openldap-software September 2007

openldap-software@openldap.org

74 participants
88 discussions

Truncate log and __db files?
by Mark Haney 26 Sep '07

26 Sep '07

I have an openldap server that has a log.000001 file that is ~10MB in size and several __db.00# files that vary in size from 20KB or so to 300MB in size. My ldap DB only has 30 users in it or so and a restart of the ldap service takes a half hour or more. How do maintain/truncate/reduce the sizes of these files? -- Recedite, plebes! Gero rem imperialem! Mark Haney Sr. Systems Administrator ERC Broadband (828) 350-2415 Call (866) ERC-7110 for after hours support

2 1

Re: Links about integration
by Gabriel Stein 26 Sep '07

26 Sep '07

Quanah, I'm just doing my best. Every documentation, every software have a bug(ok, maybe a little, little, little bug), in the world. Just remember, software was made by humans, documentation was made by humans, and humans have some defects. Can you make some logical links with this? And finally... Perfect!!! You see a wrong samba documentation! Why not report to samba docs team? If have defects in samba documentation, why not contribute? Cheers. On 9/26/07, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > > --On Wednesday, September 26, 2007 12:27 AM -0300 Gabriel Stein > <gabrielstein(a)gmail.com> wrote: > > > There´s no problem with my ego, is just a annouce: > > > > I´m promised to me to post constantly posts to Integration section of > > FAQ. Every week I wiil check the links consistency and make all > necessary > > updates to the links. > > Cool. Will you be able to help fix documentation of these other sites? > For example, I was helping someone on #ldap the other day set up syncrepl, > and they were using the documentation at samba.org, which was completely > wrong. :/ > > --Quanah > > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration > -- /\ Gabriel Stein gabrielstein(a)gmail.com MSN: gabrielstein(a)hotmail.com Administrador de Redes - Network Administrador Linux User #223750 51-92796310 Porto Alegre - RS - Brasil

1 0

OpenLDAP instance as syncREPL replica and Slurpd master
by Bruno Lezoray EMSM 26 Sep '07

26 Sep '07

Hi all, i want to implement a specific openldap configuration with 3 instances: 1st is a master 2nd is a syncrepl replica "and" slurpd master 3rd is a slurpd replica The reason why i want to implement this configuration is that i have firewall restrictions: Only the 2nd instance can establish TCP connections on 1st and 3rd instances. TCP connections in the other direction is forbidden >:o . The 1st instance sends updates correctly to the 2nd instance. But the 2nd instance doesn't generate replication log. So, i send nothing to the 3rd instance. Here is an extract of my 2nd instance configuration: database bdb suffix "o=test" rootdn "cn=root DN, o=test" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}JDqRrNmZbCiInNsubLessizYPdmcwhgf # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/products/freeware/openldap/var/openldap-slapd-pivot # # Changelog is check every 64 KB written or every 15 min # checkpoint 64 15 # password hash algorithm password-hash {SSHA} # # Set the entry cache size to 50000. # cachesize 50000 # Indexes to maintain index objectClass,entryCSN,entryUUID eq index uid pres,eq,sub index mail pres,eq,sub index cn pres,eq,sub index sn pres,eq,sub # # Slurpd master replication parameters # replica uri=ldaps://localhost:1636/ binddn="cn=Replicator, o=test" bindmethod=simple credentials=secret replogfile /usr/products/freeware/openldap/var/replication/replication_pivot.log # # SyncREPL slave replication parameters # syncrepl rid=3 provider=ldaps://10.1.1.69:636 #type=refreshOnly type=refreshAndPersist #interval=01:00:00:00 searchbase="o=test" filter="(objectClass=*)" scope=sub #attrs="cn,sn,ou,telephoneNumber,title,l" schemachecking=off bindmethod=simple binddn="cn=root DN, o=test" credentials=secret So, my questions : Can this architecture work ? If yes, do you have a idea to solve the issue ? If no, is there a solution according to the restriction ? Rgds, Bruno.

3 10

Schema not available after restarting with slapd.d
by Maykel Moya (lists) 23 Sep '07

23 Sep '07

I'd added a schema[1] while the server is running via cn=config. Its classes becomes inmediatly available as expected. When I restart the server those classes are not available anymore. There is no obvious error in debugging info. The slapd.d/cn=config/cn=include{4}.ldif is still here. If i use the conf file instead of the conf dir, the schema classes are available always. I'm using version 2.3.38. Please let me know is there any other specific info I should include. Regards, maykel [1] http://www.bayour.com/openldap/schemas/qmail.schema

2 1

OpenLDAP: BerkeleyDB vs LDBM
by Carlos Narváez 22 Sep '07

22 Sep '07

Hi, I want to know what are the differences between using BerkeleyDB or LDBM as backend, and if i use LDBM, what are the differences using BerkeleyDB or GDBM as API? Which is faster, or more stable? In which cases is better to use one instead of the other? Hope anyone can help, thanks. -- Carlos Narváez http://www.juegopixel.com

3 2

cn=config example
by Derek Yarnell 22 Sep '07

22 Sep '07

I have been running a LDAP with 2.3.x series for awhile now without the cn=config stuff and I have been looking to add this functionality into our running setup. So i have read the http://www.openldap.org/ doc/admin23/slapdconf2.html stuff and I am still a bit confused. I obviously have to have some basic slapd.conf file, what does it have to contain? And after i write basically the ldif for my config for cn=config, you would just use slapadd to add it? Maybe i am missing something could some shed some light? ----- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies derek(a)umiacs.umd.edu

16 59

Re: cn=config example
by David Damon 21 Sep '07

21 Sep '07

Howard Chu wrote: >Emmanuel Dreyfus wrote: >> Emmanuel Dreyfus <manu(a)netbsd.org> wrote: >> >>>> Thanks for that, but we have to assume some background knowledge ;-) >>> Then the amount of >> >> Hem, that one was sent too early :-) >> >> What is the amount of assumed knowledge? It would be fair to tell what >> are the requirement for reading the doc and where they can be >> acquired... > > From the Project's perspective, I think the basic requirements include: > basic sysadmin skills on your target platform - you need to be proficient >enough to operate as a superuser/Administrator without obliterating your machine. > basic netadmin skills - if you have to deal with IP filters, firewalls, >strange routing configurations, it's your obligation to be cognizant of those >things. > security requirements - if you're trying to implement security, you have to >have a clear policy spec that tells you what you're trying to secure, from whom. > basic LDAP/X.500 knowledge - you should already know what "DIT" and "DN" >stand for, you should know what a schema looks like and what it does. You >should know the syntax and semantics of a search filter, and what all of the >standard LDAP Request types are. You should know how an LDAP URL is >structured, etc. Essentially, at least enough familiarity with everything in >the LDAP RFCs to recognize the terminology. > >Since the Project releases source code only, you should have basic proficiency >with software development tools and procedures - how to use the basic tools of >the trade - configure, make, cc, etc. For people using a prebuilt distro, this >is probably not a requirement. The above would be a perfect preamble in the "basic knowledge" section of the http://www.openldap.org web page! Follow this with a few high level site links to this kind of information will most likely eliminate some of the most basic "newbie" questions. >-- > -- Howard Chu > Chief Architect, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ Regards, David Damon Senior Systems Integration Analyst Office: (714) 442-7562 FAX: (714) 442-2845

2 1

Re: cn=config example
by David Damon 21 Sep '07

21 Sep '07

>Gavin wrote: >David Damon wrote: >> >> Gavin, >> A key to good documentation is "don't assume anything". If you >> have to ask the question, then it is best to include it in the docos. >> > >Thanks for that, but we have to assume some background knowledge ;-) >We're definitely not doing a "Dummies guide to OpenLDAP" ^^^^^^^^^^^^^^^^^^^^^^^^^^^ Could get rich off of a book like this! ^^ ;-) but I digress. Maybe something like "Dummies guide to OpenLDAP" would make a very good FAQ-O-MATIC subject on the http://www.openldap.org web site. > >-- >Kind Regards, > >Gavin Henry. >Managing Director. > >T +44 (0) 1224 279484 >M +44 (0) 7930 323266 >F +44 (0) 1224 824887 >E ghenry(a)suretecsystems.com > >Open Source. Open Solutions(tm). > Regards, David Damon Senior Systems Integration Analyst Office: (714) 442-7562 FAX: (714) 442-2845

1 0

LDAPcon 2007, results
by Dieter Kluenter 21 Sep '07

21 Sep '07

Hi, some slides, photographies and blogs of this years LDAPcon can be found here, for those who are interested: http://www.guug.de/veranstaltungen/ldapcon2007/further_readings.html the complete proceedings can be ordered as well. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6

1 0

extended / extensible search / in 2.3.38 ends with error code 34 invalid DN syntax [Virus checked]
by ems＠Sparkassen-Informatik.de 21 Sep '07

21 Sep '07

Hello, we use OpenLdap 2.3.38 on Solaris 10 (note we run openldap on high-Port, so ldap can run as a "normal" user, without root-rights) While the uid is not case-sensitiv, i want to search with an extensible search (e.g. in RFC 2254 desribed), in the hope that Apache this also can in the AuthLdapUrl Directive. But first, i try from console with ldapsearch But this ends with an Error-Code 34 invalid DN syntax Whats wrong ? Do extended search work correct in openldap, or whats the Error ? First,when i try a "normal" search like this, it works fine .. an extended not 1. ldapsearch -H ldap://10.11.12.15:2389 -x -b uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de 2. ldapsearch -H ldap://10.11.12.15:3389 -x -b uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de Response from 1. # extended LDIF # # LDAPv3 # base <uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de> with scope subtree # filter: (objectclass=*) # requesting: ALL # # u4711, SI, Benutzer, sparkassen-informatik.de dn: uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de cn: u4711 destinationIndicator: 100100,4600,, st: 6 objectClass: person objectClass: uidObject objectClass: organizationalPerson l: alle sn: User von K.H. Ostertag # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 But now, when i use extensible Search like this, i got an error 34 invalid DN syntax. .....uid:caseExactMatch:u4711.... ldapsearch -H ldap://10.1.23.15:3389 -x -b uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de # extended LDIF # # LDAPv3 # base <uid:caseExactMatch:=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 34 Invalid DN syntax text: invalid DN # numResponses: 1 And here is the Entry in LDIF-Format for this Test-User dn: uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de cn: u4711 uid: u4711 description: ServiceView-Nutzer userPassword:: e2NyedsfWERWER1Nk1Sd2VldzlnOC4= destinationIndicator: 100100,4600,, st: 6 street: 1146137613 objectClass: person objectClass: uidObject objectClass: organizationalPerson structuralObjectClass: organizationalPerson entryUUID: 676dba36-6a2d-102a-99f4-a3736da85288 creatorsName: cn=Manager,dc=sparkassen-informatik,dc=de createTimestamp: 20060427113433Z l: alle sn: Test-User von K.H. Ostertag entryCSN: 20060530041127Z#000001#00#000000 modifiersName: cn=Manager,dc=sparkassen-informatik,dc=de modifyTimestamp: 20060530041137Z

2 1

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software September 2007