openldap-software February 2007

openldap-software@openldap.org

94 participants
112 discussions

syncrepl issues
by Wes Rogers 06 Feb '07

06 Feb '07

I have never had any problems up until now with syncrepl. 1 consumer is always in sync, yet the 2 newer ones start out in sync but after about 10 minutes they don't sync at all. It is always fixed by restarting slapd on the 2 problem consumers. Various debugging and tcpdumps just confirm that it isn't staying in sync but nothing as far as errors. This same configuration is running on another instance (although openldap 2.3.27, db-4.4.20) with 1 provider and 9 consumers without any issues. Configuration : 1 provider 3 consumers All are openldap-2.3.32 with db-4.4.20 plus the 4 patches. provider config : database monitor access to dn.subtree=cn=monitor by dn.exact=cn=Manager,dc=company,dc=com write by dn.subtree=dc=company,dc=com read by * none access to dn="" by * read access to attrs=userPassword by self write by dn="cn=Manager,dc=company,dc=com" write by anonymous auth by * none access to * by self write by dn="cn=Manager,dc=company,dc=com" write by * none access to attrs=userPassword by self write by anonymous auth by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * none access to * by self write by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * read access to * by dn="cn=replicator,ou=Service,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * read database bdb suffix "dc=company,dc=com" overlay ppolicy ppolicy_default "cn=dc,ou=Policies,dc=company,dc=com" rootdn "cn=Manager,dc=company,dc=com" rootpw {crypt}asdf directory /blah/openldap/var/openldap-data overlay syncprov syncprov-checkpoint 10 60 syncprov-sessionlog 500 # Indices to maintain for this database index objectClass eq,pres index sudoUser eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index entryUUID eq index entryCSN eq consumer config (same on all 3, except for rid) database monitor access to dn.subtree=cn=monitor by dn.exact=cn=Manager,dc=company,dc=com write by dn.subtree=dc=company,dc=com read by * none access to dn="" by * read access to attrs=userPassword by self write by dn="cn=Manager,dc=company,dc=com" write by anonymous auth by * none access to * by self write by dn="cn=Manager,dc=company,dc=com" write by * none access to attrs=userPassword by self write by anonymous auth by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * none access to * by self write by dn.base="cn=dcAuth,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * read access to * by dn="cn=replicator,ou=Service,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" write by * read database bdb suffix "dc=company,dc=com" overlay ppolicy ppolicy_default "cn=dc,ou=Policies,dc=company,dc=com" rootdn "cn=Manager,dc=company,dc=com" rootpw {crypt}adsf directory /blah/openldap/var/openldap-data # Indices to maintain for this database index objectClass eq,pres index sudoUser eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index entryUUID eq syncrepl rid=2 provider=ldaps://10.0.0.1 type=refreshAndPersist retry=60,10,300,3 searchbase="dc=company,dc=com" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=replicator,ou=Service,ou=Applications,ou=Prod,ou=Project,dc=company,dc=com" credentials=adsf

3 2

Re: slapd crashing "randomly?"
by Daniel Henninger 06 Feb '07

06 Feb '07

On Feb 6, 2007, at 1:39 PM, mikee wrote: > On Tue, 06 Feb 2007, matthew sporleder might have said: > >> On 2/6/07, daniel(a)ncsu.edu <daniel(a)ncsu.edu> wrote: >>> Hi folk, >>> >>> I want to start this message by saying, what I'm about to >>> describe is >>> completely vague and I don't expect to get a solution response. ;) >>> Basically, I'm out of ideas and am looking for some suggestions >>> as to how >>> to debug the issue I'm running into. >>> >>> Starting about half a year ago, slapd started "just dieing" out >>> of the >>> blue. Not a think in the logs shows up to indicate what might >>> have caused >>> it. The last query that I see in the logs before a crash always >>> seems to >>> be nothing special. I don't even see a core dump being generated >>> yet, but >>> then that may just be because I don't have the proper setup to >>> get a core >>> dump at this time. We were running the last 2.2 and upgraded to the >>> latest release of 2.3 to make sure it wasn't an "old version" issue. >>> Unfortunately, slapd still dies a fair amount on us. It appears >>> to be >>> fairly unpredictable. I've seen it crash within 1 minute of >>> starting up >>> slapd (then a subsequent startup 'takes' just fine). I've seen >>> it crash >>> when there were a number of network issues going on. I've seen >>> it crash >>> out of the blue when nothing appeared to be going on. I don't >>> really have >>> the drive space to turn on max debug logging 24/7 until the problem >>> occurs. >>> >>> We're thinking about setting up something to watch all of the >>> network >>> traffic going to one of the boxes until it dies. (assuming we >>> can find >>> something with the resources to do that) >>> >>> That all said... since I have nothing solid to present, do you >>> all have >>> any suggestions of what would be the best way to track down >>> what's going >>> on? I'm literally out of ideas unless my berkeley db config is >>> somehow >>> causing the problem or something like that. >>> >>> I apologize for the vagueness. =/ Any ideas/suggestions? >>> >> >> >> After the crash, is your bdb environment clean, or is it needing a >> db_recover? >> Depending on your OS, you could watch the pid all the time and trap >> the last signals received, last files accessed, etc, and that >> wouldn't >> take tons of resources. >> >> You could try turning on max debugging and simply rotate a lot more >> often. (every n minutes or even seconds) This way you could >> definitely keep the -last- transactions and just not worry about the >> old ones. >> > > What about running a continous 'strace -p 99999' of slapd and wait for > it to die again. The strace window should show the last call to the > kernel. Hrm. Good point, I could probably run that inside of screen or something. I'll give that a whirl, thanks! Daniel > > Mike

2 1

logging
by Ian Moroney 06 Feb '07

06 Feb '07

Hi guys. How can i set up logging for openldap so i can find out why the damn thing won't start? :P i've got the good old ldap_bind: can't contact LDAP server (-1) problem... and i'd like to look at a log file to see what is causing the problem I know how to set the loglevel to 256 in the configuration file, but no idea what file to look at for the output. Help! :D Thanks and Kind Regards, Ian Moroney Field Engineer T: 020 8891 3010 M: 07791 965924 F: 020 8288 2591 www.techdivision.co.uk <http://www.techdivision.co.uk/> TechDivision - Making IT Work

4 3

slurpd: skip repl record for(cont)
by Jeremy M. Guthrie 06 Feb '07

06 Feb '07

Okay, now I am really lost. Replication works between hosts on port 389. What I have changed thus far is setup stunnel between hosts and set the target to 127.0.0.1:637. Then I get the 'not mine' records. I also upgraded to the latest stable release and I get the same thing. What is odd is that if I change the replication target to use 389, then it works just fine. Any ideas? The fact that it works fine on 389 and changing IPs & port breaking makes me think my configuration order is fine. Looking over the docs I don't see any directives that makes me thing my setup is wrong. I've tested the stunnel forwarding, that is getting me to the correct target. /etc/openldap/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/yast.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/openldap/modules access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to * by * read loglevel 0 #Creating keys and certs for these BUT we are skipping #using them because of a bug in the current SuSE OpenLDAP kit TLSCACertificateFile /etc/openldap/servercert.pem TLSCertificateFile /etc/openldap/servercert.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem database bdb suffix "dc=remote,dc=binc,dc=net" rootdn "ROOTDNACCOUNT" rootpw "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" directory /var/lib/ldap/dc=remote_dc=binc_dc=net checkpoint 1024 5 replogfile /var/lib/ldap/replog/ldap.dc=remote_dc=binc_dc=net.replog replica uri="ldap://127.0.0.1:637/" binddn="ROOTDNACCOUNT" bindmethod=simple credentials=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX cachesize 10000 index objectClass,uidNumber,gidNumber eq index member,mail eq,pres index cn,displayname,uid,sn,givenname sub,eq,pres slurpd debug logs: /usr/lib/openldap/slurpd -t /var/lib/slurpd -d -1 @(#) $OpenLDAP: slurpd 2.3.32 (Feb 5 2007 16:10:48) $ binc@custa-rmon01:/home/binc/rpmbuild/BUILD/openldap-2.3.32/servers/slurpd Config: opening config file "/etc/openldap/slapd.conf" Config: (include /etc/openldap/schema/core.schema) Config: opening config file "/etc/openldap/schema/core.schema" Config: (include /etc/openldap/schema/cosine.schema) Config: opening config file "/etc/openldap/schema/cosine.schema" Config: (attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: general information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )) Config: (attributetype ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )) Config: (attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC1274: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: host computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC1274: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )) Config: (attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' DESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC 'RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DESC 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )) Config: (attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DESC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )) Config: (attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )) Config: (attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )) Config: (attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )) Config: (attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )) Config: (attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )) Config: (attributetype ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )) Config: (attributetype ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )) Config: (attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DESC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC 'RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )) Config: (attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC 'RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )) Config: (attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RFC1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )) Config: (attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )) Config: (attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )) Config: (attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )) Config: (attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' DESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )) Config: (attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'RFC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )) Config: (attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )) Config: (attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' DESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )) Config: (objectclass ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelephoneNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature ) )) Config: (objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ host ) )) Config: (objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ documentTitle $ documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) )) Config: (objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )) Config: (objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ localityName $ organizationName $ organizationalUnitName ) )) Config: (objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCTURAL MUST domainComponent MAY ( associatedName $ organizationName $ description $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) )) Config: (objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP domain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) )) Config: (objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord ) )) Config: (objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' DESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associatedDomain )) Config: (objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country STRUCTURAL MUST friendlyCountryName )) Config: (objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SUP ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )) Config: (objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STRUCTURAL MAY dSAQuality )) Config: (objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) )) Config: ** configuration file successfully read and parsed Config: (attributetype ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )) Config: (attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known by' SUP name )) Config: (attributetype ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )) Config: (attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-3166 country 2-letter code' SUP name SINGLE-VALUE )) Config: (attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: locality which this object resides in' SUP name )) Config: (attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object resides in' SUP name )) Config: (attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )) Config: (attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name )) Config: (attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2256: organizational unit this object belongs to' SUP name )) Config: (attributetype ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name )) Config: (attributetype ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )) Config: (attributetype ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )) Config: (attributetype ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )) Config: (attributetype ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )) Config: (attributetype ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )) Config: (attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )) Config: (attributetype ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )) Config: (attributetype ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )) Config: (attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )) Config: (attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )) Config: (attributetype ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )) Config: (attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )) Config: (attributetype ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )) Config: (attributetype ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )) Config: (attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE )) Config: (attributetype ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: presentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE )) Config: (attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )) Config: (attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName )) Config: (attributetype ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object)' SUP distinguishedName )) Config: (attributetype ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName )) Config: (attributetype ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )) Config: (attributetype ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )) Config: (attributetype ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )) Config: (attributetype ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC2256: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )) Config: (attributetype ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )) Config: (attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name(s) for which the entity is known by' SUP name )) Config: (attributetype ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some or all of names, but not the surname(s).' SUP name )) Config: (attributetype ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qualifier indicating a generation' SUP name )) Config: (attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )) Config: (attributetype ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )) Config: (attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )) Config: (attributetype ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )) Config: (attributetype ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )) Config: (attributetype ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )) Config: (attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )) Config: (attributetype ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )) Config: (attributetype ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP name )) Config: (attributetype ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name )) Config: (objectclass ( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) )) Config: (objectclass ( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )) Config: (objectclass ( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )) Config: (objectclass ( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )) Config: (objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )) Config: (objectclass ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )) Config: (objectclass ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )) Config: (objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )) Config: (objectclass ( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) )) Config: (objectclass ( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) )) Config: (objectclass ( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )) Config: (objectclass ( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation )) Config: (objectclass ( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )) Config: (objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256: a strong authentication user' SUP top AUXILIARY MUST userCertificate )) Config: (objectclass ( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair )) Config: (objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )) Config: (objectclass ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms ) )) Config: (objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certificationAuthority AUXILIARY MAY ( deltaRevocationList ) )) Config: (objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) )) Config: (objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )) Config: (objectclass ( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP top AUXILIARY MAY userCertificate )) Config: (objectclass ( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevocationList $ cACertificate $ crossCertificatePair ) )) Config: (objectclass ( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP top AUXILIARY MAY deltaRevocationList )) Config: (objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC2079: object that contains the URI attribute type' SUP top AUXILIARY MAY ( labeledURI ) )) Config: (attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )) Config: (objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword )) Config: (attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: domain component object' SUP top AUXILIARY MUST dc )) Config: (objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object' SUP top AUXILIARY MUST uid )) Config: (attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )) Config: ** configuration file successfully read and parsed Config: (include /etc/openldap/schema/inetorgperson.schema) Config: opening config file "/etc/openldap/schema/inetorgperson.schema" Config: (include /etc/openldap/schema/rfc2307bis.schema) Config: opening config file "/etc/openldap/schema/rfc2307bis.schema" Config: (attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service port number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Service protocol name' SUP name )) Config: (attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'IP protocol number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 addresses as a dotted decimal omitting leading zeros or IPv6 addresses as defined in RFC2373' SUP name )) Config: (attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP network as a dotted decimal, eg. 192.168, omitting leading zeros' SUP name SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0, omitting leading zeros' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootparamd parameter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a A generic NIS map' SUP name )) Config: (attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic NIS entry' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secret key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)) Config: (attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key value' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automount information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY DESC 'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) )) Config: (objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY DESC 'Additional attributes for shadow passwords' MUST uid MAY ( userPassword $ description $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag ) )) Config: (objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY DESC 'Abstraction of a group of accounts' MUST gidNumber MAY ( userPassword $ memberUid $ description ) )) Config: (objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL DESC 'Abstraction an Internet Protocol service. Maps an IP port and protocol (such as tcp or udp) to one or more names; the distinguished value of the cn attribute denotes the services canonical name' MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description )) Config: (objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL DESC 'Abstraction of an IP protocol. Maps a protocol number to one or more names. The distinguished value of the cn attribute denotes the protocols canonical name' MUST ( cn $ ipProtocolNumber ) MAY description )) Config: (objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL DESC 'Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call (RPC) binding. This class maps an ONC RPC number to a name. The distinguished value of the cn attribute denotes the RPC services canonical name' MUST ( cn $ oncRpcNumber ) MAY description )) Config: (objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY DESC 'Abstraction of a host, an IP device. The distinguished value of the cn attribute denotes the hosts canonical name. Device SHOULD be used as a structural class' MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l $ description $ manager ) )) Config: (objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL DESC 'Abstraction of a network. The distinguished value of the cn attribute denotes the networks canonical name' MUST ipNetworkNumber MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )) Config: (objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL DESC 'Abstraction of a netgroup. May refer to other netgroups' MUST cn MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )) Config: (objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL DESC 'A generic abstraction of a NIS map' MUST nisMapName MAY description )) Config: (objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL DESC 'An entry in a NIS map' MUST ( cn $ nisMapEntry $ nisMapName ) MAY description )) Config: (objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY DESC 'A device with a MAC address; device SHOULD be used as a structural class' MAY macAddress )) Config: (objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY DESC 'A device with boot parameters; device SHOULD be used as a structural class' MAY ( bootFile $ bootParameter ) )) Config: (objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY DESC 'An object with a public and secret key' MUST ( cn $ nisPublicKey $ nisSecretKey ) MAY ( uidNumber $ description ) )) Config: (objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY DESC 'Associates a NIS domain with a naming context' MUST nisDomain )) Config: (objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL MUST ( automountMapName ) MAY description )) Config: (objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL DESC 'Automount information' MUST ( automountKey $ automountInformation ) MAY description )) Config: (objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top STRUCTURAL MAY cn )) Config: ** configuration file successfully read and parsed Config: (attributetype ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2798: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )) Config: (attributetype ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'RFC2798: identifies a department within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )) Config: (attributetype ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )) Config: (attributetype ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RFC2798: numerically identifies an employee within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )) Config: (attributetype ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )) Config: (attributetype ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )) Config: (attributetype ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )) Config: (attributetype ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )) Config: (attributetype ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )) Config: (objectclass ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )) Config: ** configuration file successfully read and parsed Config: (include /etc/openldap/schema/yast.schema) Config: opening config file "/etc/openldap/schema/yast.schema" Config: (pidfile /var/run/slapd/slapd.pid) Config: (objectidentifier SUSE 1.3.6.1.4.1.7057) Config: (objectidentifier SUSE.YaST SUSE:10.1) Config: (objectidentifier SUSE.YaST.ModuleConfig SUSE:10.1.2) Config: (objectidentifier SUSE.YaST.ModuleConfig.OC SUSE.YaST.ModuleConfig:1) Config: (objectidentifier SUSE.YaST.ModuleConfig.Attr SUSE.YaST.ModuleConfig:2) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:2 NAME ( 'suseDefaultBase' ) DESC 'Base DN where new Objects should be created by default' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:3 NAME ( 'suseNextUniqueId' ) DESC 'Next unused unique ID, can be used to generate directory wide uniqe IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:4 NAME ( 'suseMinUniqueId' ) DESC 'lower Border for Unique IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:5 NAME ( 'suseMaxUniqueId' ) DESC 'upper Border for Unique IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:6 NAME ( 'suseDefaultTemplate' ) DESC 'The DN of a template that should be used by default' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:7 NAME ( 'suseSearchFilter' ) DESC 'Search filter to localize Objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:11 NAME ( 'suseDefaultValue' ) DESC 'an Attribute-Value-Assertions to define defaults for specific Attributes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:12 NAME ( 'suseNamingAttribute' ) DESC 'AttributeType that should be used as the RDN' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:15 NAME ( 'suseSecondaryGroup' ) DESC 'seconday group DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:16 NAME ( 'suseMinPasswordLength' ) DESC 'minimum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:17 NAME ( 'suseMaxPasswordLength' ) DESC 'maximum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:18 NAME ( 'susePasswordHash' ) DESC 'Hash method to use for new users' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:19 NAME ( 'suseSkelDir' ) DESC '' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:20 NAME ( 'susePlugin' ) DESC 'plugin to use upon user/ group creation' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:21 NAME ( 'suseMapAttribute' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:22 NAME ( 'suseImapServer' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:23 NAME ( 'suseImapAdmin' ) DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:24 NAME ( 'suseImapDefaultQuota' ) DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )) Config: (attributetype ( SUSE.YaST.ModuleConfig.Attr:25 NAME ( 'suseImapUseSsl' ) DESC '' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:2 NAME 'suseModuleConfiguration' SUP top STRUCTURAL DESC 'Contains configuration of Management Modules' MUST ( cn ) MAY ( suseDefaultBase ))) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:3 NAME 'suseUserConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of user management tools' MAY ( suseMinPasswordLength $ suseMaxPasswordLength $ susePasswordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ))) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:4 NAME 'suseObjectTemplate' SUP top STRUCTURAL DESC 'Base Class for Object-Templates' MUST ( cn ) MAY ( susePlugin $ suseDefaultValue $ suseNamingAttribute ))) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:5 NAME 'suseUserTemplate' SUP suseObjectTemplate STRUCTURAL DESC 'User object template' MUST ( cn ) MAY ( suseSecondaryGroup ))) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:6 NAME 'suseGroupTemplate' SUP suseObjectTemplate STRUCTURAL DESC 'Group object template' MUST ( cn ))) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:7 NAME 'suseGroupConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of user management tools' MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ))) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:8 NAME 'suseCaConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of CA management tools')) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:9 NAME 'suseDnsConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of mail server management tools') ) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:10 NAME 'suseDhcpConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of DHCP server management tools')) Config: (objectClass ( SUSE.YaST.ModuleConfig.OC:11 NAME 'suseMailConfiguration' SUP suseModuleConfiguration STRUCTURAL DESC 'Configuration of IMAP user management tools' MUST ( suseImapServer $ suseImapAdmin $ suseImapDefaultQuota $ suseImapUseSsl ))) Config: ** configuration file successfully read and parsed Config: (argsfile /var/run/slapd/slapd.args) Config: (modulepath /usr/lib/openldap/modules) Config: (access to dn.base="" by * read) Config: (access to dn.base="cn=Subschema" by * read) Config: (access to attrs=userPassword,userPKCS12 by self write by * auth) Config: (access to attrs=shadowLastChange by self write by * read) Config: (access to * by * read) Config: (loglevel 0) Config: (TLSCACertificateFile /etc/openldap/servercert.pem) Config: (TLSCertificateFile /etc/openldap/servercert.pem) Config: (TLSCertificateKeyFile /etc/openldap/serverkey.pem) Config: (database bdb) Config: (suffix "dc=remote,dc=binc,dc=net") Config: (rootdn "ROOTDNACCOUNT") Config: (rootpw "XXXXXXXXXXXXXXXXXXXXXX") Config: (directory /var/lib/ldap/dc=remote_dc=binc_dc=net) Config: (checkpoint 1024 5) Config: (replogfile /var/lib/ldap/replog/ldap.dc=remote_dc=binc_dc=net.replog) Config: (replica uri="ldap://127.0.0.1:637/" binddn="ROOTDNACCOUNT" bindmethod=simple credentials=XXXXXXXXXXXXXXXXXXXXXXXX) ldap_url_parse_ext(ldap://127.0.0.1:637/) Config: ** successfully added replica "127.0.0.1:637" Config: (cachesize 10000) Config: (index objectClass,uidNumber,gidNumber eq) Config: (index member,mail eq,pres) Config: (index cn,displayname,uid,sn,givenname sub,eq,pres) Config: ** configuration file successfully read and parsed begin replication thread for 127.0.0.1:637 Replica 127.0.0.1:637, skip repl record for dc=remote,dc=binc,dc=net (not mine) Replica 127.0.0.1:637, skip repl record for ou=ldapconfig,dc=remote,dc=binc,dc=net (not mine) Replica 127.0.0.1:637, skip repl record for ou=group,dc=remote,dc=binc,dc=net (not mine) Replica 127.0.0.1:637, skip repl record for ou=people,dc=remote,dc=binc,dc=net (not mine) Replica 127.0.0.1:637, skip repl record for ou=binc,ou=people,dc=remote,dc=binc,dc=net (not mine) Replica 127.0.0.1:637, skip repl record for ou=binc,ou=group,dc=remote,dc=binc,dc=net (not mine) Replica 127.0.0.1:637, skip repl record for cn=grouptemplate,ou=ldapconfig,dc=remote,dc=binc,dc=net (not mine) Replica 127.0.0.1:637, skip repl record for cn=usertemplate,ou=ldapconfig,dc=remote,dc=binc,dc=net (not mine) Replica 127.0.0.1:637, skip repl record for cn=groupconfiguration,ou=ldapconfig,dc=remote,dc=binc,dc=net (not mine) Replica 127.0.0.1:637, skip repl record for cn=userconfiguration,ou=ldapconfig,dc=remote,dc=binc,dc=net (not mine) -- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie(a)berbee.com Senior Network Engineer Phone: 608-298-1061 Berbee - A CDW Company Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711

1 1

syncrepl problem
by LALOT Dominique 06 Feb '07

06 Feb '07

Hello, I'm using syncrepl for a while now, but I've encountered till now two problems. One was due to entries having two identical mail attributes. Don't know how it happened but it blocked the syncrepl consumer. Since a few days now I encountered another problem: the provider deleted an entry. I received a mail from my scripts informing that the replication was broken. I restarted openldap(2.3.27) and then most of the problems disappeared except an entry which is only on the consumer side. I tried moving to last release 2.3.32 consumer, then provider and wait a long day without success. Before restarting from an ldif, I would like to understand the problem if somebody has an idea.. *provider:* dn: dc=univmed,dc=fr contextCSN: 20070206145429Z#000000#00#000000 slapd.conf cachesize 50000 dbconfig set_cachesize 0 140000000 1 dbconfig set_flags DB_LOG_AUTOREMOVE dbconfig set_tas_spins 1 dbconfig set_lg_regionmax 262144 idlcachesize 150000 checkpoint 1024 5 # flush tous les 1Mo ou 5 minutes overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 2000 *consumer* dn: dc=univmed,dc=fr contextCSN: 20070206145618Z#000000#00#000000 slapd.conf checkpoint 1024 5 # flush tous les 1Mo ou 5 minutes sizelimit -1 syncrepl rid=123 provider=ldap://xxx:389 type=refreshAndPersist bindmethod=simple binddn="xx" credentials="xx$" schemachecking=off searchbase="dc=univmed,dc=fr" filter="(objectClass=*)" retry="30,10,300,10,1600,+" scope=sub attrs="*,+" Thanks Dom -- Dominique LALOT Ingenieur Systeme et Reseaux http://annuaire.univmed.fr/showuser.php?uid=lalot

1 0

Last bind attempt timestamp
by Alina Dubrovska 05 Feb '07

05 Feb '07

Hello, We use OpenLDAP 2.3.27 as a user directory for our application. Now I need to keep track of directory user bind activities. More precisely I need to be able to get timestamp of last bind attempt for particular entry. Is such a thing possible in OpenLDAP? Does it record bind attempts somehow? My personal solution options are the following: 1) create attribute for last bind timestamp and fill it programmatically from the application 2) use slapo-accesslog(5) overlay, since there is a possibility to log bind operations in separate database But maybe nevertheless there is some already existing entry attribute with such a timestamp? Thanks in advance! Alina.

2 1

Multiple organization
by Arnaud Fileux 05 Feb '07

05 Feb '07

Dear ldapadmin I have to build a tree like: o=abc,c=fr and o=dfg,c=fr and o=ghi,c=fr on the same level OpenLDAP refuse: additional info: no global superior knowledge I try to use a ldbm format for the database but the probleme is the same like bdb. Is there an issue ?

4 4

[Fwd: Re: Bug(?) With OpenLDAP 2.3.32]
by daniel＠ncsu.edu 05 Feb '07

05 Feb '07

Dooh, sorry, this was supposed to go to the list instead of you directly. ---------------------------- Original Message ---------------------------- Subject: Re: Bug(?) With OpenLDAP 2.3.32 From: daniel(a)ncsu.edu Date: Wed, January 24, 2007 1:51 pm To: "Gavin Henry" <ghenry(a)suretecsystems.com> -------------------------------------------------------------------------- I'm not supplying the old attribute. This particular individual has a double major and hence the way we are using it, he has two ou's associated with him. Daniel > <quote who="daniel(a)ncsu.edu"> >> Hi folk! >> >> We upgraded to OpenLDAP 2.3.32 recently and I ran into something that, >> unless I have completely lost my mind, should not be occuring: >> >> /local/ldap/data # /local/ldap/bin/ldapmodify -x -h localhost -D >> "cn=ldapadmin,dc=ncsu,dc=edu" -w LDAPADMINPASSWORD >> dn: uid=STUDENTUSERNAME,ou=students,ou=people,dc=ncsu,dc=edu >> changetype: modify >> replace: ou >> ou: B A - Physics >> ou: B S - Philosophy >> - >> replace: ncsucurriculumcode >> ncsucurriculumcode: PYA >> ncsucurriculumcode: LSL >> >> modifying entry >> "uid=STUDENTUSERNAME,ou=students,ou=people,dc=ncsu,dc=edu" >> ldap_modify: Type or value exists (20) >> additional info: modify/replace: ou: value #1 already exists >> >> >> Obviously I replaced the user's username and my ldap admin password. ;D >> A replace should literally be replacing the ou and ignoring what it's >> currently set to, correct? And since those two ou's are not the same, >> it >> should be fine? What's even more bizarre is that I didn't run into this >> while populating the database in the first place. Is this, perchance, >> fixed in 2.3.33? Thanks! > > You don't supply the old attribute value, just the new one. > > man ldapmodify > >> >> Daniel >> > >

6 13

RE: Can't add data to new ou
by Srilakshmanan, Kumuthiny 04 Feb '07

04 Feb '07

Try and slapcat the data store save it as a .ldif file . You can use this ldif file to analyse the data. Your new OU subtree may not be correct. Check from right to left every subtree do exists and the order is correct CN=SOSCATALOG,OU=Recipients_Seny,OU=Recipients,OU=not_users,OU=users_sxo,DC= internal,DC=sodexho,DC=be - Kumuthiny -----Original Message----- From: openldap-software-bounces+kumuthiny.srilakshmanan=auspost.com.au(a)OpenLDAP.or g [mailto:openldap-software-bounces+kumuthiny.srilakshmanan=auspost.com.au@Ope nLDAP.org] On Behalf Of Erestor Elensar Sent: Sunday, 04 February 2007 9:15 PM Cc: openldap-software(a)openldap.org Subject: Re: Can't add data to new ou Michael Ströder schreef: > Erestor Elensar wrote: >> Michael Ströder schreef: >>> gandalf istari wrote: >>>> i have created a new ou with this command: >>>> slapadd -l ./new-od.ldif without any errors >>> Why didn't you use ldapadd for this single entry? >> because its a part of a large script, and i have only here a problem. >> [..] >>> "CN=SOSCATALOG,OU=Recipients_Seny,OU=Recipients,OU=not_users,OU=users_sxo,DC =intern >>>> al,DC=sodexho,DC=be" >>>> ldap_add: No such object (32) >>>> matched DN: >>>> ou=Recipients,ou=not_users,ou=users_sxo,dc=internal,dc=sodexho,dc=be >>> Did you check with too ldapsearch whether the entry >> Yes, and ldap search don't find anything, but when i want to ad it again >> i get a error that it already exists! > > I suspect something's wrong with you "large script" using slapadd. Here is the "large script" that we use. Thanks > > Ciao, Michael Australia Post is committed to providing our customers with excellent service. If we can assist you in any way please telephone 13 13 18 or visit our website. The information contained in this e-mail communication may be proprietary, confidential or legally professionally privileged. It is intended exclusively for the individual or entity to which it is addressed. You should only read, disclose, re-transmit, copy, distribute, act in reliance on or commercialise the information if you are authorised to do so. Australia Post does not represent, warrant or guarantee the integrity of this e-mail communication has been maintained nor that the communication is free of errors, virus or interference. If you are not the addressee or intended recipient please notify us by replying direct to the sender and then destroy any electronic or paper copy of this message. Any views expressed in this e-mail communication are taken to be those of the individual sender, except where the sender specifically attributes those views to Australia Post and is authorised to do so.

1 0

Multi Master Enviornment for Openldap 2.3
by Aviles, Hugo 04 Feb '07

04 Feb '07

Hello, So here's my situation, I need to setup two openldap instances that will be setup behind a load balancers and be redundant for each other. But i don't want any referrels' to another "master" instance to make the writes. I want both instances to be able to write and do the update without a referral and also have the same data across both instances. I am having trouble figuring out how to setup openldap to do that but from what I have read so far, syncrepl seems to be what I should use to get close to what I want. But I still need some assistance. If a new entry 'A' gets added to the provider master (ligit entry) and then a new entry B gets added to the consumer database (ligit entry), when they replicate, will both provider and master have the A and B entries? Or will the consumer database be screwed and whatever the provider has is it? It doesn't haven't to be Multi-master but I do what the two instances to have the same data and be able to update requests to modify/add/delete entries without a refferal.. Hugo

10 15

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software February 2007