July 2007 - openldap-software

by Gregory K. Ruiz-Ade

We seem to be getting errors every night a couple minutes after logrotate rotates our logs and sends a SIGHUP to syslog-ng (to force a reload): Jul 11 04:02:46 csenet slapd[8823]: daemon: 1024 beyond descriptor table size 1024 Nothing is touching our slapd process (i.e., same process over several days.) This seems only to happen on our master LDAP server. We're using slurpd for replication to our two slave servers. This morning, something apparently corrupted our directory, which apparently got replicated to our slaves; we restored the db from the nightly dump (made from slapcat on another replica) and LDAP seems happy again. We can't see anything in the logs that would lend a clue as to what might be going on. Any suggestions as to where I should start looking? We're running RHEL 4 with all updates applied, using RH's openldap packages (2.2.13). Looking back in the logs, it seems that the syslog message above occurs for a couple minutes after syslog-ng is restarted, and then stops occurring until the next time syslog-ng is restarted, but it's apparently been happening for quite a while. Today is the first time we've had corruption (or otherwise total failure) of the LDAP directory, though. Any suggestions or help will be greatly appreciated. Gregory -- Gregory K. Ruiz-Ade Sr. Systems Administrator Computer Science and Engineering University of California, San Diego Office: EBU3b 1216 Phone: (858) 822-2625 E-mail: gkra(a)cs.ucsd.edu

15 years, 8 months

6
14
0 / 0

Error message while starting service

by Simon Renshaw

Hi, I installed OpenLDAP 2.2.29 on a Win2003 SP2 server that is already an AD DC (so that might be the problem). When I start the service, I get the following error message: service-specific error 16. If I run sc query openldap-slapd, I get: SERVICE_NAME: openldap-slapd TYPE : 10 WIN32_OWN_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)) WIN32_EXIT_CODE : 1066 (0x42a) SERVICE_EXIT_CODE : 16 (0x10) CHECKPOINT : 0x0 WAIT_HINT : 0x0 It does work fine on WinXP tho. So I think there is a conflict with AD. Is there a way to change the port that OpenLDAP uses? If not, I'll just demote the server instead. Thanks! Simon

15 years, 8 months

4
3
0 / 0

Query Log and stats?

by Jay Lee

I am using OpenLDAP 2.3 as a proxy cache to our primary eDirectory LDAP Server. The proxy is working but in order to optimize the cache, I need to specify the search queries and attributes to index in slapd.conf. Is there an easy way to log what queries are being run and how often? Jay Lee

15 years, 8 months

3
2
0 / 0

log.000xx files?

by Tim Tyler

Openldap experts, We are running openldap 2.3.30 on Fedora core 6. Everything seems to be working fine since we started it up in February. However, I have noticed that in /var/lib/ldap there are a lot of log.00000x files incrementing from 1 through 58 so far and they are all the same size of 5242880 bits. Can someone explain to me what the role of these log files is and if there is anything I should do to keep the directory clean over time? Should I just ignore them or is there maintenance or something that is recommended for cleaning up these log files over time? Is openldap dependent upon all of them for any reason? -rw------- 1 ldap ldap 5242880 Apr 18 18:56 log.0000000053 -rw------- 1 ldap ldap 5242880 Apr 30 07:38 log.0000000054 -rw------- 1 ldap ldap 5242880 Jun 5 11:26 log.0000000055 -rw------- 1 ldap ldap 5242880 Jun 8 13:30 log.0000000056 -rw------- 1 ldap ldap 5242880 Jul 18 12:07 log.0000000057 -rw------- 1 ldap ldap 5242880 Jul 19 11:45 log.0000000058. Also, are there any other ldap maintenance tasks that one might recommend doing periodically to keep the ldap databases running efficiently and reliably? Note we are using Berkley database in case that matters (*.bdb). Tim Tyler Network Engineer - Beloit College tyler(a)beloit.edu

15 years, 8 months

3
2
0 / 0

OpenLdap search does not return all result set

by Srilakshmanan, Kumuthiny

Hi I have a OpenLDAP version 2.2 on ldbm database under unix with 2500 users. I'm aware upgrading is an option but it is not clear whether it would resolve my issue as stated below. A search query returns a subset of the expected results. I reindexed the data and there was no change in the results returned. An update action to a user id not visible in the initial query becomes visible in subsequent queries. After an export of the data(slapcat) and import (slapadd) to an empty data store,the same query as above returns the expected results. After a period of time further queries return only a subset of the expected result set. Please find below the slapd.conf and data base size # Caches cachesize 100000 dbcachesize 10000000 index objectClass eq index cn eq index uid eq,sub index sn eq index groups eq #user limitations -1 no limit sizelimit 10000 timelimit 60 Please find my data base files -rw------- 1 openldap system 143360 Jul 19 21:09 cn.dbb -rw------- 1 openldap system 589824 Jul 19 14:34 dn2id.dbb -rw------- 1 openldap system 61440 Jul 19 21:09 groups.dbb -rw------- 1 openldap system 1368064 Jul 19 21:09 id2entry.dbb -rw------- 1 openldap system 8192 Jul 19 13:57 nextid.dbb -rw------- 1 openldap system 40960 Jul 19 21:09 objectClass.dbb -rw------- 1 openldap system 114688 Jul 19 21:09 sn.dbb -rw------- 1 openldap system 970752 Jul 19 21:09 uid.dbb Any assistance would be greatly appreciated. Regards, Kumuthiny Australia Post is committed to providing our customers with excellent service. If we can assist you in any way please telephone 13 13 18 or visit our website. The information contained in this e-mail communication may be proprietary, confidential or legally professionally privileged. It is intended exclusively for the individual or entity to which it is addressed. You should only read, disclose, re-transmit, copy, distribute, act in reliance on or commercialise the information if you are authorised to do so. Australia Post does not represent, warrant or guarantee the integrity of this e-mail communication has been maintained nor that the communication is free of errors, virus or interference. If you are not the addressee or intended recipient please notify us by replying direct to the sender and then destroy any electronic or paper copy of this message. Any views expressed in this e-mail communication are taken to be those of the individual sender, except where the sender specifically attributes those views to Australia Post and is authorised to do so.

15 years, 8 months

3
2
0 / 0

help adding a group

by Adam Williams

I'm trying to add a group with 2 users to LDAP, but i'm running into problems. When I add my group and then search for it, it shows a userPassword, and garbles the memberUid of the first user I added to the group. Any ideas? testgroup.ldif: dn: cn=testgroup,ou=Group,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us objectClass: posixGroup objectClass: top cn: testgroup userPassword: {crypt}x gidNumber: 102 memberUid: adam memberUid: testuser ldapadd -D "cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" -w txxxxxxxx -x -v -f testgroup.ldif ldap_initialize( <DEFAULT> ) add objectClass: posixGroup top add cn: testgroup add userPassword: {crypt}x add gidNumber: 102 add memberUid: adam testuser adding new entry "cn=testgroup,ou=Group,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" modify complete ldapsearch -D 'cn=Manager,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us' -b "cn=testgroup,ou=Group,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us" -w tical123 -x # extended LDIF # # LDAPv3 # base <cn=testgroup,ou=Group,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us> with scope subtree # filter: (objectclass=*) # requesting: ALL # # testgroup, Group, gomer.mdah.state.ms.us dn: cn=testgroup,ou=Group,dc=gomer,dc=mdah,dc=state,dc=ms,dc=us objectClass: posixGroup objectClass: top cn: testgroup userPassword:: e2NyeXB0fXg= gidNumber: 102 memberUid:: YWRhbSA= memberUid: testuser # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1

15 years, 8 months

4
3
0 / 0

how to extract information from bdb database ?

by JOYDEEP

Dear list, I am using opnldap with bdb database. I like to extract the mail address from the bdb database. I have found the mail.bdb but it is a binary file. Could any one suggest how can I extract the mail address from the bdb database ? thanks

15 years, 8 months

3
2
0 / 0

Replication architecture

by Bruno Lezoray EMSM

Hi all, i have a request from a customer about 2 replication architectures and i would like to know if it's possible to implement them: 1 - Master Server -> "hub" Server -> Slave Server 2 - Server1 <-> Server2 <-> Server 3 An other question: Is the replication with slurpd or SyncREPL supported over WAN ? Are there some restrictions ? Rgds, Bruno.

15 years, 8 months

5
7
0 / 0

how to maintain OpenLDAP database ?

by JOYDEEP

Dear list, I am newbie in OpenLDAP. Prersently I am running an OpenLDAP as the authentication of Postfix+IMAP email server. How can I take backup and maintain the database of LDAP ? what are the commands ? I like to place the associated commands in a cron jobs. Please enlighten me. thanks

15 years, 8 months

8
14
0 / 0

force TLS and rootdn

by Thierry Lacoste

I want to force clients to use TLS except on the IPv4 loopback interface. As suggested by Aaron I have the following ACL as the very first one # first, make sure TLS or localhost access to * by tls_ssf=1 none break by peername.ip="127.0.0.1" none break by * none followed by my "real" ACLs. Everything is working as expected but I've just noticed that I can bind to the server with my rootdn in cleartext. Is this expected? Is there a way to prevent this? Regards, Thierry.

15 years, 8 months

4
3
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software July 2007