dynlist overlay and ldapsearch
by ben thielsen
hi-
i'm using the dynlist overlay and am not getting back the search results i expected. i'm using 2.4.11 courtesy of debian.
here is my overlay config:
>ldapsearch -xWLLLD 'cn=admin,cn=config' -b 'cn=config' "(objectclass=olcdynamiclist)"
dn: olcOverlay={5}dynlist,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynamicList
olcOverlay: {5}dynlist
olcDLattrSet: {0}groupOfNames memberURL member
olcDLattrSet: {1}mailGroup labeledURI
here is the entry in question:
>ldapsearch -xWLLLD 'cn=admin,dc=groundnoise,dc=net' -s base -b 'cn=abuse,ou=distribution_groups,ou=all_domains,ou=domains,ou=mail,dc=groundnoise,dc=net'
dn: cn=abuse,ou=distribution_groups,ou=all_domains,ou=domains,ou=mail,dc=groun
dnoise,dc=net
objectClass: mailGroup
objectClass: top
objectClass: extensibleObject
cn: abuse
member: cn=postmaster,ou=distribution_groups,ou=all_domains,ou=domains,ou=mail
,dc=groundnoise,dc=net
labeledURI: ldap:///ou=domains,ou=mail,dc=groundnoise,dc=net?host?sub?(objectC
lass=mailDomain)
host: phone.dipswitch.net
host: luna.mpls.mn.us
host: groundnoise.net
host: thielsen.org
host: sjva1991.org
host: dipswitch.net
host: bitrate.net
searched for another way:
>ldapsearch -xWLLLD 'cn=admin,dc=groundnoise,dc=net' '(&(objectclass=mailgroup)(cn=abuse))' host
dn: cn=abuse,ou=distribution_groups,ou=all_domains,ou=domains,ou=mail,dc=groun
dnoise,dc=net
host: phone.dipswitch.net
host: luna.mpls.mn.us
host: groundnoise.net
host: thielsen.org
host: sjva1991.org
host: dipswitch.net
host: bitrate.net
however, the results from this search are missing that entry:
>ldapsearch -xWLLLD 'cn=admin,dc=groundnoise,dc=net' '(host=dipswitch.net)' dn
dn: host=dipswitch.net,ou=domains,ou=mail,dc=groundnoise,dc=net
or another search:
ldapsearch -xvWD 'cn=admin,dc=groundnoise,dc=net' '(&(objectclass=mailgroup)(host=*))' host
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
filter: (&(objectclass=mailgroup)(host=*))
requesting: host
# extended LDIF
#
# LDAPv3
# base <dc=groundnoise, dc=net> (default) with scope subtree
# filter: (&(objectclass=mailgroup)(host=*))
# requesting: host
#
# search result
search: 2
result: 0 Success
# numResponses: 1
if i remove the labeledURI attribute and populate with static entries, things appear to work as expected:
here's the entry:
>ldapsearch -xWLLLD 'cn=admin,dc=groundnoise,dc=net' '(&(objectclass=mailgroup)(cn=abuse))'
dn: cn=abuse,ou=distribution_groups,ou=all_domains,ou=domains,ou=mail,dc=groun
dnoise,dc=net
objectClass: mailGroup
objectClass: top
objectClass: extensibleObject
cn: abuse
member: cn=postmaster,ou=distribution_groups,ou=all_domains,ou=domains,ou=mail
,dc=groundnoise,dc=net
host: foo
host: bar
host: com
host: net
host: org
and a search:
>ldapsearch -xWLLLD 'cn=admin,dc=groundnoise,dc=net' '(host=foo)' dn
dn: cn=abuse,ou=distribution_groups,ou=all_domains,ou=domains,ou=mail,dc=groun
dnoise,dc=net
what am i doing wrong?
thanks
-ben
13 years, 7 months
Re: solaris compile options
by Brett @Google
i am using CFLAGS="-fast -xtarget=ultraT1 -xarch=sparcvis2 -xcode=pic32 -g
-xs -O"
one set of solaris docs i read implied that -xarch=sparcvis2 was equivalent
to -xarch=v9 (which used to trigger 64 bit), but looking at the sun studio
12 compiler options, the more specific versions of -xarch (ie. other than
-xarch=v9 or v9a or v9b) may no longer imply that the 64 bit memory model
should be used. so maybe i need to add a -m64 to the above ?
(compiling on a Sun T2000, with a homegenous build / execute environment, so
favouring speed over cpu compatibility is ok)
On Thu, Mar 12, 2009 at 1:31 AM, Aaron Richton <richton(a)nbcs.rutgers.edu>wrote:
> On Wed, 11 Mar 2009, Brett @Google wrote:
>
> /data/openldap/backups/ldap_090302.ldif: Value too large for defined data
>> type
>>
>
> man lfcompile, and/or switch to 64-bit binaries?
>
13 years, 8 months
syncrepl partial copy
by FRLinux
Hello,
I am now facing a new issue which could well be due to me but I need
to be sure. I have set a new slave running 2.4.17 on Debian whilst the
master is a 2.3.43 running on FreeBSD 6.4. I have observed a similar
behavior on a slave running 2.3.43 also on FreeBSD.
That behavior is that when you start an empty database, syncrepl
starts copying the content but usually stops after a while (ie. copies
only part of the database but far from all objects).
Is it recommended to slapcat the objects when setting up a new slave
or is syncrepl able to do that by itself?
This is my syncrepl rules:
syncrepl rid=124 \
provider=ldaps://masterldap.example.com:636 \
type=refreshAndPersist \
searchbase="dc=example,dc=com" \
scope=sub \
filter="(objectClass=*)" \
attrs="*" \
schemachecking=off \
tls_cacert=/etc/ldap/cert/cacert.pem \
binddn="cn=ldaprep,dc=example,dc=com" \
credentials=xxxxxx
Cheers,
Steph
13 years, 9 months
Lost of synchronisation in N-way syncro
by fida aljounaidi
Hi
We configure 3 openldap servers to be replicated by the N-Way Multi-Master
replication method.
after some hours, the servers lost there replication.
sometimes , we even lose some data from servers.
ntp is well configured, all the servers are set to the same time.
What can be th problem?
Thanks
13 years, 10 months
Strange behaviour after installation of openldap
by fida aljounaidi
Hi
I found a strange syntax under the compiled slpad daemon.
In fact, when i look to this file i found this line inserted "(#) $OpenLDAP:
slapd 2.4.16 $ root@llocalhos:/tmp/openldap-2.4.16/servers/slapd
" into it.
/tmp/openldap-2.4.16 was the path of sources from where i 've installed the
software. this directory does not exist any more.
I think that this may cause troubles when running slapd.
is it right ?
Why this line was inserted into compiled software.??
how can i deal whith that ?
thanks a lot
Fida
13 years, 10 months
contextCSN with empty suffix
by Christian Kratzer
Hi,
we have a customer who runs an openldap installation with an empty suffix as in
suffix ""
which is a potential problem when migrating to syncrepl as they do not have
an entry to store the contextCSN.
In our lab using openldap 2.4.19 we succeeded in inserting an entry with
an empty dn as follows:
dn:
objectClass: organization
o: root
This entry received the contextCSN entries and everything looks good
from what I can see:
dn:
objectClass: organization
o: root
structuralObjectClass: organization
entryUUID: 6bd316a2-6f10-102e-904e-c754373eef36
creatorsName: cn=Manager
createTimestamp: 20091126194832Z
entryCSN: 20091126194832.284443Z#000000#000#000000
modifiersName: cn=Manager
modifyTimestamp: 20091126194832Z
contextCSN: 20091126194832.864794Z#000000#000#000000
I have no idea how ugly this hack is and am concerned this might break
with a future release when either searching for contextCSN below the suffix
is perhaps supported again or entries with an empty dn break.
I am about to advise the customer to move to a directory with an
nonempty suffix matching their root entry but would like to hear
nevertheless what you think of above.
Greetings
Christian Kratzer
CK Software GmbH
--
Christian Kratzer CK Software GmbH
Email: ck(a)cksoft.de Schwarzwaldstr. 31
Phone: +49 7452 889 135 D-71131 Jettingen
Fax: +49 7452 889 136 HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
13 years, 10 months
tcmalloc
by Brett @Google
Hello,
I was wondering of anybody has used much of tcmalloc (from google
performance tools) and has any opinion they care to share with regards to
performance of berkeleydb/openldap toolset ?
Seems about the same with as without for a simple slapadd, but i'd expect
that wins would be more around a highly loaded server, not the initial load
process?
(investigations continue however, server loading is next)
Cheers
Brett
13 years, 10 months
downgrade back from 2.4.19 to 2.4.16
by Ken Ko
Dear all,
I want to downgrade 2.4.19 to 2.4.16, where can i download 2.4.16 rpm (32bit & 64bit, client and server).
We have big synchronize issue after upgraded to 2.4.19 ( entries being deleted when i try to add them )
Can someone tell me where can get 2.4.16?
Thanks
Ken
_________________________________________________________________
Eligible CDN College & University students can upgrade to Windows 7 before Jan 3 for only $39.99. Upgrade now!
http://go.microsoft.com/?linkid=9691819
13 years, 10 months
syncrepl and push-based replication like slurpd http://www.openldap.org/doc/admin24/replication.html#Syncrepl%20Proxy
by Noèl Köthe
Hello together,
I'm using openldap 2.4.11 on Debian GNU/Linux lenny.
I have problems to understand the admin guide part about the
configuration of push-based syncrepl like slurpd
http://www.openldap.org/doc/admin24/replication.html#Syncrepl%20Proxy
The syncrepl setup needs to be like slurpd because the master LDAP
server is in the LAN and LDAP data needs to be push to external servers
which cannot access the LAN (firewalled for security reasons).
So I need to configure the described "18.3.5. Syncrepl Proxy" setup.
The description talks about "uri ldap://localhost:9012/" and
"provider=ldap://localhost:9011/" but on these ports nothing is
listening.
As far as I understand I need to configure from where I pull the data
(syncrepl provider which is clear) but the point I don't understand is
where to set the slave server which slapd-ldap connects to push data to.
Beside the manpage and the admin guide I couldn't find any helpful
documentation which helps me to understand this desired setup
Could you help me to understand it?
Thank you.
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
13 years, 10 months
Filter
by Gilberto Nunes
Hi all
I want use ldapsearch to query a Active Directory Server.
I am use this :
ldapsearch -LLL -x -b dc=selbetti,dc=local -H ldap://host -D proxy_user
'(|(objectClass=person)(objectClass=user))' -w password
This command bring me all entries.
I like filter only two attributes: cn and mail.
Is there a way to do this???
Thanks
Gilberto Nunes Ferreira
TI
Selbetti Gestão de Documentos
Telefone: +55 (47) 3441-6004
Celular: +55 (47) 8861-6672
"Bendita a nação cujo Deus é o SENHOR!"
99 <><
13 years, 10 months
