Re: (ITS#5028) incomplete slapcat docs
by h.b.furuseth@usit.uio.no
hyc(a)symas.com writes:
> steve(a)stevenwills.com wrote:
>> The slapcat man page says in the Limitations section:
>>
>> In general, your slapd(8) should not be running (at least, not in
>> read-write mode) when you do this to ensure consistency of the database.
>> (...)
> Given that back-ldbm has been deleted for 2.4, I guess we can just
> delete this sentence.
It could produce garbage data with back-ldif, and with some foreign
database module. I think it should say it's safe with bdb (and null).
Could copy it to the slapd-bdb(5) too. (I don't suggest to make
slapcat(8) refer the user to that, since there is only one example
anyway.)
--
Regards,
Hallvard
15 years, 11 months
Re: (ITS#5029) refint schema unavailable
by hyc@symas.com
dirk.a.schaefer(a)bluewin.ch wrote:
> Full_Name: Dirk Alexander Scheafer
> Version: openldap-2.3.35-r1
> OS: gentoo 2007.0
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (213.3.4.29)
>
>
> i have all my openldap configuration within it's internal cn=config db,
> slapd.conf has been removed. i use several overlays where refint is one of them.
> after slapd has started, the refint specific attributes and objectclass are not
> available, not visible within the schema.
>
> by this, the refint overlay is not usable for my installation but there is no
> error shown anywhere, regardless at which debug/log level the server is beeing
> executed.
This is a known limitation in 2.3, fixed in 2.4. In fact this condition is
logged both to stderr and to syslog:
config_build_entry: "olcDatabase={1}bdb"
WARNING: No dynamic config support for overlay refint.
config_build_entry: "olcOverlay={0}refint"
config_build_entry: "olcDatabase={2}monitor"
This ITS will be closed.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
15 years, 11 months
feature --enable-ppolicy
by Philippe Radix
hello
I try to test the new feature the new version openldap (openldap-2.3.36)
cd /alcatel/PR/
tar xvzf openldap-2.3.36.tgz
cd /alcatel/PR/openldap-2.3.36
./configure --prefix=/opt/ldap/OpenLDAP --with-cyrus-sasl --with-tls
--enable-backends --enable-overlays
make depend
make
make install
i create slapd.cond
---------------
vi slapd.conf
include /opt/ldap/OpenLDAP/etc/openldap/schema/core.schema
include /opt/ldap/OpenLDAP/etc/openldap/schema/ppolicy.schema
include /opt/ldap/OpenLDAP/etc/openldap/schema/cosine.schema
include /opt/ldap/OpenLDAP/etc/openldap/schema/inetorgperson.schema
overlay ppolicy
ppolicy_default "cn=StandardPolicy,ou=Policies,dc=alcatel,dc=com"
ppolicy_use_lockout
pidfile /alcatel/openldapTest/slapd.pid
argsfile /alcatel/openldapTest/slapd.args
database bdb
suffix "dc=alcatel,dc=com"
rootdn "cn=Admin,dc=alcatel,dc=com"
directory /alcatel/openldapTest/data
by self write
by anonymous auth
by * none
access to *
by self write
by anonymous auth
by * read
i create defaultpolicy
------------------
dn: ou=Policies,dc=alcatel,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Policies
structuralObjectClass: organizationalUnit
dn: cn=StandardPolicy,ou=Policies,dc=alcatel,dc=com
objectClass: top
objectClass: device
objectClass: pwdPolicy
cn: StandardPolicy
pwdAttribute: userPassword
pwdLockoutDuration: 120
pwdInHistory: 5
pwdCheckQuality: 2
pwdExpireWarning: 86400
pwdMaxAge: 864000
pwdMinLength: 5
pwdGraceAuthNLimit: 5
pwdAllowUserChange: TRUE
pwdMustChange: FALSE
pwdMaxFailure: 3
pwdFailureCountInterval: 120
pwdSafeModify: FALSE
structuralObjectClass: device
i create user
------------
dn:cn=prtest,dc=alcatel,dc=com
sn: prtest
userpassword: prtest
objectClass: person
pwdPolicySubentry: cn=StandardPolicy
cn: prtest
i thinl all are ok for the policies features
but
and i run server ldap
--------------
and i want to change password with a bad policy password
ldappasswd -h 192.200.244.87 -p 389 -x -D cn=prtest,dc=alcatel,dc=com
-w prtest -s titi -e ppolicy
i have Result: Success (0) as answer
i dont arive to see the policyies error with client ldap
could you help me
regards
--
************************************************************
Philippe Radix Alcatel CIT (philippe.radix(a)alcatel-lucent.fr)
Tel.: (33) 01 3077 2829
15 years, 11 months
Re: (ITS#5028) incomplete slapcat docs
by hyc@symas.com
steve(a)stevenwills.com wrote:
> Full_Name: Steve Wills
> Version: 2.3.19
> OS: Fedora
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (65.15.231.202)
>
>
> The slapcat man page says in the Limitations section:
>
> In general, your slapd(8) should not be running (at least, not in
> read-write mode) when you do this to ensure consistency of the database.
>
> However, I've been told several times that this only applies to ldbm and not
> bdb. Not sure about other types, but it would be good to clarify this section.
>
Given that back-ldbm has been deleted for 2.4, I guess we can just delete this
sentence.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
15 years, 11 months
(ITS#5029) refint schema unavailable
by dirk.a.schaefer@bluewin.ch
Full_Name: Dirk Alexander Scheafer
Version: openldap-2.3.35-r1
OS: gentoo 2007.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (213.3.4.29)
i have all my openldap configuration within it's internal cn=config db,
slapd.conf has been removed. i use several overlays where refint is one of them.
after slapd has started, the refint specific attributes and objectclass are not
available, not visible within the schema.
by this, the refint overlay is not usable for my installation but there is no
error shown anywhere, regardless at which debug/log level the server is beeing
executed.
greez
d. a. schaefer
15 years, 11 months
(ITS#5028) incomplete slapcat docs
by steve@stevenwills.com
Full_Name: Steve Wills
Version: 2.3.19
OS: Fedora
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (65.15.231.202)
The slapcat man page says in the Limitations section:
In general, your slapd(8) should not be running (at least, not in
read-write mode) when you do this to ensure consistency of the database.
However, I've been told several times that this only applies to ldbm and not
bdb. Not sure about other types, but it would be good to clarify this section.
15 years, 11 months
(ITS#5027) loglevel if none specified
by steve@stevenwills.com
Full_Name: Steve Wills
Version: 2.3.19
OS: Fedora
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (65.15.231.202)
The slapd.conf man page says that if no log level is specified, no logging is
done:
In fact, if no loglevel (or a 0 level) is defined, no logging occurs,
so at least the none level is required to have high priority messages
logged.
However, in my experience, with this configuration in my syslog:
local4.* /var/log/ldap.log
a great deal of logging is done. This seems inconsistent. Either the docs or the
code are incorrect. Which is right?
15 years, 11 months
Re: (ITS#4839) syncrepl-related tests fail randomly
by luca@OpenLDAP.org
hyc(a)symas.com wrote:
> h.b.furuseth(a)usit.uio.no wrote:
>
>> ando(a)sys-net.it writes:
>>
>>> I'm seeing occasional failures of syncrepl-related tests in HEAD. In
>>> case of test043, results differend once, but after repeating the test
>>> everything went smoth.
>>>
>> Six HEAD/test043-delta-syncrepl failures in a row. Producer and
>> consumer databases differ. RedHat Linux, i686. Logs etc from testrun:
>> ftp://ftp.openldap.org/incoming/Hallvard-Furuseth-070621.tgz
>>
>>
> Strange, I saw some failures last week but with current HEAD it just works.
>
Nevermind. I just checked out a fresh copy from CVS and it works just
fine. Maybe something fancy with some modifications I was testing. I'll
have to check.
15 years, 11 months
RE: (ITS#5026) LDAP Search very slow > 2mins
by quanah@zimbra.com
--On Friday, June 22, 2007 6:55 AM +0000 andy.yip(a)newworldtel.com wrote:
> Dear sir,
>
> We found the ldap search is slow running. Please advise how to fine tune
> the database. I am not sure adding cache size or perform db_recover will
> solve the problem
(a) This is not the place to discuss how to tune openldap
(b) You have not indicated a valid OpenLDAP version, and in fact, give the
impression that you are using Sun DS not OpenLDAP. That means *we* cannot
help you.
(c) If you *are* using OpenLDAP, go use openldap-software(a)openldap.org to
ask your questions, as you were already told to do. Supply a *valid*
OpenLDAP version. Further emails to this ITS will be ignored.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
15 years, 11 months