n-way replication question
by Dieter Kluenter
Hi,
after successfully setup a 4 node cascading replication and doing some
load tests(thank you Quanah for your slamd templates) I wanted to
switch to n-way replication, this time 2 nodes to start with. The
result in short, ldapadding an initial dataset is synced either way,
but any additional ldapadd is only kept local and not synced.
-dsync shows successful synced entries:
,----[ successful synced entries ]
| syncrepl_entry: rid=002 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
| syncrepl_entry: rid=002 inserted UUID 41551418-33d7-102d-94f3-e78d84b17a1f
| syncrepl_entry: rid=002 be_search (32)
| syncrepl_entry: rid=002 o=dkluenter
| syncrepl_entry: rid=002 be_add (0)
| syncrepl_entry: rid=002 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
| syncrepl_entry: rid=002 inserted UUID 41725ab4-33d7-102d-94f4-e78d84b17a1f
| syncrepl_entry: rid=002 be_search (0)
| syncrepl_entry: rid=002 cn=replicator,o=dkluenter
| syncrepl_entry: rid=002 be_add (0)
| syncrepl_entry: rid=002 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD)
| syncrepl_entry: rid=002 inserted UUID 4196ca66-33d7-102d-94f5-e78d84b17a1f
| syncrepl_entry: rid=002 be_search (0)
| syncrepl_entry: rid=002 cn=Administratoren,o=dkluenter
| syncrepl_entry: rid=002 be_add (0)
| do_syncrep2: rid=002 LDAP_RES_INTERMEDIATE - REFRESH_DELETE
`----
On the second host, on which additional entries where created -dsync shows
Entry ou=people,o=dkluenter changed by peer, ignored
Entry cn=foo bar,ou=people,o=dkluenter changed by peer, ignored
syncprov_search_response: cookie=rid=001,sid=000,csn=20081021162117.597928Z#000000#000#000000
this entries have not been synced, but only kept local.
The more important line of my slapd.conf
,----[ slapd.conf on node-1, 192.168.110.30 ]
| modulepath /opt/openldap-2.4/libexec/openldap
| moduleload syncprov.la
|
| serverID 1 ldap://192.168.100.30:9004/
| serverID 2 ldap://192.168.100.39:9004/
|
| access to dn.base="" by * read
| access to dn.base="cn=Subschema" by * read
|
| database config
| rootdn "cn=config"
| rootpw "xxx"
|
| database hdb
| suffix "o=dkluenter"
| rootdn "cn=admin,o=dkluenter"
| rootpw hhdy01
| directory /opt/openldap-2.4/var/openldap-data
| index objectClass eq
| index entryUUID,entryCSN eq
| index cn,sn,uid eq,sub
|
| access to dn.subtree="o=dkluenter"
| by group.exact="cn=Administratoren,o=dkluenter" write
| by users read
| by * auth
| syncrepl rid=002 provider=ldap://192.168.100.39:9004/
| bindmethod=simple
| binddn="cn=admin,o=dkluenter"
| credentials=xxx
| searchbase="o=dkluenter"
| scope=sub
| type=refreshAndPersist
| retry="5 5 300 5"
| syncrepl rid=003
| provider=ldap://192.168.100.30:9004
| bindmethod=simple
| binddn="cn=admin,o=dkluenter"
| credentials=xxx
| searchbase="o=dkluenter"
| scope=sub
| type=refreshAndPersist
| retry="5 5 300 5"
| mirrormode on
| overlay syncprov
| syncprov-reloadhint true
| syncprov-checkpoint 5 5
|
| database monitor
`----
,----[ slapd.conf node-2, 192.168.100.39 ]
| serverID 1 ldap://192.168.100.30:9004/
| serverID 2 ldap://192.168.100.39:9004/
|
| syncrepl rid=001
| provider=ldap://192.168.100.30:9004/
| bindmethod=simple
| binddn="cn=admin,o=dkluenter"
| credentials=xxx
| searchbase="o=dkluenter"
| scope=sub
| type=refreshAndPersist
| retry="5 5 300 5"
| syncrepl rid=004
| provider=ldap://192.168.100.39:9004/
| bindmethod=simple
| binddn="cn=admin,o=dkluenter"
| credentials=xxx
| searchbase="o=dkluenter"
| scope=sub
| type=refreshAndPersist
| retry="5 5 300 5"
| mirrormode on
| overlay syncprov
| syncprov-reloadhint true
| syncprov-checkpoint 5 5
`----
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E
14 years, 3 months
TLS problems with openldap
by LÉVAI Dániel
Hi!
I need some assistance regarding TLS configuration.
So, I'm using OpenLDAP 2.4.11 with debian/testing.
This what my config looks like:
slapd.conf:
[...]
TLSCACertificateFile /etc/ssl/certs/ecentrum_cacert.pem
TLSCertificateFile /etc/ldap/tls/openldap_cert.pem
TLSCertificateKeyFile /etc/ldap/tls/openldap_key.pem
TLSVerifyClient try
[...]
Slapd starts with these settings gladly, and with a client (eg.
ldapsearch) without requesting TLS connection, I can get to the invalid
credentials error (which is what I'm expecting now, this is just testing.).
But with requesting TLS:
$ cat ~/.ldaprc
TLS_CACERT /etc/ssl/certs/ecentrum_cacert.pem
$ ls -l /etc/ssl/certs/ecentrum_cacert.pem
-rw-r--r-- 1 root root [...] /etc/ssl/certs/ecentrum_cacert.pem
$ ldapsearch -d 1 -ZZWx '(objectclass=*)' \
-H ldap://fileserver.digiszfv:636
ldap_url_parse_ext(ldap://fileserver.digiszfv:636)
ldap_create
ldap_url_parse_ext(ldap://fileserver.digiszfv:636/??base)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP fileserver.digiszfv:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.1.3:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 3
ldap_result ld 0x67e0b0 msgid 1
wait4msg ld 0x67e0b0 msgid 1 (infinite timeout)
wait4msg continue ld 0x67e0b0 msgid 1 all 1
** ld 0x67e0b0 Connections:
* host: fileserver.digiszfv port: 636 (default)
refcnt: 2 status: Connected
last used: Mon Oct 27 11:07:53 2008
** ld 0x67e0b0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x67e0b0 request count 1 (abandoned 0)
** ld 0x67e0b0 Response Queue:
Empty
ld 0x67e0b0 response count 0
ldap_chkResponseList ld 0x67e0b0 msgid 1 all 1
ldap_chkResponseList returns ld 0x67e0b0 NULL
ldap_int_select
read1msg: ld 0x67e0b0 msgid 1 all 1
ber_get_next
ldap_free_connection 1 0
ldap_free_connection: actually freed
ldap_err2string
ldap_start_tls: Can't contact LDAP server (-1)
Meanwhile on the server side:
# tail -f syslog
slapd[3779]: slap_listener_activate(9):
slapd[3779]: >>> slap_listener(ldaps://fileserver.digiszfv:636/)
slapd[3779]: connection_get(15): got connid=21
slapd[3779]: connection_read(15): checking for input on id=21
slapd[3779]: connection_read(15): TLS accept failure error=-1 id=21, closing
slapd[3779]: connection_closing: readying conn=21 sd=15 for close
slapd[3779]: connection_close: conn=21 sd=15
The log messages are so terse and/or cryptic, I simply can not figure
out what could be wrong.
Any help would be appreciated!
Thanks!
Daniel
--
LEVAI Daniel
PGP key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
14 years, 3 months
smbk5pwd segfault on AIX 5.3
by David Markey
I'm trying to get smbk5pwd to work on AIX 5.3(power 6) compiled with
xlc, Have compiled most things from scratch, bdb, libtool, sasl.
Openldap 2.4.12
slapd log:
line 18 (argsfile /opt/csr/var/run/slapd/slapd.args)
line 20 (loglevel 20)
line 22 (modulepath /opt/csr/etc/openldap/smbk5pwd/.libs)
line 23 (moduleload smbk5pwd)
loaded module smbk5pwd
Segmentation fault
Im getting a segfault when the module is loaded.
more info:
(gdb) backtrace
#0 0xd30afe58 in lutil_passwd_add () from
/opt/csr/etc/openldap/smbk5pwd/.libs/smbk5pwd.so.0
#1 0xd30ae1d0 in smbk5pwd_initialize () at smbk5pwd.c:1022
#2 0x100e9454 in ?? ()
bash-3.2# ldd /opt/csr/etc/openldap/smbk5pwd/.libs/smbk5pwd.so.0
/opt/csr/etc/openldap/smbk5pwd/.libs/smbk5pwd.so.0 needs:
/usr/lib/libc.a(shr.o)
/opt/csr/lib/liblber.a(liblber-2.4.so.2)
/opt/csr/lib/libkrb5.a(libkrb5.so.22)
/opt/csr/lib/libkadm5srv.a(libkadm5srv.so.8)
/opt/csr/lib/libldap_r.a(libldap_r-2.4.so.2)
/usr/lib/libcrypto.a(libcrypto.so.0.9.8)
/unix
/usr/lib/libcrypt.a(shr.o)
/opt/csr/lib/libroken.a(libroken.so.18)
/opt/csr/lib/libasn1.a(libasn1.so.8)
/opt/csr/lib/libcom_err.a(libcom_err.so.1)
/opt/csr/lib/libhx509.a(libhx509.so.1)
/opt/csr/lib/libhdb.a(libhdb.so.9)
/usr/lib/libs.a(shr.o)
/usr/lib/libpthread.a(shr_xpg5.o)
/usr/lib/libssl.a(libssl.so.0.9.8)
/opt/csr/lib/libldap.a(libldap-2.4.so.2)
/usr/lib/libpthreads.a(shr_comm.o)
I was just doing this as an experiment so its not essential this
works. Would be nice though.
Thanks.
14 years, 3 months
Question to meta-backend / ldap-backend
by Wilhelm Meier
Hi,
I think this is a relative simple question but I did not use the
meta/ldap-backend before.
We have an openldap-server for user authentification. The user bind as
uid=<user>,ou=Benutzer,dc=kmux,dc=de
where <user> is the actual username.
We have a diffent application where only users of a special
posixGroup "Archiv" should be valid. The application is not capable
of doing some sort of filtering.
So, I thought it must be passoble to do this filtering with the meta
or ldap-backup using the original ldap-db:
the filter should look like:
(&(cn=Archiv)(memberUid=<user>)(objectClass=posixGroup))
where <user> is the username as above.
Any hints?
--
Wilhelm
14 years, 3 months
OpenLDAP 2.4 syncrepl - Size limit exceeded error in consumer end
by Karthik Dathathri
I was trying to setup replication using syncrepl with openldap 2.4.11
on two machines running RHEL 5.0
The provider has approximately 1000 entries in the directory.
On the consumer side, I am getting the following error after
synchronization of around 500 records.
Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001
cn=Delfin Labarge,ou=Payroll,dc=example,dc=com
Oct 14 16:35:59 osmvm2 slapd2.4[11727]: syncrepl_entry: rid=001 be_add
(0)
Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001
LDAP_RES_SEARCH_RESULT
Oct 14 16:35:59 osmvm2 slapd2.4[11727]: do_syncrep2: rid=001 (4) Size
limit exceeded
I am using "refreshOnly" syncrepl in the consumer.
The syncrepl user dn is uid=syncrepl,ou=System,dc=example,dc=com
and added this dn as a member to a group called LDAPAdmins
(cn=LDAPAdmins,ou=Groups,dc=example,dc=com)
slapd.conf configuration at the consumer end is as follows:
# Replicas running syncrepl as non-rootdn need unrestricted size/time
limits:
limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com"
size=unlimited
time=unlimited
#SyncRepl slave configuration
syncrepl rid=001
provider=ldap://16.167.10.25
type=refreshOnly
interval=00:00:05:00
searchbase="dc=example,dc=com"
binddn="uid=syncrepl,ou=System,dc=example,dc=com"
credentials=secret
timelimit=unlimited
sizelimit=unlimited
slapd.conf configuration at the provider is as follows:
#Global ACL for replication
access to *
by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" read
by anonymous read
# syncprov
index entryCSN,entryUUID eq
# Replicas running syncrepl as non-rootdn need unrestricted size/time
limits:
limits group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com"
size=unlimited
time=unlimited
# ACL ensuring replicator has write access
access to *
by group="cn=LDAPAdmins,ou=Groups,dc=example,dc=com" write
by * read
#syncprov overlay configuration
overlay syncprov
syncprov-checkpoint 50 10
syncprov-sessionlog 100
Any pointers would be appreciated. If someone needs more information
about the environment, please
let me know.
Thanks & Regards,
Karthik
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
14 years, 3 months
Support for "codice fiscale" syntax
by Pierangelo Masarati
I've developed a module that implements support for the syntax of
"codice fiscale", the personal identification code used by the Italian
government to uniquely identify citizen. I think it might be of general
use, although possibly limited to Italian users, so I'd like to give it
a somewhat official and unbiased OID, rather than one under my arc or
SysNet's. Would it qualify as general enough for OpenLDAP's OID arc, at
least while experimental? I believe the need for a dedicated syntax (as
opposed to IA5string, printableString or so) is that its definition,
although flawed, needs to conform to quite a few restrictions, and a
syntax that allows to detect trivial errors and single out impossible
values would be definitely helpful. I need the OID in order to submit
code along with an ITS for contrib. An OID arc would be best, because
the kit consists in:
- a syntax
- an equality matching rule (cfMatch)
- an attribute spec (cf)
- an auxiliary objectClass spec (cfObject)
Please comment.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando(a)sys-net.it
-----------------------------------
14 years, 3 months
Problems converting slapd.conf to a directory: i am desperated
by John Nietzsche
Dear list members,
i am trying to convert slapd.conf to a directory. I am having problems
trying to get it working.
Here you have the output and slapd.conf i am working on:
sioux@etosha$ slaptest -f slapd.conf -F /tmp/x; cat slapd.conf
WARNING: No dynamic config support for database ldbm.
WARNING: The converted cn=config directory is incomplete and may not work.
ldbm_back_db_open: alock package is unstable; database may be inconsistent!
config file testing succeeded
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
pidfile /asd/var/run/slapd.pid
argsfile /asd/var/run/slapd.args
idletimeout 1024
loglevel -1
# referral
sizelimit 1024
timelimit 1024
backend ldbm
database ldbm
readonly off
#replica
#replogfile
suffix "dc=cpd,dc=ufv,dc=br"
rootdn "cn=Manager,dc=cpd,dc=ufv,dc=br"
rootpw {SSHA}L+RsBLcsc846Bv/tTiEnBONIx3oTSPG5
#syncrepl
#updatedn
#updateref
cachesize 1024
dbcachesize 1048576
#dbnolocking
#dbnosync
#dbsync <frequency> <maxdelays> <delayinterval>
directory /asd/var/ldap
index objectClass eq
mode 0600
14 years, 3 months
Re: Some entries not syncing to slave using syncrepl
by Robert Fitzpatrick
On Mon, 2008-10-27 at 14:28 +0000, andylockran wrote:
> Robert Fitzpatrick wrote:
> > I have setup a 2.3.43 master/slave using syncrepl, but some entries are
> > not syncing. I have one entire tree (ou=Domains,dc=example,dc=com) and
> > some entries under another certain tree not coming over to the slave.
> >
> > Here is my slapd.conf syncrepl entry on the slave with an ip address of
> > 10.0.0.5...
> >
> > syncrepl rid=120
> > provider=ldap://10.0.0.6:389
> > type=refreshAndPersist
> > interval=00:00:05:00
> > searchbase="dc=example,dc=com"
> > filter="(objectClass=*)"
> > scope=sub
> > schemachecking=off
> > bindmethod=simple
> > binddn="uid=slurpd,ou=Services,dc=example,dc=com"
> > credentials=password
> >
> > And in my master from slapd.conf...
> >
> > overlay syncprov
> > syncprov-checkpoint 100 10
> > syncprov-sessionlog 100
> >
> > My ACL does not contain any specific access for my Domains container,
> > but at the bottom contains...
> >
> > access to *
> > by sockurl.regex="^ldapi://%2fvar%2frun%2fopenldap%2fldapi/$" write
> > by group.exact="cn=Administrators,dc=example,dc=com" write
> > by self write
> > by users read
> > by peername=10.0.0.5 read
> > by * read
> >
> > My slurpd uid is a member of the Administrators group entry. Using my
> > Domains tree as an example, I can read the entry no problem...
> >
> > esmtp# ldapsearch -LLL -h 10.0.0.6 -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn
> > Enter LDAP Password:
> > dn: ou=Domains,dc=example,dc=com
> >
> > However, I have no Domains container in my slave :(
> >
> > esmtp# ldapsearch -LLL -h localhost -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn
> > Enter LDAP Password:
> >
> > Can someone help me shed some light on this problem?
> >
> The filter (objectclass=*) isn't blocking it is it?
Thanks. I have confirmed all to have objectClass defined, however, I
removed the filter, stopped the server, deleted the directory folder and
put back my DB_CONFIG, then restarted. Still, this one container and
select entries beneath another container are not coming over to the
master. But most entries in the directory are coming over and running
the above ldapsearch from the slave pulls the entries on the master, no
problem.
Any other ideas?
--
Robert
14 years, 3 months
Some entries not syncing to slave using syncrepl
by Robert Fitzpatrick
I have setup a 2.3.43 master/slave using syncrepl, but some entries are
not syncing. I have one entire tree (ou=Domains,dc=example,dc=com) and
some entries under another certain tree not coming over to the slave.
Here is my slapd.conf syncrepl entry on the slave with an ip address of
10.0.0.5...
syncrepl rid=120
provider=ldap://10.0.0.6:389
type=refreshAndPersist
interval=00:00:05:00
searchbase="dc=example,dc=com"
filter="(objectClass=*)"
scope=sub
schemachecking=off
bindmethod=simple
binddn="uid=slurpd,ou=Services,dc=example,dc=com"
credentials=password
And in my master from slapd.conf...
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
My ACL does not contain any specific access for my Domains container,
but at the bottom contains...
access to *
by sockurl.regex="^ldapi://%2fvar%2frun%2fopenldap%2fldapi/$" write
by group.exact="cn=Administrators,dc=example,dc=com" write
by self write
by users read
by peername=10.0.0.5 read
by * read
My slurpd uid is a member of the Administrators group entry. Using my
Domains tree as an example, I can read the entry no problem...
esmtp# ldapsearch -LLL -h 10.0.0.6 -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn
Enter LDAP Password:
dn: ou=Domains,dc=example,dc=com
However, I have no Domains container in my slave :(
esmtp# ldapsearch -LLL -h localhost -D uid=slurpd,ou=Services,dc=example,dc=com -W "(ou=Domains)" dn
Enter LDAP Password:
Can someone help me shed some light on this problem?
14 years, 3 months
testing symas with modrate and searchrate tools
by ELCIN HAKTANIR
Hi
i have got
'symas-openldap-silver-2.4.11.0.sun4u.pkg'
installed
on
System Configuration: Sun Microsystems sun4v
Memory size: 32640 Megabytes
System Peripherals (Software Nodes):
SUNW,SPARC-Enterprise-T5220
i have got 1 million subscribers
1.97 GB size of data for *.bdb files.
now my question is,
i installed
Sun Java Directory Server Enterprise Edition 6_3 on another identical
machine
and use its utility called 'searchrate' and 'modrate'
for comparing these two servers' performances.
But this command hungs my symas openLDAP instance .i can't use multiple
threads for 'modrate'
testing.
here is my command that hungs my solserver instance.
./des/dsrk6/bin/modrate -h 192.168.43.45 -p 389 -D
"cn=saadet,o=saadettest" -w admin234 -b
"mobile=%s,ou=subscribers,o=saadettest" -i ./des/dsrk6/bin/numbers.txt
-t40 -C 5 -M 'occupation:10:[A-Z]'
The output is here:
Avg r= 41.42/thr (331.40/sec), total= 1657
T0 blk, T1 blk, T2 blk, T3 blk, T4 blk, T5 blk, T6 blk, T7 blk, T8 blk, T9
blk, T10 blk, T11 blk, T12 blk, T13 blk, T14 blk, T15 blk, T16 blk, T17
blk, T18 blk, T19 blk, T20 blk, T21 blk, T22 blk, T23 blk, T24 blk, T25
blk, T26 blk, T27 blk, T28 blk, T29 blk, T30 blk, T31 blk, T32 blk, T33
blk, T34 blk, T35 blk, T36 blk, T37 blk, T38 blk, T39 blk
Avg r= 0.00/thr ( 0.00/sec), total= 0
T0 blk, T1 blk, T2 blk, T3 blk, T4 blk, T5 blk, T6 blk, T7 blk, T8 blk, T9
blk, T10 blk, T11 blk, T12 blk, T13 blk, T14 blk, T15 blk, T16 blk, T17
blk, T18 blk, T19 blk, T20 blk, T21 blk, T22 blk, T23 blk, T24 blk, T25
blk, T26 blk, T27 blk, T28 blk, T29 blk, T30 blk, T31 blk, T32 blk, T33
blk, T34 blk, T35 blk, T36 blk, T37 blk, T38 blk, T39 blk
Avg r= 0.00/thr ( 0.00/sec), total= 0
The question is why can't i use these two utility commands for openLDAP?
What have i done wrong?
--------------------------------------
Bu elektronik posta ve onunla iletilen bütün dosyalar gizlidir sadece
yukarıda isimleri belirtilen kişiler arasında özel haberleşme amacını
taşımaktadır. Size yanlışlıkla ulaşmıssa bu elektonik postanın içeriğini
açıklamanız , kopyalamanız, yönlendirmeniz ve kullanmanız kesinlikle
yasaktır. Lütfen mesajı geri gönderiniz ve sisteminizden siliniz. Vodafone
Teknoloji Hizmetleri A.Ş. bu mesajın içeriği ile ilgili olarak hiç bir
hukuksal sorumluluğu kabul etmez.
This electonic mail and any files transmitted with it are intended for the
private use of the persons named above. If you received this message in
error, forwarding, copying or use of any of the information is strictly
prohibited. Please immediately notify the sender and delete it from your
system. Vodafone Teknoloji Hizmetleri A.S. does not accept legal
responsibility for the contents of this message.
--------------------------------------
14 years, 3 months