| |
| |
| |
|
Page: 1 2
Comments:
<0> Hi
<0> I'd like to know what's the most used in some circumstances. Let me explain
<0> I've designed several hundreds of users in an ldap tree, using trees with ou and every entry having the cn as dn
<0> This works ok, but it can happen that a software trying to integrate accounts and addressbook, rewrites the entries with the uid as dn
<0> The functionaly works, too, but apart that I find it intrussive, that leads to a mess
<0> When there are a lot of people (or not), taking a look at the tree by ldap clients, I think that the cn as dn is what gets the best results for info
<0> So, can it be said that rewriting the entries is an incorrect operation, regardless what is the most used for entries in addressbook?
<1> well, the DN should never be changed
<1> just to modify an attribute
<0> _ranger_: sorry, I was away
<0> What's the preference for admins for account entries? cn or uid? And for addressbook entries?
<0> I've been told as argument that "uid is mostly used for addressbook, that's why the entry is rewritten"
<0> I've come here just to illustrate myself for arguments about this
<2> I found myself being good with uid=
<2> all things being equal, uids dont contain spaces (unlike cns) so you dont have to quote every damn single RDN
<0> docelic: well, the purpose is to use one single entry as account and addressbook
<2> sure, whether you call it uid= or cn= doesn't matter
<0> Of course, taking a visual look at the tree should give an idea of who the record belongs to, and the uid can't do that, unlike cn
<0> That's the reason why I chose to use cn instead of uid
<2> uid is not numerical
<0> There are several hundred people
<0> I know, but uid is not intuitive in many cases
<0> If I'd take a look at the uid, I'd have no idea who the person is
<0> However, that doesn't happen with the cn
<0> Also, the uid somehow depends on the ou, so I can guess the uids at every leaf, but that's not what I need
<0> Hi, gn
<0> I mean, "thanks, gn" :)
<3> can I define several groups in nss_base_group?
<3> I'd like to authenticate users in two groups
<4> Hi
<4> I've posted this in a forum about LDAP support:
<4> http://www.sugarforge.org/forum/forum.php?thread_id=1284&forum_id=198
<4> Is there anything that is wrong or I could add?
<5> I wants to remove ldap database from slave ldap server
<5> can any one help??
<4> Jay, do you want to wipe it all?
<5> yes
<4> It's usually under /var/lib/ldap
<5> can i delete all that files?
<5> but after delete of files ldap will not start
<4> You _can_ if you're root, and if you're sure of what you want
<4> First, stop ldap, backup the directory (with tar), delete the files, and start ldap
<4> ldap should recreate the basic structure
<5> acctually my problem is i have master ldap server and master samba server
<4> Don't delete /var/lib/ldap
<5> but on saturday I was fromat the master server
<5> and now today my master server is up with new database
<5> but when i check it on slave server its shows old database
<5> so now i m going to delete all filed in /var/lib/ldap folder
<4> Did you setup a replica?
<5> ya
<4> Then it looks like the replica is not working
<5> how can i replicate data from master to slave ? with new database
<5> why its saws old data
<4> You can export to ldif and import from the slave with slap* commands
<4> Also, restart the slave, and it should try connect the master for replicating
<4> If you start manually with "slapd -d 5" for instance, you'll debug what happens
<5> on slave
<4> Yes
<5> now I wants to import data from master to slave
<5> how can I?
<5> i m new in ldap
<4> AFAIK, the replica is not still two ways
<5> omgs_work, http://pastebin.ca/90132
<4> You have to stop the service first, and start the daemon manually
<4> You can get the same by editing files, but it's better not to touch too much files
<5> omgs_work, ok
<5> omgs_work, I had remove the all files from /var/lib/ldap
<5> and now I am going to start ldap server
<5> ldap server is start
<4> Leave it alone, and look for if it tries to connect and replicate
<5> ok
<5> but how can I check?
<4> But you should see it inmediately at startup
<4> You can check by several ways: easiest is check if /var/lib/ldap grew
<5> should I need to smbpopulate on bdc
<5> i means to slave
<4> What does that mean to you? I don't know what's your samba and/or master/slave
<5> should I need to add .ldif file on slave
<4> That shouldn't be necessary, as long as the replica works
<4> I feel like I need more info I don't know
<5> there is some files start with __db* in /var/lib/ldap folder
<4> You don't have to worry about that
<5> so my slave ldap server is running? but i have some doughts
<4> Can you draw the whole picture?
<5> ok fine I will explain hole picture
<5> I wants to setup samba domain with ldap backend
<5> I have a setup of Master LDAP and Master Samba
<5> now I wants to configure replical
<5> both master LDAP and master samba are on same pc
<4> What do you call "Master samba" (from LDAP point of view)?
<1> Jay, "samba" has no master
<1> Jay, the samba PDC is whichever samba DC has the slave locally ...
<1> argh
<1> ldap master locally
<5> should I paste my slapd.conf and smb.conf?
<5> of master server
<4> Jay, "no samba questions" in the topic
<4> Keep on ldap here
<5> OK sorry
<5> omgs_work, http://pastebin.ca/90142
<4> You just have to make sure your ldap master server is running, and then, setup the replica and make sure it works, debugging in case of failure
<5> this is my slapd.conf of master
<4> Since I guess your master is working, then see what happens in the slave when it tries to replicate
<4> It's the slave the one that queries the master for changes
<4> If you started manually, then you have to stop with Ctrl-C
<4> If -d 5 is too verbose for you, try decreasing it
<5> http://pastebin.ca/90146
<5> this is slapd.conf of slave
<4> Was it working before?
<4> I mean, was it replicating before?
<5> yes
<4> Did you read http://www.openldap.org/doc/admin23/syncrepl.html ?
<5> no I follow the documents from samba.org
<4> Or http://www.openldap.org/doc/admin22/syncrepl.html for 2.2
<1> sync-repl isn't the best idea with 2.2
<1> best situation is 2.3.x with sync-repl
<4> I got it with 2.2 but slave in read-only mode (didn't test further, as long as I just wanted a backup)
<5> I have a questions
<5> Is LDAP server is working as a FailOver Server
<5> if master goes down then slave should provide all information which master provide
<4> AFAIK, that's a DNS issue (I might be wrong)
<4> How can a software do anything if it goes down?
<5> ok I will study that documents and let you know
<5> thanks for help
<4> Jay, as a hint (taking the samba issue) the recommendation is that every host queries its own ldap
<4> That way, you'll have a kind of failover method
<5> ok
<1> Jay, actually, the ldap library will failover if it can't contact an LDAP server
<1> also, you will have to make sure your referrals are right, samba should chase referrals to the master if a write fails
<6> Hi all
<6> anyone got any multi user add scripts for ldap ?
<6> anyone ?
<7> luma has a m*** user creation plugin
<8> hi all. i'm struggling to integrate spam******in over ldap. basically, i'm not sure what the value/attribute needs to be.
<8> does anyone know any good guides/tutorials i could look into?
<7> SA has a howto about ldap iirc
<8> grmbl, ah right, ok thanks
<7> http://wiki.apache.org/spam******in/BetterDocumentation/LdapReadme?highlight=%28ldap%29
<7> i think i ended up doing everything in exim. extending the inetorgperson isnt a useful advice btw
<7> brb
<9> hi,
<9> i have a problem with secondary groups not working correctly across my system, it authenticates via ldap,and the command group shows the correct groups however, some commands like 'cd' done work
<9> any ideas?
<7> no, sorry. what so you mean with cd? this is a sh built-in command afaik
<9> yes, but if i try to 'cd' to a directory which I have access to via a seconday group i can not
<9> permissions 2774 are the permissions
<9> if i watch the slapd log it looks like there is no check when i do a 'cd' so i dont know where it reads the permissions from
<7> a login shell only reads the groups at startup. you cant add a group in a running sh (iirc)
<9> the group was there at login, and if i issue the command groups then it shows up
<9> [mpo@devel ~]$ groups
Return to
#ldap
or
Go to some related
logs:
dbi search_where greater than
xmms-status-plugin suse
ubuntu bittorrent-curses
#web
#centos
dri geode debian
#physics
#linux
#php
requant DEMO
|
|