| |
| |
| |
|
Page: 1 2
Comments:
<0> quitting time, thx fellas
<1> bleh, nighty night.
<2> yt
<3> can anyone reccomend a good guide to getting openldap up and running properly?
<3> oh
<3> never mind
<3> it works now :)
<3> and i can browse !
<3> hoooray!
<3> now
<3> to move everything relevant from this osx ldap server to mine
<4> hm, the openldap quickstart guide? ;)
<4> even though you don't need it now
<4> gotta run
<3> heh
<3> yeah thats not a bad guide
<3> read it a bit earlier
<3> i guess openldap didnt like my md5 p***wrod
<3> or it was a pebkac isse :D
<5> what does " bdb_equality_candidates index_param failed" mean, and how do I fix it?
<6> hi
<7> hello
<7> i am looking accessing ms sql with ldap
<7> any tutorial with it ?
<6> weird request...
<8> sry for the newbie question, i've been reading and reading all that about ldap+samba, AD, ,, i can't understand one thing, what has like something.com to do with AD? (dc=something,dc=com)
<9> hello, i'm trying to make a alias entry on a openldap server
<9> it gets created but i cannot use it (it does exist in the database !)
<10> How are you trying to use it? Only the Search operation follows aliases, and only if its derefAliases parameter says that it should.
<9> yes that's what i want, an existing part of the database should be made available under another name
<9> i'm adding the derefAliases now
<6> what structural objectCl*** do people usually use to store ppolicy default policy ?
<9> hbf: how is the alias entry contructed
<10> objectCl***: alias, and some cl*** which allows the attribute in the RDN. aliasedObject: the full DN of the other object. And the attribute in the RDN. E.g. an alias with DN o=foo,l=home would contain o: foo and maybe objectCl***: extensibleObject:
<10> oops, 'aliasedObjectName', not 'aliasedObject'
<10> nrpil: http://www.openldap.org/faq/data/cache/1111.html
<9> one moment, i'll try
<9> hbf: ok, i've made the entry and can retreive it with ldapsearch but i don't get the aliased entry
<10> Maybe your ldap.conf contains 'DEREF never'? Try 'ldapsearch -a always ...' instead of 'ldapsearch ...'.
<10> (Put -a always somewhere before the filter, otherwise it's taken as two attributes to ask for.)
<10> Um. If you have a very old OpenLDAP, that could be the problem. Alias support has been quite buggy.
<9> i'm using openldap 2.2.26
<10> good enough, I think
<9> ok, but it doesn't help if i add -a always
<9> then i get no results
<10> at least I take it the -a always made a difference:-(
<9> no sorry
<9> strange
<9> what should it return on an aliased DN ?
<10> At the very least, 'ldapsearch -x -a always -b "DN of alias" -s base' should return the aliased entry. (***uming 'ldapsearch -b "DN of aliased entry" -s base' also returns it, have you tried that?
<9> one moment
<9> i cannot even get the original entry returned
<10> Then it's not the alias which is your problem:-)
<6> does the ppolicy overlay support smbk5pwd ?
<9> hbf: no, i'm going to first fix my non-alias problem, but thanks for the help
<11> hello :)
<6> hi
<12> hello
<13> hey guys
<13> I'm looking to create a ou=Cluster object in my tree which will have an entry for each cluster we have here. I'm pretty sure the cluster object doesn't exist, so how would I go about designing one? what is this process referred to, etc
<13> apparently I'm gonna be the ldap guy here from now on
<1> if the existing stuff doesnt provide you what you need, then i suppose you'll be designing your own schema
<13> alright, so I'll be designing a schema for a cluster object.
<13> the numericOID... what's the rules for picking one? I'm presuming this is a fairly standard DOM-like structure that's documented somewhere
<1> you can get your own OID space, so it doesnt collide with someone else and cause trouble
<1> http://www.iana.org/cgi-bin/enterprise.pl like from IANA
<13> interesting.
<13> there's gotta be an existing cluster schema around here somewhere
<1> yeah you might find something usable after searching around a bit
<14> morgWork: what use are you going to make of this cluster-schema of yours?
<13> Gagatan: we have quite a few tools that perform actions against multiple boxes, but they're scattered and have hard-coded values for clusters. the tools are all written in perl.
<13> the main purpose of the cluster object is to organize groups of servers
<13> cn=cluster1 would have either a memberuid or a iphostnumber or something
<13> cn=cluster1 would have [a list of] either a memberuid or a iphostnumber or something
<14> make a generic groupOfNames or groupOfUniqueNames-object, and some host-objects then..
<13> ok, something that's been bothering me... what's the purpose of the "top" object cl***?
<13> Gagatan: good idea btw
<1> morgWork: its purpose it to be on top :)
<13> for example, all of our Users have the top cl***
<13> what benefit does it bring?
<1> rfc2256 says something about it
<15> how do i configure slapd to listen on a specific interface?
<1> -h ?
<15> hmm.. dont think thats it
<16> that's the only possibility...
<15> my apologies, that is it
<15> cheers
<17> hello
<17> in ldap.conf, I can add a rootbinddn, to access ldap as the root user. What is the difference for root typically used for?
<12> Zal: not sure i'm following you ...
<18> rootbinddn by default has root read/write access to everything on the server
<18> as opposed to have a user that you grant rights to with ACLs
<17> right ... well I ***ume that has to do with the ACLs on the server
<17> oh, sorry, I meant rootbinddn in ldap.conf
<17> in other words, there are two p***words in my LDAP *client* configuration: one for root, and one for normal users
<18> ah, if you wanted to give your ldap client host (if you're using it for ns services) root access to make changes
<17> ***uming that the root p***word gives read/write access, how is this used through ldap.conf? Adding users via useradd for example still puts them in /etc/p***wd
<17> yeah, I'm wondering which commands ldap.conf would be used for, to make account changes as root
<18> that's a pam coniguration issue
<17> hm, what does pam have to do with it?
<17> I mean, pam is already set up to authenticate users
<18> tho actually.. no
<18> there's no way (at least I'm aware of) to tell useradd to add users to ldap
<17> ok, no big deal ... but it leaves me wondering what the rootbinddn in ldap.conf is used for
<18> you have to use a ldap util or write your own
<17> that is, I understand *how* it is used, and have it working ... but I don't understand what I would use it for, above and beyond what the user's binddn provides
<17> (or above and beyond an anonymous bind, as is probably typical for many user-login configurations)
<18> ah
<19> i tried to setup replication on Tivoli Directory Server... I created a bunch of objects (for example cn=ReplicaBindCredentials)... my replication is not working and I would like to delete my objects but it won;t allow me too now
<19> even though i use cn=root
<19> wtf is going on with the ldap server
<18> rootbindn is just the DN it will use if your uid is root
<18> which is probably some compatibility thing with sasl
<17> CybreWulf hm, so it would be used for root *logins* usually, then? That would explain why I didn't get it, since I don't use LDAP to authenticate root's login, I only use it for some users.
<18> nah
<18> if you're not using sasl, just leave it commented
<18> you don't need to worry about it
<17> I'm not sure if I'm using SASL, so I suppose I'm not :-) Would I be using SASL if I'm not using Kerberos?
<19> oh yeah, i get a 52 error (unavailable) when i try to delete the objects releated to replication
<18> Zal: eh, sasl is pretty worthless, so I'd hope not (if you're p***ing ldap commands -x, you're sasl free)
<17> ah I see. Yes, I'm using a simple bind
<17> thanks CybreWulf, appreciate the help
<18> np
<17> and thanks leOn for reading my query :-)
<18> lasala: are you sure you have the credentials right? or does Tivolo do the same crap SunOne does where it doesn't let you touch config objects from not-the-gui?
<18> *tivoli
<19> CybreWulf, yes im sure i have the credentials right... i did the command line approach and got the error then logged on to the GUI and try to delete it from there
<18> still tells you 52?
<19> i think it does not allow me to touch config objects
<19> yep
<19> i can delete other objects fine under a different suffix
<19> but the suffix i setup the replication for is all screwed up now
<18> hmm.. are you using a binddn that has write access to the config?
<19> thanks to a worthless developerworks article
<19> im using cn=root which has full permissions to do EVERYTHING
<18> are you sure you have the repl user dn right? (just trying to get the stupid stuff out of the way ;) )
<19> yes im sure
<18> hmm
<18> there's no replication setup tab in the GUI where you add/delete replication accounts is there? (never used tivoli)
<19> yes there is but when i click on it i get Error: the requested task cannot be initialized
<19> screw this... im going to uninstall/reinstall everything
<19> never going to setup replication via command line again
<18> hmm.. well I'd start with trying a dbrecover
<18> but *shrug*
<19> is it always such a h***le to setup replication ?
<12> lasala: my vi does wonders
<12> =)
<18> in openldap? no.. if Tivoli is like SunOne, you're really not supposed to do things from the cli
<12> isn't tivoli that ibm software for managing remote installations and such ?
<16> as I recall, Tivoli Directory Server is based on OpenLDAP 2.1
<16> pretty old stuff
Return to
#ldap
or
Go to some related
logs:
debian arnes testing sources.list
#css
#math
onion-layering
DB2 group_concat equivalent
+ubuntu +make path
#linux
yast klibido
xscreensaver lock gentoo overlay
#perl
|
|