I was looking at the docs on http://www.openldap.org/devel/admin/
monitoringslapd.html and section 13.1 (cn=config) has yet to be written.
Could anyone give me a brief description what what that is?
Also, I am writing a health check for openldap and I am only able to
find effective monitoring stats via the cn=Monitor but that is not
always configured in every slapd instance. Is there another way of
going about this?
> I assume this section would be on how to configure back-monitor via
> back-config, for now, converting your slapd.conf (that you set up for
> back-monitor in 13.3) would do what is necessary. If you use a
> this is irrelevant for you at present.
ok, so setting it up in slapd.conf does the same thing.
>> Also, I am writing a health check for openldap
> For what monitoring system ?
> Here is the one I use for performance and replication monitoring
> with Hobbit
> (but I also use it stand-alone).
thanks, I will definitely check it out.
>> and I am only able to
>> find effective monitoring stats via the cn=Monitor but that is not
>> always configured in every slapd instance.
> The best solution here is to configure it.
Yeah, that is unfortunate since not all slapd instances will have
>> Is there another way of
>> going about this?
> AFAIK, no.
> Buchan Milne
> ISP Systems Specialist - Monitoring/Authentication Team Leader
--On June 5, 2007 6:28:11 PM -0400 "West, Jon (NIH/NIMH) [C]"
> yes, I've actually have it looking at the cert but I still get a
> connection error when using TLS I think I understand it
> ldap_start_tls: Connect error (-11)
> additional info: TLS: hostname does not match CN in peer
> certificate I think this means is because I used 'test.com' as the server
> name when generating the cert rather then the actual server? test.com is
> just the test domain I am using
Please keep replies to the list.
This error means that the host name in the certificate does not match the
hostname for the server. They must match to establish a TLS connection.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration
Using OpenLDAP 2.3.35, when I've set translucent and rwm overlays to
dynamically adds an external attribute (userCertificate) in respond of
search request, I can't able anymore to bind. slapd return "Invalid
credentials" error messages.
If translucent and rwm overlays are commented, bind usage is back.
/---( slapd.conf )---
rwm-map objectclass *
rwm-map attribute *
I've also configure a syncrepl replication on this database.
Any ideas ?
Raphaël 'SurcouF' Bordet
I need to build LDAP for Win64 platforms, for which I need the following
Are they available on both Itanium /EM64T ( AMD 64 ) platforms and Where
can I get them from?
Any pointers to this will be greatly appreciated.
Thanks and regards,
Informatica Business Solutions PVT LTD
"The Data Integration Company" (TM)
Diamond District, Tower 'B', 3rd Floor
#150, Airport Road, Bangalore - 560 008 India.
I would like to set up TLS on our server. Looking through the
Administration guide, I am unsure if I need both server AND client
certificates. As I understand it I am supposed to first see if I can use
the command line tools to establish the TLS connection then attempt to
set up a client. So I have created a server certificate. I would like to
do this with a test system. The test server is running 2.0.27-22 and our
actual server runs 2.2.13-6.4E.. How can I be sure that I am getting an
encrypted connection. I am also unsure of how to use LDAP search since
whenever I do use it I get errors but when I verify the contents of our
directory with other software I can see the things I'm looking for.
Again this is a question about LDAPsearch, not the other software. I
have a user called tester in my dc=test,dc=com test server (Is it a
problem that I use test.com when the machine is not on that domain?)
what would be the command to get the LDAP information about tester?
I've to add some attributes like userCertificate from a PKI LDAP server
to my meta-directory, which integrating some others LDAP servers. Some
branches are replicated using syncrepl and I don't have rights to modify
I was looked to translucent overlay and added theses following
directives to main configuration file of slapd :
/---( slapd.conf )---
rwm-map attribute userCertificate *
First question: I can't bind any more using rootdn of this database when
theses directives are activated, why ?
Second question: When I'm looking for an entry than have a
userCertificate attribute on pkiserver database, I'm getting two
responses, why and how can I've only the local entry with remote
userCertificate attribute without modify local database ?
Raphaël 'SurcouF' Bordet
For some special reasons search for modification log is a frequent
operation here in our environment. Usually searching for modification
log takes 30 seconds or longer:
$ ldapsearch -x -D cn=admin,cn=accesslog -w -b cn=accesslog
Compare to a typical ldap search that search for a contact person or
anyone who live in a state which usually return the result in less then
30 second time is not acceptable consider the frequency such search is
being used. I think I have 'optimized' slapd.conf by using these lines:
# used for accesslog, realss
# The base of your directory for database #2
index reqDN,reqType eq
And I have also rebuilt index by using
$ slapindex -b cn=accesslog
Is this 30 second search time normal and how can I improve search speed?
Thanks a lot in advance!
The total amount of accesslog entry is about 658147
+86 592 2091112
I am trying to upgrade from 2.2.13 to 2.3.35 in order to (possibly) fix
But, I am having a ton of problems. At this point, I just want to
scratch the current DB and start over. However, if I try this, slapd
complains about not being able to find the database:
Checking configuration files for : bdb_db_open:
db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2)
Which makes sense... so, how do I create an empty one?