openldap-technical October 2024

openldap-technical@openldap.org

16 participants
14 discussions

ACL: write vs. manage
by Windl, Ulrich 14 Oct '24

14 Oct '24

Hi! Basically I have the same question as unanswered https://serverfault.com/q/998893/407952: What is the difference between write and manage? I have a use with write permissions for pwdGraceUseTime, and deleting that attribute requires "-e relax" for ldapmodify. However when my user ties it, it gets a ldap_modify: Insufficient access (50) Kind regards, Ulrich

2 1

symas2.6.7 is data transfer is faster in centos7 but very very slow in rocky8
by anilkumar.pathuri7＠gmail.com 11 Oct '24

11 Oct '24

Hi Team, GM We are working on moving from openldap2.4.44 to symasldap2.6.7. We have total of 13million docs. centos7 to centos7 is taking 1~2hours where as rocky8 is taking 48hours and more. Settings of centos7 and rocky8 are identical. We are moving to rocky8 as centos7 is EOL. Can you please let us know how we can fix the data transfer issue. Regards, Anil P

4 14

ldapsearch by aliased objectClass
by Joril 11 Oct '24

11 Oct '24

Hello, I've created an alias by following the FAQ at https://www.openldap.org/faq/data/cache/1111.html dn: uid=alias,ou=People,dc=example,dc=net objectclass: alias objectclass: extensibleObject uid: alias aliasedobjectname: uid=target,ou=Retired People,dc=example,dc=com The problem I'm facing is that this needs to be queried by an application (out of my control) that queries LDAP looking for a particular objectClass, like this: (&(objectClass=person)(uid=alias)) This query misses the alias, I guess because the alias object has just "alias" and "extensibleObject" as classes... Is this expected? Is there a way to work around this, server-side? I mean, to tell the LDAP server to look for "aliased" properties? Many thanks for your time!

3 3

An interesting note on using ldappasswd in OpenLDAP 2.4
by Windl, Ulrich 09 Oct '24

09 Oct '24

Hi! In the past I was using some LDAP administrator account to reset a user's password (using "ldappasswd -H $server -x -ZZ -D $admin -W "$DN""), and the system output the new password. But after having created a special account that ist to be used to reset passwords only, the same command failed with Result: Constraint violation (19) Additional info: Password fails quality checking policy So it seems the admin account circumvents the password policy restrictions, while the special account does not. But the main reason I'm writing this is that the passwords generated by ldappasswd do not seem to fulfill today's requirements (too short, basically). However 2.4 is very old, and it seems the current ldappasswd does no longer create automatic passwords (reading https://git.openldap.org/openldap/openldap/-/blob/master/clients/tools/ldap…). Regards, Ulrich

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical October 2024