Hello, can you please help me pwdExpireWarning I have setuped pwdExpireWarning 300 *5 min*
then UI updated password for user 0000: 30 6d 02 01 02 64 68 04 1f 75 69 64 3d 6d 61 78 0m...dh..uid=max 0010: 2c 6f 75 3d 75 73 65 72 73 2c 6f 75 3d 74 72 61 ,ou=users,ou=tra 0020: 6e 73 6d 61 73 74 65 72 30 45 30 1e 04 0b 6f 62 nsmaster0E0...ob 0030: 6a 65 63 74 43 6c 61 73 73 31 0f 04 0d 69 6e 65 jectClass1...ine 0040: 74 4f 72 67 50 65 72 73 6f 6e 30 23 04 0e 70 77 tOrgPerson0#..pw 0050: 64 43 68 61 6e 67 65 64 54 69 6d 65 31 11 04 0f dChangedTime1... 0060: 32 30 31 31 30 31 32 38 30 37 35 34 33 31 5a 20110128075431Z After 5 minutes, if a user tries to connect to the database, it must issue a message, right ? -------------------------------------------------- This attribute controls whether and when a warning message of password expiration will be returned on a bind attempt. -------------------------------------------------- But nothing happen.. :( I have this ppolice : dn: cn=std, ou=ppolicy, ou=transmaster pwdCheckModule: check_password.so pwdMaxFailure: 6 pwdMustChange: TRUE pwdAttribute: userPassword pwdMinLength: 7 pwdSafeModify: FALSE pwdInHistory: 4 pwdGraceAuthNLimit: 3 pwdCheckQuality: 1 objectClass: pwdPolicy objectClass: top objectClass: device objectClass: pwdPolicyChecker pwdLockoutDuration: 60 cn: std pwdAllowUserChange: TRUE pwdExpireWarning: 300 pwdLockout: TRUE Thank you -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, January 27, 2011 6:00 PM To: [email protected] Subject: openldap-technical Digest, Vol 38, Issue 26 Send openldap-technical mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://www.openldap.org/lists/mm/listinfo/openldap-technical or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of openldap-technical digest..." Send openldap-technical mailing list submissions to [email protected] When replying, please edit your Subject: header so it is more specific than "Re: openldap-technical digest..." Today's Topics: 1. Re: Replication monitoring (Andreas Andersson) 2. Re: Replication monitoring (Peter Boosten) 3. Re: problem with limits configuration (Dan Pritts) 4. Re: Replication monitoring (Peter Boosten) 5. Re: Replication monitoring (Peter Boosten) 6. Re: Failover Failure Advice (Anton Chu) 7. Re: Failover Failure Advice (Quanah Gibson-Mount) 8. Re: Failover Failure Advice (Chris Jacobs) 9. Re: slapd logging in chroot() environment (Peter Palmreuther) 10. Re: slapd logging in chroot() environment (Dieter Kluenter) 11. meta directory backend and rewriting option '|' (Lehnert, Hartmut) 12. constraint overlay question (jarek) 13. openldap memberof attribute (Vincent Li) 14. deleting schema elements from cn=config (Tim Gustafson) 15. Re: openldap memberof attribute (Michael Str?der) 16. MemberOf attribute not being returned (Mark Cairney) ---------------------------------------------------------------------- Message: 1 Date: Wed, 26 Jan 2011 19:32:22 +0100 From: Andreas Andersson <[email protected]> To: Peter Boosten <[email protected]> Cc: [email protected] Subject: Re: Replication monitoring Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" Hi! Thanks. Made a note about the config directory. I've focused on following the FHS: http://www.pathname.com/fhs/ As it is a symlink it should be possible to put the config directory wherever you want (I guess that's what you did). How about replication verification? Can you confirm that its working? Regards - Andreas On Jan 26, 2011, at 10:19 AM, Peter Boosten wrote: > > On 24 jan 2011, at 18:55, Andreas Andersson wrote: > >> As always? I appreciate all feedback I can get > > > This actually looks quite decent: it needs some tinkering if you do not follow the installation guide (I don't want my /etc directory cluttered with software installed by me, for FreeBSD that's /usr/local/etc), but it's nice and easy to use. > > > -- > Peter Boosten > http://www.boosten.org > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.openldap.org/lists/openldap-technical/attachments/20110126/d 5a1c1ec/attachment.html> ------------------------------ Message: 2 Date: Wed, 26 Jan 2011 19:48:26 +0100 From: Peter Boosten <[email protected]> To: Andreas Andersson <[email protected]> Cc: [email protected] Subject: Re: Replication monitoring Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" On 26 jan 2011, at 19:32, Andreas Andersson wrote: > How about replication verification? Can you confirm that its working? No, not yet, but I don't have heavy replication going on. I'll try to force some updates to the DIT. The only thing I'm struggling with is the screen refresh: somehow I'm not able to keep a setting after switching menus. One other thing (maybe it's a firefox thing): when I open the configuration screen, and don't actually change nothing, then it's impossible to close that screen again. But after running a couple of hours I'm very charmed of this tool. Keep up the good work. -- Peter Boosten http://www.boosten.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.openldap.org/lists/openldap-technical/attachments/20110126/1 1ed653e/attachment.html> ------------------------------ Message: 3 Date: Wed, 26 Jan 2011 13:58:38 -0500 From: Dan Pritts <[email protected]> To: Pierangelo Masarati <[email protected]> Cc: [email protected] Subject: Re: problem with limits configuration Message-ID: <[email protected]> Content-Type: text/plain; charset=us-ascii On Jan 25, 2011, at 5:58 AM, Pierangelo Masarati wrote: > "sizelimit" is global, while "limits" are per database. You do not specify where you put the "limits" statements above, did you try putting them in the database that syncrepl statement is related to? This was my problem. I put the limits statement below the (single) database statement and it works now. I missed bit about per-database on my first several looks at the man page. I probably never read the whole thing through. To be honest, it didn't even occur to me that i might have more than one database. newbie. thanks! danno -- Dan Pritts, Sr. Systems Engineer Internet2 office: +1-734-352-4953 | mobile: +1-734-834-7224 ------------------------------ Message: 4 Date: Wed, 26 Jan 2011 19:59:03 +0100 From: Peter Boosten <[email protected]> To: Andreas Andersson <[email protected]> Cc: [email protected] Subject: Re: Replication monitoring Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" On 26 jan 2011, at 19:32, Andreas Andersson wrote: > How about replication verification? Can you confirm that its working? Ok, looking at the screenshot you sent in your first email, replication settings don't seem to be recognized in my setup (you have an error below the selected server, showing the server whom is replicated to, but in my setup there's no such arrow, nor another server). Any ideas? -- Peter Boosten http://www.boosten.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.openldap.org/lists/openldap-technical/attachments/20110126/2 4c567af/attachment.html> ------------------------------ Message: 5 Date: Wed, 26 Jan 2011 22:30:16 +0100 From: Peter Boosten <[email protected]> To: Peter Boosten <[email protected]> Cc: Andreas Andersson <[email protected]>, [email protected] Subject: Re: Replication monitoring Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" On 26 jan 2011, at 19:59, Peter Boosten wrote: > > On 26 jan 2011, at 19:32, Andreas Andersson wrote: > >> How about replication verification? Can you confirm that its working? > > > Ok, looking at the screenshot you sent in your first email, replication settings don't seem to be recognized in my setup (you have an error below the selected server, showing the server whom is replicated to, but in my setup there's no such arrow, nor another server). > > Any ideas? > After some testing there's actually more not working, for instance: the collectsummary.php script doesn;t return any values (all 0), ut if I try the ldapquery manually, it actually gives non-zero results: ra% ldapsearch -x -D "cn=root,dc=boosten,dc=org" -W -b "cn=operations,cn=monitor" -LLL '(cn=modify)' monitorOpCompleted Enter LDAP Password: dn: cn=Modify,cn=Operations,cn=Monitor monitorOpCompleted: 19 and from the cli log: 0 ) modify - Summary Value: 0 0 ) modify - Value NOT Stored to db as it is empty I'm on OpenLDAP 2.4.23, on FreeBSD. -- Peter Boosten http://www.boosten.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.openldap.org/lists/openldap-technical/attachments/20110126/6 f8d9b9f/attachment.html> ------------------------------ Message: 6 Date: Wed, 26 Jan 2011 13:40:59 -0800 From: Anton Chu <[email protected]> To: [email protected] Cc: [email protected] Subject: Re: Failover Failure Advice Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" I currently have a Master/Slave Failover setup and I'm planning to deploy 100 ldap clients soon. I'm thinking about installing a Slave LDAP Server in all my ldap clients. I'm sure this will bog down the network but can I program syncrepl to be less chatty between master and slave? I'm planning to point 60 of my clients to the master while the rest will point to the slave. Your thoughts? Kindest regards, Anton On Tue, Jan 18, 2011 at 3:22 PM, jekvb <[email protected]> wrote: > On Tue, 2011-01-18 at 14:43 -0800, Anton Chu wrote: > > > > I've setup a master and slave ldap service for failover; > > My failover construction is a bit different, but it works quite nicely, > so I 'd like to share this. > For a simple and reliable failover I have two LDAP servers in Mirror > mode with Keepalived on top of it. This is based on having one virtual > IP for both machines. When the one LDAP server (master) that has the IP, > fails, all read & write operations are directed to the backup server. > When the failed LDAP server comes up again it takes over the IP again > and SyncRepl on the slave takes care of updating the master. > > > Best regards, Kuba > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.openldap.org/lists/openldap-technical/attachments/20110126/8 2d30fd1/attachment.html> ------------------------------ Message: 7 Date: Wed, 26 Jan 2011 13:49:47 -0800 From: Quanah Gibson-Mount <[email protected]> To: Anton Chu <[email protected]>, [email protected] Cc: [email protected] Subject: Re: Failover Failure Advice Message-ID: <B575BCC811E6022F6980A86F@[192.168.1.2]> Content-Type: text/plain; charset=utf-8; format=flowed 100 ldap clients is tiny. Why would you need 100 replicas? Seems massively overkill to me. If you want a couple of replicas for failover and load distribution create a few replicas. You shouldn't need one replica per client... --Quanah --On Wednesday, January 26, 2011 1:40 PM -0800 Anton Chu <[email protected]> wrote: > I currently have a Master/Slave Failover setup and I'm planning to deploy > 100 ldap clients soon.? I'm thinking about installing a Slave LDAP > Server in all my ldap clients. ?? I'm sure this will bog down the > network but can I program syncrepl to be less chatty between master and > slave?? I'm planning to point 60 of my clients to the master while the > rest will point to the slave.? Your thoughts? > > Kindest regards, > Anton? > > > On Tue, Jan 18, 2011 at 3:22 PM, jekvb <[email protected]> wrote: > > > On Tue, 2011-01-18 at 14:43 -0800, Anton Chu wrote: > > >> I've setup a master and slave ldap service for failover; > > My failover construction is a bit different, but it works quite nicely, > so I 'd like to share this. > For a simple and reliable failover I have two LDAP servers in Mirror > mode with Keepalived on top of it. This is based on having one virtual > IP for both machines. When the one LDAP server (master) that has the IP, > fails, all read & write operations are directed to the backup server. > When the failed LDAP server comes up again it takes over the IP again > and SyncRepl on the slave takes care of updating the master. > > > Best regards, Kuba > > > -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration ------------------------------ Message: 8 Date: Wed, 26 Jan 2011 14:56:43 -0700 From: Chris Jacobs <[email protected]> To: "'[email protected]'" <[email protected]>, "'[email protected]'" <[email protected]> Cc: "'[email protected]'" <[email protected]> Subject: Re: Failover Failure Advice Message-ID: <6c447584419bfe4e83d46e88f81314865336f7f...@exch07-05.apollogrp.edu> Content-Type: text/plain; charset="utf-8" Overkill. Setup two slaves behind a VIP. Point local clients to that vip. If load is high on them, add nodes. Setup mirror masters - behind a vip (the prefs one server - no round robin - active/standby). Point slaves (and perhaps any local clients) to that vip. * If using SSL (and you should be), you'll have to use either wildcard certs or certs using hostname of the vip. - chris Chris Jacobs, Systems Administrator Apollo Group | Apollo Marketing | Aptimus 2001 6th Ave Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: [email protected] ________________________________ From: [email protected] <[email protected]> To: [email protected] <[email protected]> Cc: [email protected] <[email protected]> Sent: Wed Jan 26 14:40:59 2011 Subject: Re: Failover Failure Advice I currently have a Master/Slave Failover setup and I'm planning to deploy 100 ldap clients soon. I'm thinking about installing a Slave LDAP Server in all my ldap clients. I'm sure this will bog down the network but can I program syncrepl to be less chatty between master and slave? I'm planning to point 60 of my clients to the master while the rest will point to the slave. Your thoughts? Kindest regards, Anton On Tue, Jan 18, 2011 at 3:22 PM, jekvb <[email protected]<mailto:[email protected]>> wrote: On Tue, 2011-01-18 at 14:43 -0800, Anton Chu wrote: > I've setup a master and slave ldap service for failover; My failover construction is a bit different, but it works quite nicely, so I 'd like to share this. For a simple and reliable failover I have two LDAP servers in Mirror mode with Keepalived on top of it. This is based on having one virtual IP for both machines. When the one LDAP server (master) that has the IP, fails, all read & write operations are directed to the backup server. When the failed LDAP server comes up again it takes over the IP again and SyncRepl on the slave takes care of updating the master. Best regards, Kuba ________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.openldap.org/lists/openldap-technical/attachments/20110126/d e56a451/attachment.html> ------------------------------ Message: 9 Date: Thu, 27 Jan 2011 00:37:26 +0100 From: Peter Palmreuther <[email protected]> To: [email protected] Subject: Re: slapd logging in chroot() environment Message-ID: <[email protected]> Content-Type: text/plain; charset=UTF-8 Hello On 01/26/11 08:54, Christian Manal wrote: > Am 26.01.2011 07:31, schrieb Peter Palmreuther: >> no one with any idea about what to look for? >> >> On 01/13/11 9:03 pm, I wrote: >>> I'm running OpenLDAP 2.4.20 in a chroot()-ed environment on Solaris 10. >>> I somehow don't get logging working. I don't see any logging making it's way >>> through syslog. [...] > if you are using Solaris, why don't you just put your LDAP server into a > zone? Would be a more "clean" separation from the global zone and you > have your own syslog deamon in that environment. I know. But for I don't have much influence on the Solaris configuration itself. We don't have zones available in our setup ... The operations section does not support zones yet. So I'm stuck with what I've got and luckily OpenLDAP supports chroot() itself ... Except I don't get the logging running the way I want. -- Regards, Peter ------------------------------ Message: 10 Date: Thu, 27 Jan 2011 08:03:37 +0100 From: Dieter Kluenter <[email protected]> To: [email protected] Subject: Re: slapd logging in chroot() environment Message-ID: <[email protected]> Content-Type: text/plain; charset=UTF-8 Am Thu, 27 Jan 2011 00:37:26 +0100 schrieb Peter Palmreuther <[email protected]>: > Hello > > On 01/26/11 08:54, Christian Manal wrote: > > Am 26.01.2011 07:31, schrieb Peter Palmreuther: > >> no one with any idea about what to look for? > >> > >> On 01/13/11 9:03 pm, I wrote: > >>> I'm running OpenLDAP 2.4.20 in a chroot()-ed environment on > >>> Solaris 10. I somehow don't get logging working. I don't see any > >>> logging making it's way through syslog. > [...] > > if you are using Solaris, why don't you just put your LDAP server > > into a zone? Would be a more "clean" separation from the global > > zone and you have your own syslog deamon in that environment. > > I know. But for I don't have much influence on the Solaris > configuration itself. We don't have zones available in our setup ... > The operations section does not support zones yet. So I'm stuck with > what I've got and luckily OpenLDAP supports chroot() itself ... > Except I don't get the logging running the way I want. slapd loggs to local4, configure syslog to listen to the chroot environment. -Dieter -- Dieter Kl?nter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53?37'09,95"N 10?08'02,42"E ------------------------------ Message: 11 Date: Thu, 27 Jan 2011 08:56:13 +0100 From: "Lehnert, Hartmut" <[email protected]> To: <[email protected]> Subject: meta directory backend and rewriting option '|' Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Hello! I have a question concerning the pipe option '|' when using the meta directory backend and rewriting. In the manual pages the '|' option is marked as "not implemented". Does this reflect the actual state of the software or has somebody just forgotten to update the man page? Regards, Hartmut -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.openldap.org/lists/openldap-technical/attachments/20110127/5 1c9a0dd/attachment.html> ------------------------------ Message: 12 Date: Thu, 27 Jan 2011 09:43:18 +0100 From: jarek <[email protected]> To: [email protected] Subject: constraint overlay question Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Hello! I'd like to configure constraint for email attribute, where email is constructed from DN in the following way: DN: uid=user, ou=emails, ou=domain.name, ou=domaingroup, ROOT_DN => email: [email protected] Is it possible ? best regards JT. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.openldap.org/lists/openldap-technical/attachments/20110127/f 802a6aa/attachment.html> ------------------------------ Message: 13 Date: Wed, 26 Jan 2011 11:05:00 -0800 From: Vincent Li <[email protected]> To: [email protected] Subject: openldap memberof attribute Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 Hi, I am doing remote authentication using OpenLDAP to login BIGIP, BIGIP has a feature called remoterole to search attribute 'memberof' from LDAP server and once found the attribute, assign the remote user a role defined in various groups like admin, operator... the feature works for Active Directory, but I am unable to make it work for OpenLDAP, I couldn't find 'memberof' attribute in OpenLDAP schema, so I created the 'memberof' attribute in core.schema as below: [root@centos-vli schema]# diff -u core.schema core.schema.orig --- core.schema 2011-01-24 23:54:42.000000000 -0800 +++ core.schema.orig 2011-01-24 23:46:11.000000000 -0800 @@ -345,10 +345,6 @@ DESC 'X.520(4th): pseudonym for the object' SUP name ) -attributetype ( 2.5.4.66 NAME 'memberof' - DESC 'RFC2256: member of a group' - SUP distinguishedName ) - # Standard object classes from RFC2256 # system schema @@ -425,7 +421,7 @@ objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL - MUST ( member $ memberof $ cn ) + MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) objectclass ( 2.5.6.10 NAME 'residentialPerson' and here is my sample ldif file: dn: ou=groups,dc=example,dc=com objectclass:organizationalunit ou: groups description: generic groups branch # create the itpeople entry under groups dn: cn=administrator,ou=groups,dc=example,dc=com objectclass: groupofnames cn: administrator description: bigip admin group member: uid=user5,ou=people,dc=example,dc=com dn: uid=user5,ou=People,dc=example,dc=com uid: user5 cn: user5 objectClass: top objectClass: posixaccount objectClass: shadowaccount objectClass: groupOfNames userPassword: secret shadowLastChange: 14997 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 505 gidNumber: 505 homeDirectory: /home/user5 member: cn=administrator,ou=groups,dc=example,dc=com memberof: cn=administrator,ou=groups,dc=example,dc=com I can login BIGIP fine with user5, but I can't get the administrator role defined in BIGIP, is it something I configured wrong in OpenLDAP or the problem is on BIGIP Thanks Vincent ------------------------------ Message: 14 Date: Wed, 26 Jan 2011 17:12:50 -0800 (PST) From: Tim Gustafson <[email protected]> To: [email protected] Subject: deleting schema elements from cn=config Message-ID: <2071017051.85340.1296090770606.javamail.r...@mail-01.cse.ucsc.edu> Content-Type: text/plain; charset=utf-8 Hi, I'm trying to understand how to delete a schema element. I'm running slapd 2.4.23 on FreeBSD 8.1. When I try to run ldapdelete: ldapdelete -H ldap://localhost -D uid=tjg,cn=config -W -x 'cn={7}java,cn=schema,cn=config' I get the following in the log file: ---------- daemon: read activity on 18 daemon: select: listen=6 active_threads=0 tvp=zero connection_get(18) connection_get(18): got connid=1068 connection_read(18): checking for input on id=1068 op tag 0x4a, time 1296090324 conn=1068 op=1 do_delete >>> dnPrettyNormal: <cn={7}java,cn=schema,cn=config> daemon: activity on 1 descriptor <<< dnPrettyNormal: <cn={7}java,cn=schema,cn=config>, <cn={7}java,cn=schema,cn=config> conn=1068 op=1 DEL dn="cn={7}java,cn=schema,cn=config" send_ldap_result: conn=1068 op=1 p=3 send_ldap_result: err=53 matched="" text="" send_ldap_response: msgid=2 tag=107 err=53 daemon: waked daemon: select: listen=6 active_threads=0 tvp=zero conn=1068 op=1 RESULT tag=107 err=53 text= daemon: activity on 1 descriptor daemon: activity on: 18r ---------- cn={7}java,cn=schema,cn=config is empty; I've already deleted all the objectClass and attribute definitions from it, but now it seems I can't delete the schema entry itself. What am I doing wrong? Tim Gustafson Baskin School of Engineering UC Santa Cruz [email protected] 831-459-5354 ------------------------------ Message: 15 Date: Thu, 27 Jan 2011 12:11:52 +0100 From: Michael Str?der <[email protected]> To: Vincent Li <[email protected]> Cc: [email protected] Subject: Re: openldap memberof attribute Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 Vincent Li wrote: > I couldn't find 'memberof' attribute in OpenLDAP schema, so > I created the 'memberof' attribute in core.schema as below: The overlay memberof is what you're looking for. man 5 slapo-memberof Ciao, Michael. ------------------------------ Message: 16 Date: Thu, 27 Jan 2011 11:30:04 +0000 From: Mark Cairney <[email protected]> To: [email protected] Subject: MemberOf attribute not being returned Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Hi, I'm sure this was working in the past on this server but Im now not getting anything returned when I request the memberOf attribute. I compiled OpenLDAP 2.4.23 with the following flags: ./configure --prefix=/usr/local/authz --enable-meta --enable-ldap --enable-bdb --enable-monitor --enable-syncprov --enable-translucent --enable-memberof --enable-dyngroup --enable-dynlist --with-threads --with-tls --with-cyrus-sasl --enable-syslog --enable-spasswd cd make depend make make test make install I'm using slapd.d and I have the following in /usr/local/authz/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb olcOverlay={0}dynlist.ldif olcOverlay={1}memberof.ldif olcOverlay={2}syncprov.ldif The contents of olcOverlay\=\{1\}memberof.ldif are: dn: olcOverlay={1}memberof objectClass: olcOverlayConfig objectClass: olcMemberOf olcMemberOfDangling: ignore olcMemberOfRefInt: FALSE olcMemberOfGroupOC: posixGroup olcMemberOfMemberAD: member olcMemberOfMemberOfAD: memberOf structuralObjectClass: olcMemberOf entryUUID: 4d5a3aa8-fbac-45c9-b259-941d13e02724 creatorsName: cn=config createTimestamp: 20100318151149Z entryCSN: 20100318151149.488341Z#000000#003#000000 modifiersName: cn=config modifyTimestamp: 20100318151149Z olcOverlay: {1}memberof The log is attached. -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. -------------- next part -------------- A non-text attachment was scrubbed... Name: openldap.log Type: application/octet-stream Size: 8033 bytes Desc: not available URL: <http://www.openldap.org/lists/openldap-technical/attachments/20110127/8 e561efe/attachment.obj> -------------- next part -------------- Any ideas? The only thing I've changed recently is the ACLs Kind regards, Mark /********************************* Mark Cairney ITI UNIX Section Information Services University of Edinburgh Tel: 0131 650 6565 Email: [email protected] *********************************/ ------------------------------ _______________________________________________ openldap-technical mailing list [email protected] http://www.openldap.org/lists/mm/listinfo/openldap-technical End of openldap-technical Digest, Vol 38, Issue 26 ************************************************** __________ Information from ESET NOD32 Antivirus, version of virus signature database 5823 (20110127) __________ The message was checked by ESET NOD32 Antivirus. http://www.esetnod32.ru/.ml __________ Information from ESET NOD32 Antivirus, version of virus signature database 5825 (20110127) __________ The message was checked by ESET NOD32 Antivirus. http://www.esetnod32.ru/.ml
