Hi, people! I'm atemptting to migrate to openldap-2.4.8(I realy need mirrormode replication). But some problems appear, first of all, number of ldap editors(gq, luma, JXplorer) can't add new entries into ldap tree, actually only phpldapadmin can do than; second, can't setup pam_ldap/nss_ldap to authenticate via openldap-2.4.8. Last one really makes new openldap version completely unusable. Is any way to solve this problems?
uri_gr1@tut.by wrote:
I'm atemptting to migrate to openldap-2.4.8(I realy need mirrormode replication). But some problems appear, first of all, number of ldap editors(gq, luma, JXplorer) can't add new entries into ldap tree, actually only phpldapadmin can do than;
Hmm, I doubt that. Maybe some ACLs in effect? You should try to raise the debug level (e.g. by starting slapd on the console with command-line option -d).
second, can't setup pam_ldap/nss_ldap to authenticate via openldap-2.4.8. Last one really makes new openldap version completely unusable.
Well, you don't provide *any* information about your setup. So giving reasonable answers is impossible.
Is any way to solve this problems?
Given that people are deploying 2.4.8 it seems possible to solve these problems. ;-)
Ciao, Michael.
В сообщении от Friday 04 April 2008 17:17:15 Michael Ströder написал(а):
uri_gr1@tut.by wrote:
I'm atemptting to migrate to openldap-2.4.8(I realy need mirrormode replication). But some problems appear, first of all, number of ldap editors(gq, luma, JXplorer) can't add new entries into ldap tree, actually only phpldapadmin can do than;
Hmm, I doubt that. Maybe some ACLs in effect? You should try to raise the debug level (e.g. by starting slapd on the console with command-line option -d).
second, can't setup pam_ldap/nss_ldap to authenticate via openldap-2.4.8. Last one really makes new openldap version completely unusable.
Well, you don't provide *any* information about your setup. So giving reasonable answers is impossible.
ОК.
On attempt to auth via ldap next error appear: conn=0 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
Is any way to solve this problems?
Given that people are deploying 2.4.8 it seems possible to solve these problems. ;-)
Ciao, Michael.
uri_gr1@tut.by wrote:
On attempt to auth via ldap next error appear: conn=0 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
This means that the LDAP client is sending a StartTLS extended operation to establish an encrypted LDAP connection but the OpenLDAP server is not built with TLS support or not correctly configured for that.
So depending on your security requirements you should try to configure the clients without requesting StartTLS or fix the OpenLDAP installation/configuration to support that.
See also: http://www.openldap.org/faq/data/cache/185.html
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
uri_gr1@tut.by