openldap-software November 2006

openldap-software@openldap.org

81 participants
81 discussions

performance loss on real time linux
by Dieter Kluenter 30 Nov '06

30 Nov '06

Hi, I am at an early stage of deploying OpenLDAP running on Monstavista Carrier Grade linux, with Linux-2.6 kernel but modified scheduler. http://www.mvista.com For this I compiled and installed OpenLDAP-2.3.27 on my TP T43 notebook and on a x86 Carrier Grade hardware, I'm not sure about the processor manufacturer and type of this hardware. On both machines identical DB_CONFIG files, slapd.conf and data have been set up. I created only 10,000 entries as this would the expected average database size be. A ldapsearch on localhost with SuSE-9.3 Linux, after some warming up the results were levelling at real 0m0.010s user 0m0.002s sys 0m0.003s with Montavista real 0m0.827s user 0m0.014s sys 0m0.015s Due to a real time scheduler I was expecting the results to be vice versa. Can a RT scheduler or other modifications to the operating system have a negative influence on performance of OpenLDAP? -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de N 53°37'10.08" E 10°08'02.82" GPG Key ID:8EF7B6C6

3 6

Problems with openldap 2.1.30 and 2.2.13
by Leandro 30 Nov '06

30 Nov '06

I have servers with openldap 2.1.30 working very well. It was compiled on Slackware 9.1 / 10.0 (kernel 2.4.22 / kernel 2.4.26) with: ./configure --disable-bdb --enable-ldbm --enable-crypt Now, I want to compile the same version (2.1.30) and use it on RHEL4 ES x86_64 It compiles ok with same "./configure" parameters. Then, I do: make depend, make, make test, make install, and everything es ok. I copy slapd.conf and ldap.conf, and schemas. Then, I copy the base "openldap-data" from original server (with tar.gz) I change necesary informacion in slapd.conf and ldap.conf (IP) The service slapd starts ok, I can connect the service, but I can´t read any information from the DB. Files and Directory permissions are ok. The error: dn2entry_r: no entry for valid id What is the problem ? If I use openldap 2.2.13-x86_64 RPM which comes with this distribution, the same slapd.conf and schemas, then I have "duplicated attributes" when I try to start the service ?!?! I hope you can help me. Thanks in advance. Leandro (Argentina)

2 1

ldap db base dn change
by Bryan Irvine 30 Nov '06

30 Nov '06

Our company was recently broken apart and certain segments were sold. Now I have to go through pull out all the parts that aren't staying with my particular organization (happens to be the one where the LDAP DB stays). The problem is that my base dn, is based on the old company that is going away. Is there a way I can make a new base dn, and then on the designated day, just switch to the new base? In my ldap.conf it seems like I can only specify 1 base. --Bryan

3 2

Extending schema files and OIDs in schema files.
by shilpa muramkar 30 Nov '06

30 Nov '06

I need to create few object classes and attribute types ..hence i created a schema file of my own with all the entries...i have used the experimental OIDs specified in openLDAP.org in my schema file which is openLDAP experimental *1.3.6.1.4.1.4203.666* Experimental attribute types *1.3.6.1.4.1.4203.666.1* Experimental objectclasses *1.3.6.1.4.1.4203.666.3* Experimental syntax *1.3.6.1.4.1.4203.666.2* .......sample schema file is as below......... attributetype( 1.3.6.1.4.1.4203.666.1.58 NAME 'ssarole' DESC 'This attribute defines the role' SYNTAX 1.3.6.1.4.1.4203.666.2.8 MULTI-VALUE ) attributetype( 1.3.6.1.4.1.4203.666.1.59 NAME 'ssaugtype' DESC 'This is Usergroup Type' SYNTAX 1.3.6.1.4.1.4203.666.2.8 SINGLE-VALUE ) attributetype( 1.3.6.1.4.1.4203.666.1.60 NAME 'approverlimit' DESC 'Limit of the approver' SYNTAX 1.3.6.1.4.1.4203.666.2.9 SINGLE-VALUE ) ........... .............. objectclass( 1.3.6.1.4.1.4203.666.3.19 NAME 'ssauser' DESC 'SSA User' SUP ssabase STRUCTURAL MAY( telephonenumber $ title $ mobile $ displayname $ facsimiletelephonenumber $ preferredlanguage $ postaladdress $ c ) ) objectclass( 1.3.6.1.4.1.4203.666.3.20 NAME 'supplier' DESC 'SSA Supplier' SUP ssauser STRUCTURAL MUST businesspartnerid ) objectclass( 1.3.6.1.4.1.4203.666.3.21 NAME 'customer' DESC 'SSA Customer' SUP ssauser STRUCTURAL MUST businesspartnerid ) objectclass( 1.3.6.1.4.1.4203.666.3.22 NAME 'ssaroleobj' DESC 'SSA Role' SUP top STRUCTURAL MUST cn MAY description ) ................... ................ and then i have included my schema file into the slapd.conf..... now i have tried to add my ldif file (using ldapmodify) ....which looks like below(theres just one entry at present).............. dn: uid=admin,ou=ssausers,dc=ssainternal,dc=net changetype: add objectClass: top objectClass: ssauser objectClass: ssantuser objectclass: ssabase uid: admin cn: admin userpassword: admin ssarole: administrator ssarole: superadministrator sn: admin preferredlanguage: en_US ntuserdomainid: ssainternal ..................... ................ but i get an error saying ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax our schema file is actually not being recognized by the server i.e, though i include it or not in the slapd.conf its making no difference :(...........and hence the object classes arnt being recognized........... is it because of the OIDs i have used or is there any *real syntax* *error*in the schema file............is it ok if i append my schema details in any of the openLDAP schema files(core.schema,,,,nis.schema....misc.schema )??????? kindly let me know as to how to get that ldif entry added .

2 1

openldap proxy: schema issue
by jerrrry＠voila.fr 30 Nov '06

30 Nov '06

Hi everybody, I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP server. Unfortunately this (non-OpenLDAP) LDAP directory uses non standard attributes stored in a .ldif file. i have to use one of this non standard attributes in the slapd.conf file for binddn: database ldap uri ldap://192.168.239.210:1389 suffix ou=personnes,o=sg binddn "sbzoneid=appli_test,ou=exploit,ou=personnes,o=sb" bindpw secret maybe i have to convert this file in the openldap .schema format and include it in slapd.conf. I changed attributeTypes: and objectClasses: in attributeType and objectClasse. A big issue seems to be that this ldif file doesn't use numericOIDs but string OID like: attributetype ( sbzoneid-oid NAME 'sbzoneid' SYNTAX 1.3.6.1.4.1.1466.115.12 1.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) or objectClasses: ( sbapplication-oid NAME 'sbapplication' SUP top STRUCTURAL MAY ( sbappatt $ sbappid $ sbapplogindn $ sbappurl $ sbcustom ) X-ORIGIN 'user defined' ) so when runing "sladp -d 1" i get the error: OID could not be expanded: "sbzoneid-oid" or maybe with a more liberal parsing could be helpful ? Do you have any idea to solve this problem ? Thank you for your help Jerrrry

2 1

Re: Extending schema files and OIDs in schema files.
by Kurt D. Zeilenga 30 Nov '06

30 Nov '06

At 02:32 AM 11/30/2006, shilpa muramkar wrote: >I need to create few object classes and attribute types ..hence i created a schema file of my own with all the entries...i have used the experimental OIDs specified in openLDAP.org in my schema file which is Do not hijack OID name space (from the OpenLDAP Project or anyone else). Use you own OIDs for your own purposes. Kurt

1 0

Re: Reg openLDAP config
by Dieter Kluenter 29 Nov '06

29 Nov '06

"shilpa muramkar" <ratnashilpa(a)gmail.com> writes: > Hi: > > We have a business case, wherein we need to add User Defined ObjectClasses > and Attributes to OpenLDAP programmatically/dynamically using Java. > > We have an application which was written in Java uses Netscape LDAP SDK (V3 > Supported) to add ObjectClasses and Attributes to Sun One Directory > Server. Now we need to extend our application to support OpenLDAP. > > Our assumption was, Since Netscape LDAP SDK supports V3 Protocol the > application should seamlessly work with any Directory Server which supports V3 > Protocol (Correct me if I am wrong); but our applications is failing to create > User Defined ObjectClasses and Attributes to OpenLDAP. We have also tried > creating the ObjectClasses and Attributes using LDIF files and got the same > error. Your assumption was not correct, there is no requirement in RFC-4511 and RFC4512 > The Error what we have got: > > ldap_modify: Server is unwilling to perform (53) > > additional info: modification of subschema subentry not supported > > > > Sample LDIF file what we had run: > > version:1 > > #Usage Eg: ldapmodify.exe -v -F -h localhost -p 389 -x -D "cn=Directory > manager,dc=company,dc=net" -w password123 -f D: \sample.ldif > > > > # user define attributes > > dn: cn=schema [...] With OpenLDAP schemas are written to cn=schema,cn=config, and the DN contains a ordering quantifier and the schema name, like dn: cn={0}core see http://www.openldap.org/doc/admin23/slapdconf2.html Please note that X-ORDERED 'VALUES' syntax is used to create odering quantifiers. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de N 53°37'10.08" E 10°08'02.82" GPG Key ID:8EF7B6C6

1 0

4.5Gb Slapcat after server error
by JJ 28 Nov '06

28 Nov '06

I've been having some problems while importing some records into my ldap server and the server crashed with error (23 november) Nov 23 12:06:55 berlinzoo slapd[29709]: ====> cache_add_entry( 184299 ): "cn=157041,ou=non iscritti,ou=<CUT> ": already in id cache Nov 23 12:06:55 berlinzoo slapd[29709]: cache_add_entry_lock failed Nov 23 12:06:55 berlinzoo slapd[29709]: cache_add_entry_lock failed Nov 23 12:09:09 berlinzoo slapd[29709]: ldbm: ==> page 3266: illegal page type or format Nov 23 12:09:09 berlinzoo slapd[29709]: ldbm: ==> PANIC: Invalid argument When restarted, sometimes the server crashes so I've read some on google and decided to db_recover and then restart. Yesterday (27 November) the openldap server worked "quite" well, but sometimes still crashes: Nov 27 08:09:53 berlinzoo slapd[8529]: ldbm: ==> page 3267: illegal page type or format Nov 27 08:09:53 berlinzoo slapd[8529]: ldbm: ==> PANIC: Invalid argument (infact it does not crash, my application just hangs and cannot use ldap server anymore) I've noticed that my daily backup (I know, I'm stupid, I should have restored that backup the next day and not wait till now) since 24 is getting 2Gb (but just because it lock for max file size reached otherwise goes over 4Gb). What I think is that there should be a kind of "circular" reference because normally the backup is 23Mb, not >4.5GB. Anyone can suggest a correct procedure to get it stable without restoring the 23's backup file ? Thank you very much Julien

4 5

OpenLDAP + 300 CPUs
by Jean-Francois Bouchard 28 Nov '06

28 Nov '06

Hello I have an interesting issue here. We are operating a grid ( http://en.wikipedia.org/wiki/Grid_computing ) composed of a bit more than 300 CPUs. We have a standalone machine that take care of our LDAP server. Right now this machine run the LDAP server with a idletimeout set. When a use submit a bunch of job (Lets say 10 000 jobs) each job generate a query to the LDAP machine. What happen ? The only process stop accepting connection due to the FD size limit (1024 connections). Even with a idletimeout connection set at 2 second... What choice we have to let our LDAP machine do more ... We like to know if openLDAP can do like apache (fork a process for each connection, or a process for a small bunch of connection.) Thanks --- Jean-Francois Bouchard

3 5

How do I skip the pass phrase prompt on OpenLDAP startup
by Rob Tanner 27 Nov '06

27 Nov '06

Hi, Right now I'm just testing SSL with a self-signed certificate, but one potentially serious issue has come up. When ever I restart OpenLDAP I get the prompt "Enter PEM pass phrase". This means that the OpenLDAP server can auto-start on reboot. Is there anyway to bypass that? In apache, for example, SSLPassPhraseDialog has an option to execute a program, and I use that option to supply the pass phrase. Is there any kind of equivalent in OpenLDAP. Thanks, Rob -- Rob Tanner UNIX Services Manager Linfield College, McMinnville OR

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software November 2006