openldap-software January 2009

openldap-software@openldap.org

52 participants
59 discussions

slapcat error
by Adam Williams 07 Jan '09

07 Jan '09

My OpenLDAP installation seems to be running ok, running on Fedora 8 X64 w/ openldap 2.3.43., users and groups are operating fine from LDAP. however, i'm trying to make a copy of all of the data for backup purposes, and for some reason, I can't run slapcat. [root@roark ldap]# slapcat -v -l /root/backup.ldif -b "dc=mdah,dc=state,dc=ms,dc=us" bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2) Expect poor performance for suffix dc=mdah,dc=state,dc=ms,dc=us. bdb_db_open: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2) bdb(dc=mdah,dc=state,dc=ms,dc=us): Unknown locker ID: 0 backend_startup_one: bi_db_open failed! (2) slap_startup failed so /root/backup.ldif wasn't created. I look in /var/lib/ldap and it contains: [root@roark ldap]# ls -l /var/lib/ldap/ total 772 -rw-r--r-- 1 root root 2048 2009-01-07 12:02 alock -rw------- 1 root root 24576 2009-01-06 16:59 __db.001 -rw------- 1 root root 368640 2009-01-06 16:59 __db.002 -rw------- 1 root root 270336 2009-01-06 16:59 __db.003 -rw------- 1 root root 98304 2009-01-06 16:59 __db.004 -rw------- 1 root root 557056 2009-01-06 16:59 __db.005 -rw------- 1 root root 24576 2009-01-06 16:59 __db.006 -rw------- 1 root root 10485760 2009-01-06 16:59 log.0000000001 Where are all the missing files!?!?!?!??!?! I'm scared to even restart slapd because it probably wouldn't start properly. On my server at home with a similar configuration, it has more files in /var/lib/ldap such as cn.dbd, id2entry.bdb, displayName.dbd, dn2id.bdb, gidNumber.bdb, memberUid.bdb, objectClass.bdb, sambaDomainName.bdb, sambaPrimaryGroupSID.bdb, sambaSID.bdb, sn.bdb, uid.bdb, and uidNumber.bdb. So what can I do to get id2entry.bdb and such back on roark so that I can do a slapcat?

3 9

Many nonpresent_callback lines in log for every replication
by Mathieu MILLET 06 Jan '09

06 Jan '09

Hi everyone, Just to know, still in the multimaster replication (using openldap 2.4.13), when doing a replication of a single element, I get a line that look like that on the other server : ----- nonpresent_callback: rid=201 present UUID 549ca77a-5fce-102d-8bd8-39f2ef728e07, dn cn=isis,ou=protocols,ou=etc,dc=local ------ for _every_ object in the directory, between the lines (for example) : do_syncrep2: rid=201 LDAP_RES_INTERMEDIATE - SYNC_ID_SET do_syncrep2: rid=201 LDAP_RES_INTERMEDIATE - SYNC_ID_SET do_syncrep2: rid=201 LDAP_RES_SEARCH_RESULT do_syncrep2: cookie=rid=201,sid=002,csn=20090106170623.060202Z#000000#002#000000;20090106171235.738693Z#000000#001#000000 and slap_queue_csn: queing 0xa1def938 20090106171235.738693Z#000000#001#000000 slap_graduate_commit_csn: removing 0xa03049a8 20090106171235.738693Z#000000#001#000000 My loglevel is set to : Config, Packets, Parse, Stats, Stats2, Sync Are these lines normal ? Thanks in advance for any answer. Sincerely yours, Mathieu. -- Mathieu MILLET mailto:ldap@htam.net ----

1 0

modifying replicated slave
by Graham Seaman 06 Jan '09

06 Jan '09

Hi, I have a busy master directory and need to replicate this to a quieter slave. The slave will have one client, which occasionally needs to make modifications to the directory. As I understand the documentation, in this situation the old slurpd would happily reroute the modification request to the master, and the change would eventually feed back to the slave. But I can't find anything about what happens in this situation with syncrepl. Does it just quietly accept modifications and allow itself to get out of sync with the master? Thanks Graham

2 2

Re: Excess log.* Files
by Quanah Gibson-Mount 05 Jan '09

05 Jan '09

--On Monday, January 05, 2009 10:13 AM -0800 Tim Gustafson <tjg(a)soe.ucsc.edu> wrote: >> Next question -- What version of OpenLDAP are you running? > > slapd 2.3.19 > > I know it's an older version. This box will be replaced with a newer > version (slapd 2.3.27) in a few months, but it's slow going to move over > a network like ours to a new LDAP infrastructure. Please keep replies on the list. I would note that OpenLDAP 2.3.27 is *also* an ancient release. It appears you are making the common mistake of using vendor supplied builds (I.e., RHEL or CentOS). Don't do this, it's sure suicide. See: <http://www.openldap.org/faq/data/cache/1456.html> What version of BDB your OpenLDAP is linked to would also be useful. In any case, checkpointing certainly works for me with later OpenLDAP 2.3 releases, but I know it was broken in OL 2.2, and it may have been in the early 2.3 releases. If you can't build and maintain OpenLDAP yourself, I highly advise either contracting with Symas for their builds that come with support (http://www.symas.com), or using the builds from Buchan Milne (<http://staff.telkomsa.net/packages/>). --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Re: OpenLdap 2.4 - Push replication slave/consumer behind firewall
by Aaron Richton 05 Jan '09

05 Jan '09

Please keep replies on the list. From your source directory (and note that if you're using syncrepl, this really should be the latest 2.4, not 2.4.11), cd into tests, then "./run test048". The test will occur in the "testrun" directory -- you can find slapd.1.conf and slapd.2.conf there. On Mon, 5 Jan 2009, Jose G. Torres wrote: > Aaron, > A few questions. > > > First, do I assume to look at the source distribution under tests/scripts directory for these examples?� I am look at the 2.4.11 version. > > > Look at test048 (the really good parts are in the slapd.1.conf). > When you mean to look at test048, do you mean tests/scripts/test048-syncrepl-multiproxy? > > Basically, drop the port 9013 configuration, and tune the 9012 one to your > reality. In particular, you'll want to remove the slapd.2.conf chain > directives (consider adding an updateref if appropriate) since the slave > won't be able to make the necessary connection. > I am trying to find the slapd.1.conf and slapd.2.conf files.�� Are these files called tests/data/slapd-syncrepl-*.conf or something like that? > > > Thanks! > > Jose >

1 0

OpenLdap 2.4 - Push replication slave/consumer behind firewall
by Jose G. Torres 04 Jan '09

04 Jan '09

Hello, I hope I am asking this question the correct group . I have a master/provider ldap server that can see the slave/consumer but not the other way around because my slave/consumer is behind a firewall and do not allow outbound connections. I would like to replicate my directories but as far as I understand replication can only happen if slave/consumer issue the replication. I just need to have a read only copy on the slave/consumer end. Could I do some like push an ldif copy my directory to the slave/consumer? Thanks!!!! Jose

2 1

Excess log.* Files
by Tim Gustafson 03 Jan '09

03 Jan '09

Hi, I've noticed that adding users to LDAP groups seems to generate lots of log.* files. Adding about 10 users to various LDAP groups (as 10 individual ldap_mod_add transactions from a PHP script) generates a 10MB log.* file, and in half an hour of running the script, I wind up with a dozen or more log.* files. In my slapd.conf, I have: checkpoint 100 10 and in DB_CONFIG, I have: set_flags DB_LOG_AUTOREMOVE But the log files stick around until I execute: /usr/sbin/slapd_db_checkpoint -1 /usr/sbin/slapd_db_archive -d Am I missing something here? I'm thinking that based on my configuration, I should wind up with one or two log.* files at any given time, but it seems that the options are perhaps being ignored? Tim Gustafson SOE Webmaster UC Santa Cruz tjg(a)soe.ucsc.edu 831-459-5354

2 2

Re: OpenLDAP and DNS SRV records
by Gavin Henry 01 Jan '09

01 Jan '09

Ah, my mistake. Thanks. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry(a)suretecsystems.com Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie, Aberdeenshire, AB51 4FP. Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

1 0

Re: OpenLDAP and DNS SRV records
by Gavin Henry 31 Dec '08

31 Dec '08

----- "Matt Kowske" <jmkowske(a)gmail.com> wrote: > Hello, > > I have been searching google trying to find an answer to this, but > have only things dated 2001 and prior. Question: Does openldap > (client) support the use of SRV records to determine the availability > of an ldap server? In this particular case, the openldap libraries are > compiled into another unix executable and 1 of 8 AD servers is > contacted via round robin DNS aliasing. Is it possible for openldap to > reference the SRV record in DNS rather than the A record? 2.4 does, 2.3 doesn't. -- Kind Regards, Gavin Henry. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry(a)suretecsystems.com Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie, Aberdeenshire, AB51 4FP. Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

6 13

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software January 2009