openldap-technical October 2010

openldap-technical@openldap.org

99 participants
93 discussions

Re: Searched Attr=1.1
by Marco Pizzoli 01 Oct '10

01 Oct '10

Hi, Today I tried your suggestion, but with the same result. I also tried to comment out the "overlay" declaration of other overlays not involved (sssvlv, auditlog, memberOf) but again I obtained the same result. Thanks Marco On Wed, Sep 29, 2010 at 6:13 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > --On Wednesday, September 29, 2010 9:02 AM +0200 Marco Pizzoli < > marco.pizzoli(a)gmail.com> wrote: > > Hi Quanah, >> you're right. Those weren't my configuration but only an indication of >> the order in which those "groups" of directives appear in my slapd.conf >> config file. >> > > If you disable the sssvlv overlay entirely, do you still have this issue? > (I.e., don't load it, etc). > > > --Quanah > > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration > -- _________________________________________ Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi. Jim Morrison

1 0

Search control forwarding
by Javier Sanz 01 Oct '10

01 Oct '10

Hi, Is there any way to make back_meta or back_ldap forward server controls used in the queries to the LDAP servers?. I have a configuration where a back_meta acts as a proxy to an Active Directory, and currently clients are unable to make searches which return more results than the page size configure int AD, which by default is 1000, because, altough both their clients and AD support paged searches, back_meta does not forward it AFAIK. Thanks, Javier

1 0

ACL Question
by Diego Lima 01 Oct '10

01 Oct '10

Hello all, I have the following structure on my LDAP server: ou=Misc,dc=diegolima,dc=org ou=Users,dc=diegolima,dc=org Under users I have some user accounts, such as cn=user1,ou=Users,dc=diegolima,dc=org. I'd like to allow users to create an OU under ou=Misc as long as the OU had the user's name, such as ou=user1,ou=Misc,dc=diegolima,dc=org for user1 or ou=user2,ou=Misc,dc=diegolima,dc=org for user2, however I wouldn't like to simply create an ACL such as: access to dn.exact="ou=Misc,dc=diegolima,dc=org" by * add as this ultimately allows user1 to create an ou named "ou=user2,ou=Misc". What I first tried was adding an ACL like this: access to dn.regex="^ou=([^,]+),ou=Misc,dc=diegolima,dc=org" by dn.exact,expand="cn=$1,dc=diegolima,dc=org" write by * none However I receive an error telling me that I need write access to the parent entry to create this, and if I use the first ACL I seem to be able to create OUs without any naming restriction. Is there even a way to accomplish this? Thank you very much! -- Diego Lima

2 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical October 2010