| |
| |
| |
|
Page: 1 2
Comments:
<0> anybody know a doc or rfc about using i18n in attributes? Like in this example in the ldapsearch manpage:
<0> sn;lang-en: Smith
<0> sn;lang-de: Schmidt
<0> oh, rfc3866
<1> help help help
<1> i want to remove all the entries from LDAP server
<1> what i will have to do???
<1> i want to remove my groups and users from LDAP server
<2> all entries, or only groups and users ?
<1> _ranger_ just a min
<1> http://pastebin.ca/88751
<1> _ranger_ the last entry with name JAY is new entry with new SID
<1> so i want to remove all those entries
<1> from ldap
<2> well, just use ldapdelete on every DN, or use a GUI tool, and click DEL
<2> or, replace the DIS's manually with ldapmodify or a GUI
<1> _ranger_ can i do this by removing .bdb files??
<1> from /var/lib/openldap
<1> _ranger_ can you give me command to remove entries with example
<2> nilesh, only if you are happy to lose all entries in ldap, top-level, etc
<2> you will have to start from scrath with an empty directory
<1> _ranger_ smbldap-populate will create all those entries again
<1> so i dont mind to lose it again
<1> i will enter all those default entries using smbldap-populate
<2> ok, stop slapd, rm all files (except DB_CONFIG) in your database dir, start slapd again
<1> tell me which files i will have to remove
<1> _ranger_ i tried this before
<1> but i had crashed my ldap
<1> let me try this again..
<1> _ranger_....
<1> there is no db_config file
<2> then you can remove all files, which should be log*, __db*, *.bdb, alock
<1> _ranger_ can you give me command for deleting entries
<1> let me try command first
<1> http://pastebin.ca/88765
<2> rm -f *.bdb __db* log*
<1> _ranger_ no..
<2> *after* stopping slapd
<2> ?
<1> i need command for ldapdelete
<1> syntax for ldapdelete
<2> man ldapdelete
<3> hello
<3> can anyone help me with openssh lpk patch and ldap
<1> _ranger_
<3> i have load the openssh-lpk.schema
<3> and restart slapd
<1> slapd not able to stop
<3> but i cant add an sshpublic key
<3> additional info: attribute 'sshPublicKey' not allowed
<1> Stopping slapd: [FAILED]
<2> tioan, you have to add objectcl*** ldapPublicKey as well
<2> well, add both objectcl*** ldapPublicKey and attribute sshPublicKey together
<3> _ranger_: i have load this schema http://simonraven.nuit.ca/src/ldap/openssh-lpk.schema into /etc/openldap/schema
<1> [root@jay ldap]# service ldap status
<1> slapd is stopped
<1> slurpd (pid 10010 9975 9940 9899 9864 9829 9702 9667 9632 9597 9549) is running...
<2> tioan, I know the schema, we use it here
<3> and add include /etc/openldap/schema/openssh-lpk.schema to slapd.cof
<3> and add include /etc/openldap/schema/openssh-lpk.schema to slapd.conf
<2> tioan, READ MY ANSWER
<3> and do and initd.d/slapd restart
<2> properly
<2> <2> well, add both objectcl*** ldapPublicKey and attribute sshPublicKey together to the accounts that you want to have keys in LDAP
<2> (edited)
<3> and now i want add with ldapvi smething like this
<3> sshPublicKey: ssh-dss AAAAB3NzaC1kc
<2> ADD ALSO:
<2> objectcl***: ldapPublicKey
<2> otherwise, you are not allowed to add the sshPublicKey attribute to the entry, due to schema compliance
<3> thx
<3> now it works
<2> of course it does, read carefully next time
<3> thx
<1> _ranger_my ldap is crashed
<1> :(
<2> nilesh, pkill slurpd
<3> can openssh lpk bind as anonymous
<2> yes, as long as ananymous gives read access to sshPublicKey
<3> or must i add an LpkBindDN to the sshd_config
<3> _ranger_: yes anoynmus can read
<1> http://pastebin.ca/88769
<1> _ranger_
<1> CHECK IT OUT
<1> help me to start my ldap again
<3> bad, if i enable lpk at sshd_config sshd crash
<3> under gentoo
<2> nilesh, crap RH pacakges
<2> tioan, file bug at gentoo, works find on Mandriva and RedHat
<1> _ranger_????
<1> crap RH packages??
<1> means..
<1> re install
<2> nilesh, I'm not going to spend more time supporting RHs crappy 2.2.x packages
<1> :(
<2> I built 2.3 packages for RedHat because of all the issues
<2> I made them available for you
<2> if you don't want to use them, I'm not going to waste my time any further
<2> dump 2.2
<2> dump slurpd
<1> _ranger_
<1> ldap working now
<1> but one more problem
<1> http://pastebin.ca/88783
<1> related net groupmap list
<3> _ranger_: i want ad an "simple" user user who i can set an p***word
<3> for daemons like openssh pam and so one
<3> which objectcl*** i can use for this?
<2> device or organizationalRole, and simpleSecurityDevice
<2> nilesh, seems you haven't rerun smbldap-populate
<3> _ranger_: not Object cl***: account ?
<2> tioan, no, it has too many required attributes
<3> _ranger_: and which is then better organziazion role or simplesecuritydevice?
<2> they are almost identical besides the name
<2> ah, wait
<2> organizationalRole and device are the same
<3> okay
<2> both structural requiring only cn
<3> i think simplesecurity device is okay, because it only nedd userp***word
<2> simpleSecurityDevice is auxiliary, and gives/requires only userP***word
<3> MUST CONTAIN {
<3> # userP***word }
<2> well, you need a structural, and one that lets you use userP***word
<3> auxiliary ?
<2> structural OCs specify what the account is, eg person, place etc
<2> auxiliary OCs specificy additional characteristics of the entry
<2> you can have a person who has a posixAccount, but you can't have a person who is a device
<2> but, there are rules on inheritance on structural OCs
<2> whereas there aren't on aux
<3> _ranger_: _ranger_ http://phpfi.com/131528 which is better?
<2> tioan, neither will work
<3> why?
<3> the first one should work
<3> and i think organziation role is better
<2> you must have organizationalRole and simpleSecutyObject, or device and simpleSecurityObject
<2> organizationalRole won't let you use userP***word without another objectcl***
<2> tioan, do you have a schema aware GUI tool, eg luma ?
<3> this or http://phpfi.com/131529
<3> _ranger_: at this time no
<3> i plan to use lam or phpldapadmin
<2> tioan, that one you pasted last will work
<3> okay thx
<3> _ranger_: did you knew how i can use and drpted pw like {MD5}yJ4AHFY+hL2tqAfJ8GHCuA== instead clear text p***word in /etc/ldap.conf ?
<2> tioan, you can't
<2> uh, with simple bind
<2> not sure if you can use any sasl but gssapi in /etc/ldap.conf
<3> gssapi?
<4> http://pastebin.ca/88866
<4> please help me
<5> jay: you ldap is missing something
Return to
#ldap
or
Go to some related
logs:
#perl
#math
#ubuntu
#debian
Enabling mod_rewrite for Apache2 gentoo
Invalid field count in CSV input on line 1
packages.debian.com nvidia
#ai
#css
redblade for linux
|
|