why syncrepl doesn't work ???
by Jeronimo Zucco
Hi, list.
I'm trying to implement syncrepl in my openldap 2.3.35 without
sucess. I tryed many (I sed: MANY) times to slacat, slapadd to slave for
syn ldap servers, but for some reason with I don't know, the slave lost
the sync.
Then I have to do the same thing ate night:
- stop ldap master;
- slapcat master
- slapadd on the slave;
- start master and start slave
This works about one hour, in the morning wasn't syncing again. If i
restart the slave ldap, then the changes on the master is replicated,
but stops to sync "on line" after this.
I don't know what to do to solve this issue :-(
Follow up my ldap configuration (just about syncrepl):
ldap master:
# acls permits to user replicator to read all the database
index objectClass,entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
limits dn.exact="cn=replicator,dc=domain,dc=com" size.soft=unlimited
size.hard=unlimited
ldap slave:
syncrepl
rid=1
provider=ldaps://master.domain.com:636
binddn="cn=replicator,dc=domain,dc=com"
bindmethod=simple
credentials=secret
searchbase="dc=domain,dc=com"
filter="(objectClass=*)"
schemachecking=off
scope=sub
type=refreshAndPersist
retry="60 +"
Any tip will be apreciated.
--
Jeronimo Zucco
LPIC-1 Linux Professional Institute Certified
Núcleo de Processamento de Dados
Universidade de Caxias do Sul
http://jczucco.blogspot.com
16 years, 5 months
Regarding chaining to multiple ldap servers
by Arunachalam Parthasarathy
Hello,
With openldap chain overlay, can we able to chain to multiple servers,
Means can I have multiple chain-idassert-uri and chain-idassert-bind ,
which I can use many binddn/bindpassword , for chaining and i need to chain
for (read and write) to those servers
Thanks,
Arunachalam.
****************************************************************************
****************************
This e-mail and attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained herein in any way (including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient's) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!
16 years, 5 months
synrepl and contextCSN missing
by Raphaël 'SurcouF' Bordet
Hi,
If even a master doesn't provide a contextCSN on root entry, whats
happens ? Does syncrepl is always working fine ?
I've some databases populated by using syncrepl and masters doesn't
provides contextCSN. I'm using refreshOnly type of syncrepl and I'm
getting changes only when I've just restart slapd.
Any hint ?
Regards,
PS: I'm using OpenLDAP 2.3.35 under Solaris 10
--
Raphaël 'SurcouF' Bordet
16 years, 5 months
bdb or hdb ?
by Kari Mattsson
I'm wondering... All documentation I've seen mention hdb as sibling of
bdb with the only significant difference of being able to rename
(sub)trees, and thus move them around.
Then there is one config difference: idlcachesize shoud be 4 x cachesize
when using hdb. For bdb it can be way smaller than cachesize.
If the difference really is this small,
1) where is the real point in having two almost same back-ends?
2) why wouldn't everybody use hdb in the first place?
--Kari Mattsson
16 years, 5 months
Regarding backend database in openldap !!
by sameer
Hi,
I would like to know using DB2 as the backend instead of BDB in openldap will have performance advantages.
Has anyone tried integrating openldap with DB2 ?
Any help would be appreciated.
Rgs
Sameer
This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
16 years, 5 months
Does chain overlay support sasl binding?
by Simon Gao
Hi,
I'd like to know if chain overlay currently supports sasl binding or not
with OpenLDAP 2.3.35.
Since both idassert-bind and chain-idassert-bind are handled by ldap
backend, can I assume sasl binding should be available to chain overlay
also?
Appreciate your help.
Thanks,
Simon
16 years, 5 months
Re: Problem with Schema in Openldap 2.3.19
by Eugenia Candida Oliveira de Moura
The debug in Openldap 2.3.19:
>>> dnPrettyNormal: <cn=schema,cn=config>
=> ldap_bv2dn(cn=schema,cn=config,0)
<= ldap_bv2dn(cn=schema,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=schema,cn=config)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=schema,cn=config)=0
<<< dnPrettyNormal: <cn=schema,cn=config>, <cn=schema,cn=config>
modifications:
add: olcAttributeTypes
one value, length 141
conn=0 op=1 MOD dn="cn=schema,cn=config"
conn=0 op=1 MOD attr=olcAttributeTypes
oc_check_required entry (cn=schema,cn=config), objectClass "olcSchemaConfig"
oc_check_allowed type "objectClass"
oc_check_allowed type "cn"
oc_check_allowed type "olcObjectIdentifier"
oc_check_allowed type "olcAttributeTypes"
oc_check_allowed type "olcObjectClasses"
oc_check_allowed type "structuralObjectClass"
oc_check_allowed type "entryUUID"
oc_check_allowed type "creatorsName"
oc_check_allowed type "createTimestamp"
oc_check_allowed type "entryCSN"
oc_check_allowed type "modifiersName"
oc_check_allowed type "modifyTimestamp"
slapd: line 0: Unexpected token before SYNTAX
1.3.6.1.4.1.1466.115.121.1.15SIN GLE-VALUE )
AttributeTypeDescription = "(" whsp
numericoid whsp ; AttributeType identifier
[ "NAME" qdescrs ] ; name used in AttributeType
[ "DESC" qdstring ] ; description
[ "OBSOLETE" whsp ]
[ "SUP" woid ] ; derived from this other
; AttributeType
[ "EQUALITY" woid ] ; Matching Rule name
[ "ORDERING" woid ] ; Matching Rule name
[ "SUBSTR" woid ] ; Matching Rule name
[ "SYNTAX" whsp noidlen whsp ] ; see section 4.3
[ "SINGLE-VALUE" whsp ] ; default multi-valued
[ "COLLECTIVE" whsp ] ; default not collective
[ "NO-USER-MODIFICATION" whsp ]; default user modifiable
[ "USAGE" whsp AttributeUsage ]; default userApplications
; userApplications
; directoryOperation
; distributedOperation
; dSAOperation
whsp ")"
olcAttributeTypes: value #-1: <olcAttributeTypes> handler exited with 1!
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: err=80 matched="" text="<olcAttributeTypes> handler exited
wit h 1"
send_ldap_response: msgid=2 tag=103 err=80
ber_flush: 55 bytes to sd 12
<olcAttributeTypes > handler exited with 1
ldap_write: want=55, written=55
0000: 30 35 02 01 02 67 30 0a 01 50 04 00 04 29 3c 6f 05...g0..P...)<o
0010: 6c 63 41 74 74 72 69 62 75 74 65 54 79 70 65 73 lcAttributeTypes
0020: 3e 20 68 61 6e 64 6c 65 72 20 65 78 69 74 65 64 > handler exited
0030: 20 77 69 74 68 20 31 with 1
conn=0 op=1 RESULT tag=103 err=80 text=<olcAttributeTypes> handler exited
with 1
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
connection_get(12)
connection_get(12): got connid=0
When the new attribute is add, is being added a value "1" in the end of the
olcAttributeType, for example, olcAttributeType1. But I do not know because.
2007/6/11, Quanah Gibson-Mount <quanah(a)zimbra.com>:
>
> --On Monday, June 11, 2007 6:35 AM +0200 Dieter Kluenter
> <dieter(a)dkluenter.de> wrote:
>
> > "Eugenia Candida Oliveira de Moura" < eugeniacandida(a)gmail.com> writes:
> >
> >> Hi,
> >>
> >> I'm using openldap 2.3.19 and when I try to add to a new attribute in
> >> the entry cn= schema,cn=config I have the following error:
> >> <olcAttributeTypes> handler exited with 1
> >>
> >> Why this error occurs?
> >> Some ideia?
> >
> > Could you please be a bit more verbose on the error? Something like
> > debugging -d-1 would probabely be of help.
>
> And get the debug info from a recent version of OpenLDAP. 2.3.19 is quite
> old.
>
> --Quanah
>
>
> --
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
16 years, 5 months
move subtree !!
by sameer
Hi,
Does openldap support move subtree operation. ?
I have a requirement where i need to move one subtree to other location.
Can i achieve this without deleting and adding again.
Rgs
Sameer
This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
16 years, 5 months
indexes and multiple values
by David Schmitter
hi all
it seems that recent openldap versions don't allow eq indexes if there
are multiple values (per object) for an attribute. if i use an eq index
on such an attribute queries will not match for any of the multiple values.
this was possible with openldap 2.0 using the ldbm backend.
any ideas?
cheers
david
16 years, 5 months
Problem with Schema in Openldap 2.3.19
by Eugenia Candida Oliveira de Moura
Hi,
I'm using openldap 2.3.19 and when I try to add to a new attribute in the
entry cn=schema,cn=config I have the following error:
<olcAttributeTypes> handler exited with 1
Why this error occurs?
Some ideia?
Thanks.
16 years, 5 months
