-regexp in slapd.conf to map these id's. Please correct me if I am wrong. I added all the corresponding "krbName: first_last@REALM" to the users when I added them to the LDAP directory. For example for user Joe Montana..His ldap dn is "dn: uid=jmontana,ou=People,dc=test,dc=example,dc=com" His uid is "uid: jmontana And his Krb name is ""krbName: joe_montana(a)TEST.EXAMPLE.COM" I think all the data is there to get a mapping I just am unsure of the auth-regexp strings I need to add to the slapd.conf file. Does anyone out there have any experience with this and better yet provide the string or example of what strings I can use? I have searched the net on how to authenticate with kerberos and effictively login with a local id but have been unsuccessful in my search. Appreciate any help. Thank You James CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.

2 1

Updating password in slave ldap server
by Gustavo Mendes de Carvalho 11 Aug '08

11 Aug '08

Hi All, I have 2 LDAP Servers (1 master and 1 slave) and I synchronize bdb database by slurp daemon. So, when somebody needs to update his/her password or other information, everything is done in master server and then slave server receives this updates. This 2 servers are in the same physical place. Now I am planning to put another LDAP slave in other geographical place (far from this 2 servers) and because of that I am planning to put some slave server receiving all updates from master server, but in all ldap client machines in this new location I would like to configure this new slave server (Slave server 2) as URI host in ldap.conf files. I mean Location 1: Master server 1 and slave server 1 Location 2: Slave server 2 Is there any way to do: 1. ldap client machines in location 2 to authenticate using Slave server 2 ? 2. when client machines needs to change some ldap information (like password or personal information), to force this update to occurs in slave server 2 and then master server 1 receives this uodate ? Do I have to use 2 Master servers (1 in each location) ? If yes, can I synchronize both BDB databases ? How ? Any other suggestions ? Thanks in advance --- Gustavo Mendes de Carvalho email: gmcarvalho(a)gmail.com

3 4

using query filter with dynlist attributes
by Rahul Amaram 09 Aug '08

09 Aug '08

Hi, I would like to know if it is possible to use the dynamic attributes (obtained by dynlist overlay), in a ldapsearch query filter. I have tried using it but it does not seem to be working. Is there any fix for this or is there any other overlay which will allow me to perform an operation similar to sql join across different DN? Thanks and Regards, Rahul.

2 1

RE: LDAP Group Membership Scalability
by Jeff Sussna 08 Aug '08

08 Aug '08

Fantastic! What I was hoping/expecting to hear :-). ________________________________________ From: Gavin Henry [ghenry(a)OpenLDAP.org] Sent: Friday, August 08, 2008 4:57 PM To: Jeff Sussna Cc: openldap-technical(a)openldap.org Subject: Re: LDAP Group Membership Scalability Jeff Sussna wrote: > I am looking into using OpenLDAP to manage users and groups for my > system. A single group may contain up to 50,000 users. Does the LDAP > group membership mechanism suffer any scalability problems at that size? > > --------------------------------------------------------------- > Jeff Sussna > No. Some fortune 50s have every employee in an OpenLDAP Dynamic Group. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

LDAP Group Membership Scalability
by Jeff Sussna 08 Aug '08

08 Aug '08

I am looking into using OpenLDAP to manage users and groups for my system. A single group may contain up to 50,000 users. Does the LDAP group membership mechanism suffer any scalability problems at that size? --------------------------------------------------------------- Jeff Sussna

3 2

Using logical operators in LDAP queries.....
by ashish mahamuni 08 Aug '08

08 Aug '08

Hello everybody... I've my own objectClass called 'Agency'. It has fields called 'radius' and 'agencyName'. I want to find out all 'agencyNames' such that 'radius' is less than 400. How can I achieve this? Regards Ashish Unlimited freedom, unlimited storage. Get it now, on http://help.yahoo.com/l/in/yahoo/mail/yahoomail/tools/tools-08.html/

3 4

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical August 2008