Re: any tools for data resync....
by Gavin Henry
----- "Paul Lee" <paul(a)hk.fujitsu.com> wrote:
> Dear all,
>
> My customers is very concern on the data synchronization on the 4-way
>
> masters openldap servers.
>
> If in case there is record unsync (due to whatever reason, e.g.
> network
> failure, CSN too old, etc), will there be any tools to resync the data
> ?
>
> If there is such tools, we can execute a cron job to do this.
They will retry depending on what settings you have if there is a connection problem.
Can you try on 2.4.12, not 2.4.9 and also host your config somewhere. You can quickly
check all contextCSN are the same via:
[ghenry@suretec ~]$ ldapsearch -x -LLL -H ldap://host1 -s base -b 'dc=suretecsystems,dc=com' contextCSN
dn: dc=suretecsystems,dc=com
contextCSN: 20081025222436.822813Z#000000#000#000000
[ghenry@suretec ~]$ ldapsearch -x -LLL -H ldap://host2 -s base -b 'dc=suretecsystems,dc=com' contextCSN
dn: dc=suretecsystems,dc=com
contextCSN: 20081025222436.822813Z#000000#000#000000
--
Kind Regards,
Gavin Henry.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry(a)suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.
14 years, 4 months
Indexing integers
by Sean Burford
Hi,
I have been looking for the index to apply to integer attributes to speed up
less than/greater than filters, but have turned up nothing. These searches
work, but eq and pres indexes don't seem to affect their speed.
Is there an index that help with integer ordering searches?
Thanks
Sean
14 years, 4 months
any tools for data resync....
by Paul Lee
Dear all,
My customers is very concern on the data synchronization on the 4-way
masters openldap servers.
If in case there is record unsync (due to whatever reason, e.g. network
failure, CSN too old, etc), will there be any tools to resync the data ?
If there is such tools, we can execute a cron job to do this.
Thanks
Confidential Communication - This e-mail (including any attachments) is confidential and may be
legally privileged. If this e-mail has been sent to you by mistake please inform us by reply
e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the
information in it.
14 years, 4 months
OPENLDAP installation error
by Sujeet Vanage
Hi
I am getting following error when tried to configure open ldap
Basically I just need OPEN LDAP client library and not directory server
I issued following command
$ ./configure --disable-slapd --disable-slurpd
and got this error message
configure:4505: error: C compiler cannot create executables
See `config.log' for more details.
I checked that cc and gcc are installed and in PATH
any idea how to solve?
Pleas help
below are some details from config.log
>>>>>>>>>>>>>>>>>>
## ----------- ##
## Core tests. ##
## ----------- ##
configure:1616: checking build system type
configure:1634: result: sparc-sun-solaris2.10
configure:1642: checking host system type
configure:1656: result: sparc-sun-solaris2.10
configure:1664: checking target system type
configure:1678: result: sparc-sun-solaris2.10
configure:1707: checking for a BSD-compatible install
configure:1762: result: build/shtool install -c
configure:1773: checking whether build environment is sane
configure:1816: result: yes
configure:1881: checking for gawk
configure:1910: result: no
configure:1881: checking for mawk
configure:1910: result: no
configure:1881: checking for nawk
configure:1897: found /usr/bin/nawk
configure:1907: result: nawk
configure:1917: checking whether make sets $(MAKE)
configure:1937: result: yes
configure:2146: checking configure arguments
configure:3644: WARNING: slapd disabled, ignoring --enable-bdb argument
configure:3644: WARNING: slapd disabled, ignoring --enable-hdb argument
configure:3644: WARNING: slapd disabled, ignoring --enable-monitor argument
configure:3644: WARNING: slapd disabled, ignoring --enable-relay argument
configure:3680: WARNING: slapd disabled, ignoring --enable-seqmod argument
configure:3680: WARNING: slapd disabled, ignoring --enable-syncprov argument
configure:3748: result: done
configure:3917: checking for cc
configure:3933: found /usr/ucb/cc
configure:3943: result: cc
configure:3967: checking for ar
configure:3983: found /usr/ccs/bin/ar
configure:3993: result: ar
configure:4052: checking for style of include used by make
configure:4080: result: GNU
configure:4421: checking for C compiler version
configure:4424: cc --version </dev/null >&5
/usr/ucb/cc: language optional software package not installed
configure:4427: $? = 1
configure:4429: cc -v </dev/null >&5
/usr/ucb/cc: language optional software package not installed
configure:4432: $? = 1
configure:4434: cc -V </dev/null >&5
/usr/ucb/cc: language optional software package not installed
configure:4437: $? = 1
configure:4460: checking for C compiler default output file name
configure:4463: cc conftest.c >&5
/usr/ucb/cc: language optional software package not installed
configure:4466: $? = 1
configure: failed program was:
| /* confdefs.h. */
|
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define OPENLDAP_PACKAGE "OpenLDAP"
| #define OPENLDAP_VERSION "2.4.11"
| #define LDAP_VENDOR_VERSION 20411
| #define LDAP_VENDOR_VERSION_MAJOR 2
| #define LDAP_VENDOR_VERSION_MINOR 4
| #define LDAP_VENDOR_VERSION_PATCH 11
| #define HAVE_MKVERSION 1
| /* end confdefs.h. */
|
| int
| main ()
| {
|
| ;
| return 0;
| }
configure:4505: error: C compiler cannot create executables
See `config.log' for more details.
## ---------------- ##
## Cache variables. ##
## ---------------- ##
ac_cv_build=sparc-sun-solaris2.10
ac_cv_build_alias=sparc-sun-solaris2.10
ac_cv_env_CC_set=
ac_cv_env_CC_value=
ac_cv_env_CFLAGS_set=
ac_cv_env_CFLAGS_value=
ac_cv_env_CPPFLAGS_set=
ac_cv_env_CPPFLAGS_value=
ac_cv_env_CPP_set=
ac_cv_env_CPP_value=
ac_cv_env_LDFLAGS_set=
ac_cv_env_LDFLAGS_value=
ac_cv_env_build_alias_set=
ac_cv_env_build_alias_value=
ac_cv_env_host_alias_set=
ac_cv_env_host_alias_value=
ac_cv_env_target_alias_set=
ac_cv_env_target_alias_value=
ac_cv_host=sparc-sun-solaris2.10
ac_cv_host_alias=sparc-sun-solaris2.10
ac_cv_prog_AR=ar
ac_cv_prog_AWK=nawk
ac_cv_prog_CC=cc
ac_cv_prog_make_make_set=yes
ac_cv_shtool=build/shtool
ac_cv_target=sparc-sun-solaris2.10
>>>>>>>>>>>
Thanks
Sujeet Vanage
14 years, 4 months
Ldap Add Fail
by ahmed.feroz@wipro.com
Dear open-ldap Team,
Currently we are using ldap Version-2.4.8 on our Fedora Core 9 machine.
When we try to create a computer account using ldap-add with non admin
user we are getting error "insufficientAccessRights".
Please let us know how we can add computer account in Active Directory
with non admin users??
Thanks in advance.
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
14 years, 4 months
CSN too old again....
by Paul Lee
Dear all,
I have 4 servers with version 2.4.9 configured into 4 way masters, the
name of the servers are disb01 (SID:001), disb02 (SID:002), pisb01
(SID:003) and pisb02 (SID:004). Attached is the config file for the 4
servers.
All the 4 servers are configured and started on Oct 29 night. At that
time, I test the data synchronization, the result is positive.
However, today, customer reported that data synchronization occurs,
then, I perform the following simple test and find that data is really
can't replicated.
- When I added a record (the key is
20081104105123.573091Z#000000#003#000000) in pisb01, the data can be
replicated to pisb02, but the other 2 servers disb01 and disb02 cannot
find this record. The log in disb01 and disb02 indicates that the CSN
is too old.
- When I added a record (the key is
20081104105455.436768Z#000000#001#000000) in disb01, the data can be
replicated to pisb01, but the other 2 servers disb02 and pisb02 cannot
find this record. The log in disb01 and disb02 indicates that the CSN
is too old.
The log for the 4 servers is attached...
Any possible reasons for this error "CSN too old" ? I find from the log
that seems all servers received update at the same time (up to seconds,
no millisecond is shown in the log)
Thanks
Confidential Communication - This e-mail (including any attachments) is confidential and may be
legally privileged. If this e-mail has been sent to you by mistake please inform us by reply
e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the
information in it.
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/pccw.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#modulepath /usr/local/libexec/openldap/
#moduleload ppolicy.la
# Password policy
#overlay ppolicy
#ppolicy_default "cn=default,ou=Policies"
#ppolicy_default "cn=default,ou=Policies,o=HKSARG"
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix ""
rootdn "cn=Manager"
#rootdn "ou=SCIG,ou=Govt-Dept,o=HKSARG,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
rootpw {SSHA}hzt3Mw7MTu+PvXuk8p24xMwLyscP2rls
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass,entryCSN,entryUUID,cn,pwdChangedTime eq
#replogfile /var/lib/ldap/openldap-master-replog
loglevel 16384
logfile /var/lib/ldap/ldap.log
overlay syncprov
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,o=HKSARG"
ppolicy_hash_cleartext
#access to * by dn="cn=Manager" write by * read
access to * by anonymous auth by * write by dn.base="o=HKSARG" write by * none
access to * by * write
access to * by * read
#database monitor
#syncprov-checkpoint 100 10
syncprov-sessionlog 100
# syncrepl directives
syncrepl rid=001
provider=ldap://disb01:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=002
provider=ldap://disb02:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=003
provider=ldap://pisb01:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=004
provider=ldap://pisb02:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
mirrormode on
serverID 002
#overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 100
# Performance tuning directives
sizelimit 5000
threads 8
idletimeout 14400
cachesize 10000
checkpoint 256 15
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/pccw.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#modulepath /usr/local/libexec/openldap/
#moduleload ppolicy.la
# Password policy
#overlay ppolicy
#ppolicy_default "cn=default,ou=Policies"
#ppolicy_default "cn=default,ou=Policies,o=HKSARG"
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix ""
rootdn "cn=Manager"
#rootdn "ou=SCIG,ou=Govt-Dept,o=HKSARG,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
rootpw {SSHA}hzt3Mw7MTu+PvXuk8p24xMwLyscP2rls
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass,entryCSN,entryUUID,cn,pwdChangedTime eq
#replogfile /var/lib/ldap/openldap-master-replog
loglevel 16384
logfile /var/lib/ldap/ldap.log
overlay syncprov
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,o=HKSARG"
ppolicy_hash_cleartext
#access to * by dn="cn=Manager" write by * read
access to * by anonymous auth by * write by dn.base="o=HKSARG" write by * none
access to * by * write
access to * by * read
#database monitor
#syncprov-checkpoint 100 10
syncprov-sessionlog 100
# syncrepl directives
syncrepl rid=001
provider=ldap://disb01:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=002
provider=ldap://disb02:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=003
provider=ldap://pisb01:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=004
provider=ldap://pisb02:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
mirrormode on
serverID 001
#overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 100
# Performance tuning directives
sizelimit 5000
threads 8
idletimeout 14400
cachesize 10000
checkpoint 256 15
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/pccw.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#modulepath /usr/local/libexec/openldap/
#moduleload ppolicy.la
# Password policy
#overlay ppolicy
#ppolicy_default "cn=default,ou=Policies"
#ppolicy_default "cn=default,ou=Policies,o=HKSARG"
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix ""
rootdn "cn=Manager"
#rootdn "ou=SCIG,ou=Govt-Dept,o=HKSARG,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
rootpw {SSHA}hzt3Mw7MTu+PvXuk8p24xMwLyscP2rls
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass,entryCSN,entryUUID,cn,pwdChangedTime eq
#replogfile /var/lib/ldap/openldap-master-replog
loglevel 16384
logfile /var/lib/ldap/ldap.log
overlay syncprov
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,o=HKSARG"
ppolicy_hash_cleartext
#access to * by dn="cn=Manager" write by * read
access to * by anonymous auth by * write by dn.base="o=HKSARG" write by * none
access to * by * write
access to * by * read
#database monitor
#syncprov-checkpoint 100 10
syncprov-sessionlog 100
# syncrepl directives
syncrepl rid=001
provider=ldap://disb01:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=002
provider=ldap://disb02:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=003
provider=ldap://pisb01:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=004
provider=ldap://pisb02:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
mirrormode on
serverID 003
#overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 100
# Performance tuning directives
sizelimit 5000
threads 8
idletimeout 14400
cachesize 10000
checkpoint 256 15
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/pccw.schema
include /usr/local/etc/openldap/schema/ppolicy.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#modulepath /usr/local/libexec/openldap/
#moduleload ppolicy.la
# Password policy
#overlay ppolicy
#ppolicy_default "cn=default,ou=Policies"
#ppolicy_default "cn=default,ou=Policies,o=HKSARG"
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix ""
rootdn "cn=Manager"
#rootdn "ou=SCIG,ou=Govt-Dept,o=HKSARG,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw secret
rootpw {SSHA}hzt3Mw7MTu+PvXuk8p24xMwLyscP2rls
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass,entryCSN,entryUUID,cn,pwdChangedTime eq
#replogfile /var/lib/ldap/openldap-master-replog
loglevel 16384
logfile /var/lib/ldap/ldap.log
overlay syncprov
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,o=HKSARG"
ppolicy_hash_cleartext
#access to * by dn="cn=Manager" write by * read
access to * by anonymous auth by * write by dn.base="o=HKSARG" write by * none
access to * by * write
access to * by * read
#database monitor
#syncprov-checkpoint 100 10
syncprov-sessionlog 100
# syncrepl directives
syncrepl rid=001
provider=ldap://disb01:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=002
provider=ldap://disb02:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=003
provider=ldap://pisb01:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
syncrepl rid=004
provider=ldap://pisb02:389/
bindmethod=simple
binddn="cn=Manager"
credentials=secret
searchbase="o=HKSARG"
schemachecking=off
type=refreshAndPersist
attrs="*,+"
retry="1 +"
mirrormode on
serverID 004
#overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 100
# Performance tuning directives
sizelimit 5000
threads 8
idletimeout 14400
cachesize 10000
checkpoint 256 15
14 years, 4 months
LDAP_RES_ENTRY vs LDAP_RES_RESULT
by owen nirvana
i'm a newbie.
I am writing an application about pki, which needs openldap, when I
try to query an entry from ldap server, openLDAP return LDAP_RES_ENTRY
or LDAP_RES_RESULT if successful.
I could not understande the difference between them. In my opnion ,
ENTRY is inferior to RESULT, LDAP should give me a result, and I get
one or more entries from this result. I don't know why LDAP have to
give me a message not LDAP_RES_RESULT ,but LDAP_RES_ENTRY in some
conditions.
btw, I try to complie the source 2.4.11 or 12, the make is successful,
but the test script maybe could not start slapd. without doubt,
openldap 2.4.11 from debian package works fine, I don't know why?
os: debian lenny 20080902
gtalk:freeespeech@gmail.com
14 years, 4 months
Trigerring an action after an ldapadd or modify
by daniel rahmeh
hi,
is it possible with openldap to trigger an action (like a shell
script) after a succesfull ldapadd or ldapmodify operation. I was
looking for an overlay that does the job but i didn't find it. any
help will be appreciated.
thank you
14 years, 4 months
Re: regarding ldap filters "extensible match search"
by Hamidreza Hamedtoolloei
Hey Hallvard,
thanks for your prompt response. My big concern is that at the time of search I am not aware of the ldap tree structure. In other words, I only know about root, project, and site1, and dont have any info about rest of the tree (existence of site 2 etc). Perhaps I can do one search for excluded sites like site2, and use the result to return appropriate users. this should be possible as I am using jLDAP to connect to ldap directory from my java code. I would like to do one query though.....not sure if it is possible!
________________________________
From: Hallvard B Furuseth <h.b.furuseth(a)usit.uio.no>
To: Hamidreza Hamedtoolloei <hamedtoolloei(a)yahoo.com>
Cc: openldap-technical(a)openldap.org
Sent: Sunday, November 2, 2008 9:26:54 AM
Subject: Re: regarding ldap filters "extensible match search"
Hamidreza Hamedtoolloei writes:
> given the partial tree below, how can I return users in the root,
> project, and site1 (i.e. dont want to return site2 users).
ldapsearch -x ... '(&(uid=hamedtoolloei)(!(ou:dn:=site2)))'
This omits results that have ou=site2 in the DN.
--
Hallvard
14 years, 4 months
regarding ldap filters "extensible match search"
by Hamidreza Hamedtoolloei
Hi all,
given the partial tree below, how can I return users in the root, project, and site1 (i.e. dont want to return site2 users). note that site2 might have nested sites. I would rather to perform only one query. I've been playing with the "extensible match search", but site the rootDN is part of the site2DN, it returns the site2 users as well...
dc=example,dc=com
| |
| |
| ou=users,dc=example,dc=com
|
o=project,dc=example,dc=com
| | |
| | |
| | ou=users,o=project,dc=example,dc=com
| |
| |
ou=site1,o=project,dc=example,dc=com ou=site2,o=project,dc=example,dc=com
| |
| |
ou=users, ou=site1,o=project,dc=example,dc=com ou=users,ou=site2,o=project,dc=example,dc=co
14 years, 4 months
