I have Active Directory server, OpenLDAP server and a client machine.
AD is based on Windows Server 2003, OpenLDAP is 2.3.43-3.el5 running on
CentOS 5 i386, client machine is as well CentOS 5.
Does OpenLDAP server in any version, allows me to rewrite/remap/merge
- Active Directory
- internal LDAP database (or any database)
to make them suitable to nss_ldap?
AD doesn't have all attributes which are needed by nss_ldap, so I
thought to keep internal LDAP database with missing information
(uidNumber, loginShell, etc) and merge, rewrite, remap or meta this
information, and then give that result to the nss_ldap.
I understand that it is possible to merge with slapd-meta different DIT
from different databased as a single DIT, but what I need here is to
merge attributes from one db, with second db (Active Directory), then
rewrite that, and finaly return result to the querying client.
What I mean is, is it possible to rewrite/remap results from AD which
look like that:
name: Mikolaj Kucharski
with pieces missing from another ldap db, to something like that:
cn: Mikolaj Kucharski
gecos: Mikolaj Kucharski
I see that this is something overly complicated, but I wanted to know is
that possible. If it is, could someone give me which version of OpenLDAP
supports it and where I can read how to implement that. Thank you.
We have been setup a 4 ways multi-master replication openldap version 2.4.11.
It has been running for a year.
However, recently, we find that one of the server has 100% high CPU and all the replication can't be replicated to that server.
After restart the slapd process, it can be resumed normal. But afraid that high CPU will occur again.
What changes recently is that we just added 1 field in the schema file in all the 4 servers, there is no other things changed.
Any idea of the high CPU ?
What data should be collected in case high CPU occurs again ?
嶄新的 Windows 7：找出適合您的電腦。深入了解。
How to set a filter to connect tow entrys like SQL of database?
I need to do a search and the result is:
if the entry1's status=active,then research other entry using the query
if the entry1's status=inactive,the the research returen null result.
How can I do this search?
And if it can do,how to set the ldap.conf located /etc/ldap.conf?
Today i tried to install openldap2.4.20 on RHEL 5.2. After firing
./configure script, i got following error
*Configure:error: Berkeley DB version incomptible with BDB/HDB
*But after investigation i found that db4 with version 4.3.29 is installed
on my system. So what i should do now,
Should i replace my Berkeley DB package? I want to be sure that other
running programs not get any issue after bdb upgradation.
How one know which bdb version is required by current openldap package ?
I have Openldap set up on a CentOS 5 system (using the stock 2.3.43
RPMS) and I want to allow users to change their passwords, but I am
confused by the documentation (it has both too much and not enough
information -- there don't appear to be simple HowTos for common setups).
I am not sure what to put in /etc/openldap/slapd.conf (I think I need an
ACL). I expect I need something in /etc/openldap/ldap.conf (or
prossibly /etc/ldap.conf) to allow the authorization. This is on a LAN
with diskless clients, behind a firewall, so I *probably* don't need to
set up SSL and certs (but I am unsure of this as well).
Robert Heller -- 978-544-6933
Deepwoods Software -- Download the Model Railroad System
http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows
heller(a)deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/
I would like to know how to use the check_password module that comes
with the ppolicy overlay.
A rpm package exists but i didn't find a debian one.
I could compile it but i don't understand how to use the different
Is there somebody that figured out how to use it on debian ?
Do you know a good howto for debian ?
My problem is the following i need to store user password in an openldap server but the user password can not be encrypted. I know that openldap use hashing algothitm to store this attribute and that i can use clear text, but i want to store user password using a reversible algorithm not clear text.
The Active directory accounts has an option (Store Password using Reversible Encryption) that permit this. Is there any option like this in an openldap server?
PD: Forgive me my english my native languaje is spanish...