I've added two seemingly innocuous lines to my LDAP configuration:
Index: conf-root/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif =================================================================== --- etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif (revision 1444) +++ etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif (working copy) @@ -1,6 +1,9 @@ dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig +objectClass: olcSyncProvConfig +olcSpCheckpoint: 100 5 +olcSpSessionlog: 100 olcDatabase: {1}bdb olcSuffix: dc=metascopic,dc=com olcAccess: {0}to attrs=userPassword
However, they cause `slaptest` to segfault on Linux! I'm a little perplexed by this.
:; slaptest -F etc/openldap/slapd.d/ Segmentation fault
Removing the lines restores `slaptest` to a state of sanity.
-- _jsn
Jason Dusek wrote:
I've added two seemingly innocuous lines to my LDAP configuration:
Index: conf-root/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif
--- etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif (revision 1444) +++ etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif (working copy) @@ -1,6 +1,9 @@ dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig +objectClass: olcSyncProvConfig +olcSpCheckpoint: 100 5 +olcSpSessionlog: 100 olcDatabase: {1}bdb olcSuffix: dc=metascopic,dc=com olcAccess: {0}to attrs=userPassword
However, they cause `slaptest` to segfault on Linux! I'm a little perplexed by this.
How can you tell that the above configuration is correct? olcDatabaseConfig and olcSyncProvConfig are both structural objectClasses, and thus cannot live in the same entry. Besides this, back-config cannot be considered just a regular database, since data it contains triggers specific code execution. The fact that manually hacking database files leads to a segfault is a pity, as this error could be better handled (you may file an ITS, for what is worth), but the culprit is mucking with files.
:; slaptest -F etc/openldap/slapd.d/ Segmentation fault
Removing the lines restores `slaptest` to a state of sanity.
Not a surprise.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Pierangelo Masarati ando@sys-net.it wrote:
Jason Dusek wrote:
I've added two seemingly innocuous lines to my LDAP configuration...
How can you tell that the above configuration is correct?
That's what I'd like to know...
...the culprit is mucking with files.
Okay, hold on right there. How am I supposed to configure these directives if not by "mucking" with files?
-- _jsn
Jason Dusek wrote:
Pierangelo Masarati ando@sys-net.it wrote:
Jason Dusek wrote:
I've added two seemingly innocuous lines to my LDAP configuration...
How can you tell that the above configuration is correct?
That's what I'd like to know...
...the culprit is mucking with files.
Okay, hold on right there. How am I supposed to configure these directives if not by "mucking" with files?
using an LDAP modify operation.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Pierangelo Masarati ando@sys-net.it wrote:
Jason Dusek wrote:
Pierangelo Masarati ando@sys-net.it wrote:
Jason Dusek wrote:
I've added two seemingly innocuous lines to my LDAP configuration...
...the culprit is mucking with files.
Okay, hold on right there. How am I supposed to configure these directives if not by "mucking" with files?
using an LDAP modify operation.
Silly me. I hope the documentation will describe syncrepl configuration via LDIF, someday.
Back to the trenches! I will always have plenty of work as long as my company continues to use OpenLDAP.
-- _jsn
Jason Dusek wrote:
Pierangelo Masarati ando@sys-net.it wrote:
Jason Dusek wrote:
Pierangelo Masarati ando@sys-net.it wrote:
Jason Dusek wrote:
I've added two seemingly innocuous lines to my LDAP configuration...
...the culprit is mucking with files.
Okay, hold on right there. How am I supposed to configure these directives if not by "mucking" with files?
using an LDAP modify operation.
Silly me. I hope the documentation will describe syncrepl configuration via LDIF, someday.
Back to the trenches! I will always have plenty of work as long as my company continues to use OpenLDAP.
Well, to start you can configure syncrepl & syncprov using slapd.conf, then generate the in-directory version and inspect it. Note that something along those lines is currently done by test050 at least, but there might be others.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Pierangelo Masarati ando@sys-net.it wrote:
Note that something along those lines is currently done by test050 at least, but there might be others.
Thank you for pointing me to that test -- I will take a peek at that.
-- _jsn
Jason Dusek wrote:
Pierangelo Masaratiando@sys-net.it wrote:
Jason Dusek wrote:
Pierangelo Masaratiando@sys-net.it wrote:
Jason Dusek wrote:
I've added two seemingly innocuous lines to my LDAP configuration...
...the culprit is mucking with files.
Okay, hold on right there. How am I supposed to configure these directives if not by "mucking" with files?
using an LDAP modify operation.
Silly me. I hope the documentation will describe syncrepl configuration via LDIF, someday.
You're asking for the wrong thing. The documentation describes how to configure slapd using LDAP. Whether you use LDIF to represent the LDAP operations or not is irrelevant. Whether slapd uses LDIF internally to represent the config database is irrelevant. If we had used BDB to store the config database you wouldn't ever have even dreamed of mucking with the files, would you?
It is LDAP-based configuration, *NOT* "LDIF-based" configuration. That means you treat the configuration like any other database and use ldapadd/modify/search etc. to operate on it.
openldap-software@openldap.org
-
Howard Chu -
Jason Dusek -
Pierangelo Masarati