Truncate log and __db files?
by Mark Haney
I have an openldap server that has a log.000001 file that is ~10MB in
size and several __db.00# files that vary in size from 20KB or so to
300MB in size. My ldap DB only has 30 users in it or so and a restart
of the ldap service takes a half hour or more. How do
maintain/truncate/reduce the sizes of these files?
--
Recedite, plebes! Gero rem imperialem!
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
Call (866) ERC-7110 for after hours support
15 years, 12 months
Re: Links about integration
by Gabriel Stein
Quanah,
I'm just doing my best. Every documentation, every software have a bug(ok,
maybe a little, little, little bug), in the world.
Just remember, software was made by humans, documentation was made by
humans, and humans have some defects.
Can you make some logical links with this?
And finally... Perfect!!! You see a wrong samba documentation! Why not
report to samba docs team? If have defects in samba documentation, why not
contribute?
Cheers.
On 9/26/07, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
>
> --On Wednesday, September 26, 2007 12:27 AM -0300 Gabriel Stein
> <gabrielstein(a)gmail.com> wrote:
>
> > There´s no problem with my ego, is just a annouce:
> >
> > I´m promised to me to post constantly posts to Integration section of
> > FAQ. Every week I wiil check the links consistency and make all
> necessary
> > updates to the links.
>
> Cool. Will you be able to help fix documentation of these other sites?
> For example, I was helping someone on #ldap the other day set up syncrepl,
> and they were using the documentation at samba.org, which was completely
> wrong. :/
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
--
/\
Gabriel Stein
gabrielstein(a)gmail.com
MSN: gabrielstein(a)hotmail.com
Administrador de Redes -
Network Administrador
Linux User #223750
51-92796310
Porto Alegre - RS - Brasil
15 years, 12 months
OpenLDAP instance as syncREPL replica and Slurpd master
by Bruno Lezoray EMSM
Hi all,
i want to implement a specific openldap configuration with 3 instances:
1st is a master
2nd is a syncrepl replica "and" slurpd master
3rd is a slurpd replica
The reason why i want to implement this configuration is that i have
firewall restrictions:
Only the 2nd instance can establish TCP connections on 1st and 3rd
instances. TCP connections in the other direction is forbidden >:o .
The 1st instance sends updates correctly to the 2nd instance. But the
2nd instance doesn't generate replication log. So, i send nothing to the
3rd instance.
Here is an extract of my 2nd instance configuration:
database bdb
suffix "o=test"
rootdn "cn=root DN, o=test"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}JDqRrNmZbCiInNsubLessizYPdmcwhgf
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/products/freeware/openldap/var/openldap-slapd-pivot
#
# Changelog is check every 64 KB written or every 15 min
#
checkpoint 64 15
# password hash algorithm
password-hash {SSHA}
#
# Set the entry cache size to 50000.
#
cachesize 50000
# Indexes to maintain
index objectClass,entryCSN,entryUUID eq
index uid pres,eq,sub
index mail pres,eq,sub
index cn pres,eq,sub
index sn pres,eq,sub
#
# Slurpd master replication parameters
#
replica uri=ldaps://localhost:1636/
binddn="cn=Replicator, o=test"
bindmethod=simple credentials=secret
replogfile
/usr/products/freeware/openldap/var/replication/replication_pivot.log
#
# SyncREPL slave replication parameters
#
syncrepl rid=3
provider=ldaps://10.1.1.69:636
#type=refreshOnly
type=refreshAndPersist
#interval=01:00:00:00
searchbase="o=test"
filter="(objectClass=*)"
scope=sub
#attrs="cn,sn,ou,telephoneNumber,title,l"
schemachecking=off
bindmethod=simple
binddn="cn=root DN, o=test"
credentials=secret
So, my questions :
Can this architecture work ?
If yes, do you have a idea to solve the issue ?
If no, is there a solution according to the restriction ?
Rgds, Bruno.
15 years, 12 months
Schema not available after restarting with slapd.d
by Maykel Moya (lists)
I'd added a schema[1] while the server is running via cn=config. Its
classes becomes inmediatly available as expected. When I restart the
server those classes are not available anymore. There is no obvious
error in debugging info. The slapd.d/cn=config/cn=include{4}.ldif is
still here.
If i use the conf file instead of the conf dir, the schema classes are
available always.
I'm using version 2.3.38.
Please let me know is there any other specific info I should include.
Regards,
maykel
[1] http://www.bayour.com/openldap/schemas/qmail.schema
16 years
OpenLDAP: BerkeleyDB vs LDBM
by Carlos Narváez
Hi,
I want to know what are the differences between using BerkeleyDB or
LDBM as backend, and if i use LDBM, what are the differences using
BerkeleyDB or GDBM as API? Which is faster, or more stable? In which
cases is better to use one instead of the other?
Hope anyone can help, thanks.
--
Carlos Narváez
http://www.juegopixel.com
16 years
cn=config example
by Derek Yarnell
I have been running a LDAP with 2.3.x series for awhile now without
the cn=config stuff and I have been looking to add this functionality
into our running setup. So i have read the http://www.openldap.org/
doc/admin23/slapdconf2.html stuff and I am still a bit confused.
I obviously have to have some basic slapd.conf file, what does it
have to contain? And after i write basically the ldif for my config
for cn=config, you would just use slapadd to add it? Maybe i am
missing something could some shed some light?
-----
Derek T. Yarnell
University of Maryland
Institute for Advanced Computer Studies
derek(a)umiacs.umd.edu
16 years
Re: cn=config example
by David Damon
Howard Chu wrote:
>Emmanuel Dreyfus wrote:
>> Emmanuel Dreyfus <manu(a)netbsd.org> wrote:
>>
>>>> Thanks for that, but we have to assume some background knowledge ;-)
>>> Then the amount of
>>
>> Hem, that one was sent too early :-)
>>
>> What is the amount of assumed knowledge? It would be fair to tell what
>> are the requirement for reading the doc and where they can be
>> acquired...
>
> From the Project's perspective, I think the basic requirements include:
> basic sysadmin skills on your target platform - you need
to be proficient
>enough to operate as a superuser/Administrator without obliterating your
machine.
> basic netadmin skills - if you have to deal with IP
filters, firewalls,
>strange routing configurations, it's your obligation to be cognizant of
those
>things.
> security requirements - if you're trying to implement
security, you have to
>have a clear policy spec that tells you what you're trying to secure,
from whom.
> basic LDAP/X.500 knowledge - you should already know what
"DIT" and "DN"
>stand for, you should know what a schema looks like and what it does. You
>should know the syntax and semantics of a search filter, and what all of
the
>standard LDAP Request types are. You should know how an LDAP URL is
>structured, etc. Essentially, at least enough familiarity with everything
in
>the LDAP RFCs to recognize the terminology.
>
>Since the Project releases source code only, you should have basic
proficiency
>with software development tools and procedures - how to use the basic
tools of
>the trade - configure, make, cc, etc. For people using a prebuilt distro,
this
>is probably not a requirement.
The above would be a perfect preamble in the "basic knowledge" section of
the http://www.openldap.org web page! Follow this with a few high level
site links to this kind of information will most likely eliminate some of
the most basic "newbie" questions.
>--
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
Regards,
David Damon
Senior Systems Integration Analyst
Office: (714) 442-7562
FAX: (714) 442-2845
16 years
Re: cn=config example
by David Damon
>Gavin wrote:
>David Damon wrote:
>>
>> Gavin,
>> A key to good documentation is "don't assume anything". If you
>> have to ask the question, then it is best to include it in the docos.
>>
>
>Thanks for that, but we have to assume some background knowledge ;-)
>We're definitely not doing a "Dummies guide to OpenLDAP"
^^^^^^^^^^^^^^^^^^^^^^^^^^^
Could get rich off of a book like this! ^^ ;-) but I digress. Maybe
something like "Dummies guide to OpenLDAP" would make a very good
FAQ-O-MATIC subject on the http://www.openldap.org web site.
>
>--
>Kind Regards,
>
>Gavin Henry.
>Managing Director.
>
>T +44 (0) 1224 279484
>M +44 (0) 7930 323266
>F +44 (0) 1224 824887
>E ghenry(a)suretecsystems.com
>
>Open Source. Open Solutions(tm).
>
Regards,
David Damon
Senior Systems Integration Analyst
Office: (714) 442-7562
FAX: (714) 442-2845
16 years
extended / extensible search / in 2.3.38 ends with error code 34 invalid DN syntax [Virus checked]
by ems@Sparkassen-Informatik.de
Hello,
we use OpenLdap 2.3.38 on Solaris 10 (note we run openldap on high-Port,
so ldap can run as a "normal" user, without root-rights)
While the uid is not case-sensitiv, i want to search with an extensible
search (e.g. in RFC 2254 desribed), in the hope that Apache this also can
in the AuthLdapUrl Directive. But first, i try from console with
ldapsearch
But this ends with an Error-Code 34 invalid DN syntax
Whats wrong ? Do extended search work correct in openldap, or whats the
Error ?
First,when i try a "normal" search like this, it works fine .. an extended
not
1. ldapsearch -H ldap://10.11.12.15:2389 -x -b
uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
2. ldapsearch -H ldap://10.11.12.15:3389 -x -b
uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
Response from 1.
# extended LDIF
#
# LDAPv3
# base <uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de> with
scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# u4711, SI, Benutzer, sparkassen-informatik.de
dn: uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
cn: u4711
destinationIndicator: 100100,4600,,
st: 6
objectClass: person
objectClass: uidObject
objectClass: organizationalPerson
l: alle
sn: User von K.H. Ostertag
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
But now, when i use extensible Search like this, i got an error 34 invalid
DN syntax. .....uid:caseExactMatch:u4711....
ldapsearch -H ldap://10.1.23.15:3389 -x -b
uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
# extended LDIF
#
# LDAPv3
# base
<uid:caseExactMatch:=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de>
with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN
# numResponses: 1
And here is the Entry in LDIF-Format for this Test-User
dn: uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
cn: u4711
uid: u4711
description: ServiceView-Nutzer
userPassword:: e2NyedsfWERWER1Nk1Sd2VldzlnOC4=
destinationIndicator: 100100,4600,,
st: 6
street: 1146137613
objectClass: person
objectClass: uidObject
objectClass: organizationalPerson
structuralObjectClass: organizationalPerson
entryUUID: 676dba36-6a2d-102a-99f4-a3736da85288
creatorsName: cn=Manager,dc=sparkassen-informatik,dc=de
createTimestamp: 20060427113433Z
l: alle
sn: Test-User von K.H. Ostertag
entryCSN: 20060530041127Z#000001#00#000000
modifiersName: cn=Manager,dc=sparkassen-informatik,dc=de
modifyTimestamp: 20060530041137Z
16 years
