| |
| |
| |
|
Page: 1 2
Comments:
<0> wow, what is Neil Wilson smoking these days...
<0> I guess it's just as well, his drug-induced fantasy world is probably far more pleasant than the harsh reality Sun DS is facing.
<0> codebase over ten years old and nobody had bothered to keep it up to date with the performance, scalability, and feature set requirements of customers over time...
<0> making a change to one area of code requires an in-depth understanding of several other components and no one left on the team possesses such understanding...
<0> we're preparing for the future and we think an open development model needs to be a big part of that because we don't haveany developers left of our own who are equal to the task...
<0> pathetic
<1> The Grenoble guys aren't working on Sun DS anymore?
<0> they say a DS 6.0 will be pushed out in a few months
<0> but Sun is tossing it all out and starting over in Java. Morons.
<0> but judging from the fact that they stayed at DS5.2 since 2002, I'd say the Grenoble team hasn't done a whole lot.
<1> I guess so, they pushed out some updates that added something, I forgot what, but it's been pretty quiet I guess
<1> Wow, are they really starting from scratch and rewriting in java? That's pretty bizarre
<0> http://blogs.sun.com/roller/page/DirectoryManager?entry=introducing_the_opends_directory_service#comments
<1> Oh I see, exception handling in the JVM makes it all worth it
<0> LOL
<0> Yet again... anyone who uses "performance" and "java" in the same breath really needs their head examined.
<0> While OpenLDAP keeps getting faster, they're dumping the closest thing they had to competitive, and automatically handicapping themselves by an order of magnitude.
<0> Oh well, kinda takes the fun out of beating them...
<2> users full names are stored in ldap, and magically mutt finds these and inserts them in the From: header, however the names are put in utf8, which is how data is storedin ldap, while the rest of the system runs on iso-8859-1
<2> so all names with scandinavian characters get malformed
<2> is there a working solution to that problem?
<0> sounds like mutt needs to be fixed
<2> is there some way i can verify that mutt is the problem?
<0> LDAPv3 is defined to use utf-8
<0> so obviously the replies mutt gets from LDAP will be utf-8. it's up to mutt to turn them into iso-8859-1 if that's what it wants.
<2> also when i slapcat the ldap data, all names that contain these characters look almost like random p***word strings instead of their names
<2> however phpldapadmin still displays these correctly
<0> magic...
<2> id expect slapcat to display them according to current charsets
<0> slapcat outputs data in LDIF.
<0> read the LDIF spec.
<2> ok
<3> Plus the cat would probably scratch your arm
<4> anyone have an experience with AIX and pam_ldap or nss_ldap?
<5> hello
<5> sorry i dont speak english very well. I have problem with LDAP. Actually i have it on gentoo and it working very well. But now i want join to LDAP server some computer with freebsd. My question is: what i must configure if i want connect ldap client (freebsd) to server (gentoo) and read/write information to LDAP base (again sorry for my english)
<5> i think i must configure ldap.conf on client computer (URI and BASE) and generate file to ldap server (master.p***wd,p***wd,group,hosts) and upload it to ldap base..
<5> but what next?:)
<6> hi, i have a 'strange' problem with openldap syncrepl. When the consumer is initializing it's database, it retrieves entries for which the base objects haven't been created
<6> for example: cn=record,dc=domain.name is created while dc=domain.name is missing
<6> at the end of the sync, I get lots of 'syncrepl_del_nonpresent' debug messages
<6> my consumer is running 2.3.24, my producer 2.3.12
<6> when I dump my producer database to ldif, the records are there
<7> eborn, you should initialise the consumer first
<7> with an ldif dump
<7> it *should* work to start with an empty db, but there are some caveats
<6> _ranger_, ok, i'll try that. In the past, re-initializing from scratch worked fine. But using the ldif works ok :)
<8> Hello.
<8> I want to learn about LDAP, Active Directory, etc..
<8> Does anybody have a good link / etc.. ?
<9> http://www.redbooks.ibm.com/redbooks/SG244986.html
<8> Gagatan, is LDAP related to active directory ?
<9> active directory is a collection of tools, where ldap is only a part of it
<9> other parts are kerberos, dns, dhcp, windows domain controller etc
<10> hello there. Just tried "gluing" 2 trees with little success. I've read that the rootdns need to be the same for each tree. Thing is, the root dns are different. I got cn=Manager,dc=a,dc=example,dc=org and cn=Manager,dc=b,dc=example,dc=org. What are my options? thanks!
<11> hello, all! i'm setting up phpldapadmin on sarge and i can get it to connect by ssl to the server (w/o ssl connects fine)
<11> sorry, i mean i _can't_ get it to connect by ssl
<12> does anyone here have a little exp with ldap proxy cache ?
<12> btw, hi o/
<12> nok nok!
<10> idiosyncratic: it's very quiet today
<12> so i'll just post to -software@ then
<13> god morning, I'm using ldap for authentication between a Suse Linux Enterprise Server and CentOS 4 machine. Users can login just fine but none of their groups seem to follow (checked via 'groups'). I thought perhaps an NIS server would solve this problem, but alas I can't seem to get that to work. Can anyone point me in the right direction to getting ldap groups to roam with users?
<7> LDAP should work fine and is better than NIS
<12> Stonekeeper: what was you just saying? ... ;-)
<7> does 'getent group' show groups in ldap ?
<7> idiosyncratic, I haven't really used proxy cache much
<13> _ranger_: checking
<10> idiosyncratic: ok, so we're all on /ignore lists :P
<13> yes it does...
<7> idiosyncratic, but, whether I have or not may not impact whether anyone here can help you at all
<12> _ranger_: is it *worth* using ?
<7> idiosyncratic, depends on the situation
<7> eg, I have a scenario where I will probably use it ...
<12> i want to build a redundant RADIUS backend
<7> but I haven't had time to get there
<7> idiosyncratic, explain that properly
<12> for >3000 users
<7> we have a redundant radius backend for 300 000 users
<7> it uses multiple ldap slaves
<14> Hi... I've just setup LPAD and Kerberos so that I can use Active Directory (Windows 2003) for user authentication over Linux machines... Kerberos seems to be working ok, but with ldap I have problems... e.g. ldapsearch gives the following error: "ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Cannot determine realm for numeric host address)". Any help?
<13> _ranger_: the groups show up in getent groups, but it doesn't show the users as being members
<7> Bic2k, the question is what tool is responsible for it
<7> Bic2k, does 'id <user_in_ldap>' as root show correct groups
<12> _ranger_: please be more specific
<13> _ranger_: nope
<12> _ranger_: do you use DNS round-robin load balancing ?
<7> idiosyncratic, no, we use a network load balancer
<7> round-robin is not going to do well for radius
<7> either your radius server should support it, or you should look at a load balancing tool
<7> eg pirhana (if you want to run it on a host) or a network element (Alteon switch, Cisco CSM)
<7> Bic2k, are you using nscd on the ldap clients?
<12> i'm not sure if freeradius supports any kind of load balancing
<7> idiosyncratic, yes, afaik it only supports failover
<7> if failover is enough, that would be ok (for our radius needs, failover is probably ok, but we have other ldap clients)
<12> do you mean that the IP of the backend host is being read from DNS by radius at startup only?
<7> idiosyncratic, well, you may want authenticators (eg freeradiusd, authdaemond) to be able to use persistent connections
<7> but, DNS isn't good as a real load balancer
<13> _ranger_: so any idea's as to why groups aren't getting mapped to the users?
<10> Bic2k: is the right dn set in your nsswitch.conf or equivalent file?
<10> *for groups
<12> _ranger_: what if DNS is updated dynamically, like, by some homemade script or smth ?
<13> Stonekeeper: I don't think you can set that in the nsswitch.conf, but I'll take a look for where that does get set
<10> ok. It's set in my nsswitch.conf file...
<7> idiosyncratic, I don't trust DNS for 1000 concurrent connections ...
<7> idiosyncratic, DNS can't detect failures as well as a software load balancer
<10> as a general question, does dc=a,dc=example,dc=org lie in the context dc=example,dc=org?
<7> <7> Bic2k, are you using nscd on the ldap clients?
<10> or should i say valid within that context
<13> _ranger_: yes
<7> Bic2k, run 'nscd -i group' and 'nscd -i p***wd', then try again
<13> Stonekeeper: can you post an example like for that nsswitch.conf then?
<12> _ranger_: so are there any cheap solutions? piranha ?
<10> try what ranger says first - I've had the same problem as you did with nscd
<7> idiosyncratic, I would try piranha over DNS
<13> _ranger_: no luck with that
<13> I think I'm on the right track with getting the ldap config to nss_base_group bind it
<7> but, if nss_base_group is wrong, 'getent group' would not show LDAP groups
<10> Bik2k, you are entirly correct, its libnss-ldap.conf i was thinking of
<13> _ranger_: that shows how much I know
<10> oh, it _shows_ ldap groups?
<13> Stonekeeper: I don't appear to have a libnss-ldap.conf
<7> Bic2k, right, please list what you have done (eg which files you have edited) to set up your ldap auth
<7> Bic2k, only Debian uses libnss_ldap.conf
<13> _ranger_: so far I've just used the included 'authconfig' tool that comes with centos (a redhat tool)
<7> Centos/RH/Fedora (and Mandriva and a few others) use /etc/ldap.conf for nss_ldap and pam_ldap
<13> _ranger_: do I need to restart anything if I edit ldap.conf then?
<7> Bic2k, only nscd if you use it
<7> (or, invalidate the cache, via 'nscd -i <nss database>')
<13> _ranger_: I manually added the nss_base_groups, even thou it appears to be getting the groups through getent
<13> _ranger_: so far I've only edited ldap.conf then
<7> Bic2k, ok, so 'getent group' lists groups from ldap, 'getent p***wd' lists users from ldap, 'id <ldap_user>' as root doesn't show the ldap groups ?
<7> that is quite weird, as all of those are nss-related things, all dependant on nss_ldap working and nss configured to use nss
<13> _ranger_: correct
<7> ok, try running 'strace -o id.log id <ldap_user>', paste the resultant id.log at pastebin.com or similar
<13> what ldap attribute does nss look at for group membership?
<13> my groups have multiple member attributes with: uid=someuser,ou=people,dc=domain
<13> but memberUid is blank
<13> and I gave the feeling thats what nss is gonna look at
<7> ah, then you need to enable rfc2307bis ...
<13> woo
<13> how do I do that?
<7> see pam_ldap(5)
<13> kk
<7> argh
<7> nss_ldap(5)
<13> of course I don't have the man page...
<7> then, I don't know if your nss_ldap is new enough for this to be a run-time option
<13> you would think that centos would have fairly new versions
<13> _ranger_: i believe that is probably the issue actually
<13> but I'm not sure how to configure it
Return to
#ldap
or
Go to some related
logs:
spca5xx fedora 6 lsmod
#physics
jpGraph backgroup
suse 10 xine-libs
equery files empty
#perl
#css
verb activety
tuto xampp suse
cnet pro200wl fedora
|
|