performance loss on real time linux
by Dieter Kluenter
Hi,
I am at an early stage of deploying OpenLDAP running on Monstavista
Carrier Grade linux, with Linux-2.6 kernel but modified scheduler.
http://www.mvista.com
For this I compiled and installed OpenLDAP-2.3.27 on my TP T43
notebook and on a x86 Carrier Grade hardware, I'm not sure about the
processor manufacturer and type of this hardware.
On both machines identical DB_CONFIG files, slapd.conf and data have
been set up. I created only 10,000 entries as this would the expected
average database size be.
A ldapsearch on localhost with SuSE-9.3 Linux, after some warming
up the results were levelling at
real 0m0.010s
user 0m0.002s
sys 0m0.003s
with Montavista
real 0m0.827s
user 0m0.014s
sys 0m0.015s
Due to a real time scheduler I was expecting the results to be vice
versa.
Can a RT scheduler or other modifications to the operating system have
a negative influence on performance of OpenLDAP?
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
N 53°37'10.08"
E 10°08'02.82"
GPG Key ID:8EF7B6C6
16 years, 10 months
Problems with openldap 2.1.30 and 2.2.13
by Leandro
I have servers with openldap 2.1.30 working very well.
It was compiled on Slackware 9.1 / 10.0 (kernel 2.4.22 / kernel 2.4.26) with:
./configure --disable-bdb --enable-ldbm --enable-crypt
Now, I want to compile the same version (2.1.30) and use it on RHEL4 ES x86_64
It compiles ok with same "./configure" parameters. Then, I do: make depend, make, make test, make install, and everything es ok.
I copy slapd.conf and ldap.conf, and schemas. Then, I copy the base "openldap-data" from original server (with tar.gz)
I change necesary informacion in slapd.conf and ldap.conf (IP)
The service slapd starts ok, I can connect the service, but I can´t read any information from the DB.
Files and Directory permissions are ok.
The error: dn2entry_r: no entry for valid id
What is the problem ?
If I use openldap 2.2.13-x86_64 RPM which comes with this distribution, the same slapd.conf and schemas,
then I have "duplicated attributes" when I try to start the service ?!?!
I hope you can help me.
Thanks in advance.
Leandro (Argentina)
16 years, 10 months
ldap db base dn change
by Bryan Irvine
Our company was recently broken apart and certain segments were sold.
Now I have to go through pull out all the parts that aren't staying
with my particular organization (happens to be the one where the LDAP
DB stays).
The problem is that my base dn, is based on the old company that is going away.
Is there a way I can make a new base dn, and then on the designated
day, just switch to the new base?
In my ldap.conf it seems like I can only specify 1 base.
--Bryan
16 years, 10 months
Extending schema files and OIDs in schema files.
by shilpa muramkar
I need to create few object classes and attribute types ..hence i created a
schema file of my own with all the entries...i have used the experimental
OIDs specified in openLDAP.org in my schema file which is
openLDAP experimental *1.3.6.1.4.1.4203.666*
Experimental attribute types *1.3.6.1.4.1.4203.666.1*
Experimental objectclasses *1.3.6.1.4.1.4203.666.3*
Experimental syntax *1.3.6.1.4.1.4203.666.2*
.......sample schema file is as below.........
attributetype( 1.3.6.1.4.1.4203.666.1.58
NAME 'ssarole'
DESC 'This attribute defines the role'
SYNTAX 1.3.6.1.4.1.4203.666.2.8
MULTI-VALUE )
attributetype( 1.3.6.1.4.1.4203.666.1.59
NAME 'ssaugtype'
DESC 'This is Usergroup Type'
SYNTAX 1.3.6.1.4.1.4203.666.2.8
SINGLE-VALUE )
attributetype( 1.3.6.1.4.1.4203.666.1.60
NAME 'approverlimit'
DESC 'Limit of the approver'
SYNTAX 1.3.6.1.4.1.4203.666.2.9
SINGLE-VALUE )
...........
..............
objectclass( 1.3.6.1.4.1.4203.666.3.19
NAME 'ssauser'
DESC 'SSA User'
SUP ssabase STRUCTURAL
MAY( telephonenumber $ title $ mobile $ displayname $
facsimiletelephonenumber $ preferredlanguage $ postaladdress $ c ) )
objectclass( 1.3.6.1.4.1.4203.666.3.20
NAME 'supplier'
DESC 'SSA Supplier'
SUP ssauser STRUCTURAL
MUST businesspartnerid )
objectclass( 1.3.6.1.4.1.4203.666.3.21
NAME 'customer'
DESC 'SSA Customer'
SUP ssauser STRUCTURAL
MUST businesspartnerid )
objectclass( 1.3.6.1.4.1.4203.666.3.22
NAME 'ssaroleobj'
DESC 'SSA Role'
SUP top STRUCTURAL
MUST cn
MAY description )
...................
................
and then i have included my schema file into the slapd.conf.....
now i have tried to add my ldif file (using ldapmodify) ....which looks like
below(theres just one entry at present)..............
dn: uid=admin,ou=ssausers,dc=ssainternal,dc=net
changetype: add
objectClass: top
objectClass: ssauser
objectClass: ssantuser
objectclass: ssabase
uid: admin
cn: admin
userpassword: admin
ssarole: administrator
ssarole: superadministrator
sn: admin
preferredlanguage: en_US
ntuserdomainid: ssainternal
.....................
................
but i get an error saying
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
our schema file is actually not being recognized by the server i.e, though i
include it or not in the slapd.conf its making no difference
:(...........and hence the object classes arnt being recognized...........
is it because of the OIDs i have used or is there any *real syntax*
*error*in the schema file............is it ok if i append my schema
details in any
of the openLDAP schema files(core.schema,,,,nis.schema....misc.schema
)???????
kindly let me know as to how to get that ldif entry added .
16 years, 10 months
openldap proxy: schema issue
by jerrrry@voila.fr
Hi everybody,
I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP server.
Unfortunately this (non-OpenLDAP) LDAP directory uses non standard attributes stored in a .ldif file.
i have to use one of this non standard attributes in the slapd.conf file for binddn:
database ldap
uri ldap://192.168.239.210:1389
suffix ou=personnes,o=sg
binddn "sbzoneid=appli_test,ou=exploit,ou=personnes,o=sb"
bindpw secret
maybe i have to convert this file in the openldap .schema format and include it in slapd.conf.
I changed attributeTypes: and objectClasses: in attributeType and objectClasse.
A big issue seems to be that this ldif file doesn't use numericOIDs but string OID like:
attributetype ( sbzoneid-oid NAME 'sbzoneid' SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
or
objectClasses: ( sbapplication-oid NAME 'sbapplication' SUP top STRUCTURAL MAY
( sbappatt $ sbappid $ sbapplogindn $ sbappurl $ sbcustom ) X-ORIGIN 'user
defined' )
so when runing "sladp -d 1" i get the error: OID could not be expanded: "sbzoneid-oid"
or maybe with a more liberal parsing could be helpful ?
Do you have any idea to solve this problem ?
Thank you for your help
Jerrrry
16 years, 10 months
Re: Extending schema files and OIDs in schema files.
by Kurt D. Zeilenga
At 02:32 AM 11/30/2006, shilpa muramkar wrote:
>I need to create few object classes and attribute types ..hence i created a schema file of my own with all the entries...i have used the experimental OIDs specified in openLDAP.org in my schema file which is
Do not hijack OID name space (from the OpenLDAP Project or
anyone else). Use you own OIDs for your own purposes.
Kurt
16 years, 10 months
Re: Reg openLDAP config
by Dieter Kluenter
"shilpa muramkar" <ratnashilpa(a)gmail.com> writes:
> Hi:
>
> We have a business case, wherein we need to add User Defined ObjectClasses
> and Attributes to OpenLDAP programmatically/dynamically using Java.
>
> We have an application which was written in Java uses Netscape LDAP SDK (V3
> Supported) to add ObjectClasses and Attributes to Sun One Directory
> Server. Now we need to extend our application to support OpenLDAP.
>
> Our assumption was, Since Netscape LDAP SDK supports V3 Protocol the
> application should seamlessly work with any Directory Server which supports V3
> Protocol (Correct me if I am wrong); but our applications is failing to create
> User Defined ObjectClasses and Attributes to OpenLDAP. We have also tried
> creating the ObjectClasses and Attributes using LDIF files and got the same
> error.
Your assumption was not correct, there is no requirement in RFC-4511
and RFC4512
> The Error what we have got:
>
> ldap_modify: Server is unwilling to perform (53)
>
> additional info: modification of subschema subentry not supported
>
>
>
> Sample LDIF file what we had run:
>
> version:1
>
> #Usage Eg: ldapmodify.exe -v -F -h localhost -p 389 -x -D "cn=Directory
> manager,dc=company,dc=net" -w password123 -f D: \sample.ldif
>
>
>
> # user define attributes
>
> dn: cn=schema
[...]
With OpenLDAP schemas are written to cn=schema,cn=config, and the DN
contains a ordering quantifier and the schema name, like dn: cn={0}core
see
http://www.openldap.org/doc/admin23/slapdconf2.html
Please note that X-ORDERED 'VALUES' syntax is used to create odering
quantifiers.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
N 53°37'10.08"
E 10°08'02.82"
GPG Key ID:8EF7B6C6
16 years, 10 months
4.5Gb Slapcat after server error
by JJ
I've been having some problems while importing some records into my ldap
server and the server crashed with error (23 november)
Nov 23 12:06:55 berlinzoo slapd[29709]: ====> cache_add_entry( 184299 ):
"cn=157041,ou=non iscritti,ou=<CUT> ": already in id cache
Nov 23 12:06:55 berlinzoo slapd[29709]: cache_add_entry_lock failed
Nov 23 12:06:55 berlinzoo slapd[29709]: cache_add_entry_lock failed
Nov 23 12:09:09 berlinzoo slapd[29709]: ldbm: ==> page 3266: illegal
page type or format
Nov 23 12:09:09 berlinzoo slapd[29709]: ldbm: ==> PANIC: Invalid argument
When restarted, sometimes the server crashes so I've read some on google
and decided to db_recover and then restart.
Yesterday (27 November) the openldap server worked "quite" well, but
sometimes still crashes:
Nov 27 08:09:53 berlinzoo slapd[8529]: ldbm: ==> page 3267: illegal page
type or format
Nov 27 08:09:53 berlinzoo slapd[8529]: ldbm: ==> PANIC: Invalid argument
(infact it does not crash, my application just hangs and cannot use ldap
server anymore)
I've noticed that my daily backup (I know, I'm stupid, I should have
restored that backup the next day and not wait till now) since 24 is
getting 2Gb (but just because it lock for max file size reached
otherwise goes over 4Gb).
What I think is that there should be a kind of "circular" reference
because normally the backup is 23Mb, not >4.5GB.
Anyone can suggest a correct procedure to get it stable without
restoring the 23's backup file ?
Thank you very much
Julien
16 years, 10 months
OpenLDAP + 300 CPUs
by Jean-Francois Bouchard
Hello
I have an interesting issue here.
We are operating a grid ( http://en.wikipedia.org/wiki/Grid_computing )
composed of a bit more than 300 CPUs.
We have a standalone machine that take care of our LDAP server. Right
now this machine run the LDAP server with a idletimeout set.
When a use submit a bunch of job (Lets say 10 000 jobs) each job
generate a query to the LDAP machine. What happen ? The only process
stop accepting connection due to the FD size limit (1024 connections).
Even with a idletimeout connection set at 2 second...
What choice we have to let our LDAP machine do more ...
We like to know if openLDAP can do like apache (fork a process for each
connection, or a process for a small bunch of connection.)
Thanks
---
Jean-Francois Bouchard
16 years, 10 months
How do I skip the pass phrase prompt on OpenLDAP startup
by Rob Tanner
Hi,
Right now I'm just testing SSL with a self-signed certificate, but one
potentially serious issue has come up. When ever I restart OpenLDAP I
get the prompt "Enter PEM pass phrase". This means that the OpenLDAP
server can auto-start on reboot. Is there anyway to bypass that? In
apache, for example, SSLPassPhraseDialog has an option to execute a
program, and I use that option to supply the pass phrase. Is there any
kind of equivalent in OpenLDAP.
Thanks,
Rob
--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR
16 years, 10 months
