schema 2.5.18.1 "is operational"

Help Logs Database




	Page: 1 2 3 4 <New0rder> hmm *suming shadowexpire has to be > 0 then huh? :) <New0rder> hmm automount isn't getting it's data from LDAP <New0rder> what's the PADL trick to getting this to automap? <New0rder> well, almost as expected. <New0rder> root <reiffert> su - <reiffert> asklVEW83 <Gagatan> ;) <New0rder> nice pword <New0rder> :) <New0rder> why no put a few numbers in hte middle :) <reiffert> PUgocA0rQePi <reiffert> bMi4TsIrFME7 <reiffert> dF0UArnsHX4u <reiffert> hsuVbXB5UzbT <reiffert> that are example of my pwords. <reiffert> Koksect8 \| (Koks-ect-EIGHT) <reiffert> riDreew2 \| (ri-Dreew-TWO) <reiffert> Pawdyak9 \| (Pawd-yak-NINE) <reiffert> piWojEg8 \| (pi-Woj-Eg-EIGHT) <reiffert> 7ViajAid \| (SEVEN-Viaj-Aid) <reiffert> that are user pwords. <reiffert> pword \| how to remember <New0rder> yeah, how Sol10's default pword policy is setup, kinda have to do that. :) <reiffert> first one are generated by makepwd <reiffert> last 5 ones by apg -n 12 -x 8 -m 8 -a 0 -t -M NCLN \| sed -e 's/ / \| /g;' <New0rder> apg? :) <New0rder> automatic pword generator <New0rder> or something? <reiffert> apg - Automated Pword Generator - Standalone version <New0rder> gentoo says it's "anohter" pword generator.. buy yeah. <reiffert> each p is added to the cracklib afterwards, so they can't renew their pword with the old one :) <New0rder> I'll emerge it and see about implamenting it network wide. <reiffert> and, which is i a great thing, they can remember their pwords. <New0rder> I have my pword history set to like 100 <New0rder> and reset them ever 90 days. <reiffert> well, 12 chars make life hard. <Aaron> reiffert: those look like klingon words <apeiron> reiffert: Where's the punctuation? <apeiron> reiffert: Try pwgen. <og> apeiron: Often you don't want characters outside [A-Za-z0-9] in p*words due to keyboard layout issues. <og> Although I guess . and , are pretty safe. <apeiron> og: Hmm. I guess that'd matter to me if I was hopping between systems a lot. <apeiron> og: But generally I just use public key access in most of those circumstances, and refrain from su. <og> Also, requiring many groups of characters within a limited string limits the space an attacker has to search to find the p*word :-) <apeiron> ... huh? <apeiron> If there's a large potential domain of characters from which each pword character is selected, how does that limit* the space? <og> apeiron: But if the attacker knows that the p*words _must_ contain at least one character from each set (or a certain number of sets), that limits the space. <apeiron> og: Ahh. <lucca> If you don't require multiple character cles be present, users won't use them. <lucca> one strategy might be Uppercase, Lowercase, Numbers, Other. Pick 3. <lucca> (or 2, if you like) <og> lucca: Sure, but there's a fine line between helping and hurting security there. <heatxsink> if I wanted to get two users on a ldap server to share the same directory on the server how would I do that? <heatxsink> let me clarify, "the server" meaning a server that is authenicated via the LDAP server <Gagatan> heatxsink: you mean, two users sharing the same homedirectory? shall they have the same rights to this directory? what is the intention of such a request? <asyd> HI there <Gagatan> asyd :) <heatxsink> Gagatan: someone wants to share a directory that's part of a website <heatxsink> so it could be their home directory, but most likely some directory down in /var/www/ <heatxsink> i dunno <heatxsink> so I would think their rights would be identical to eachother <Gagatan> well.. make a group, put the users as members of that group, and chgrp the directory <heatxsink> Gagatan: do I need to add a group to the LDAP server? <heatxsink> or just on the box? <heatxsink> Gagatan: is there a website that kinda goes over this? <heatxsink> hehe <Gagatan> heatxsink: you can do either.. depends on what you want, and if the server uses grouplookup with ldap or just local files <heatxsink> Gagatan: may I msg you? <Gagatan> nope <heatxsink> damn <heatxsink> alright so how would I know if it's using grouplookup? <heatxsink> vs. local files <Gagatan> getent group <group that only exist in ldap, not files> <Gagatan> for example.. <Gagatan> nsswitch.conf does the group-stanza use files/compat _and_ ldap for example <Gagatan> I have to get to work now.. bbl* <heatxsink> Gagatan: thansk <heatxsink> Gagatan: thank you <b*-> which way exept log to monitoring slapd_2.2.x? <b-> moin btw :) <guru_> when i add a new entry to the database i get a message that: couldnot parse last line any help <guru_> last line i have given is cn:Manager <guru_> in my file help plz <Gagatan> guru_: pastebin your ldif <guru_> ok <Gagatan> b-: say what? logparsing, live daemon monitoring? what do you want to achieve? <b-> Gagatan i know what backend monitor does not work with 2.2.x <Gagatan> you don't make any sence to me <b-> gg, no, i ask :) <Gagatan> you ask - if back-monitor works with openldap 2.2.x? <b-> i ask: does back-monitor works with openldap 2.2.x? <b-> i know what No.. i ask another way exept logs <b-> another way to monitoring <asyd> any AIX admin here by chance ? <Gagatan> asyd: heh.. I did, long time ago.. forgot all about it ;) <asyd> I just wondering if AIX's iso are freely downloable <Gagatan> asyd: ah.. uhm.. don't know really.. try ibm or some shop selling ibm-stuff <Gagatan> b-: "I know what No" and "i ask another way exept logs" doesn't make any sence to me.. I'm sorry.. <b-> hmm <Gagatan> b-: you could always do a simple ldapsearch to your server to check if its running or not.. or do you want the statistics and stuff? <asyd> have you set correct acl to your backend ? <asyd> +monitor <b-> database monitor <b-> this all settings <b-> in 2.1.x it work fine <b-> i dont thing paranoid <Gagatan> and by searching with base="cn=monitor" and filter "objectcl=" you get nada? <asyd> access to dn.subtree=cn=monitor <asyd> by dn.exact=cn=admin,dc=int-evry,dc=fr write <asyd> by dn.subtree=dc=int-evry,dc=fr read <asyd> by * none <asyd> try that <b*-> asyd ldapsearch -H ldap://mxserv:389 -x -W -b "cn=monitor" -D "cn=admin,o=vlgroup" "objectcl=" total <b*-> ups <b-> sorry <b-> anyway result: 32 No such object <b-> i think i miss read docs :) <b-> thx alot <_ranger_> b-, maybe you need to add some acl on cn=monitor <_ranger_> and, you may want to request operational attribtutes too <b-> _ranger_ i bind by admin with acl by dn.exact=cn=admin,o=vlgroup write <b-> anyway result 0 <b-> if i bind with some attr <_ranger_> well, it works here, only error I managed to get was insufficient access ... <_ranger_> b-, and I've used it since 2.1.x <b-> _ranger_ i confused... can you show me config strings about monitor? without acls <_ranger_> database monitor <_ranger_> access to dn.subtree="cn=monitor" <_ranger_> by dn="cn=root,dc=ranger,dc=dnsalias,dc=com" write <b-> wow! <b-> it work! <b-> _ranger_ , asyd , Gagatan thx! <b**-> i miss quote "" <christi> i'm using openldap-servers-2.2.13-2.i386.rpm on fedora core 3 and i'm getting at start-up the error: Checking configuration files for : /etc/openldap/schema/core.schema: line 29: attribute type "2.5.18.1" is operational ; the core.schema file is from an older project (from 2002-2003 i think) and i guess it worked (with openldap) back than <reiffert> And the problem is? <christi> the openldap server won't start <christi> and i also have the old ldap databases <reiffert> why not use the core.schema that comes with 2.2.13? <asyd> why you don't use schema files which comes from your upstream ? <christi> from what i've heard they modified the schemas in order to fit their needs <christi> also do you think that the new schema would work with the old databases? <reiffert> congrats. <reiffert> christi: in general: no. slapcat the old db, and ldapadd the ldif file is the normal way, one would choose here. fix the errors. <asyd> if the old database refer to a 2.0 database, you may need to run the fix-ldif script, or use schemacheck off (which is a _very_ bad idea) <christi> reiffert: the project is kind of messy; i'm still surprised that they have at least some documentation describing the project <reiffert> christi: you can stay on OL 2.0, can't you? <christi> yes, i guess so <christi> after all my job is to improve the project <christi> and upgrading to a newer openldap would be a good thing <reiffert> have fun. Return to ldap or Go to some related logs: EFnet CGI IRC slackware "heinous omissions" 0002k1cc windowsxp