Re: Problems with LDAP authorization against OpenLDAP server

to the right place. -Original Message- From: Martijn van Duren To: Željko Puškarić , misc@openbsd.org Subject: Re: Problems with LDAP authorization against OpenLDAP server Date: Fri, 14 Oct 2022 14:36:18 +0200 On Fri, 2022-10-14 at 14:14 +0200, Željko Puškarić wrote: > Hi Stu

Re: Problems with LDAP authorization against OpenLDAP server

On Fri, Oct 14, 2022 at 12:48:05PM +0200, Željko Puškarić wrote: > Hi everyone, > > I am a seasoned Linux admin and my first forray into the world of > OpenBSD confronted me with a problem. > What I am trying to achieve is enabling authorization to OpenBSD > machine against

Re: Problems with LDAP authorization against OpenLDAP server

m LDAP and is used to log in to Linux boxes > too I just set it as is set on Linux (installed bash on OpenBSD prior > to setting LDAP authentication). > Why is bash a bad idea on OpenBSD? > > > -Original Message- > From: Stuart Henderson > To: misc@openbsd.org > Subj

Re: Problems with LDAP authorization against OpenLDAP server

> Why is bash a bad idea on OpenBSD? Not bash in itself, but having it in /bin. If you installed it from packages/ports it would end up under /usr/local/bin instead, so the users shell would point to the wrong place. -- May the most significant bit of your life be positive.

Re: Problems with LDAP authorization against OpenLDAP server

o log in to Linux boxes too I just set it as is set on Linux (installed bash on OpenBSD prior to setting LDAP authentication). Why is bash a bad idea on OpenBSD? -Original Message- From: Stuart Henderson To: misc@openbsd.org Subject: Re: Problems with LDAP authorization against OpenLDAP s

Re: Problems with LDAP authorization against OpenLDAP server

On 2022-10-14, Željko Puškarić wrote: > I am a seasoned Linux admin and my first forray into the world of > OpenBSD confronted me with a problem. > What I am trying to achieve is enabling authorization to OpenBSD > machine against existing OpenLDAP server (hosted on Linux). > I o

Problems with LDAP authorization against OpenLDAP server

Hi everyone, I am a seasoned Linux admin and my first forray into the world of OpenBSD confronted me with a problem. What I am trying to achieve is enabling authorization to OpenBSD machine against existing OpenLDAP server (hosted on Linux). I order to achieve that I followed these instructions

Re: 6.8 openldap and SSL/TLS problem after upgrade

On 23/12/2020 03:53, Stuart Henderson wrote: On 2020-12-22, Kapetanakis Giannis wrote: Hi, After upgrading to 6.8-release I can no longer connect to my ldap server with openldap and SSL/TLS. I'm using a self signed root CA to sign LDAP server's certificate. /etc/openldap/lda

Re: 6.8 openldap and SSL/TLS problem after upgrade

On 2020-12-22, Kapetanakis Giannis wrote: > Hi, > > After upgrading to 6.8-release I can no longer connect to my ldap server with > openldap and SSL/TLS. > I'm using a self signed root CA to sign LDAP server's certificate. > > /etc/openldap/ldap.conf has: > T

Re: 6.8 openldap and SSL/TLS problem after upgrade

I'm replying in misc@ since it affects other people as well. For freeradius (freeradius-2.2.10p1) and ldap communication I had to also set require_cert = "allow" It didn't respect the setting of /etc/openldap/ldap.conf Maybe it's now linked against local ldap librar

6.8 openldap and SSL/TLS problem after upgrade

Hi, After upgrading to 6.8-release I can no longer connect to my ldap server with openldap and SSL/TLS. I'm using a self signed root CA to sign LDAP server's certificate. /etc/openldap/ldap.conf has: TLS_CACERTDIR /etc/openldap/cacerts TLS_REQCERT demand # /usr/local/bin/ldapsea

Re: OpenLDAP under 6.8 - no intermediate certs in chain

On 11/16/2020 6:52 AM, Stuart Henderson wrote: ...actually I have now added a workaround to the databases/openldap port in 6.8-stable to disable TLS 1.3, so either rebuild or wait for -stable packages and it should fix things. Cool, I was actually already building from source in order to

Re: OpenLDAP under 6.8 - no intermediate certs in chain

On 11/16/2020 2:30 AM, Stuart Henderson wrote: Yes OpenLDAP is broken with TLS 1.3 server-side unless you have that commit (or build LibreSSL with TLS 1.3 server support disabled). As far as I can tell there's no method to disable TLS 1.3 via config. Hmm, yah, you can disable old ver

Re: OpenLDAP under 6.8 - no intermediate certs in chain

On 11/15/2020 10:18 PM, Brad Smith wrote: I remember seeing this commit recently. Not sure if this is your problem or not. https://marc.info/?l=openbsd-cvs&m=160511882917510&w=2 That definitely looks like it, thanks for the pointer.

Re: OpenLDAP under 6.8 - no intermediate certs in chain

On 2020-11-16, Stuart Henderson wrote: > Yes OpenLDAP is broken with TLS 1.3 server-side unless you have that > commit (or build LibreSSL with TLS 1.3 server support disabled). As far > as I can tell there's no method to disable TLS 1.3 via config. ...actually I have now added a

Re: OpenLDAP under 6.8 - no intermediate certs in chain

On 2020-11-16, Brad Smith wrote: > On 11/16/2020 12:08 AM, Paul B. Henson wrote: >> I just updated one of my servers running 6.7 to 6.8, and am having a >> problem with openldap. I have the intermediate cert and root CA in a >> file referenced by the openldap config: >&

Re: OpenLDAP under 6.8 - no intermediate certs in chain

On 11/16/2020 12:08 AM, Paul B. Henson wrote: I just updated one of my servers running 6.7 to 6.8, and am having a problem with openldap. I have the intermediate cert and root CA in a file referenced by the openldap config: TLSCACertificateFile/etc/openldap/cabundle.crt Under 6.7 with the

OpenLDAP under 6.8 - no intermediate certs in chain

I just updated one of my servers running 6.7 to 6.8, and am having a problem with openldap. I have the intermediate cert and root CA in a file referenced by the openldap config: TLSCACertificateFile/etc/openldap/cabundle.crt Under 6.7 with the openldap port from that version, this results in

Re: cyrus-sasl/openldap question

orking in a "clean" setup. So to all the people out there who are > running service like sendmail, courier with openldap and sasl could you > point to the proper package to use or do in need to really install one > package then replace it with another so that just the proper libs

Re: cyrus-sasl/openldap question

Have you looked at OpenBSD's ldapd(8) instead of openldap? It supports SASL PLAIN auth, according to the 6.3 man page. I don't currently use SASL but otherwise have found the config of ldapd to be much simpler than slapd. Yes, last time I had set up OpenLDAP with SASL it was f

cyrus-sasl/openldap question

re who are running service like sendmail, courier with openldap and sasl could you point to the proper package to use or do in need to really install one package then replace it with another so that just the proper libs are present somewere on the system (this seems kind bad)? And docs on cyrus-

Re: OpenBSDI 6.1 some Warnings when using OpenLDAP Tools

On Wed, Aug 09, 2017 at 09:06:19AM +0200, Markus Rosjat wrote: > this is more an info then a problem though since it seems to work. > When I use the slap tool like slapcat I get a size mismatch warning like > this Heh, we were just talking about that: https://marc.info/?l=openbsd-misc&m=1501994

OpenBSDI 6.1 some Warnings when using OpenLDAP Tools

Hi there, this is more an info then a problem though since it seems to work. When I use the slap tool like slapcat I get a size mismatch warning like this slapcat:/usr/local/lib/libicuuc.so.12.0: /usr/local/lib/libicudata.so.12.0 : WARNING: symbol(icudt58_dat) size mismatch, relink your prog

Re: openldap port mdb support

m, I could've sworn I got that message and then slapd failed to start. > Dunno, maybe I got confused. Once I'm done working with openldap mdb I'll > start over from scratch and try again and see what happens. > > Thanks for the info... There have been other problems which o

Re: openldap port mdb support

On Mon, Jul 10, 2017 at 07:34:11AM +, Stuart Henderson wrote: > Feel free to try it, I believe the required patch to force MDB_WRITEMAP > is still in there..but I don't think there were any major changes upstream > since the last attempt so I wouldn't hold out too much hope for it working > st

Re: OpenSMTP and OpenLDAP

Hey hendrik, This was a hint I was looking for thought! I will check that out :) Regards Markus Ursprüngliche Nachricht Von: Henrik Friedrichsen Datum: 25.07.17 19:15 (GMT+01:00) An: misc@openbsd.org Cc: ros...@ghweb.de Betreff: Re: OpenSMTP and OpenLDAP Hey, On

Re: OpenSMTP and OpenLDAP

Hey, On Tue, Jul 25, 2017 at 10:50:32AM +0200, Markus Rosjat wrote: > I was just wondering if does two work together at all? I saw examples with > ldapd that ships with the OS but not with OpenLDAP. Since I try to get my > user table defined, and the man only has options for db and fi

Re: OpenSMTP and OpenLDAP

OpenSMTP at all? And if so, where to find a piece of information how to configure it? regards MArkus Am 25.07.2017 um 10:50 schrieb Markus Rosjat: Hi there, I was just wondering if does two work together at all? I saw examples with ldapd that ships with the OS but not with OpenLDAP. Since I try

OpenSMTP and OpenLDAP

Hi there, I was just wondering if does two work together at all? I saw examples with ldapd that ships with the OS but not with OpenLDAP. Since I try to get my user table defined, and the man only has options for db and file, whats the way to go here if there is a way at all? Regards

Re: openldap port mdb support

On 2017-07-10, Paul B. Henson wrote: > mdb has been disabled in the openldap port since it looks like > 2015/02/16, I was wondering if anyone has tried it since then to see if > maybe the issues with it have been resolved? The other backends are > deprecated upstream, it would be nic

openldap port mdb support

mdb has been disabled in the openldap port since it looks like 2015/02/16, I was wondering if anyone has tried it since then to see if maybe the issues with it have been resolved? The other backends are deprecated upstream, it would be nice to get mdb working under openbsd. I'm going t

guidelines for migration openldap directory to ldapd ?

Hi there, I was wondering if there is something like that for migration an exisiting openLDAP directory to ldapd? I took a look at he config files and some stuff was basically the same information with diffrent syntax. The aim ist to make working with ldap authentication and opensmtp as

Re: OpenLDAP and filesystem permission

hello, ros...@ghweb.de (Markus Rosjat), 2017.04.27 (Thu) 12:59 (CEST): > I basically want to know if its okay to set permission on a file or > directory for a LDAP user even if there is no local user on this machine. > > Hope someone understand what I mean, background is setting up a mailserver

OpenLDAP and filesystem permission

Hi there, I basically want to know if its okay to set permission on a file or directory for a LDAP user even if there is no local user on this machine. Hope someone understand what I mean, background is setting up a mailserver with usermanagement over LDAP. The naive way for me would be crea

Re: Dovecot with OpenLDAP

On 2015-05-03, Markus Rosjat wrote: > Am 03.05.2015 um 10:32 schrieb Stuart Henderson: >> On 2015-05-02, Markus Rosjat wrote: >>> okay it seems dovecot runs root and not as the _dovecot user so applying >>> a login class for the dovecote group only helps if you add root to it >>> and nor it seems

Re: Dovecot with OpenLDAP

okay openLDAP seems to be more tricky then expected ... I get the slapd running and with slapcat I can get information for a user but when I try to modify stuff with ldapmodify slapd instantly dies with a cant connect to server even the log shows I was connected befor I try to submit the

Re: Dovecot with OpenLDAP

Am 03.05.2015 um 10:32 schrieb Stuart Henderson: On 2015-05-02, Markus Rosjat wrote: okay it seems dovecot runs root and not as the _dovecot user so applying a login class for the dovecote group only helps if you add root to it and nor it seems to start properly. How are you starting Dovecot?

Re: Dovecot with OpenLDAP

On 2015-05-02, Markus Rosjat wrote: > okay it seems dovecot runs root and not as the _dovecot user so applying > a login class for the dovecote group only helps if you add root to it > and nor it seems to start properly. How are you starting Dovecot? The login class mechanism is only used when

Re: Dovecot with OpenLDAP

just a little update, dont know if it's the right approach Am 02.05.2015 um 19:37 schrieb Markus Rosjat: Hi there, once again some stupid questions :) 1. is there a sane example out there to configure dovecot with openldap on openbsd? - I try to get things running for hours now all

Dovecot with OpenLDAP

Hi there, once again some stupid questions :) 1. is there a sane example out there to configure dovecot with openldap on openbsd? - I try to get things running for hours now all I get is a nice log that tells me that to many files are open. And reading around point to some

openldap verver problem

hi there I'm running a 5.7 and installed openldap-server but I didn't noticed that Ineed a special package for cyrus-sasl for ldap. So I deleted the package and installed the right one. So now I got the problem that I always get complains regarding /usr/local/lib/libldap-2.4.so.

Re: upgrade 5.4 -> 5.5 -- openldap bdb database

gt; > everything was against me), and one of the obstacles was the openldap > > upgrade. I was using openldap-2.4 with bdb on 5.4 also, so I thought it > > would be a clean cut. After trying to start slapd, it barked about the > > bdb's consistency: > > > > __db.

Re: upgrade 5.4 -> 5.5 -- openldap bdb database

On Fri, May 2, 2014 at 1:27 AM, LEVAI Daniel wrote: > I've recently upgraded one of my systems to 55 from 54 (btw, for me, the > most painful upgrade since ~3.9; I don't know what happened but > everything was against me), and one of the obstacles was the openldap > upgrade

Re: upgrade 5.4 -> 5.5 -- openldap bdb database

maybe related? http://marc.info/?l=openbsd-cvs&m=138183876907016&w=2 I also stumbled over an old nawk short after, no clue if that could have been invoked. On 07.05.2014 04:21, Stuart Henderson wrote: What arch is this Daniel? I've done multiple 5.4->5.5 upgrades with Open

Re: upgrade 5.4 -> 5.5 -- openldap bdb database

On sze, máj 07, 2014 at 02:21:38 +, Stuart Henderson wrote: > What arch is this Daniel? I've done multiple 5.4->5.5 upgrades > with OpenLDAP/bdb without need for additional steps, but they were > all on amd64. [...] Oh, this was i386. Daniel -- LÉVAI Dániel PGP key ID

Re: upgrade 5.4 -> 5.5 -- openldap bdb database

What arch is this Daniel? I've done multiple 5.4->5.5 upgrades with OpenLDAP/bdb without need for additional steps, but they were all on amd64. On 2014-05-02, LEVAI Daniel wrote: > Hi! > > I've recently upgraded one of my systems to 55 from 54 (btw, for me, the > most p

upgrade 5.4 -> 5.5 -- openldap bdb database

Hi! I've recently upgraded one of my systems to 55 from 54 (btw, for me, the most painful upgrade since ~3.9; I don't know what happened but everything was against me), and one of the obstacles was the openldap upgrade. I was using openldap-2.4 with bdb on 5.4 also, so I thought it

Re: openldap password fails to update

gt; login.conf(5), login_ldap(8) from ports, and whatever manuals for > OpenLDAP. > > But why can't I authenticate (using ssh or login) on the system ? > > Do I really have to go through ypldap ? Sounds not efficient to > > have an intermediate ! > > There are two separ

Re: openldap password fails to update

Le samedi 8 mars 2014, 16:14:53 Matthew Weigel a écrit : > On 03/08/2014 03:11 PM, Stéphane Guedon wrote: > > when I use 127.0.0.1 in php scripts, I can use ldap. > > if the script is running with 'localhost' then, no ldap data... > > > > Any idea why ? > > I have checked host resolution... > > tel

Re: openldap password fails to update

On 03/08/2014 03:11 PM, Stéphane Guedon wrote: > when I use 127.0.0.1 in php scripts, I can use ldap. > if the script is running with 'localhost' then, no ldap data... > > Any idea why ? > I have checked host resolution... > telnet localhost ldap gives the good behavior Is PHP running inside a c

Re: openldap password fails to update

gt; > when using the one in /usr/libexec/auth/login_... instead of > /usr/local/libexec... it works ! > > and I can start ypldap ! > > But why can't I authenticate (using ssh or login) on the system ? Do > I really have to go through ypldap ? Sounds not efficient to have > an interme

Re: openldap password fails to update

henticate? attempt binding as the user trying to login, or looking up the password via a high-privileged account? I'm using login-ldap from packages for ldap password auth, this works fine for me against passwords stored in openldap. I have this in login.conf: ldap:\ :auth=-ldap:\

Re: openldap password fails to update

f the problem, and showing relevant configs and logs the first time, goes a long way to helping people help you. Reading manuals helps too. Among others, ypldap(8), ypldap.conf(5), login.conf(5), login_ldap(8) from ports, and whatever manuals for OpenLDAP. > But why can't I authenticate (

Re: openldap password fails to update

Le samedi 8 mars 2014, 17:21:26 Stéphane Guedon a écrit : > Le samedi 8 mars 2014, 09:09:08 Matthew Weigel a écrit : > > On Mar 8, 2014, at 6:29 AM, Stéphane Guedon > > wrote: > > > Notably, the user fails to auth and do login (with openbsd login > > > system AND webpages) eventhough password is

Re: openldap password fails to update

Le samedi 8 mars 2014, 09:09:08 Matthew Weigel a écrit : > On Mar 8, 2014, at 6:29 AM, Stéphane Guedon wrote: > > Notably, the user fails to auth and do login (with openbsd login > > system AND webpages) eventhough password is correct according to > > ldap itself ! > > That's a lot more moving pa

Re: openldap password fails to update

On Mar 8, 2014, at 6:29 AM, Stéphane Guedon wrote: > > Notably, the user fails to auth and do login (with openbsd login > system AND webpages) eventhough password is correct according to ldap > itself ! That's a lot more moving parts than just passwords in LDAP. Have you checked your configurati

Re: openldap password fails to update

Le samedi 8 mars 2014, 12:23:19 Stuart Henderson a écrit : > On 2014-03-07, Stéphane Guedon wrote: > > But when I try to change this user password it fails : > > > > # ldappasswd -x -v -D "uid=test,ou=users,dc=22decembre,dc=eu" \ > > -w somesecret -s anothersec > > ldap_initialize( ) > > Result:

Re: OBSD 5.4 and OpenLDAP

On 2014-03-07, Friedrich Locke wrote: > Hi folks! > > I would like to setup a OpenLDAP server using OpenBSD and the ports > collection. > I wonder if the current OpenLDAP in the ports is still broken ? > Do it supports mdb/hdb/bdb ? > > Thanks a lot. > > gust

Re: openldap password fails to update

On 2014-03-07, Stéphane Guedon wrote: > But when I try to change this user password it fails : > > # ldappasswd -x -v -D "uid=test,ou=users,dc=22decembre,dc=eu" \ > -w somesecret -s anothersec > ldap_initialize( ) > Result: Other (e.g., implementation specific) error (80) > Additional info: pass

Re: openldap password fails to update

t clear that this is an OpenBSD problem. See, for example, http://www.openldap.org/lists/openldap-technical/200902/msg00186.html There's another thing strange, maybe related to the problem : slappasswd never gives the same result ! # slappasswd New password: Re-enter

openldap password fails to update

Hello everybody. I am currently finishing my openbsd server. Most of installation gone pretty well :-). I run now in openldap. I successfully installed the server and launched it in chroot for security. My problem is weird : using ldapadd, I can add peoples and stuff. ldapadd -x -D "cn=

Re: OBSD 5.4 and OpenLDAP

Why do you say it is still broken? I am running openldap-client-2.4.35p1 open-source LDAP software (client) openldap-server-2.4.35p2 open-source LDAP software (server) on OpenBSD 5.4 without any problems. The package works beautifully, works with samba, horde, etc., far better than anything

OBSD 5.4 and OpenLDAP

Hi folks! I would like to setup a OpenLDAP server using OpenBSD and the ports collection. I wonder if the current OpenLDAP in the ports is still broken ? Do it supports mdb/hdb/bdb ? Thanks a lot. gustavo.

Re: openldap-2.4.36 server

On 2013-11-10, Predrag Punosevac wrote: > Hi Misc, > > I am playing with OpenLDAP and I have a question about OpenLDAP server. > I see in ports OpenLDAP server version 2.3.43 and the client version > 2.4.36 even though current release is 2.4.37. Is there a particular > reason b

Re: openldap-2.4.36 server

j...@wxcvbn.org (J??r??mie Courr??ges-Anglas) wrote: > Predrag Punosevac writes: > > > Hi Misc, > > Hi, > > this is a question for ports@. > I was not sure but I didn't want to cross post. > > I am playing with OpenLDAP and I have a question about OpenLD

Re: openldap-2.4.36 server

Predrag Punosevac writes: > Hi Misc, Hi, this is a question for ports@. > I am playing with OpenLDAP and I have a question about OpenLDAP server. > I see in ports OpenLDAP server version 2.3.43 and the client version > 2.4.36 even though current release is 2.4.37. Is there

openldap-2.4.36 server

Hi Misc, I am playing with OpenLDAP and I have a question about OpenLDAP server. I see in ports OpenLDAP server version 2.3.43 and the client version 2.4.36 even though current release is 2.4.37. Is there a particular reason besides lack of man power and interest why the server is not updated to

Re: obsd 5.3 and openldap

On 2013-06-12, Friedrich Locke wrote: > Hi folks, > > may someone in the list tell me if with obsd5.3 openldap supports hdb or > even bdb. > As far as i know, openldap in openbsd ports is broken. > > Thanks you all. > > gustavo. > > OpenBSD 5.3 ships with Ope

Re: obsd 5.3 and openldap

Quoting Friedrich Locke : Hi folks, may someone in the list tell me if with obsd5.3 openldap supports hdb or even bdb. As far as i know, openldap in openbsd ports is broken. Thanks you all. gustavo. Hi, I am running 2.4.35 on a -current system and it is not broken (replication etc

Re: obsd 5.3 and openldap

Friedrich Locke writes: > Hi folks, Hi, > may someone in the list tell me if with obsd5.3 openldap supports hdb or > even bdb. Weren't you the one that requested adding support for mdb on ports, a while ago? I thought you knew. :) Since i do need to get a directory servi

obsd 5.3 and openldap

Hi folks, may someone in the list tell me if with obsd5.3 openldap supports hdb or even bdb. As far as i know, openldap in openbsd ports is broken. Thanks you all. gustavo.

Re: openldap on OBSD amd64 5.2

On 2013-01-14, Claudio Jeker wrote: > On Mon, Jan 14, 2013 at 05:41:36PM -0200, Friedrich Locke wrote: >> Hi, >> >> i am trying to get openldap running, but my experience has been not that >> good. >> I have built and installed from ports. I can get it up an

Re: openldap on OBSD amd64 5.2

I am using db-4.6.21p4 Quoting Friedrich Locke : Hi, sounds strange. Claudio said it was borked for amd64. Are you using BDB ? Which version ? On Mon, Jan 14, 2013 at 8:10 PM, Vijay Sankar wrote: Quoting Friedrich Locke : Hi, i am trying to get openldap running, but my experience has

Re: openldap on OBSD amd64 5.2

Hi, sounds strange. Claudio said it was borked for amd64. Are you using BDB ? Which version ? On Mon, Jan 14, 2013 at 8:10 PM, Vijay Sankar wrote: > Quoting Friedrich Locke : > > Hi, >> >> i am trying to get openldap running, but my experience has been not that >>

Re: openldap on OBSD amd64 5.2

Quoting Friedrich Locke : Hi, i am trying to get openldap running, but my experience has been not that good. I have built and installed from ports. I can get it up and running but as soon as qmail tries to bind into it, it begins to consume memory up to all my available memory. I asked for

Re: openldap on OBSD amd64 5.2

On Mon, Jan 14, 2013 at 05:41:36PM -0200, Friedrich Locke wrote: > Hi, > > i am trying to get openldap running, but my experience has been not that > good. > I have built and installed from ports. I can get it up and running but as > soon as qmail tries to bind into it, it

openldap on OBSD amd64 5.2

Hi, i am trying to get openldap running, but my experience has been not that good. I have built and installed from ports. I can get it up and running but as soon as qmail tries to bind into it, it begins to consume memory up to all my available memory. I asked for help in the openldap mailing

openldap

Hi, i remenber when installing (after building it from /usr/ports/database/opendap) openldap the scripts in patch directory create user _openldap and the group too. Now i cannot see any reference to the user/group openldap server process will run as ? Isn't it necessary anymore ? I mean, do

OBSD 4.9 and OpenLDAP 2.4.23

Hi, does anybody here uses openldap 2.4.23 with OBSD 4.9 ? are you having any problem related to memory usage by slapd ? Thanks for your time and cooperation, best regards. fried

Re: openldap and openbsd

On 2011-06-29, Stuart Henderson wrote: > On 2011-06-29, Remco wrote: >> >> Apart from the other advise you got I think you need to set the KRB5_KTNAME >> environment variable to tell slapd where to find your LDAP keytab, e.g.: >> (yeah, I edited the default slapd rc script, I don't know if there'

openbsd/ypserv/openldap

Hi folks, how should i add an entry to openldap that ypserv will use it for binding ? This entry will need to have a password and should not be confused with a valid posix user entry. How have you done on your ypldap/openldap implementation ? Thanks in advance.

Re: openldap and openbsd

to override the daemon line in a rc script. However, I found out that it's possible to define a class in login.conf named after the script, and the script will pick that up, e.g.: # # OpenLDAP # slapd:\ :setenv=KRB5_KTNAME=/some_path/ldap.keytab:\ :tc=daemon: Hopefully this is useful to the OP (and others as well).

Re: openldap and openbsd

On 2011-06-29, Remco wrote: > > Apart from the other advise you got I think you need to set the KRB5_KTNAME > environment variable to tell slapd where to find your LDAP keytab, e.g.: > (yeah, I edited the default slapd rc script, I don't know if there's a > better way) this will cause you hassle

Re: openldap and openbsd

Friedrich Locke wrote: > Dear list members, > > i have just installed openldap from ports (OpenBSD 4.9/amd64) and i am > testing it. My doubt is: > > It seems to me that openldap should be run as user "x" and group "y" > accordingly the ports coll

Re: openldap and openbsd

2011/6/28 Friedrich Locke > Dear list members, > > i have just installed openldap from ports (OpenBSD 4.9/amd64) and i am > testing it. My doubt is: > > It seems to me that openldap should be run as user "x" and group "y" > accordingly the ports coll

Re: openldap and openbsd

Friedrich Locke writes: > How could i run openldap as another user not root and provide it with > a ldap/x.y.z ticket? Use kadmin and ktadd -k. Remember that openldap (and only openldap) should only have read access to the new keytab.

openldap and openbsd

Dear list members, i have just installed openldap from ports (OpenBSD 4.9/amd64) and i am testing it. My doubt is: It seems to me that openldap should be run as user "x" and group "y" accordingly the ports collection. The problem is that i want to use kerberos authentica

Re: OpenBSD + OpenLDAP

--On Sunday, May 29, 2011 04:22:07 PM -0300 Friedrich Locke wrote: > i am planning on migrating from tradicional unix password files to LDAP. > But i have one question: what about uid definition? Although I've not tried it under OpenBSD, I've used CPU to manage LDAP

Re: OpenBSD + OpenLDAP

On Sun, May 29, 2011 at 04:22:07PM -0300, Friedrich Locke wrote: > Dear list users, > > i am planning on migrating from tradicional unix password files to LDAP. > But i have one question: what about uid definition? Does ldap will > (for instance) auto increment it? > If not, how will ldap manage u

Re: OpenBSD + OpenLDAP

OpenLDAP itself does not automatically increment the uid. You might look into using ypldap but if you don't want to do that, you would have to script your own tool. To: misc@openbsd.org Sent: Sunday, May 29, 2011 12:22 PM Subject: OpenBSD + OpenLDAP Dear

OpenBSD + OpenLDAP

Dear list users, i am planning on migrating from tradicional unix password files to LDAP. But i have one question: what about uid definition? Does ldap will (for instance) auto increment it? If not, how will ldap manage uid alocation? Thanks in advance.

Re: Testing OpenLDAP 2.4.23p1 on OpenBSD 4.9

On 2011-05-13, Martin Pelikan wrote: > I remember testing it couple of months ago on 4.8-stable - for example > if you fed it a mod_replace query to delete one value from a field > with more of them (typically groups->memberUid), it wouldn't touch the > one you wanted out and just delete the rest

Re: Testing OpenLDAP 2.4.23p1 on OpenBSD 4.9

2011/5/13 Stuart Henderson : > you're confused between OpenLDAP and ldapd - > > ldapd is the OpenBSD LDAP daemon, part of the base OS. > > the OpenLDAP daemon is called slapd, installed with the openldap-server > package. Unfortunately, the OpenBSD ldapd isn't full

Re: Testing OpenLDAP 2.4.23p1 on OpenBSD 4.9

you're confused between OpenLDAP and ldapd - ldapd is the OpenBSD LDAP daemon, part of the base OS. the OpenLDAP daemon is called slapd, installed with the openldap-server package. On 2011-05-13, Tito Mari Francis Esca??o wrote: > Good day! > I was able to install OpenLDAP 2.4.23p1

Re: Testing OpenLDAP 2.4.23p1 on OpenBSD 4.9

On Fri, May 13, 2011 at 4:02 PM, Tito Mari Francis Escaqo wrote: > Good day! > I was able to install OpenLDAP 2.4.23p1 on OpenBSD 4.9, sure enough it will > run as daemon when I edited /etc/rc.conf as below: > ldapd_flags="" > > I run slaptest -u and get the complaint:

Testing OpenLDAP 2.4.23p1 on OpenBSD 4.9

Good day! I was able to install OpenLDAP 2.4.23p1 on OpenBSD 4.9, sure enough it will run as daemon when I edited /etc/rc.conf as below: ldapd_flags="" I run slaptest -u and get the complaint: unable to open file "/var/run/openldap/slapd.pid" I find that /var/run/openldap is

Re: OpenLDAP

Hi Friedich It's in current: http://marc.info/?l=openbsd-ports&m=129440451210138&w=2 Regards, Remi On 01/11/2011 12:56 AM, Friedrich Locke wrote: Hi folks, is there plan for openbsd support openldap with recent version(s) of bdb ? Thanks in advance, Gustavo.

OpenLDAP

Hi folks, is there plan for openbsd support openldap with recent version(s) of bdb ? Thanks in advance, Gustavo.

openldap mysql openbsd

Hi folks, did anyone using openbsd already deployed openldap with mysql ? What is your experience running them with openbsd? What about performance and stability? Is it a better approach to deploy openldap with mysql or BDBv3 ? Thanks a lot for your feedback. Best regards, Gustavo.

OpenBSD + (OpenLDAP, SASL, Samba)

Hi, I've configured SASL to autenticate against Active Directory (it's working, OK) I've configured OpenLDAP to autenticate against SASL, using 'pass-through autentication' (it's working too) I've managed to configure ypldap too, if I set the user password

  1   2   3   >