openldap-technical December 2008

openldap-technical@openldap.org

58 participants
71 discussions

Openldap 2.3.39 Solaris 9 (maybe memory leaks).
by Andrea Cirulli 18 Dec '08

18 Dec '08

Hi all, we are experiencing a lot of problems with openldap 2.3.39 on Solaris 9. We have the following set: 1- One producer Solaris 9 openldap 2.3.39 2- 19 Consumer, synchronized with the producer through syncrepl, Solaris 9 openldap 2.3.39 3- We manage the authentication on 2000 systems , almost equally distributed on the 20 ldap server The producer is often going down, each hour and less during the day. We noticed that every time the Producer is going down the virtual memory used is bigger than 3,8 Gb and the RSS (resident set size) is bigger than 2,1 Gb. This is a snapshot of prstat when openldap is about of crashing: PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 1965 root 3873M 2179M sleep 60 0 0:41:40 0.5% slapd/27. The openldap is compiled in this way: ./configure --enable-bdb --enable-ppolicy --with-tls If these informations are not enough, I could provide other informations. It seems that there is a memory leak. P.S: We are using these systems since 2,5 years, the number of the managment systems is always growing up. We have this problem since 2 weeks. -- Andrea Cirulli

2 1

N-Way Multi-Master replication - delete problem
by Adrien Futschik 18 Dec '08

18 Dec '08

I'm testing N-Way Multi-Master replication with OpenLDAP 2.411. I have setup 2 Masters (m1 & m2) starting form test050-syncrepl-multimaster and modifying it. Every thing seems to work fine except deleting entries. Let me explain. case 1 : . When I add an entry on m1 it is successfully replicated on m2. . When I try to delete this entry on m1, it is successfully removed from m1, but not replicated on m2. . When, I try to delete this entry on m2, it is successfully removed from m2 & m1. case 2 : . When I add an entry on m2 it is successfully replicated on m1. . When I try to delete this entry on m2, it is successfully removed from m2, but not replicated on m1. . When, I try to delete this entry on m1, it is successfully removed from m1 & m2. I don't have the same problem when I delete an attribute or update an entry. Is this normal ? Adrien Futschik

2 1

Re: Versioning entries in the DIT
by Lorenzo Pastrana 18 Dec '08

18 Dec '08

On Wed, 2008-12-17 at 23:47 -0800, Howard Chu wrote: > ere's no standard or transparent way to do this. The most > straightforward > approach is to use a multi-valued RDN for your entries, e.g. instead > of > cn=foo,o=example > use > cn=foo+id=1,o=example > cn=foo+id=2,o=example > and so on. That makes sense ... > Except of course, that you can no longer reference entries without > knowing > their version number. Well if i consider a 'HEAD' entry (without a number) all others are old versions. And that would be also ok for me. Thanks for the tip. LP Lorenzo Pastrana - Happy End Vision -------------------------- Design web Conception multimédia Communication visuelle et édition -------------------------- Tél. : 01 42 47 83 09 Fax : 01 47 70 70 19 E-mail : lorenzo.pastrana(a)happyend.fr

1 0

RE: slapd won't run as service
by Quanah Gibson-Mount 16 Dec '08

16 Dec '08

--On Tuesday, December 16, 2008 9:22 PM -0800 Eddie Grenier <edo(a)edwaa.com> wrote: > set_lg_dir /usr/local/var/openldap-logs > ----------------------------------------------------- > > Admittedly, I know very little about these configuration options. I set > these parameters after finding a "suggested" DB_CONFIG file on the > internet. > > Any help is much appreciated! First, I would suggest you keep your replies on the list, so other people can gain knowledge too. Second, it clearly notes it stores the log files in /usr/local/var/openldap-logs. I'm guessing the slapd user can't access that location. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

2 1

Floating point numbers in ldap
by Lorenzo Pastrana 16 Dec '08

16 Dec '08

I can't find any mentions of floating point/real data types in ldap attributes syntax, I've been reading the laconic 'Numeric Sting' specifications : 6.23. Numeric String ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' ) The encoding of a string in this syntax is the string value itself. Example: 1997 Would this work ok (matching & ordering) with a 1.997 value ? If not, how do I get ldap to match and order floating point scalars ? Thanks. Lo. Lorenzo Pastrana - Happy End Vision -------------------------- Design web Conception multimédia Communication visuelle et édition -------------------------- Tél. : 01 42 47 83 09 Fax : 01 47 70 70 19 E-mail : lorenzo.pastrana(a)happyend.fr

2 4

ldap user not visible in home directory
by Donny George 16 Dec '08

16 Dec '08

Hello I have set up a ldap and used LAM to populate the database. though i can see the user created both on the server and the client , i cant see the users home directory I am also not able to use the command id username is this specifically because i committed some error in the config file or would it be something other major mistake ? somehow i cant figure out the mistake -- Donny George

1 0

slapd won't run as service
by Eddie Grenier 15 Dec '08

15 Dec '08

I've installed, configured and run OpenLDAP on my server. However, if I try to run it as a service using "service ldap start" it doesn't run. Also, the configuration file step returns "OK" as does the starting slapd step. I've narrowed it down to the fact that if slapd is run as user root things work just fine. I've already done "chown -R ldap:ldap /var/lib/ldap" but that doesn't seem to help. Here is the output I see when trying to run as user ldap: slapd startup: initiated. bdb_db_open: dc=edwaa,dc=com bdb_db_open: dbenv_open(/var/lib/ldap) bdb(dc=edwaa,dc=com): Invalid log file: log.0000000001: No such file or directory bdb(dc=edwaa,dc=com): PANIC: No such file or directory bdb(dc=edwaa,dc=com): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery bdb_db_open: dbenv_open failed: DB_RUNRECOVERY: Fatal error, run database recovery (-30978) backend_startup: bi_db_open(0) failed! (-30978) slapd shutdown: initiated ====> bdb_cache_release_all bdb(dc=edwaa,dc=com): DB_ENV->lock_id_free interface requires an environment configured for the locking subsystem slapd shutdown: freeing system resources. bdb(dc=edwaa,dc=com): txn_checkpoint interface requires an environment configured for the transaction subsystem bdb_db_destroy: txn_checkpoint failed: Invalid argument (22) slapd stopped. connections_destroy: nothing to destroy. Any ideas would be much appreciated!

2 1

ACL for DIT structure rules
by Mansour Al Akeel 15 Dec '08

15 Dec '08

Hello all, In a previous email, I was told that we can implement *DIT* *structure* rules with openldap using ACL (http://www.openldap.org/lists/openldap-technical/200811/msg00152.html). Did any one have any success implementing these rules with ACL. I have searched the net for an example, but out of luck. Possibly a simple example will help a lot, just to give me an idea about the syntax for a DIT structure rule using ACL. Thank you.

3 9

Re: OpenLDAP replication
by Justin Lintz 15 Dec '08

15 Dec '08

Gavin, Thanks for your help. That appears to be working. In a failure situation where rid=1 goes down, and writes began occuring to rid=2, when I bring back up the server which was set to rid=1, what is the proper way to get them back in sync? Would it be just to change the rids and reload openldap? - Justin Lintz On Mon, Dec 15, 2008 at 2:57 PM, Gavin Henry <ghenry(a)openldap.org> wrote: > > ----- "Justin Lintz" <jlintz(a)gmail.com> wrote: > >> Quanah, >> >> Looking at >> http://www.openldap.org/doc/admin24/replication.html#N-Way%20Multi-Master >> it appears the example is with using cn=config to store the >> configuration. Is there an example somewhere with just using >> slapd.conf? > > I'm in the process of re-writing the replication section, but the following: > > olcOverlay: syncprov > > dn: olcDatabase={0}config,cn=config > changetype: modify > add: olcSyncRepl > olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple > credentials=secret searchbase="cn=config" type=refreshAndPersist > retry="5 5 300 5" timeout=1 > olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple > credentials=secret searchbase="cn=config" type=refreshAndPersist > retry="5 5 300 5" timeout=1 > olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple > credentials=secret searchbase="cn=config" type=refreshAndPersist > retry="5 5 300 5" timeout=1 > - > add: olcMirrorMode > olcMirrorMode: TRUE > > > would just go under a database section like other syncrepl statements and look something like: > > overlay syncprov > > syncrepl rid=001 > provider=$URI1 > binddn="cn=config" > bindmethod=simple > credentials=secret > searchbase="cn=config" > type=refreshAndPersist > retry="5 5 300 5" > timeout=1 > > syncrepl rid=002 > provider=$URI1 > binddn="cn=config" > bindmethod=simple > credentials=secret > searchbase="cn=config" > type=refreshAndPersist > retry="5 5 300 5" > timeout=1 > > syncrepl rid=003 > provider=$URI1 > binddn="cn=config" > bindmethod=simple > credentials=secret > searchbase="cn=config" > type=refreshAndPersist > retry="5 5 300 5" > timeout=1 > > mirrormode on > > Remember the above is replicating cn=config though. > > Check back in the new year. > > > -- > Kind Regards, > > Gavin Henry. > OpenLDAP Engineering Team. > > E ghenry(a)OpenLDAP.org > > Community developed LDAP software. > > http://www.openldap.org/project/ >

1 0

Querying Attribute Type Definitions Problem
by Kevin Hardiman 15 Dec '08

15 Dec '08

I am trying to query the definition of an attribute type using one of the attribute type's aliases. For example, given: attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC2256: common name(s) for which the entity is known by' SUP name ) I am using Java's naming API to query the definition, and getting an exception saying the attribute type doesn't exist. Example: DirContext cnSchema = (DirContext)schema.lookup("AttributeDefinition/commonName"); I appreciate that this is not a Java list - I am trying to determine if what I am seeing is consistent with one of the many LDAP RFC's (i.e. I must use the actual attribute type's name to get the definition). If not I'll peddle my query elsewhere :) Thanks, Kevin Hardiman

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2008