Openldap 2.3.39 Solaris 9 (maybe memory leaks).
by Andrea Cirulli
Hi all,
we are experiencing a lot of problems with openldap 2.3.39 on Solaris 9.
We have the following set:
1- One producer Solaris 9 openldap 2.3.39
2- 19 Consumer, synchronized with the producer through syncrepl, Solaris 9
openldap 2.3.39
3- We manage the authentication on 2000 systems , almost equally distributed
on the 20 ldap server
The producer is often going down, each hour and less during the day.
We noticed that every time the Producer is going down the virtual memory
used is bigger than 3,8 Gb and the RSS (resident set size) is bigger than
2,1 Gb.
This is a snapshot of prstat when openldap is about of crashing:
PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP
1965 root 3873M 2179M sleep 60 0 0:41:40 0.5% slapd/27.
The openldap is compiled in this way:
./configure --enable-bdb --enable-ppolicy --with-tls
If these informations are not enough, I could provide other informations.
It seems that there is a memory leak.
P.S: We are using these systems since 2,5 years, the number of the managment
systems is always growing up. We have this problem since 2 weeks.
--
Andrea Cirulli
14 years, 9 months
N-Way Multi-Master replication - delete problem
by Adrien Futschik
I'm testing N-Way Multi-Master replication with OpenLDAP 2.411.
I have setup 2 Masters (m1 & m2) starting form test050-syncrepl-multimaster and modifying it.
Every thing seems to work fine except deleting entries.
Let me explain.
case 1 :
. When I add an entry on m1 it is successfully replicated on m2.
. When I try to delete this entry on m1, it is successfully removed from m1, but not replicated on m2.
. When, I try to delete this entry on m2, it is successfully removed from m2 & m1.
case 2 :
. When I add an entry on m2 it is successfully replicated on m1.
. When I try to delete this entry on m2, it is successfully removed from m2, but not replicated on m1.
. When, I try to delete this entry on m1, it is successfully removed from m1 & m2.
I don't have the same problem when I delete an attribute or update an entry. Is this normal ?
Adrien Futschik
14 years, 9 months
Re: Versioning entries in the DIT
by Lorenzo Pastrana
On Wed, 2008-12-17 at 23:47 -0800, Howard Chu wrote:
> ere's no standard or transparent way to do this. The most
> straightforward
> approach is to use a multi-valued RDN for your entries, e.g. instead
> of
> cn=foo,o=example
> use
> cn=foo+id=1,o=example
> cn=foo+id=2,o=example
> and so on.
That makes sense ...
> Except of course, that you can no longer reference entries without
> knowing
> their version number.
Well if i consider a 'HEAD' entry (without a number) all others are old
versions. And that would be also ok for me.
Thanks for the tip.
LP
Lorenzo Pastrana - Happy End Vision
--------------------------
Design web
Conception multimédia
Communication visuelle et édition
--------------------------
Tél. : 01 42 47 83 09
Fax : 01 47 70 70 19
E-mail : lorenzo.pastrana(a)happyend.fr
14 years, 9 months
RE: slapd won't run as service
by Quanah Gibson-Mount
--On Tuesday, December 16, 2008 9:22 PM -0800 Eddie Grenier <edo(a)edwaa.com>
wrote:
> set_lg_dir /usr/local/var/openldap-logs
> -----------------------------------------------------
>
> Admittedly, I know very little about these configuration options. I set
> these parameters after finding a "suggested" DB_CONFIG file on the
> internet.
>
> Any help is much appreciated!
First, I would suggest you keep your replies on the list, so other people
can gain knowledge too.
Second, it clearly notes it stores the log files in
/usr/local/var/openldap-logs. I'm guessing the slapd user can't access
that location.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
14 years, 9 months
Floating point numbers in ldap
by Lorenzo Pastrana
I can't find any mentions of floating point/real data types in ldap
attributes syntax, I've been reading the laconic 'Numeric Sting'
specifications :
6.23. Numeric String
( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
The encoding of a string in this syntax is the string value itself.
Example:
1997
Would this work ok (matching & ordering) with a 1.997 value ?
If not, how do I get ldap to match and order floating point scalars ?
Thanks.
Lo.
Lorenzo Pastrana - Happy End Vision
--------------------------
Design web
Conception multimédia
Communication visuelle et édition
--------------------------
Tél. : 01 42 47 83 09
Fax : 01 47 70 70 19
E-mail : lorenzo.pastrana(a)happyend.fr
14 years, 9 months
ldap user not visible in home directory
by Donny George
Hello
I have set up a ldap and used LAM to populate the database. though i can see
the user created both on the server and the client , i cant see the users
home directory
I am also not able to use the command id username
is this specifically because i committed some error in the config file or
would it be something other major mistake ?
somehow i cant figure out the mistake
--
Donny George
14 years, 9 months
slapd won't run as service
by Eddie Grenier
I've installed, configured and run OpenLDAP on my server. However, if I try
to run it as a service using "service ldap start" it doesn't run. Also, the
configuration file step returns "OK" as does the starting slapd step. I've
narrowed it down to the fact that if slapd is run as user root things work
just fine. I've already done "chown -R ldap:ldap /var/lib/ldap" but that
doesn't seem to help. Here is the output I see when trying to run as user
ldap:
slapd startup: initiated.
bdb_db_open: dc=edwaa,dc=com
bdb_db_open: dbenv_open(/var/lib/ldap)
bdb(dc=edwaa,dc=com): Invalid log file: log.0000000001: No such file or
directory
bdb(dc=edwaa,dc=com): PANIC: No such file or directory
bdb(dc=edwaa,dc=com): PANIC: DB_RUNRECOVERY: Fatal error, run database
recovery
bdb_db_open: dbenv_open failed: DB_RUNRECOVERY: Fatal error, run database
recovery (-30978)
backend_startup: bi_db_open(0) failed! (-30978)
slapd shutdown: initiated
====> bdb_cache_release_all
bdb(dc=edwaa,dc=com): DB_ENV->lock_id_free interface requires an environment
configured for the locking subsystem
slapd shutdown: freeing system resources.
bdb(dc=edwaa,dc=com): txn_checkpoint interface requires an environment
configured for the transaction subsystem
bdb_db_destroy: txn_checkpoint failed: Invalid argument (22)
slapd stopped.
connections_destroy: nothing to destroy.
Any ideas would be much appreciated!
14 years, 9 months
ACL for DIT structure rules
by Mansour Al Akeel
Hello all,
In a previous email, I was told that we can implement *DIT* *structure*
rules with openldap using ACL
(http://www.openldap.org/lists/openldap-technical/200811/msg00152.html).
Did any one have any success implementing these rules with ACL. I have
searched the net for an example, but out of luck. Possibly a simple
example will help a lot, just to give me an idea about the syntax for a
DIT structure rule using ACL.
Thank you.
14 years, 9 months
Re: OpenLDAP replication
by Justin Lintz
Gavin,
Thanks for your help. That appears to be working. In a failure
situation where rid=1 goes down, and writes began occuring to rid=2,
when I bring back up the server which was set to rid=1, what is the
proper way to get them back in sync? Would it be just to change the
rids and reload openldap?
- Justin Lintz
On Mon, Dec 15, 2008 at 2:57 PM, Gavin Henry <ghenry(a)openldap.org> wrote:
>
> ----- "Justin Lintz" <jlintz(a)gmail.com> wrote:
>
>> Quanah,
>>
>> Looking at
>> http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master
>> it appears the example is with using cn=config to store the
>> configuration. Is there an example somewhere with just using
>> slapd.conf?
>
> I'm in the process of re-writing the replication section, but the following:
>
> olcOverlay: syncprov
>
> dn: olcDatabase={0}config,cn=config
> changetype: modify
> add: olcSyncRepl
> olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
> credentials=secret searchbase="cn=config" type=refreshAndPersist
> retry="5 5 300 5" timeout=1
> olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
> credentials=secret searchbase="cn=config" type=refreshAndPersist
> retry="5 5 300 5" timeout=1
> olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple
> credentials=secret searchbase="cn=config" type=refreshAndPersist
> retry="5 5 300 5" timeout=1
> -
> add: olcMirrorMode
> olcMirrorMode: TRUE
>
>
> would just go under a database section like other syncrepl statements and look something like:
>
> overlay syncprov
>
> syncrepl rid=001
> provider=$URI1
> binddn="cn=config"
> bindmethod=simple
> credentials=secret
> searchbase="cn=config"
> type=refreshAndPersist
> retry="5 5 300 5"
> timeout=1
>
> syncrepl rid=002
> provider=$URI1
> binddn="cn=config"
> bindmethod=simple
> credentials=secret
> searchbase="cn=config"
> type=refreshAndPersist
> retry="5 5 300 5"
> timeout=1
>
> syncrepl rid=003
> provider=$URI1
> binddn="cn=config"
> bindmethod=simple
> credentials=secret
> searchbase="cn=config"
> type=refreshAndPersist
> retry="5 5 300 5"
> timeout=1
>
> mirrormode on
>
> Remember the above is replicating cn=config though.
>
> Check back in the new year.
>
>
> --
> Kind Regards,
>
> Gavin Henry.
> OpenLDAP Engineering Team.
>
> E ghenry(a)OpenLDAP.org
>
> Community developed LDAP software.
>
> http://www.openldap.org/project/
>
14 years, 9 months
Querying Attribute Type Definitions Problem
by Kevin Hardiman
I am trying to query the definition of an attribute type using one of
the attribute type's aliases. For example, given:
attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
DESC 'RFC2256: common name(s) for which the entity is known by'
SUP name )
I am using Java's naming API to query the definition, and getting an
exception saying the attribute type doesn't exist. Example:
DirContext cnSchema =
(DirContext)schema.lookup("AttributeDefinition/commonName");
I appreciate that this is not a Java list - I am trying to determine if
what I am seeing is consistent with one of the many LDAP RFC's (i.e. I
must use the actual attribute type's name to get the definition). If
not I'll peddle my query elsewhere :)
Thanks,
Kevin Hardiman
14 years, 9 months