Is there a way to create aliases for dn's?
For example, right now I point my client to:
rootdn: dc=my,dc=example,dc=com user: cn=Manager,dc=my,dc=example,dc=com org: ou=org,dc=my,dc=example,dc=com
Now, I want to create an alias so that the examples below point to those above:
rootdn: dc=my,dc=alias,dc=com user: cn=Manager,dc=my,dc=alias,dc=com org: ou=org,dc=my,dc=alias,dc=com
In other words, any reference in my client to: dc=my,dc=alias,dc=com would resolve in the ldap database to: dc=my,dc=example,dc=com
Is there a way to do this? If so, where can I locate these instructions?
Thanks!
-ron
Ron Parker wrote:
Is there a way to create aliases for dn's?
For example, right now I point my client to:
rootdn: dc=my,dc=example,dc=com user: cn=Manager,dc=my,dc=example,dc=com org: ou=org,dc=my,dc=example,dc=com
Now, I want to create an alias so that the examples below point to those above:
rootdn: dc=my,dc=alias,dc=com user: cn=Manager,dc=my,dc=alias,dc=com org: ou=org,dc=my,dc=alias,dc=com
In other words, any reference in my client to: dc=my,dc=alias,dc=com would resolve in the ldap database to: dc=my,dc=example,dc=com
Is there a way to do this? If so, where can I locate these instructions?
see slapo-rwm(5) in conjuction with slapd-relay(5).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Thank you. I read the documentation and located this which seems to be what I want to do:
database relay suffix "dc=virtual,dc=naming,dc=context" relay "dc=real,dc=naming,dc=context" massage
When I enter this into my slapd.conf file and restart slapd, I get this error:
Unrecognized database type (relay)
In all the Internet, I only found this one entry with respect to this error:
http://www.openldap.org/lists/openldap-software/200602/msg00176.html
On Thu, 2006-02-09 at 15:32 -0800, Chad A. Prey wrote:
Unrecognized database type (relay)
is there some module that I need to load...is there a good book on OpenLDAP...the Oreilley one?
You need to: 1) use a current (namely: not historic) version; for example, 2.3.19 2) enable it: configure --enable-relay --enable-rewrite
I installed openldap on my linux server using rpms. Is there some way to add this configuration?
Thanks!
-ron
Pierangelo Masarati wrote:
Ron Parker wrote:
Is there a way to create aliases for dn's?
see slapo-rwm(5) in conjuction with slapd-relay(5).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
__________ NOD32 2519 (20070910) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
Ron Parker wrote:
When I enter this into my slapd.conf file and restart slapd, I get this error:
Unrecognized database type (relay)
Your slapd was compiled without support for the relay database.
In all the Internet, I only found this one entry with respect to this error:
http://www.openldap.org/lists/openldap-software/200602/msg00176.html
On Thu, 2006-02-09 at 15:32 -0800, Chad A. Prey wrote:
Unrecognized database type (relay)
is there some module that I need to load...is there a good book on OpenLDAP...the Oreilley one?
You need to: 1) use a current (namely: not historic) version; for example, 2.3.19 2) enable it: configure --enable-relay --enable-rewrite
I installed openldap on my linux server using rpms. Is there some way to add this configuration?
1) check if those rpms provided the relay database as a runtime loadable module (something called back_relay.la placed somewhere by the rpm itslef), either in the main rpm or in a dedicated one 2) look for some other packager that builds rpms with back-relay support. 3) get rid of rpms and build it yourself. 4) a less performing alternative consists in using an instance of back-ldap pointing to the server itself, instead of back-relay
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Downloaded: openldap-stable-20070831.tgz
Unpacked.
Ran this because I want the relay back end enabled and want all the executables installed in /usr directory tree. I also want slapd.conf to be in /etc:
../configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc --enable-relay=yes --enable-rewrite
make depend make
I edited my slapd.conf for this (modified to my server):
database relay suffix "dc=virtual,dc=naming,dc=context" relay "dc=real,dc=naming,dc=context" massage
I run: /usr/libexec/slapd -d 1
I get this error:
overlay "rwm" not found /etc/openldap/slapd.conf: line 133: unable to install rwm overlay in "relay <dn> [massage]" line slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy.
Looks like I'm getting much closer. Thanks so much for all the help!
-ron
Pierangelo Masarati wrote:
- get rid of rpms and build it yourself.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
__________ NOD32 2519 (20070910) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
OK, I got past this problem by simply configuring all overlays (required installing application that provided sql.h library):
./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc --enable-backends --enable-overlays
Started slapd with these warnings:
... WARNING: No dynamic config support for database relay. config_build_entry: "olcDatabase={2}relay" WARNING: No dynamic config support for overlay rwm. config_build_entry: "olcOverlay={0}rwm" backend_startup_one: starting "dc=example,dc=com" bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2) Expect poor performance for suffix dc=example,dc=com. bdb_db_open: dbenv_open(/var/lib/ldap) backend_startup_one: starting "dc=alias,dc=example,dc=com" slapd starting
Unable to actually add or search because of this error (getting this when trying to add the first entry "Manager"):
[root@db workarea]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif Enter LDAP Password: >>> slap_listener(ldap:///) connection_get(12): got connid=4 connection_read(12): checking for input on id=4 ber_get_next ber_get_next: tag 0x30 len 50 contents: ber_get_next do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: >>> dnPrettyNormal: <cn=Manager,dc=example,dc=com> <<< dnPrettyNormal: <cn=Manager,dc=example,dc=com>, <cn=manager,dc=example,dc=com> do_bind: version=3 dn="cn=Manager,dc=example,dc=com" method=128 bdb_dn2entry("cn=manager,dc=example,dc=com") entry_decode: "n=Manager,dc=example,dc=com" <= entry_decode: str2ad(n): AttributeDescription contains inappropriate characters <= entry_decode: slap_str2undef_ad(n): AttributeDescription contains inappropriate characters send_ldap_result: conn=4 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=80 ber_flush: 28 bytes to sd 12 ldap_bind: Internal (implementation specific) error (80) additional info: internal error connection_get(12): got connid=4 connection_read(12): checking for input on id=4 ber_get_next ber_get_next on fd 12 failed errno=0 (Success) connection_closing: readying conn=4 sd=12 for close connection_close: conn=4 sd=12
What the heck does this mean and what do I do about it?
Thanks!
-ron
Ron Parker wrote:
Downloaded: openldap-stable-20070831.tgz
Unpacked.
Ran this because I want the relay back end enabled and want all the executables installed in /usr directory tree. I also want slapd.conf to be in /etc:
../configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc --enable-relay=yes --enable-rewrite
make depend make
I edited my slapd.conf for this (modified to my server):
database relay suffix "dc=virtual,dc=naming,dc=context" relay "dc=real,dc=naming,dc=context" massage
I run: /usr/libexec/slapd -d 1
I get this error:
overlay "rwm" not found /etc/openldap/slapd.conf: line 133: unable to install rwm overlay in "relay <dn> [massage]" line slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy.
Looks like I'm getting much closer. Thanks so much for all the help!
-ron
Pierangelo Masarati wrote:
- get rid of rpms and build it yourself.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
__________ NOD32 2519 (20070910) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
<quote who="Ron Parker">
OK, I got past this problem by simply configuring all overlays (required installing application that provided sql.h library):
./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc --enable-backends --enable-overlays
Started slapd with these warnings:
... WARNING: No dynamic config support for database relay. config_build_entry: "olcDatabase={2}relay" WARNING: No dynamic config support for overlay rwm. config_build_entry: "olcOverlay={0}rwm" backend_startup_one: starting "dc=example,dc=com" bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2) Expect poor performance for suffix dc=example,dc=com. bdb_db_open: dbenv_open(/var/lib/ldap) backend_startup_one: starting "dc=alias,dc=example,dc=com" slapd starting
Yes, warnings. You can add a DB_CONFIG file later. There's a sample one provided in /etc/openldap (since you prefixed --sysconfdir=/etc)
[root@db workarea]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W-f example.ldif Enter LDAP Password:
<= entry_decode: str2ad(n): AttributeDescription containsinappropriate characters <= entry_decode: slap_str2undef_ad(n): AttributeDescription contains inappropriate characters
Can we see your example.ldif
Thanks.
My example.ldif:
dn: dc=example,dc=com objectclass: dcObject objectclass: organization o: TFG Database dc: db
dn: cn=Manager,dc=example,dc=com objectclass: organizationalRole cn: Manager
Also, copied DB_CONFIG.example to /var/lib/ldap/DB_CONFIG.
Thanks for the help.
-ron
Gavin Henry wrote:
<quote who="Ron Parker">
OK, I got past this problem by simply configuring all overlays (required installing application that provided sql.h library):
./configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc --enable-backends --enable-overlays
Started slapd with these warnings:
...WARNING: No dynamic config support for database relay. config_build_entry: "olcDatabase={2}relay" WARNING: No dynamic config support for overlay rwm. config_build_entry: "olcOverlay={0}rwm" backend_startup_one: starting "dc=example,dc=com" bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2) Expect poor performance for suffix dc=example,dc=com. bdb_db_open: dbenv_open(/var/lib/ldap) backend_startup_one: starting "dc=alias,dc=example,dc=com" slapd starting
Yes, warnings. You can add a DB_CONFIG file later. There's a sample one provided in /etc/openldap (since you prefixed --sysconfdir=/etc)
[root@db workarea]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif Enter LDAP Password:
<= entry_decode: str2ad(n): AttributeDescription contains inappropriate characters <= entry_decode: slap_str2undef_ad(n): AttributeDescription contains inappropriate characters
Can we see your example.ldif
Thanks.
__________ NOD32 2520 (20070911) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
Ron Parker wrote:
My example.ldif:
dn: dc=example,dc=com objectclass: dcObject objectclass: organization o: TFG Database dc: db
should be:
dn: dc=example,dc=com objectclass: dcObject objectclass: organization o: TFG Database dc: example
Please, please try to read the documentation we spend hours writing:
http://www.openldap.org/doc/admin23/quickstart.html
Gavin.
Gavin Henry wrote:
Ron Parker wrote:
<>My example.ldif:
should be:
dn: dc=example,dc=com objectclass: dcObject objectclass: organization o: TFG Database dc: example
Actually, this part is correct according to docs. What you see is a clumsy effort to not disclose the actual dn on this list. Sorry about that. This section of the ldif file is this (I replaced my actual dn with dc=example,dc=com in my posted examples):
dn: dc=db,dc=scbbs,dc=com objectclass: dcObject objectclass: organization o: TFG Database dc: db
This is the same ldif I used successfully when I originally created the database in the older version of openldap.
Please, please try to read the documentation we spend hours writing:
http://www.openldap.org/doc/admin23/quickstart.html
Gavin.
I appreciate the time and effort put into documentation. I have read the quickstart and many other docs. Sorry to be a bother, but can't get a grip on what these errors might be.
<= entry_decode: str2ad(n): AttributeDescription contains inappropriate characters <= entry_decode: slap_str2undef_ad(n): AttributeDescription contains inappropriate characters
dn: dc=db,dc=scbbs,dc=com objectclass: dcObject objectclass: organization o: TFG Database dc: db
You must not be showing us all of your LDIF?
I've just create the above ldif, created a new slapd.conf with:
suffix dc=db,dc=scbbs,dc=com
and then done an ldapsearch:
ldapsearch -x -b 'dc=db,dc=scbbs,dc=com' objectclass=dcObject # extended LDIF # # LDAPv3 # base <dc=db,dc=scbbs,dc=com> with scope subtree # filter: objectclass=dcObject # requesting: ALL #
# db.scbbs.com dn: dc=db,dc=scbbs,dc=com objectClass: dcObject objectClass: organization o: TFG Database dc: db
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Gavin.
This is the entire file:
dn: dc=db,dc=scbbs,dc=com objectclass: dcObject objectclass: organization o: TFG Database dc: db
dn: cn=Manager,dc=db,dc=scbbs,dc=com objectclass: organizationalRole cn: Manager
Gavin Henry wrote:
dn: dc=db,dc=scbbs,dc=com objectclass: dcObject objectclass: organization o: TFG Database dc: db
You must not be showing us all of your LDIF?
I've just create the above ldif, created a new slapd.conf with:
suffix dc=db,dc=scbbs,dc=com
and then done an ldapsearch:
ldapsearch -x -b 'dc=db,dc=scbbs,dc=com' objectclass=dcObject # extended LDIF # # LDAPv3 # base <dc=db,dc=scbbs,dc=com> with scope subtree # filter: objectclass=dcObject # requesting: ALL #
# db.scbbs.com dn: dc=db,dc=scbbs,dc=com objectClass: dcObject objectClass: organization o: TFG Database dc: db
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Gavin.
__________ NOD32 2522 (20070911) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
Ron Parker wrote:
This is the entire file:
dn: dc=db,dc=scbbs,dc=com objectclass: dcObject objectclass: organization o: TFG Database dc: db
dn: cn=Manager,dc=db,dc=scbbs,dc=com objectclass: organizationalRole cn: Manager
Also, since you built from source, did you run "make test"?
Thanks.
Ron Parker wrote:
Sorry to be a bother, but can't get a grip on what these errors might be. <= entry_decode: str2ad(n): AttributeDescription contains inappropriate characters <= entry_decode: slap_str2undef_ad(n): AttributeDescription contains inappropriate characters
This error is odd. It seems that there's a parsing error in parsing that DN RDN's first AVA attribute, which should be "cn" but gets parsed as just "n". Since that function is (almost) trivial, and it worked and works as expected, I suspect the parsing is related to some database corruption. Something like slapd is running with a version of Berkeley DB that is not the one it was built with, or something odd like that.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Any suggestions on what files I need to check to make sure slapd is running with the correct version of Berkeley db?
-ron
Pierangelo Masarati wrote:
Ron Parker wrote:
Sorry to be a bother, but can't get a grip on what these errors might be. <= entry_decode: str2ad(n): AttributeDescription contains inappropriate characters <= entry_decode: slap_str2undef_ad(n): AttributeDescription contains inappropriate characters
This error is odd. It seems that there's a parsing error in parsing that DN RDN's first AVA attribute, which should be "cn" but gets parsed as just "n". Since that function is (almost) trivial, and it worked and works as expected, I suspect the parsing is related to some database corruption. Something like slapd is running with a version of Berkeley DB that is not the one it was built with, or something odd like that.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
__________ NOD32 2522 (20070911) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
Ron Parker wrote:
Any suggestions on what files I need to check to make sure slapd is running with the correct version of Berkeley db?
ldd slapd?
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
[root@db libexec]# ldd slapd libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x005d6000) libperl.so => /usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so (0x0025d000) libnsl.so.1 => /lib/libnsl.so.1 (0x005be000) libm.so.6 => /lib/tls/libm.so.6 (0x00cd6000) libutil.so.1 => /lib/libutil.so.1 (0x007e6000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00d01000) libodbc.so.1 => /usr/lib/libodbc.so.1 (0x0015b000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00d15000) libdl.so.2 => /lib/libdl.so.2 (0x00cfb000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x007fc000) libssl.so.4 => /lib/libssl.so.4 (0x00588000) libcrypto.so.4 => /lib/libcrypto.so.4 (0x00432000) libresolv.so.2 => /lib/libresolv.so.2 (0x00148000) libc.so.6 => /lib/tls/libc.so.6 (0x00ba9000) /lib/ld-linux.so.2 (0x00b8b000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x003b0000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x003c6000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x00ba4000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x0051d000) libz.so.1 => /usr/lib/libz.so.1 (0x00101000)
Pierangelo Masarati wrote:
Ron Parker wrote:
Any suggestions on what files I need to check to make sure slapd is running with the correct version of Berkeley db?
ldd slapd?
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
__________ NOD32 2525 (20070912) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
You are supposed to check, not me. I cannot know what library you intended to link in, and what you actually linked in, as opposed to which one slapd is picking at run-time.
And, in general, I think this thread went a bit too far: you started by asking how to configure a well known, stable, reliable and documented feature of OpenLDAP and we are now down to checking how screwed your system seems to be. Are you sure this slapd is the one you built, and not the one shipping with your system?
p.
Ron Parker wrote:
[root@db libexec]# ldd slapd libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x005d6000) libperl.so => /usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so (0x0025d000) libnsl.so.1 => /lib/libnsl.so.1 (0x005be000) libm.so.6 => /lib/tls/libm.so.6 (0x00cd6000) libutil.so.1 => /lib/libutil.so.1 (0x007e6000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00d01000) libodbc.so.1 => /usr/lib/libodbc.so.1 (0x0015b000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00d15000) libdl.so.2 => /lib/libdl.so.2 (0x00cfb000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x007fc000) libssl.so.4 => /lib/libssl.so.4 (0x00588000) libcrypto.so.4 => /lib/libcrypto.so.4 (0x00432000) libresolv.so.2 => /lib/libresolv.so.2 (0x00148000) libc.so.6 => /lib/tls/libc.so.6 (0x00ba9000) /lib/ld-linux.so.2 (0x00b8b000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x003b0000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x003c6000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x00ba4000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x0051d000) libz.so.1 => /usr/lib/libz.so.1 (0x00101000)
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo Masarati wrote:
You are supposed to check, not me. I cannot know what library you intended to link in, and what you actually linked in, as opposed to which one slapd is picking at run-time.
Sorry. I don't even know what those are beyond the fact that they are libraries.
And, in general, I think this thread went a bit too far: you started by asking how to configure a well known, stable, reliable and documented feature of OpenLDAP and we are now down to checking how screwed your system seems to be.
Can't argue with that. I do appreciate the assistance. I had the Linux rpm version of openldap working just perfectly -- then my boss insisted that I get this dn aliasing thing working because he didn't want end users to see the actual root dn. Sigh.
Are you sure this slapd is the one you built, and not the one shipping with your system?
I uninstalled openldap-server.rpm before building new version. I only find one slapd file in the entire system, and it is the one built in the directory I have defined.
Again, I truly appreciate all your help. Was just trying to get guidance from folks who know this software and what they are doing. You've definately pointed me in the right direction. I'll just keep plugging away at it.
p.
Ron Parker wrote:
[root@db libexec]# ldd slapd libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x005d6000) libperl.so => /usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so (0x0025d000) libnsl.so.1 => /lib/libnsl.so.1 (0x005be000) libm.so.6 => /lib/tls/libm.so.6 (0x00cd6000) libutil.so.1 => /lib/libutil.so.1 (0x007e6000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00d01000) libodbc.so.1 => /usr/lib/libodbc.so.1 (0x0015b000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00d15000) libdl.so.2 => /lib/libdl.so.2 (0x00cfb000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x007fc000) libssl.so.4 => /lib/libssl.so.4 (0x00588000) libcrypto.so.4 => /lib/libcrypto.so.4 (0x00432000) libresolv.so.2 => /lib/libresolv.so.2 (0x00148000) libc.so.6 => /lib/tls/libc.so.6 (0x00ba9000) /lib/ld-linux.so.2 (0x00b8b000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x003b0000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x003c6000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x00ba4000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x0051d000) libz.so.1 => /usr/lib/libz.so.1 (0x00101000)
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
__________ NOD32 2525 (20070912) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
Ron Parker wrote:
Can't argue with that. I do appreciate the assistance. I had the Linux rpm version of openldap working just perfectly -- then my boss insisted that I get this dn aliasing thing working because he didn't want end users to see the actual root dn. Sigh.
I didn't mean to be rude, but it seems that the help you need is not just about OpenLDAP, and this is not the right place to discuss issues not strictly related to OpenLDAP. Unfortunately, without hands-on it's hard to understand what's going on. Probably, looking for rpms that contain the desired features is the right way to go. I think you've already been pointed to some of them, I think you should give them a spin. And don't forget to wipe out the db, especially when it's just a test db, when you change build version. It shouldn't matter, except occasionally when changing minor version number (the X in 2.X.Y), provided everything was built fine, but it would clear out one possible source of erratic behavior, just in case.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo Masarati wrote:
Ron Parker wrote:
Can't argue with that. I do appreciate the assistance. I had the Linux rpm version of openldap working just perfectly -- then my boss insisted that I get this dn aliasing thing working because he didn't want end users to see the actual root dn. Sigh.
I didn't mean to be rude, but it seems that the help you need is not just about OpenLDAP, and this is not the right place to discuss issues not strictly related to OpenLDAP. Unfortunately, without hands-on it's hard to understand what's going on. Probably, looking for rpms that contain the desired features is the right way to go. I think you've already been pointed to some of them, I think you should give them a spin.
I didn't feel you were rude at all. I provide support on an open source module myself, so I know what it's like. You and Gavin have been quite helpful, and I understand there's a limit to the amount of individual support you can provide in this type of forum.
And don't forget to wipe out the db, especially when it's just a test db, when you change build version. It shouldn't matter, except occasionally when changing minor version number (the X in 2.X.Y), provided everything was built fine, but it would clear out one possible source of erratic behavior, just in case.
This appears to have been exactly what the problem was. Clearing out /var/lib/ldap did the trick. The system appears to be working as before.
p.
The only thing I can do in return is try to be as helpful to others when they get into a jam. Thanks so much!
-ron
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
__________ NOD32 2525 (20070912) Information __________
This message was checked by NOD32 antivirus system. http://www.eset.com
And don't forget to wipe out the db, especially when it's just a test db, when you change build version. It shouldn't matter, except occasionally when changing minor version number (the X in 2.X.Y), provided everything was built fine, but it would clear out one possible source of erratic behavior, just in case.
This appears to have been exactly what the problem was. Clearing out /var/lib/ldap did the trick. The system appears to be working as before.
Excellent!
Why don't you try Buchan Milnes RPMs? (search the list for urls).
Ron Parker wrote:
Any suggestions on what files I need to check to make sure slapd is running with the correct version of Berkeley db?
Have you also tried clearing out your directory folder? And starting again.
Gavin Henry wrote:
Ron Parker wrote:
<>Any suggestions on what files I need to check to make sure slapd is running with the correct version of Berkeley db?
Have you also tried clearing out your directory folder? And starting again.
Which directory? You mean /etc/openldap?
Ron Parker wrote:
Gavin Henry wrote:
Ron Parker wrote:
<>Any suggestions on what files I need to check to make sure slapd is running with the correct version of Berkeley db?
Have you also tried clearing out your directory folder? And starting again.
Which directory? You mean /etc/openldap?
The directory in the "D" of "LDAP", the folder containing your database.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
I get the following error message from my running ldap instance: <= bdb_equality_candidatges: (objectClass) index param failed (18)
It doesn't really seem to have much effect on the ldap operations, but I would like to know what the message is telling me. Mostly, I would like to know where to look and how to decode such ldap messages (without having to ask every time :).
Thanks for pointing me in the right direction.
----------------------------------------- The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify First Data immediately by replying to this message and deleting it from your computer.
Marcum, Bob wrote:
I get the following error message from my running ldap instance: <= bdb_equality_candidatges: (objectClass) index param failed (18)
It doesn't really seem to have much effect on the ldap operations, but I would like to know what the message is telling me. Mostly, I would like to know where to look and how to decode such ldap messages (without having to ask every time :).
There is no specific documentation for those messages; in any case, it is simply indicating that a filter contained an attribute value assertion that is non-indexed, and thus could not be exploited for search candidate selection. It has null impact on functionality, it's only there so that you can decide to indicize that attribute. Actually, slapd-bdb(5) reports that back-bdb/hdb **NEED** equality index on objectClass to function properly, so that message is indeed very important.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo Masarati wrote:
Marcum, Bob wrote:
I get the following error message from my running ldap instance: <= bdb_equality_candidatges: (objectClass) index param failed (18)
It doesn't really seem to have much effect on the ldap operations, but I would like to know what the message is telling me. Mostly, I would like to know where to look and how to decode such ldap messages (without having to ask every time :).
There is no specific documentation for those messages; in any case, it is simply indicating that a filter contained an attribute value assertion that is non-indexed, and thus could not be exploited for search candidate selection. It has null impact on functionality, it's only there so that you can decide to indicize that attribute.
Actually, slapd-bdb(5) reports that back-bdb/hdb **NEED** equality index on objectClass to function properly, so that message is indeed very important.
A bit overstated. The backend will still work without that index, but most operations will be much slower.
Ron Parker wrote:
Downloaded: openldap-stable-20070831.tgz
Unpacked.
Ran this because I want the relay back end enabled and want all the executables installed in /usr directory tree. I also want slapd.conf to be in /etc:
../configure --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc --enable-relay=yes --enable-rewrite
make depend make
I edited my slapd.conf for this (modified to my server):
database relay suffix "dc=virtual,dc=naming,dc=context" relay "dc=real,dc=naming,dc=context" massage
I run: /usr/libexec/slapd -d 1
I get this error:
overlay "rwm" not found /etc/openldap/slapd.conf: line 133: unable to install rwm overlay in "relay <dn> [massage]" line slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy.
Looks like I'm getting much closer. Thanks so much for all the help!
-ron
You need more configure options, something like:
--enable-dynamic --enable-rewrite --enable-modules --enable-backends=mod --enable-overlays=mod
Please read ./configure --help
It's all documented there.
Thanks.
Ron Parker skrev, on 11-09-2007 05:14:
Downloaded: openldap-stable-20070831.tgz
You don't say what distro/version you're using, but I can offer the following info about Red Hat RHL5's openldap offering: It's still not up to scratch (to put it mildly), though better than that of RHAS4. A couple of the reasons are, that it uses RH5's dbd 4.3.29, which is deprecated for OL use and that it doesn't include all overlays.
I use RHL5/FC6/CentOS5 and rebuild Buchan Milnes' srpm(s) on all of these: Buchan has done *all* the hard work for you, includes all the overlays, includes a separate, self-contained patched db 4.2.52 - what's more, it can coexist with RHL5's OL offering, if you don't want to go the whole hog at once.
Red Hat/FC/CentOS people should *never* build from a virgin tarball unless it's absolutely necessary, this statement after many years' experience with both methods. In 99% of all cases, rpms or srpms are available for all the above platforms.
--Tonni
Red Hat/FC/CentOS people should *never* build from a virgin tarball unless it's absolutely necessary, this statement after many years' experience with both methods. In 99% of all cases, rpms or srpms are available for all the above platforms.
Well, unless they know what they are doing ;-)
Gavin Henry skrev, on 12-09-2007 11:22:
Red Hat/FC/CentOS people should *never* build from a virgin tarball unless it's absolutely necessary, this statement after many years' experience with both methods. In 99% of all cases, rpms or srpms are available for all the above platforms.
Well, unless they know what they are doing ;-)
One could argue that, if they knew what they were doing, they wouldn't ...
The point about rpms is, that they are part of a package system, in which the idea is to avoid dependency problems and stick to the LFH file system hierarchy.
I run multiple OL servers, masters and slaves, and installing from a virgin tarball on these would be (was, in the past) a real PITA. Furthermore, if I get a problem with a new software release, it's a few seconds work to revert to one which worked, and remove *everything* offending in doing so.
If one wants to compile, one can do so to one's heart's content with srpms, and tweak as much as wanted. But then in the knowledge that some one who knows what he's doing (well, mostly) has done most of the dirty work before. I spent years of Red Hat months fighting rpms, now I insist on them.
--Tonni
<quote who="Tony Earnshaw">
Gavin Henry skrev, on 12-09-2007 11:22:
Red Hat/FC/CentOS people should *never* build from a virgin tarball unless it's absolutely necessary, this statement after many years' experience with both methods. In 99% of all cases, rpms or srpms are available for all the above platforms.
Well, unless they know what they are doing ;-)
One could argue that, if they knew what they were doing, they wouldn't ...
This is quite off topic now, but I'd love you to share your packaging experience and recommendations. Maybe you would do a FAQ entry that I can link into from the Admin Guide.
Gavin.
openldap-software@openldap.org
-
Gavin Henry -
Gavin Henry -
Howard Chu -
Marcum, Bob -
Pierangelo Masarati -
Ron Parker -
Tony Earnshaw