openldap-bugs June 2007

openldap-bugs@openldap.org

35 participants
170 discussions

Re: (ITS#5028) incomplete slapcat docs
by h.b.furuseth＠usit.uio.no 26 Jun '07

26 Jun '07

hyc(a)symas.com writes: > steve(a)stevenwills.com wrote: >> The slapcat man page says in the Limitations section: >> >> In general, your slapd(8) should not be running (at least, not in >> read-write mode) when you do this to ensure consistency of the database. >> (...) > Given that back-ldbm has been deleted for 2.4, I guess we can just > delete this sentence. It could produce garbage data with back-ldif, and with some foreign database module. I think it should say it's safe with bdb (and null). Could copy it to the slapd-bdb(5) too. (I don't suggest to make slapcat(8) refer the user to that, since there is only one example anyway.) -- Regards, Hallvard

1 0

Re: (ITS#5029) refint schema unavailable
by hyc＠symas.com 25 Jun '07

25 Jun '07

dirk.a.schaefer(a)bluewin.ch wrote: > Full_Name: Dirk Alexander Scheafer > Version: openldap-2.3.35-r1 > OS: gentoo 2007.0 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (213.3.4.29) > > > i have all my openldap configuration within it's internal cn=config db, > slapd.conf has been removed. i use several overlays where refint is one of them. > after slapd has started, the refint specific attributes and objectclass are not > available, not visible within the schema. > > by this, the refint overlay is not usable for my installation but there is no > error shown anywhere, regardless at which debug/log level the server is beeing > executed. This is a known limitation in 2.3, fixed in 2.4. In fact this condition is logged both to stderr and to syslog: config_build_entry: "olcDatabase={1}bdb" WARNING: No dynamic config support for overlay refint. config_build_entry: "olcOverlay={0}refint" config_build_entry: "olcDatabase={2}monitor" This ITS will be closed. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

feature --enable-ppolicy
by Philippe Radix 25 Jun '07

25 Jun '07

hello I try to test the new feature the new version openldap (openldap-2.3.36) cd /alcatel/PR/ tar xvzf openldap-2.3.36.tgz cd /alcatel/PR/openldap-2.3.36 ./configure --prefix=/opt/ldap/OpenLDAP --with-cyrus-sasl --with-tls --enable-backends --enable-overlays make depend make make install i create slapd.cond --------------- vi slapd.conf include /opt/ldap/OpenLDAP/etc/openldap/schema/core.schema include /opt/ldap/OpenLDAP/etc/openldap/schema/ppolicy.schema include /opt/ldap/OpenLDAP/etc/openldap/schema/cosine.schema include /opt/ldap/OpenLDAP/etc/openldap/schema/inetorgperson.schema overlay ppolicy ppolicy_default "cn=StandardPolicy,ou=Policies,dc=alcatel,dc=com" ppolicy_use_lockout pidfile /alcatel/openldapTest/slapd.pid argsfile /alcatel/openldapTest/slapd.args database bdb suffix "dc=alcatel,dc=com" rootdn "cn=Admin,dc=alcatel,dc=com" directory /alcatel/openldapTest/data by self write by anonymous auth by * none access to * by self write by anonymous auth by * read i create defaultpolicy ------------------ dn: ou=Policies,dc=alcatel,dc=com objectClass: top objectClass: organizationalUnit ou: Policies structuralObjectClass: organizationalUnit dn: cn=StandardPolicy,ou=Policies,dc=alcatel,dc=com objectClass: top objectClass: device objectClass: pwdPolicy cn: StandardPolicy pwdAttribute: userPassword pwdLockoutDuration: 120 pwdInHistory: 5 pwdCheckQuality: 2 pwdExpireWarning: 86400 pwdMaxAge: 864000 pwdMinLength: 5 pwdGraceAuthNLimit: 5 pwdAllowUserChange: TRUE pwdMustChange: FALSE pwdMaxFailure: 3 pwdFailureCountInterval: 120 pwdSafeModify: FALSE structuralObjectClass: device i create user ------------ dn:cn=prtest,dc=alcatel,dc=com sn: prtest userpassword: prtest objectClass: person pwdPolicySubentry: cn=StandardPolicy cn: prtest i thinl all are ok for the policies features but and i run server ldap -------------- and i want to change password with a bad policy password ldappasswd -h 192.200.244.87 -p 389 -x -D cn=prtest,dc=alcatel,dc=com -w prtest -s titi -e ppolicy i have Result: Success (0) as answer i dont arive to see the policyies error with client ldap could you help me regards -- ************************************************************ Philippe Radix Alcatel CIT (philippe.radix(a)alcatel-lucent.fr) Tel.: (33) 01 3077 2829

2 1

Re: (ITS#5028) incomplete slapcat docs
by hyc＠symas.com 25 Jun '07

25 Jun '07

steve(a)stevenwills.com wrote: > Full_Name: Steve Wills > Version: 2.3.19 > OS: Fedora > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (65.15.231.202) > > > The slapcat man page says in the Limitations section: > > In general, your slapd(8) should not be running (at least, not in > read-write mode) when you do this to ensure consistency of the database. > > However, I've been told several times that this only applies to ldbm and not > bdb. Not sure about other types, but it would be good to clarify this section. > Given that back-ldbm has been deleted for 2.4, I guess we can just delete this sentence. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#5029) refint schema unavailable
by dirk.a.schaefer＠bluewin.ch 25 Jun '07

25 Jun '07

Full_Name: Dirk Alexander Scheafer Version: openldap-2.3.35-r1 OS: gentoo 2007.0 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (213.3.4.29) i have all my openldap configuration within it's internal cn=config db, slapd.conf has been removed. i use several overlays where refint is one of them. after slapd has started, the refint specific attributes and objectclass are not available, not visible within the schema. by this, the refint overlay is not usable for my installation but there is no error shown anywhere, regardless at which debug/log level the server is beeing executed. greez d. a. schaefer

1 0

(ITS#5028) incomplete slapcat docs
by steve＠stevenwills.com 25 Jun '07

25 Jun '07

Full_Name: Steve Wills Version: 2.3.19 OS: Fedora URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (65.15.231.202) The slapcat man page says in the Limitations section: In general, your slapd(8) should not be running (at least, not in read-write mode) when you do this to ensure consistency of the database. However, I've been told several times that this only applies to ldbm and not bdb. Not sure about other types, but it would be good to clarify this section.

1 0

(ITS#5027) loglevel if none specified
by steve＠stevenwills.com 25 Jun '07

25 Jun '07

Full_Name: Steve Wills Version: 2.3.19 OS: Fedora URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (65.15.231.202) The slapd.conf man page says that if no log level is specified, no logging is done: In fact, if no loglevel (or a 0 level) is defined, no logging occurs, so at least the none level is required to have high priority messages logged. However, in my experience, with this configuration in my syslog: local4.* /var/log/ldap.log a great deal of logging is done. This seems inconsistent. Either the docs or the code are incorrect. Which is right?

1 0

Re: (ITS#4839) syncrepl-related tests fail randomly
by luca＠OpenLDAP.org 25 Jun '07

25 Jun '07

hyc(a)symas.com wrote: > h.b.furuseth(a)usit.uio.no wrote: > >> ando(a)sys-net.it writes: >> >>> I'm seeing occasional failures of syncrepl-related tests in HEAD. In >>> case of test043, results differend once, but after repeating the test >>> everything went smoth. >>> >> Six HEAD/test043-delta-syncrepl failures in a row. Producer and >> consumer databases differ. RedHat Linux, i686. Logs etc from testrun: >> ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-070621.tgz >> >> > Strange, I saw some failures last week but with current HEAD it just works. > Nevermind. I just checked out a fresh copy from CVS and it works just fine. Maybe something fancy with some modifications I was testing. I'll have to check.

1 0

RE: (ITS#5026) LDAP Search very slow > 2mins
by quanah＠zimbra.com 22 Jun '07

22 Jun '07

--On Friday, June 22, 2007 6:55 AM +0000 andy.yip(a)newworldtel.com wrote: > Dear sir, > > We found the ldap search is slow running. Please advise how to fine tune > the database. I am not sure adding cache size or perform db_recover will > solve the problem (a) This is not the place to discuss how to tune openldap (b) You have not indicated a valid OpenLDAP version, and in fact, give the impression that you are using Sun DS not OpenLDAP. That means *we* cannot help you. (c) If you *are* using OpenLDAP, go use openldap-software(a)openldap.org to ask your questions, as you were already told to do. Supply a *valid* OpenLDAP version. Further emails to this ITS will be ignored. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: (ITS#4839) syncrepl-related tests fail randomly
by luca＠OpenLDAP.org 22 Jun '07

22 Jun '07

hyc(a)symas.com wrote: > h.b.furuseth(a)usit.uio.no wrote: > >> ando(a)sys-net.it writes: >> >>> I'm seeing occasional failures of syncrepl-related tests in HEAD. In >>> case of test043, results differend once, but after repeating the test >>> everything went smoth. >>> >> Six HEAD/test043-delta-syncrepl failures in a row. Producer and >> consumer databases differ. RedHat Linux, i686. Logs etc from testrun: >> ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-070621.tgz >> >> > Strange, I saw some failures last week but with current HEAD it just works. > > I just uploaded my test files ftp://ftp.openldap.org/incoming/Luca_Scamoni-070622.tgz The difference here is also in the modifyTimestamp and modifiersName...

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs June 2007