--bcaec520e733d305e204a4aefc06 Content-Type: text/plain; charset=ISO-8859-1
Do you think this could be related to: http://www.openldap.org/its/index.cgi?findid=6864
I've been having similar issues with MemberOf and Accesslog overlays used together.
In your fix, is the memberof overlay enabled on your consumer nodes?
-Yuri
On Wed, Jun 1, 2011 at 1:00 PM, subbarao@computer.org wrote:
This is a multi-part message in MIME format. --------------050703040907090602090901 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit
I figured I would share a workaround that I'm currently using for this issue which may be of help to others. I've disabled the memberOf overlay in slapd, and use an external script to populate memberOf on the master server, which then replicates to the consumer servers. I currently run this every 5 minutes from cron as follows:
memberof.pl --ldap
Regards,
-Kartik--------------050703040907090602090901 Content-Type: application/x-perl; name="memberof.pl" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="memberof.pl"
#! /usr/bin/perl
# Implements memberOf reverse mapping attributes -- workaround for when # memberOf overlay isn't available
use Net::LDAP; use Net::LDAP::LDIF; use Authen::SASL; use Fcntl qw(LOCK_EX LOCK_NB); use Getopt::Long;
use strict;
my $basedn = "dc=example,dc=com";
my @attrs = qw(member manager); # Note -- this filter properly excludes dynamic groupOfURLs groups my $attrfilter = '(|' . join("", map { "($_=*)" } @attrs) . ')'; my %revattrs = (member => 'memberOf', manager => 'directReports'); my %fwattrs = reverse %revattrs; my $revattrfilter = '(|' . join("", map { "($_=*)" } values %revattrs) . ')'; my (%entries, %reventries);
# Prevent multiple instances from running at the same time open(LOCKFH, $0); flock(LOCKFH, LOCK_EX|LOCK_NB) or exit 1;
my ($generate_ldif, $update_ldap); GetOptions('ldif' => $generate_ldif, 'ldap' => $update_ldap);
my $ldifout = Net::LDAP::LDIF->new('-', 'w'); $ldifout->{change} = 1; my $ldap = Net::LDAP->new('ldapi://') or die "ldapi: $@\n"; my $sasl = Authen::SASL->new(mechanism => 'EXTERNAL'); my $sasl_client = $sasl->client_new('ldap', 'localhost'); $ldap->bind(undef, sasl => $sasl_client);
# Build %entries and %reventries maps my $mesg = $ldap->search(base => $basedn, filter => $attrfilter, attrs => @attrs); $mesg->code && die($mesg->error . "\n"); foreach my $entry ($mesg->all_entries) {$entries{lc $entry->dn} = $entry }
$mesg = $ldap->search(base => $basedn, filter => $revattrfilter, attrs => [values %revattrs]); $mesg->code && die($mesg->error . "\n"); foreach my $entry ($mesg->all_entries) { $reventries{lc $entry->dn} = $entry }
# Go through and generate updates for the reverse mapping attributes my ($dn, $entry); while (($dn, $entry) = each %entries) { foreach my $attr (@attrs) { my $revattr = $revattrs{$attr}; foreach my $val ($entry->get_value($attr)) { $val = lc $val; if (!$reventries{$val}) { $reventries{$val} = Net::LDAP::Entry->new; $reventries{$val}->dn($val); $reventries{$val}->changetype('modify'); } $reventries{$val}->add($revattr => $entry->dn) unless grep({ lc $_ eq $dn }
$reventries{$val}->get_value($revattr)); } } } while (($dn, $entry) = each %reventries) { foreach my $revattr (values %revattrs) { foreach my $val ($entry->get_value($revattr)) { $val = lc $val; $reventries{$dn}->delete($revattr => $val) if !exists($entries{$val}) || !grep({ lc $_ eq $dn }
$entries{$val}->get_value($fwattrs{$revattr}));
} } if ($entry->changes) { $ldifout->write_entry($entry) if $generate_ldif; if ($update_ldap) { my $modmesg = $entry->update($ldap); $modmesg->code && die("LDAP: " .$modmesg->error ."\n"); } } }
--------------050703040907090602090901--
--bcaec520e733d305e204a4aefc06 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Do you think this could be related to: <a href=3D"http://www.openldap.org/i= ts/index.cgi?findid=3D6864">http://www.openldap.org/its/index.cgi?findid=3D= 6864</a>=A0 <br><br>I've been having similar issues with MemberOf and A= ccesslog overlays used together.<br> <br><br>In your fix, is the memberof overlay enabled on your consumer nodes= ?<br><br>-Yuri<br><br><div class=3D"gmail_quote">On Wed, Jun 1, 2011 at 1:0= 0 PM, <span dir=3D"ltr"><<a href=3D"mailto:subbarao@computer.org">subba= rao@computer.org</a>></span> wrote:<br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex;">This is a multi-part message in MIME format= .<br> --------------050703040907090602090901<br> Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed<br> Content-Transfer-Encoding: 7bit<br> <br> I figured I would share a workaround that I'm currently using for this<= br> issue which may be of help to others. I've disabled the memberOf overla= y<br> in slapd, and use an external script to populate memberOf on the master<br> server, which then replicates to the consumer servers. I currently run<br> this every 5 minutes from cron as follows:<br> <br> <a href=3D"http://memberof.pl" target=3D"_blank">memberof.pl</a> --ldap<br> <br> Regards,<br> <br> =A0 =A0 =A0 =A0-Kartik<br> <br> --------------050703040907090602090901<br> Content-Type: application/x-perl;<br> =A0name=3D"<a href=3D"http://memberof.pl" target=3D"_blank">memberof.p= l</a>"<br> Content-Transfer-Encoding: 7bit<br> Content-Disposition: attachment;<br> =A0filename=3D"<a href=3D"http://memberof.pl" target=3D"_blank">member= of.pl</a>"<br> <br> #! /usr/bin/perl<br> <br> # Implements memberOf reverse mapping attributes -- workaround for when<br> # memberOf overlay isn't available<br> <br> use Net::LDAP;<br> use Net::LDAP::LDIF;<br> use Authen::SASL;<br> use Fcntl qw(LOCK_EX LOCK_NB);<br> use Getopt::Long;<br> <br> use strict;<br> <br> my $basedn =3D "dc=3Dexample,dc=3Dcom";<br> <br> my @attrs =3D qw(member manager);<br> # Note -- this filter properly excludes dynamic groupOfURLs groups<br> my $attrfilter =3D '(|' . join("", map { "($_=3D*)&q= uot; } @attrs) . ')';<br> my %revattrs =3D (member =3D> 'memberOf', manager =3D> 'd= irectReports');<br> my %fwattrs =3D reverse %revattrs;<br> my $revattrfilter =3D '(|' . join("", map { "($_=3D*= )" } values %revattrs) . ')';<br> my (%entries, %reventries);<br> <br> # Prevent multiple instances from running at the same time<br> open(LOCKFH, $0); flock(LOCKFH, LOCK_EX|LOCK_NB) or exit 1;<br> <br> my ($generate_ldif, $update_ldap);<br> GetOptions('ldif' =3D> $generate_ldif, 'ldap' =3D> = $update_ldap);<br> <br> my $ldifout =3D Net::LDAP::LDIF->new('-', 'w');<br> $ldifout->{change} =3D 1;<br> my $ldap =3D Net::LDAP->new('ldapi://') or die "ldapi: $@\n= ";<br> my $sasl =3D Authen::SASL->new(mechanism =3D> 'EXTERNAL');<br=
my $sasl_client =3D $sasl->client_new('ldap', 'localhost'= ;);<br> $ldap->bind(undef, sasl =3D> $sasl_client);<br> <br> # Build %entries and %reventries maps<br> my $mesg =3D $ldap->search(base =3D> $basedn,<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 filter =3D> $attrfilter,<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 attrs =3D> @attrs);<br> $mesg->code && die($mesg->error . "\n");<br> foreach my $entry ($mesg->all_entries) {$entries{lc $entry->dn} =3D $= entry }<br> <br> $mesg =3D $ldap->search(base =3D> $basedn,<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 filter =3D> $revattrfilter,<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 attrs =3D> [values %revattrs]);<br> $mesg->code && die($mesg->error . "\n");<br> foreach my $entry ($mesg->all_entries) { $reventries{lc $entry->dn} = =3D $entry }<br> <br> # Go through and generate updates for the reverse mapping attributes<br> my ($dn, $entry);<br> while (($dn, $entry) =3D each %entries) {<br> =A0 =A0 =A0 =A0foreach my $attr (@attrs) {<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0my $revattr =3D $revattrs{$attr};<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0foreach my $val ($entry->get_value($attr= )) {<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$val =3D lc $val;<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if (!$reventries{$val}) {<b= r> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries= {$val} =3D Net::LDAP::Entry->new;<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries= {$val}->dn($val);<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries= {$val}->changetype('modify');<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries{$val}->add($= revattr =3D> $entry->dn)<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0unless grep= ({ lc $_ eq $dn }<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries{$val}->get_value($rev= attr));<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}<br> =A0 =A0 =A0 =A0}<br> }<br> while (($dn, $entry) =3D each %reventries) {<br> =A0 =A0 =A0 =A0foreach my $revattr (values %revattrs) {<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0foreach my $val ($entry->get_value($reva= ttr)) {<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$val =3D lc $val;<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries{$dn}->delete= ($revattr =3D> $val)<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if !exists(= $entries{$val})<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0|| !grep({ = lc $_ eq $dn }<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 $entries{$val}->get_value($fwattrs{$revattr}));<= br> <br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}<br> =A0 =A0 =A0 =A0}<br> =A0 =A0 =A0 =A0if ($entry->changes) {<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$ldifout->write_entry($entry) if $genera= te_ldif;<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if ($update_ldap) {<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0my $modmesg =3D $entry->= update($ldap);<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$modmesg->code &&= ; die("LDAP: " .$modmesg->error . =A0"\n");<br> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}<br> =A0 =A0 =A0 =A0}<br> }<br> <br> --------------050703040907090602090901--<br> <br> <br> </blockquote></div><br>
--bcaec520e733d305e204a4aefc06--