On Saturday, 30 June 2007, Zhang Weiwu wrote:
> I don't know why the message (Wed, 27 Jun 2007 23:25:28 +0800) seems
> didn't delivered to the list (failed moderation? I didn't receive
> notification from moderator either). Here is it resend again.
> On Wed, 2007-06-27 at 17:09 +0200, Buchan Milne wrote:
> > Your use of the feature seems to be correct, but you don't provide any
> > information on whether your configuration of the feature is correct.
> > You may want to supply at least the section of slapd.conf relevant to
> > this database (with sensitive details - e.g. rootpw etc. - replaced).
> Thanks and sorry for letting you have to ask more questions in order to
> answer my question!
> Here is the complete slapd.conf (rootpw is no security threat because
> this is a temporary test installation made to test slapo-refint feature)
You are missing:
inside the database section, before the following line:
ISP Systems Specialist - Monitoring/Authentication Team Leader
<quote who="Kambiz Behrooz">
> Excise me. I should explain better
> Log level is set to 0x240 but then we get both success and errors for
> stats2 and config and there is no way to just get errors which we need
IIRC, try "loglevel none", this will only have high priority messages
logged, i.e. erorrs.
>> If I understand right so I need to send it to
>> openldap-software(a)openldap.org , right?
>> by the way I never used overlay before.
>> The company I work for use ldap pretty much and log file get big very
>> and same times they are only interested on just "errors". Last time it
>> just a few lines on the file they needed and the log file contained over
>> 100K lines.
> This is the information I was after. If they only want to log errors,
> change the "loglevel" setting. See "man slapd.conf". This is what man
> pages are for ;-)
> What loglevel is it currently on.
>> Thanks for the information
>> Kind Regards,
>> Kambiz Behrooz
>> Kambiz Behrooz wrote:
>>> I am new on openldap (and ldap and this maillist).
>>> My company wants to have more control on the logging and I have to
>>> make changes on openldap and probably make changes so the can be on
>>> next version openldap.
>>> Does openldap use only syslog for all logging ?
>>> where is easiest to begin ?
>>> How good need the code be to have chance to be add to openldap ?
>>> Thanks for any information
>> This is really for the openldap-software list. Please resend.
>> Have you looked at the accesslog overlay? You haven't mentioned why/what
>> logging is inadequate?
>> Kind Regards,
>> Gavin Henry.
>> Managing Director.
>> T +44 (0) 1224 279484
>> M +44 (0) 7930 323266
>> F +44 (0) 1224 824887
>> E ghenry(a)suretecsystems.com
>> Open Source. Open Solutions(tm).
>> Building a website is a piece of cake. Yahoo! Small Business gives you
>> the tools to get online.
> Get the Yahoo! toolbar and be alerted to new email wherever you're
I am using the slapd 2.3.30 debian package.
I would like to have the schma and acl configuration
dynamic so I am able to replicate it. but on the other hand
I would like to use som overlays witch do not support
the dynamic configuration.
Is there any possibilty to keep schenas and acls in the
dynamic configuration. And keeping the overlay and database configuration
in an old style include file ?
Dembach Goo Informatik GmbH & Co KG
Tel: +49 221 801483 0
Mobil: +49 177 8091974
Fax: +49 221 801483 20
Amtsgericht Köln HRA 22794, UST ID: DE242 159 527
Geschäftsführer: Manon Goo, Andreas Dembach
Haftende Gesellschafterin: Dembach Goo Verwaltungs GmbH
using openldap 2.3.35.
When I do a search for some attribute like "cn=foobar", and in set of
attributes which are to be returned per-entry is "cn" attribute, all its
values are returned.
however, when I search with "cn=foo*", and entry has multiple
"cn" values, like
- is it possible to have "cn" returned, but only these values,
which actually matched the filter ? Or, is it possible
to find out how many values of "cn" in particular entry, matched?
While doing such search in some specified case, I'm interested
only with values "cn=foo", "cn=foobar" and "cn=foobarX", I do not
care what are other "cn" values, nor even there are other values
of "cn" which didn't match, or not. Such feature seems complicated,
because filter actually may be build with many attributes,
- and only if some of them are specified in return attributes, the
matching values should be returned .