openldap-software March 2007

openldap-software@openldap.org

68 participants
83 discussions

Re: LDAP/BDB log purging
by Tony Earnshaw 01 Mar '07

01 Mar '07

Norman Gaywood wrote, on 28. feb 2007 23:41: > On Wed, Feb 28, 2007 at 04:44:20AM +0100, Tony Earnshaw wrote: >> FWIW the Red Hat RHAS4 db-4.2.52 installed as-is causes OpenLDAP to >> puke; I built and install my own rpms, patched to the hilt, and install > > I what way does this break on RHAS4? For my installs OL 2.3 complains about the environment; I'm not sure which - could be TXN - it's been such a long time ... > I'm currently testing a self compiled 2.3.34 openldap with the default > RH db4-4.2.52-7.1. Indeed, if one asks up2date to --get db4, this is the version you get. I should first try Buchan Milne's srpm if I were installing on RHAS/RHEL4 (which I in fact do). > The changelog for db4-4.2.52-7.1 includes changes that seem to have been > talked about in this thread: > > * Tue Jun 08 2004 Jeff Johnson <jbj(a)jbj.org> 4.2.52-4 > - remove dangling symlinks (#123721 et al). > - remove db_cxx.so and db_tcl.so symlinks, versioned equivs exist. > - apply 2 patches from sleepycat. A couple of or 4 symlinks (not these) were wrong in Red Hat's rpm and I fixed those in my rpm. It didn't cause any harm in practice, but ldconfig complained each time it was run. As for the patches, there could have been 2 in 2004, then there were later 4 and I think the latter have since been condensed into a single patch, which I apply. I also apply Quanah's bdb-transactions.patch, which is most likely redundant now. Buchan applies 4 Sleepycat patches to his OL 2.3 rpms. It's not possible to go to Sleepycat's site and find out any longer, since Oracle's taken the thing over and messed everything up. I can't get at 4.2.52 any more. > - resurrect db4-java using sun jvm-1.4.2. > - cripple autoconf sufficiently to build db4-java with gcj, without jvm. > - check javac first, gcj34 next, then gcj-ssa, finally gcj. > - add ed build dependency (#125180). > >> them with my own Cyrus SASL 2.2.22 rpms on any RHAS4 system I install. >> Buchan also builds his own discrete-sonamed db-4.2.52 stuff for his >> OpenLDAP 2.3 on systems where db-4.2.52 might give problems. As for the Cyrus SASL stuff, I need it built with Howard's ldapdb and the standard build doesn't do that, one has to tell it to. --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl

3 2

RE: LDAP/BDB log purging
by Lesley Walker 01 Mar '07

01 Mar '07

Buchan Milne [mailto:bgmilne@obsidian.co.za] > > > > Well, I just ran db_archive and caused widespread chaos > because most (all?) > > of the replicas stopped responding to queries. (I have yet > to perform a > > post-mortem) > > You ran db_archive for the first time, on *all* replicas at > the same time???? Yes. We administer 80+ servers that are more or less identically configured, and typically perform small admin tasks in "for" loop, which is what I did in this case. > > I know that there's a bug in bdb 4.2 that causes logs to be > held open even > > though they're no longer required. Upgrading bdb is not on > the cards right > > now so I need to work around that problem by stopping and starting > > openldap. > > This may or may not be the cause of your problems. > Additionally, this is > affected by your database configuration and checkpointing settings. Copied below... > > So the question I have just at the moment is, when I run > db_archive, should > > openldap be running or not running? > > It should be safe, depending on your configuration, to run > db_archive. > However, due to the tasks it does (just deleting all the > unused log files > would have a similar effect), it can be quite IO intensive, > and you may incur > IO starvation when doing it, impacting performance of any > other application > using files on the same block devices (e.g. slapd). As an additional piece of background, we are currently running all the replication out of an intermediate server (it's a transistional setup). As far as I can tell, it all hit the fan when the db_archive ran on that intermediate server. Obviously I should have left that one out of the list but I didn't think of it at the time. These are all the non-comment entries in DB_CONFIG: set_cachesize 0 268435456 1 set_data_dir db set_lg_regionmax 262144 set_lg_bsize 2097152 set_lg_dir logs set_tmp_dir /tmp Database definition entries in slapd.conf: database bdb suffix "dc=example,dc=com" rootdn "cn=root,dc=example,dc=com" rootpw secret directory /var/local/openldap-2.3.32/openldap-data mode 0600 sizelimit 12000 Replication entries on most servers: syncrepl rid=123 provider=ldap://server.example.com type=refreshAndPersist searchbase="dc=example,dc=com" scope=sub schemachecking=off bindmethod=simple binddn="cn=root,dc=example,dc=com" credentials=secret retry=5,5,30,5,60,5,300,+ And replication entries on the intermediate host: syncrepl rid=123 provider=ldap://master.example.com type=refreshAndPersist interval=00:00:01:00 searchbase="dc=example,dc=com" scope=sub schemachecking=off bindmethod=simple binddn="cn=root,dc=example,dc=com" credentials=secret retry=5,5,30,5,60,5,300,+ overlay syncprov syncprov-checkpoint 10 5 syncprov-sessionlog 100 -- Lesley Walker Linux Systems Administrator Opus International Consultants Ltd Email lesley.walker(a)opus.co.nz Tel +64 4 471 7002, Fax +64 4 473 3017 http://www.opus.co.nz Level 9 Majestic Centre, 100 Willis Street, PO Box 12 343 Wellington, New Zealand

2 2

Get Effective Rights
by Ed Frey 01 Mar '07

01 Mar '07

Has openLDAP implemented the Get Effective Rights control extension? I tried using "2.16.840.1.113719.1.27.100.33" (getEffectivePrivilegesRequest); however, got a "not implemented" result. I searched around google and the list archives and saw some references to it, but never a reference to whether it was implemented or not. I'm trying to move an application that was running against novell's eDirectory to openLDAP and it makes heavy use of this control. That OID may be novell specific, but i didn't see anything in ldap.h with that name either. Any insight would be appreciated Thank you -Ed

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software March 2007