openldap-technical

openldap-technical@openldap.org

13 participants
9906 discussions

Re: 2.4.40 RPMs for openSUSE
by Michael Ströder 11 Dec '14

11 Dec '14

Ulrich Windl wrote: >>>> Michael Ströder <michael(a)stroeder.com> schrieb am 11.12.2014 um 09:25 in > Nachricht <54895505.5050005(a)stroeder.com>: >> Ulrich Windl wrote: >>>>>> Michael Ströder <michael(a)stroeder.com> schrieb am 10.12.2014 um 23:34 > in >>> Nachricht <5488CA70.3080805(a)stroeder.com>: >>>> HI! >>>> >>>> After some struggle and help by some opensuse-packaging list members >>>> (thanks!) >>>> I achieved almost what I wanted. >>>> >>>> I'd appreciate if someone could work on SLES support. >>> >>> AFAIK SLES 12 (current) will ship 2.4.39; it shouldn't be hard to use the >> SRPM >>> to upgrade to 2.4.40. >> >> Actually the package was not made from scratch. >> It's branched from the original openSUSE package. >> >>> I never did it, but I guess you can use the SUSE build >>> server to do the job. >> >> Before telling everybody what's already known: >> >> Did you actually read my e-mail? >> If yes, then you should have seen that the links in my e-mail are pointing >> to >> the SUSE build service. > > The links are pointing to some location within opensuse.org, No. https://build.opensuse.org is *the* link to the SUSE build service. Even a SuSE beginner, like myself, should know that. > and it's not > ovbious from the URI how the packages were built, and no: I' don't klick on > every link in every message, especially if I don't want to download the > software at the URI. Feel free to ignore information provided. But don't whine when you're ignored then. >> Please stop writing here when you're not willing to spend at least two >> minutes for reading and thinking before posting. > > Unfriendly tone seems to be common on this list. > > Maybe add to your signature: "I'm a guru, don't try to tell me anything, even > if it seems I'm asking for advice" If you dig into mailing list archives you can see that I give unpaid volunteer support since 15+ years now. I do this because other skilled people helped me when I was a beginner. And I can claim that I'm most times quite patient explaining things. I'm also not perfect either and consider myself to be still learning. The point is: Your postings are often plain wrong. It costs of lot of time to correct your false statements so that mailing list archive is not filled with rubbish leading beginners into the wrong direction. The deal with functional community support is: Don't generate extra work for the experts. Be committed to take over work items you can do yourself. So ask yourself before blaming others for their tone: What's your community contribution up to now? Ciao, Michael.

1 0

Re: Antw: 2.4.40 RPMs for openSUSE
by Michael Ströder 11 Dec '14

11 Dec '14

Ulrich Windl wrote: >>>> Michael Ströder <michael(a)stroeder.com> schrieb am 10.12.2014 um 23:34 in > Nachricht <5488CA70.3080805(a)stroeder.com>: >> HI! >> >> After some struggle and help by some opensuse-packaging list members >> (thanks!) >> I achieved almost what I wanted. >> >> I'd appreciate if someone could work on SLES support. > > AFAIK SLES 12 (current) will ship 2.4.39; it shouldn't be hard to use the SRPM > to upgrade to 2.4.40. Actually the package was not made from scratch. It's branched from the original openSUSE package. > I never did it, but I guess you can use the SUSE build > server to do the job. Before telling everybody what's already known: Did you actually read my e-mail? If yes, then you should have seen that the links in my e-mail are pointing to the SUSE build service. Did you bother clicking on one of the links? If yes, you should have seen from which package my package is branched. You can even see the linkdiff with *one* click. Please stop writing here when you're not willing to spend at least two minutes for reading and thinking before posting. Ciao, Michael.

1 0

Performance impact of linking libwrap
by Michael Ströder 10 Dec '14

10 Dec '14

HI! I'm currently trying to upgrade an OpenLDAP package for a openSUSE distribution. The original package links slapd with libwrap which made sense in former times on systems without local host firewall mechanisms. If libwrap does not have a major performance impact I'd keep it that way just for sake of backward compability. But AFAICT if slapd is linked with libwrap the TCP wrapper is always asked whether a connection is allowed or not. One cannot disable it by slapd configuration. So the question is: How big is the performance impact? Ciao, Michael.

6 11

./configure option for /usr/sbin/slapd
by Michael Ströder 10 Dec '14

10 Dec '14

HI! Is there a possibility to tell ./configure to install the slapd executable also in /usr/sbin/ instead of libexecdir? I set --libexecdir to arch-specific directory /usr/lib or /usr/lib64 for the loadable modules but would like to have slapd in the arch-independent directory /usr/sbin/. Ciao, Michael.

2 1

Problems starting an instance of openLDAP
by Ike Ikonne 10 Dec '14

10 Dec '14

Hi all, I am getting the following error message and would like to know if anyone has any idea as to why I am getting it: 547e04ae line 55 (index telephonenumber) 547e04ae index telephoneNumber 0x0714 547e04ae line 56 (index cn) 547e04ae index cn 0x0714 547e04af config_back_db_open: No explicit ACL for back-config configured. Using hardcoded default 547e04af config_build_attrs: error 21 on olcConfigFile value #0 547e04af config_build_entry: build "cn=config" failed: "" 547e04af backend_startup_one (type=config, suffix="cn=config"): bi_db_open failed! (-1) 547e04af slapd stopped. Thanks, Ike

3 8

-DLDAP_CONNECTIONLESS
by Michael Ströder 10 Dec '14

10 Dec '14

HI! Another packaging decision: Is building with -DLDAP_CONNECTIONLESS of any real use? Is there any harm using it? Personally I see no use but one never knows... Ciao, Michael.

4 9

ldap sync
by Kolijn, P. 10 Dec '14

10 Dec '14

List, I have been trying to configure a producer -> consumer setup with 2.4.39 and a mdb backend. It seems to work, for awhile, but the sync stops when data.mdb is approx 15M, about 1630 entries instead of the 50000 and about 400M... If I do a slapadd of the data into my consumer it will grow beyond the 15M size... --snip-- # ldap data database mdb maxsize 1073741824 directory /var/lib/ldap suffix "dc=example,dc=com" rootdn "cn=ldap_admin,dc=example,dc=com" rootpw "{SSHA}0rvO4rPODnqNPqkbDv/vuKm8hXGS7mtG" # Sync Consumer # The indent is necessary syncrepl rid=002 provider=ldap://ldapmaster.test.example.com type=refreshAndPersist retry="5 5 300 5" searchbase="dc=example,dc=com" filter="(objectclass=*)" attrs="*" scope=sub schemachecking=off bindmethod=simple binddn="cn=replicator,dc=example,dc=com" credentials="secret" -- end snip -- I have set the global options: -- snip -- sizelimit unlimited timelimit unlimited -- end snip -- ...but that didn't help... I have no clue why or where this is coming from or how to figure out where it goes bottom up.. any pointers ? thnx ! -- Pascal Kolijn Vrije Universiteit Amsterdam

5 6

Re: Antw: adding a custom attribute
by Michael Ströder 10 Dec '14

10 Dec '14

Ulrich Windl wrote: >>>> http://tools.ietf.org/html/rfc4512#section-2.5 >>> >>> I couldn't quite read it from there: The closest match I found was: "oid = >>> descr / numericoid", but I was talking about the "on wire" protocol of LDAP. >>> Are there really named objects and attributes? >> >> You really ask to be spoon-fed. >> [..] >> Is it really so hard for you to find the line >> "Examples of valid attribute descriptions:" >> in this particular section? > > No, but what exactly does the example tell about the on-wire protocol? http://tools.ietf.org/html/rfc4511#section-4.1.4 Ciao, Michael.

1 0

Re: Antw: adding a custom attribute
by Michael Ströder 10 Dec '14

10 Dec '14

Ulrich Windl wrote: >>>> Michael Ströder <michael(a)stroeder.com> schrieb am 10.12.2014: >>> I thought the LDAP _protocol_ uses OIDs everywhere, and names are just for >>> human users...? >> >> Nope. One could regard this as design deficiency (in comparison to X.500). >> >> http://tools.ietf.org/html/rfc4512#section-2.5 > > I couldn't quite read it from there: The closest match I found was: "oid = > descr / numericoid", but I was talking about the "on wire" protocol of LDAP. > Are there really named objects and attributes? You really ask to be spoon-fed. Aren't you the one who claimed to write schema-aware LDAP client. If yes, then you should really know RFC 4512 by heart. Is it really so hard for you to find the line "Examples of valid attribute descriptions:" in this particular section? Ciao, Michael. P.S.: You're one nonsense posting away from my killfile.

1 0

Re: Antw: RE: N-Way multimaster Replication with TLS and multiple server certificates
by Michael Ströder 10 Dec '14

10 Dec '14

Ulrich Windl wrote: >>>> Michael Ströder <michael(a)stroeder.com> schrieb am 10.12.2014 um 09:44 in > Nachricht <548807E4.5000108(a)stroeder.com>: >> Ulrich Windl wrote: >>>> I use a cert with the VIP used by clients, and the hostnames used between >>>> the servers all setup in the subjectaltname of the certificate. >>> >>> But this "solution" does not scale well when adding or removing servers... >> >> Why does it not scale? >> >> If you have an individual cert for each server with the VIP DNS name in >> subjectAltName you can just add servers as needed. > > The point is: If you change one server, you'll have to update certificates for > all active servers; Nonsense. This will only be the case if you change the VIP's DNS name. Or could you please tell us what's so hard to understand with "individual cert for each server"? > not to talk about that fact that all certificates will > expire exactly at the same time. Uuuh... yes, there's work out there to be done. So what's the real problem? Ciao, Michael.

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical