| |
| |
| |
|
Page: 1 2 3
Comments:
<0> thanks
<0> that makes sense
<0> now... are there "good" practices for tree structure?
<0> like most examples i see use dc=mydomain, dc=com as a root
<0> any reasone for that?
<0> can i root my tree in o=mycompany, c=us?
<1> you could, that is somewhat old style
<0> i'm planning on hosting multiple domains under that tree
<1> dc stands for domain component
<1> so use dc=com
<1> as the root
<1> if you want. ;)
<1> ***uming they are all .com entries
<0> yeah :) dc i knew
<0> they aren't
<1> the idea is you can lay out your tree like dns
<1> or of course, you could use the empty suffix for your root ("")
<1> or you could have multiple trees
<0> multiple trees... like specifying different base in ldapsearch?
<0> wonder how postfix would handle that...
<1> right, different bases with ldapsearch
<1> it isn't any different than having subtrees, really
<0> gotta explore that possibility...
<0> that linuxjournal article is the most complete document to setup virtual domains under postfix
<2> Evening folks
<3> hi
<3> is there a way to disable a login (inetorgPerson/posixAccount), rather than removing it completely?
<4> a login for what?
<4> what app?
<3> just general authentication for binding
<3> but I got it, just put {DISABLED} in front of each p***word entry
<5> im having trouble to use aci... i builded the version 2.3 with --enable-aci but when i tru to add a entrie, .. i got a message saying the value of the attribute OpenldapACI is wrong (but the ldif is ok, is part of Openxchange).
<5> any tip?
<5> i found a forum that say ... that version of slapd seems not accepting a list of values (comma separeteds), in that attribute
<5> im new using openldap.... so anyone haved that problem?
<6> Hello all, I'm following this guide here http://www.gentoo.org/doc/en/ldap-howto.xml -- and it says Invalid Credentials whenever i attempt to run ldapsearch -D .. any ideas?
<7> make sure you're supplying the proper p***word
<7> unless you've locked things down, you should be able to search anonymously without binding
<6> koninkje, i can serach anonymously, this was a test of root ability, which is apparenlty failing, i have supplied the right p***word
<6> and i've generated a hash many times
<7> ah. you could try a different method of authentication (simple, on the commandline, in a file,...) and see if that works. All the error means is that the p***word doesn't match that for the given user
<8> hi
<8> anyone know about value of naming attribute 'uid' is not present in entry ? (naming violation 64) ... uid is present in the entry.
<9> hi. I have a strange one for you: I've set up some SSL certs for my ldap server, and if i test on the host using ldapsearch -x -ZZ it works. If i do the same from my laptop, using the -h option it fails with : additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. Any ideas? thanks.
<10> read the ldap.conf man page. look at TLS_REQCERT
<10> &
<11> hi all - i'm trying to sync two machines' ldap databases before we switch everything over to a new network, but i can't seem to see my new users show up on the new system
<11> if i rsync the whole /storage/ldap directory, i see my new users show up in the log.**** files, but my ldap browser doesn't see them
<11> i guess the rsync isn't grabbing the right files
<12> Hi, how can i keep nss_ldap from slowing down local user logins if the ldap server is down?
<12> I have "files ldap" in /etc/nsswitch.conf so files is checked first. why does he check ldap for root, too?
<11> is it possible to see which slapd config and/or ldap store my current ldap process is using? i'm adding users, but can't find them via my ldap browser or ldapsearch
<13> hi
<13> I have a system using ldap for user and session management. Only certain users are to be allowed to log in; I'm using the pam_groupdn option of ldap.conf to achieve this. it works nicely for local logins, but sshd seems to completely ignore the ldap options. where am I screwing this up?
<12> Hi, how can i keep nss_ldap from slowing down local user logins if the ldap server is down?
<12> I have "files ldap" in /etc/nsswitch.conf so files is checked first. why does he check ldap for root, too?
<12> I was under the impression [success return] is the default action inserted after the files directive
<12> which would imply the successful lookup of root should stop the chain
<14> Have you checked _what_ it looks up in LDAP? (slapd loglevel 256 logs the requests and responses.) If it gets the root _user_ from files, maybe it is looking up root's _group_, or its p***word if that's not in /etc/shadow, or something.
<14> (needs the server to be running, though.)
<14> Celestar: I think you must set UsePAM to "yes" in sshd_config and restart sshd.
<15> im trying to create an organisational chart from the data in an LDAP directory, maybe with graphviz or something
<15> have anyone done something similar before or know about any existing solutions?
<12> hbf, thanks, will check that.
<16> how would i query to get all the groups that a user or a group owns? the objectcl*** our groups is rfc822mailgroup
<14> ldapsearch -x -b "base DN to search for" "(&(objectCl***=rfc822MailGroup)(owner=USER'S DN))"
<16> hbf, do i need owner=uid or just owner=
<14> oops, s/search for/search from/. And maybe you'll need -h <ldap host> if that's not in your ldap.conf.
<17> anyone around?
<17> hbf, hey i am having a problem... when i add a user to ldap, it doesn't get a machine account...
<14> johnm1019: YOu need owner=<the full DN of the user>. E.g. owner=uid=hbf,cn=people,dc=uio,dc=no if I were the owner
<17> hbf, i have checked my nsswitch.conf and it looks to be ok.
<16> hbf, ohh thats why its like that
<16> hbf, thanks
<17> hbf, any ideas?
<14> RiXtEr: You mean the home directory isn't created? OR something else?
<14> (THat's nothing to do with LDAP:-)
<17> hbf, I know samba questions are prohibited, but smbldap-useradd should create a entry in /etc/p***wd and ldap... it gets the ldap one, but not /etc/p***wd
<14> I don't know samba.
<17> ok thanks anyway
<14> why does it need to create the /etc/p***wd entry anyway, if you have your users in ldap?
<17> hbf, i dunno...
<17> maybe a question for the samba-technical channel :)
<14> Perhaps it doesn't, but your doc is in the usual "will update the doc Real Soon Now" state:-)
<13> hbf: I have ...
<14> oh well. Have you also tried slapd loglevel 256 to see if sshd does anything at all against the server (and presumably fails)?
<13> not yet, but I will in a couple of minutes. currently having another problem
<13> can I get back to you in a few minutes? :)
<14> sure
<9> anyone know much about openldap/ssl?
<14> Well, I've set it up and use it.
<13> can I somehow dump all available object cl***es?
<14> ldapsearch -LLL -h ldap.example.com -x -b "cn=Subschema" -s base "(objectCl***=Subschema)" objectCl***es
<13> thank you ?
<13> :)
<14> That only lists cl***es from schema files which you have included in slapd.conf, of course
<13> yeah
<13> I just found that setting up LDAP + samba PDC + krb5 is a bit of a pita
<9> hbf: i simply cannot get round this "additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" problem. I've googled all afternoon and can't find a definitive answer.
<18> ok
<18> hbf, what does this tell me?
<18> i do "id root" on client
<18> server gets: http://paste.lisp.org/display/23291
<9> ah, I think I've cracked it
<18> so he is searching for the groups in ldap
<18> but he knows all groups root is in from the local p***wd!
<18> and when the system is booting, udev gets a 3 minute ldap timeout too
<18> so it will be looking up the groups too
<18> how can i keep them doing this?
<14> Yuck. Seems to be doing the equivalent of 'ypcat group', just for the hell of it:-(
<13> ok I was wrong
<13> its a huge*** pita
<14> hbf: Sorry, I don't know how to stop it.
<14> TRauMa: um, that was to you, not to me:-)
<19> thought so :)
<19> I'd need a way to tell nss that local users don't have any ldap groups
<19> especially not udev
<19> who desn't have network when starting (grrrr)
<14> Celestar: About sshd -- do you have "ssl yes" and "slpath /usr/local/ssl/certs" or something in /etc/ldap.conf? (If you have RedHat or whatever uses /etc/ldap.conf for pam/nss)
<14> Celestar: s/slpath/sslpath/
<13> hbf: will verify
<13> currently I seem to have fcked up the configuration :P
<19> args
<19> http://paste.lisp.org/display/23291#1
<19> on remote login
<19> why does he do that to me
<19> what have i done?
<13> but setting this up is not as easy as I thought :P
<19> how do i deserve this?? ;-(
<13> because with a posixaccount objectcl*** for people I cannot authenticate samba crap
<14> TRauMa: Well, checking which groups a user is member of _is_ the normal thing when you log in. At least it's better than trying ypcat group...
<19> hbf, but why looking for root user in ldap?
<14> Oh! I didn't notice that one. Don't know.
<14> Not if you have 'files ldap' at least, rather than 'ldap files'.
<13> hm
<13> ok I just started from scratch
<19> hbf, i have. strange.
<19> i'll throw things out of my pam stack, perhaps a module there does strange things
<19> OK, if anyone else has my problem and finds some chatlog via google ;), here is some help
<19> http://robbat2.livejournal.com/199841.html
<19> I'm using bind soft now. Ugly, but effective
<19> uhm, "bind_policy soft" in /etc/ldap.conf, to be exact
<20> hey all
<20> i get "onnection_read(12): no connection!" after each batch of transactions ( let's say after a search or an ldapadd )
<20> harmless?
<13> damnit
<13> I'm trying to add a box to the samba domain. samba logs report nothing but success, yet it fails :S
<15> Celestar: what kind of box?
<13> XP box
<13> re-checking my samba conf
Return to
#ldap
or
Go to some related
logs:
#xine
#python
unsupported file type +serpentine +mp3
forgot ubunto username
Xorg dual monitor intel i810 cannot read V_BIOS
#gimp
#web
how to mount floopy on ubuntu
#perl
#oe
|
|