I have a question: I slapd bound to access rights itself, i.e. do you have to assign some rights for e.g. the password policies for slapd to read those?
What are the minimum (i.e. recommended) acess right for the password policy and the pwdPolicySubentry?
I have setup Openldap and managing the same through Ldap Account manager(
I 'm able to create the accounts through ldif file and as well as through
the ldap account manager .Is it possible to send email to user once the
account is created on ldap .I have googled but I'm able to get results
which tells on integrating openldap with smtp server .
Mob# : +91 9886545674
Quiero configurar lo siguiente
y quiero tener varios usuarios
quisera asignar los usuarios a las ou
Quisiera restringir que el usuario1 solo pueda ingresar a la
ou=administracion y a ou=facturacion y que NOPUEDA ingresar a la ou=cobros
Como puedo hacer esto?
I've been asked to log & track changes made to our LDAP system. My
initial thought was to use the auditlog overlay as it outputs to a
text file, thus making it relatively straightforward to parse, but a
suggested a potential problem, namely no logging of time and name for
Replies to that discussion suggested the use of accesslog instead.
However, that logs to a database which isn't really what I'm after. A
sought answers similar to the one I'm looking for now, namely is there
a way of getting changes logged into a text file?
One of the replies (from Quanah) suggested ldap-stats.pl but I'm not
looking for stats - I'm looking for the actual changes being made.
Since both of those discussions are quite old, I was wondering if
there was any up-to-date advice regarding best practice for the sort
of information I'm trying to capture?
hello to everyone.
[I already tried to send this message to the list. as a list-subscriber I couldn't see it in my inbox neither I saw it on the web list archives. I hope you did not get this message twice]
* I was able to run tests against a 2.4.39 OpenLDAP server configured to make use of a MySQL server database.
* I have a properly installed Oracle client and also properly configured unixODBC to query Oracle via the "isql" command.
* I can see queries run against the oracle instance (although bind-values masquerade run-time queries)
after issuing all the DDL and DML statements that come with the distributed software and after modifying the slapd.conf as suggested, I run into problems when starting the server (enclosed please find the complete output with debug set to "-1"): I get the following error even if the query with "2" as the bind value properly works.
Q1) what am I missing? have you got any hint? (if needed, I can provide further information)
Q2) are the provided sample files supposed to work as-is?
Q3) if the answer to Q2 is "no" but you have been able to run back-sql and Oracle, could you please share DDL and metadata?
thanks for your support,
5447ade2 backsql_oc_get_attr_mapping(): error executing at_query
FROM ldap_attr_mappings WHERE oc_map_id=?"
for objectClass "document"
with param oc_id=2
5447ade2 Return code: -1
5447ade2 backsql_db_open(): schema mapping failed, exiting
5447ade2 backend_startup_one (type=sql, suffix="dc=example,dc=com"):
bi_db_open failed! (1)
tools/clients break against sha256 certs,
TLS: loaded CA certificate file
/etc/openldap/cacerts/5d05809b.0 from CA certificate
TLS: error: connect - force handshake failure: errno 0 -
moznss error -5938
TLS: can't connect: TLS error -5938:Encountered end of file.
is this expected?
(sorry for poor english)
I already ask here for meta and it's working (only have the date format
conversion problem but we are about to find alternative)
So the ldap proxy can search for a user and provide attributes from an
AD, Edir and openldap.
but now I want to add attributes to the edir and openldap users search
result to have as much as from a AD user
I plan to use translucent to add these attributes, find that translucent
cannot be used with meta so create new slapd instance.
I have add base and OU into this instance
I read carefully http://www.openldap.org/doc/admin24/overlays.html , and
I understand that they explain how to add attributes to only one group
here my questions
how can I add attributes to the translucent instance to all users in an
OU (and sub) ?
is there another way to do what I want to do ?
thanks all for responses
I read a long time ago theses very interesting benchmarks : http://symas.com/mdb/microbench/july/.
It seams that ext2 is the fastest filesystem for asynchronous writes.
Do you think an ext4 filesystem without journalisation but with extents could be faster ?
A LMBD database is a big flat file isn't it ? Extents are very interesting with that kind of files, aren't they ?
Did someone try it ?
I am running into issues on RHEL 6.x servers (mix of 6.5 and now 6.6)
when attempting to disable SSLv3. I have compiled the servers with the
--with-tls=openssl option and communication appears to be working well
between servers to matter what I have for SSL Protocol. My problems are
with the clients.
For client configuration I install the openldap-clients package via yum
install. Everything works as expected with this setting on the server side:
as soon as I modify the +SSLv3 to -SSLv3 to this:
the client no longer works. I have tried just about everything I can
think of. I /can /get ldapsearch to work properly when I compile the
openldap source on the client but sssd / authentication on the Red Hat
side still fails. Here is the error message I am getting:
54481b75 >>> slap_listener(ldaps://blah)
54481b75 connection_get(38): got connid=1009
54481b75 connection_read(38): checking for input on id=1009
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client hello C
TLS trace: SSL_accept:error in SSLv3 read client hello C
TLS: can't accept: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
54481b75 connection_read(38): TLS accept failure error=-1 id=1009, closing
54481b75 connection_close: conn=1009 sd=38
I am assuming this has something to do with RHEL clients linking to
MozNSS libraries instead of openssl but can not be sure of that. Again,
to be clear - I do not change anything but the olcTLSCipherSuite entry
so I do not believe it is a certificate issue.
Is there a solution to LDAP auth for RHEL clients with only allowind
TLSv1.2? I will gladly compile from source or use the LTB Project rpms.
Thanks in advance,
Manager of Library Systems
UW Madison - Library Technology Group
I need to set up a backup OpenLDAP cluster and I am looking for advices on
the best solutions to achieve it.
The situation is:
* A mirror mode cluster on one geographical site
* A mirror mode cluster on another geographical site (backup site)
* I would prefer not to impact configuration of main cluster
* I think that full multi-master on different geographical site is not the
best solution (but maybe I am totally wrong on this point)
The backup site must be in sync with the main site.
Here are my two ideas:
* Configure a syncrepl client to main cluster on each node of the backup
cluster. Question is: will not be conflicts as each node of the backup
cluster is already synced with the other backup node?
* Configure a LDAP proxy (back-ldap) to backup cluster, with syncrepl
client to main cluster. But would back-ldap be able to write operational
attributes to backup cluster?
I imagine that some of you already have such needs, could you share your