With the usual apologies.
The 3rd Edition of the International Conference on LDAP (LDAPCon
2011) will be held on October, 10-11, 2011 in Heidelberg, Germany.
A Call For Papers has been raised and the Program Committee asks you
to submit abstracts by July 8th.
The International Conference on LDAP is a technical forum for IT
professionals interested in LDAP and related topics like directory
servers, directory management applications, directory integration,
identity and access management, and meta directories.
It focuses on implementation and integration of LDAP servers and
LDAP-enabled client applications. The event will bring together vendors,
developers, active and prospective LDAP practitioners to share their
experiences about deployment strategies, service operations,
interoperability, discuss LDAP usage in new projects and learn about
upcoming trends and developments.
The 1st LDAPCon was held in September 2007 in Germany, the 2nd
LDAPCon was held in September 2009 in Portland, Oregon, USA
(Some pictures from LDAPCon 2007  and a nice summary of LDAPCon 2009 )
So if you're involved with LDAP in interesting projects and you want to
share your experiences, please check the Call For Papers and submit a
Peter Gietz (CEO)
DAASI International GmbH phone: +49 7071 407109-0
Europaplatz 3 Fax: +49 7071 407109-9
D-72074 Tübingen mail: peter.gietz(a)daasi.de
Germany Web: www.daasi.de
DAASI International GmbH, Tübingen
Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175
Directory Applications for Advanced Security and Information Management
We're having a pretty severe issue of a server/client app that is running out of
xinetd generating nss_ldap errors when the primary LDAP server is down. The thing
is, the user that this application (nagios nrpe) runs as exists in every host's
/etc/passwd (and group) file and NOT in the Directory Server, just for this
reason. I am wondering if this is a pam issue, but I admit I do not know to what
extent that service users consult pam. Here is the error:
Aug 2 12:03:18 host01 xinetd: nss_ldap: failed to bind to LDAP
server ldap://ldap_1.domain/: Can't contact LDAP server
Aug 2 12:03:18 host01 xinetd: nss_ldap: reconnected to LDAP server
Aug 2 12:03:18 host01 nrpe: Error: Could not complete SSL handshake.5
Again /etc/xinetd.d/nrpe is configured to run this client as a user that exists in
local auth, not LDAP. Why would it need to contact the LDAP server at all? We do
not use LDAP for name resolution, that is all done in DNS and /etc/resolv.conf.
We ONLY use it for user authentication.
We used authconfig to set this up on the clients. I am wondering if the PAM stack
in /etc/pam.d/system-auth, which gets modified by authconfig for LDAP has anything
to do with it. The one thing that caught my eye was this:
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
The UID of the daemon user is ABOVE 500. Would changing it to one below 500 fix
Thanks in advance!
We have a setup with multiple masters which are replicating down to 389
Directory Server consumers via 2 hubs, but have a consistency issue.
It appears a few objects were deleted and re-added to the masters but
the object was not deleted from the 389 consumers. We now have 1
object on the masters and 2 objects on the consumers which causes
problems for the mail servers. If we delete the object from the master
we are still left with one object on the slaves. The slaves currently
have a few duplicate objects like this:
dn: cn=mx::10, cn=somedomain.co.uk, ou=dns, o=acmesystems.com
The object showing nsuniqueid is the valid one that exists on the
master. Is there a way to remove the 2nd object from the consumer
I have seen this before on a single consumer so we re-initialised it,
but its a much bigger problem to re-initialise all of the consumers. It
would be ideal if there is a way to manually delete an object direct on
I try to use the autoenrollment proxy with the most recent dogtag.
Unfourtunately it seems that its been a while since somebody touched
that code and the aep does not support the port seperation in the more
recent dogtag versions (since 1.2).
I'd like to update the source, but I could not download it from the
fedora-cvs server as described in
http://directory.fedoraproject.org/wiki/Auto_Enroll_Build (Server not
Where can I download the most recent aep source code ?
We were required to change the hostname of our LDAP server running
389-DS. Since that time the LDAP server runs fine but the admin server
does not authenticate login any longer, meaning i cannot log into the
admin server. What do I need to do to fix the admin server and change
all references from the old host name to the new host name.