| |
| |
| |
|
Comments:
<0> Thanks Gagatan
<1> hi, I'm trying to use the openldap (2.3.27
<1> shell backend
<1> but the example is giving an error:
<1> str2result () expecting "RESULT"
<1> forgot to make the script chmod +x
<2> `
<2> whoops :)
<1> Is there a way to send a referral from back-shell?
<3> wie gehts
<4> hi
<4> is there a performance issue between unix sockets and ip connections?
<5> the network interface perhaps..
<3> that's an odd question.
<3> Are you *seeing* a performance issue?
<3> network interface - not likely. the IP stack is smart enough to recognize if the source and destination of a packet are the same machine, it never touches the network then.
<3> In general, unix domain sockets should be much more efficient than any other type of socket. certainly much less protocol overhead (i.e., practically none) vs TCP/IP.
<3> though there have been a few SVR4-derived kernels that did a really bad job of them.
<4> hyc, ok, thanks
<6> hi
<6> I need some help
<6> what do you think it's the best mailserver to work with a PDC based on LDAP?
<7> esci, maybe postfix? qmail-ldap? exim?
<7> and, by "mailserver", do you mean MTA, or pop3/imap ?
<6> I'both
<6> both
<6> I'm setting a serve rup
<6> up
<6> so I'm trying to figure out what would be easier to configure
<7> I'd consider postfix and either courier-imap or cyrus-imap
<7> easiest to configure may not be the same as "best" ...
<6> right
<6> I've been playing with postfix, but I can't find a good how-to to start
<7> I found one the other day that might help ...
<6> thanks
<7> http://alinux.washcoll.edu/docs/plc/postfix-courier-howto.html
<6> thanks, I'll take a look
<7> hyc, you around ?
<8> hm
<8> stupid automounter
<9> is there any way to determine if any connections/threads in slapd are hung?
<9> I guess browsing the cn=manager interface?
<10> hello
<10> Subschema search fails with Openldap.
<10> using openldap-server, Subschema search for attributeTypes fails with 'Can't connect' message.
<9> huh?
<9> subschema search? you mean subtree?
<9> as for can't connect, that means the server isn't running or crashed
<9> and you shouldn't be using a default "openldap-server" install
<9> ah, its backend monitor
<9> is there any tool for "clearly" understanding what's going on in cn=monitor?
<10> pfn, thanks.Let me give you more informattion.
<10> pfn, ldapsearch -ZZ -H ldap://ldap2.example.com -s base -b "cn=Subschema" attributeTypes
<10> This happens when trying the search from the server itself as well as from any client.
<9> can you do any search at all?
<10> Yes.
<9> how about ldapsearch -ZZ -H ... -x
<10> ldapsearch -ZZ -H ldap://ldap2.example.com -s base -b "cn=Subschema" ldapSyntaxes
<10> this works.
<9> and after your subschema search fails, is the server still running? or do you have to restart it?
<10> No.I do not have to restart server.
<9> so time to start logging then
<10> pfn, Is this a known issue ?What could be wrong ?>
<9> can't tell without you turning on logging
<9> as well, what version of openldap is this? stable is considered to be like 2.3.25 or something
<10> pfn, Thanks
<1> How can I trigger a referral from a shell backend?
<11> Hello. I am creating a franchise internet cafe LDAP construction. Every customer must be able to log in to every cafe. So one DN seams to be the choise. The system will be sold in the Gambia and other developing countries, with connections from 56k to > 10 MB, and too unreliable to trust on. (don't want a SPOF here). How is this best configured. I'm now thinking of a master server in a datacenter in Amsterdam (our company is in Holland, di
<11> stance won't be the bottleneck anyway...), and replicating servers at each cafe.
<11> But each cafe needs to have "at least" the info it creates itself. And sync it when a connection is available.
<11> I guess the least traffic would be caused if local cafe's only get and sync users that have logged in within <x> (90) days.
<11> And get's the info from the central LDAP otherwise. Is this possible with any LDAP db?
<5> thegve: do you want one or multiple masters?
<11> There will be a pilot first, so at first one master. Later for improved availability maybe more I think..
<5> openldap supports one master, multiple slaves. fedora, netscape, sun supports up to 4 masters and multiple slaves afaik. other implementations I don't remember
<5> openldap might be an idea to get a proof-of-concept lab to play with
<11> multiple masters? They sync between each other? How does this work when there is inconsistent information. Which master would have the "right" info, or is there a master master server?
<5> depends on the algorithm I guess.. my guess is last written object wins
<12> good evening ladies and gentlemen :-)
<11> good evening janemann, and welcome to the channel, have a nice chat (lol...)
<12> it's been years for me using irc. and i was just impressed by the topic...
<12> i was wondering whether anybody here has gotten p***wordless login working on solaris (using sun's ldap native client)...
<12> sun states: After you enable pam_ldap account management, all users must provide a p***word any time they log in to the system. A login p***word is required for authentication. Therefore, nonp***word-based logins using tools such as rsh, rlogin, or ssh will fail.
<13> why did all those blade workstations have smartcard readers if you still need a p***word? :D
<11> nexex: You should find a PAM module for the smartcard reader I think.
<11> nexex: There are a few
<12> wwoooo. your replies make me feel really good...
<12> but hmmm... we'd need a smartcard for every student...
<11> Ohw, if anyone knows a way to login using thin clients with a fingerprint scanner, I'd be glad to hear by the way...
<11> aren't students smart enough to remember p***words? Just make sure you include the pam module that insures strong p***words (how was it called again). Included by default in most PAM installs anyway...
<13> thegve: cracklib i think
<12> currently, they are using p***words to login (first). but hopping p***wordless via workstations is enabled via ssh.
<12> fiddling around hours with pam.conf, i was unable to make that work with (native) pam_ldap...
<12> now i found: http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
<12> and it states, that (?), when using pam_ldap from solaris this will never work (???)
<11> I hope I don't say anything stupid... This module provides single sign-on behavior. The user types a p***phrase when logging in and is allowed in if it decrypts the user's SSH private key. An ssh-agent is started and keys are added. For the entire session, the user types no more p***words.
<11> this is pam_ldap
<11> doh
<11> pam_ssh
<13> ive experimented with http://www.gentoo.org/proj/en/keychain/
<13> works on solaris with openldap for me
<11> Totally off topic. But the name of this project reminds me of another slight problem I'm having.. The amount of servers I'm controlling is growing bigger and bigger (4) and we manage about 70 cms's for customers. Lots and lots of p***words. Does any of you know a good tool to save them securely?
<11> We are now using the proven technique of using very simple p***words (for the cms's) that are the same on most of them.
<11> But i've been told that this isn't wise.
<5> save p***words securely? depends on the cms I guess.
<5> can it use kerberos or ldap for example?
<11> I mean, we are an ISP and we build these things for customers. We have access to a lot of them (without first having to ask the customer)
<11> I just need a tool to save "backdoors" for our own use.
<5> two-way cryptoalgorithm? blowfish, pgp etc
<5> or plain old offline, store p***words on paper and put them in a safe
Return to
#ldap
or
Go to some related
logs:
cups gentoo printing group
#php
ubuntu which repository localpurge
fedora cdrecord incomplete multibyte or wide character.
chkonfig debian
18004877646
#mysql
#openzaurus
defcon8 lisp
trayracer
|
|