similar to: openldap: replica consumers and ppolicy overlay values

Hi, I have a setup with two CentOS 5 machines running OpenLDAP 2.3.x, right now the primary uses slurpd to send the updates to the second server, and the second server is using "updatedn" to allow updates (from what I understand! I'm no OpenLDAP guru here.) Clients are using pam_ldap and nss_ldap to get the users and authenticate them in LDAP. Right now hosts query only the primary

Hey folks, Some months back, I entertained a conversation with Volker Lendecke, Adam Tauno Williams, and Simo Sorce about getting Samba to play nice with LDAP's ppolicy overlay. (Thread starts here: http://www.mail-archive.com/samba@lists.samba.org/msg92134.html and ends here: http://www.mail-archive.com/samba@lists.samba.org/msg92214.html) I was wondering if any progress had been made

Hi, I am using both syncrepl (for replication) and smbk5pwd (for password synchronisation between samba and ldap account) overlays. I have configured replication in the simplest way: a read-only producer that forwards updates to the provider thought updateref. If I change my password thought passwd command on a client with pam modules configured for gaining information from the provider

Hi, ? my problem is related to samba3 with openldap backend. i use syncrepl to replicate our openldap db to the slapd running on the samba server. slapd is configured to set a referrer for write requests via "updateref". ? if i use smbpasswd to change the samba/ldap password from the console everything works fine. i can see the referrer offered by the local slapd and also a rebind to

Hi to all! I've set up Zimbra LDAP (2.4) as master, and I want to use RHEL v5 LDAP (2.3) as a slave. This is relevant part of my slapd.conf on LDAP 2.3: # syncrepl directives syncrepl rid=101 provider=ldap://192.168.1.86 bindmethod=simple binddn="uid=zimbra,cn=admins,cn=zimbra" credentials=PASSword searchbase="dc=company,dc=com" schemachecking=on

Hola a todos... Compile openLDAP y habilite --enable-overlays como modulos.. Entonces ppolicy.la se creo.. pero cuando en el archivo de configuracion de ldap coloco lo siguiente funciona: # Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload ppolicy.la # password policy overlay ppolicy ppolicy_default "cn=Standard

I am looking for a way to enforce our password policy using our PDC with OpenLDAP. I have already configured ppolicy, just can not find a way to make it enforce it on the windows clients. Searches turn up little to go on. I must be searching for the wrong terms. Anyone have any pointers?

Hello all, I have setup an HA cluster running under Debian GNU/Linux with samba 3.0.7, openldap 2.0.23 with two machines. Each machine runs winbindd and slapd. One additionally runs slurpd to replicate to the other. Replication works but winbind seems to add entries on the secondary ldap server and not follow the updateref given from the server. This is a problem since the ldap database run

Out of faint curiosity, how do we push change requests upstream to RHEL? I'm using puppet to automate systems, including the application of SELinux policy. While setsebool -P is non-damaging to repeat, it is time consuming -- taking about 45 seconds per execution to process the existing policy and re-commit to disk. I'd like a simple ability to put an unless in the execution of

On 12 Apr 2016 6:10 p.m., "John Jasen" <jjasen at realityfailure.org> wrote: > > Out of faint curiosity, how do we push change requests upstream to RHEL? > > I'm using puppet to automate systems, including the application of > SELinux policy. While setsebool -P is non-damaging to repeat, it is time > consuming -- taking about 45 seconds per execution to

I thought I would ask here to see if anyone has had a similar situation and a solution. We've got a SunOne Directory Server set up to authenticate our users on Linux. To get shared authentication with Windows, we set up Samba (2.0.33 as ships with CentOS 5) and the smbldap-tools. What we need to do is get account locking to work across the board...such that if a user fails 5 times on a

I check system load like so: [root at server cron.daily]# w 10:07:33 up 4 days, 15:01, 2 users, load average: 4.22, 3.17, 3.09 I would like to to graph the 3.17 5 minute average with MRTG. Anyone know of some examples of doing this?

Hello All, I had problems with the security server, the server is frequently attacked using bruteforce attacks. Is there an application that can perform automatic blocking when there are failed login to the ports smtp, pop3 port, and others? I am currently using CentOS 5.5 in some servers Thanks in advanced....... -- -- Best regards, David http://blog.pnyet.web.id -------------- next part

Hello OK, in my case, there is only one samba server acting as PDC. On the PDC, it has a openldap server as backend. I have configured another server as the slave ldap server. slave ldap server will pool data by syncrepl. There are some spaces in samba/smbldap-tool that we can configure multiple ldap servers (or load balance by use of DNS) What happen if the PDC write data to the slave ldap

All, After many hours of research I have found there is a incompatibility between OpenLDAP V2.3.x and V2.2.x, or atleast between V2.3.27 the current version on CentOS V5 and V2.2.13 the current version on CentOS V4. The syncrepl feature of OpenLDAP, to keep multiple slapd servers sync'd, was working between CentOS 4 and 5 at one time, as that is how I populated the "slave" servers.

On Wed, 25 Jan 2017 15:55:16 +0100 basti via samba <samba at lists.samba.org> wrote: > Hello, > > at the Moment we use and Samba 4 in NT4-style Domain with approx. 20 > Clients. > > With the Problem of Windows 10 to join to NT4-style >

Hello everybody,, This time i want to replicate PDC to BDC when there's is any changes on PDC, here is my conf. on /etc/openldap/slapd.conf LDAP Server master moduleload syncprov overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 LDAP Server mirror moduleload syncprov syncrepl rid=001 provider=ldap://ldap.domain.com:389 bindmethod=simple

Hi all, I have a few ldap servers slaved to a primary via syncrepl, all is well. I've set my clients to auth against a few and there /etc/ldap.conf looks like so; uri ldap://primary.domain.com ldap://secondary.domain.com However when either primary or slaves go down, while the clients can log in, access is very slow, ls of any dir is painful. The /var/log/messages shows several failed

Hi, I'd like to know if any of you have ever implemented Samba 3 with OpenLDAP multimaster (using syncrepl, maybe) or Fedora-DS. The basic idea would be: - WAN link dies, the remote office's BDC would promote itself to PDC (using some kind of monitoring script), and will start accepting changes to the user base. Also, some change to the local WINS server would be necessary. - WAN link

Hello, at the Moment we use and Samba 4 in NT4-style Domain with approx. 20 Clients. With the Problem of Windows 10 to join to NT4-style (https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains#Windows_10:_There_Are_Currently_No_Logon_Servers_Available_to_Service_the_Logon_Request) we plan to migrate to Samba AD. At the Moment there is the following scheme: samba PDC