[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error 18: Solaris 10 Native LDAP-Client

To: Ralf Haferkamp <rhafer@suse.de>
Subject: Re: Error 18: Solaris 10 Native LDAP-Client
From: Benjamin Griese <der.darude@gmail.com>
Date: Tue, 2 Nov 2010 16:57:38 +0100
Cc: James Bagley Jr <james.bagley@state.or.us>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=FCBNXPIqXXhfM6Ft29jaNL4vJesVc4LkfQSALi/tro0=; b=pbcBbDT0QJvAjfTSBIlM4bvNIy1v+PvSR4vug9n/qM7bTXJXRgyyQkVUjQTIy3nDuV i+K8Qe44K4bUr2bnRFeGKXL6fxOxYzAmqHKUO85bLYsLIQovPryMg9pNAqPtqKZ5/4zj fl9Pve5+S8E4ddqEiF4tbMYSjo6+Y0A5pzxHY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=jXYGzN4U0TMPecSjbbu8EGRhmRssqAZFJaG056d/15WlXXWKTSt1h8g+h6wfGDrdBU ayVVU1TjijTskaxEM+ka5Gt6y7BSMFzASrHECWphjwonAVcTAOI1mp0lIJKOYhbnKQPb 6NKVyXul1D3d00uoSWnlZ2ct5Z0fbpdxZw60U=
In-reply-to: <201011021605.55496.rhafer@suse.de>
References: <AANLkTimi9T4e_NG1xsti2g2RGDjr_T3yRkd3Z-4cGZtw@mail.gmail.com> <C8EEEAD8.2801%james.bagley@das.state.or.us> <AANLkTikh=Vgqm8dDdeO7g6PbbiTsYr1L=vC=R7oabTSy@mail.gmail.com> <201011021605.55496.rhafer@suse.de>

Hello Ralf,

nice to know that someone from Novell is reading here, too.

Currently I have opened up a Service Request regarding this topic at
Novells Suport Center and pointed that out as a Feature Request but
also as problem I and other people have and are lookinf for a
workaround.

Too bad I am really low experienced in building complex ACLs to filter
stuff like this, maybe someone else is able to help us (James and me)
to workaround that problem.

I'll give it a shot and let you know if it's working or not. :)

Bye, Benjamin.

On Tue, Nov 2, 2010 at 16:05, Ralf Haferkamp <rhafer@suse.de> wrote:
> Am Donnerstag 28 Oktober 2010, 19:57:17 schrieb Benjamin Griese:
>> Hello James,
>>
>> thanks for replying giving us your opinion.
>> Sometimes I thought I was the only person who has the problem you're
>> talking of. I am in the same dilemma as you are, using SLES11 /w SP1
>> and have a not working solaris nativ ldap client oder downgrading to
>> SLES1 /wo SP1 but using a rather outdated version of OpenLDAP 2.4.12
>> but seems to work with the solaris ldap client and your outlook 2003
>> client.
>>
>> The problem is, Novell won't release any package changes in endless
>> time, probably für SP2 at earliest point in time. To get/keep it
>> working you have to stay on the older version and I have to downgrade.
>> This is a quite annoying state of a problem we have here.
> FYI, we (Novell) are currently working on releasing an update to fix this
> problem. I can't tell you when it will get released, yet. But it will for
> sure be before SLES11 SP2.
>
> Until then a possible workaround could be to use some clever ACL to
> filter the OIDs of VLV and Server Side Sort from the supportedControl
> Attribute of the rootDSE.
>
>> I'll point out the problem to my boss, maybe there is something I can
>> do about it, but for my own laziness, I don't want to regurlarly check
>> for/download/recompile the OpenLDAP package in the lifetime of the
>> server to fix some particular security issues.
>>
>> So what are we going to do in the meantime? At my site, everything
>> except listing of user/groups is working on the client side, not that
>> big of an issue, but thats also true for dynamic lists that I wanted
>> to use and thats a big issue. :/
>>
>> How is your state and how big is the problem?
>>
>> Bye, Benjamin.
>>
>> PS: Dieter, I tried to get the list of supported controls from the
>> server via the solaris client, but had not luck.
>>
> [..]
>
> --
> Ralf
>
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
>



-- 
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra

Follow-Ups:
- Re: Error 18: Solaris 10 Native LDAP-Client
  - From: Ralf Haferkamp <rhafer@suse.de>

References:
- Re: Error 18: Solaris 10 Native LDAP-Client
  - From: Ralf Haferkamp <rhafer@suse.de>

Prev by Date: Re: syncrepl proxy problem - consumer gets cleared
Next by Date: Re: syncrepl proxy problem - consumer gets cleared
Index(es):
- Chronological
- Thread