Re: top-level data entries not replicating, 2.4.15, now 2.4.17
by Brian Neu
I compiled new rpms and upgraded to 2.4.17 on both the provider and consumer. The problem persists.
New entries like:
dn:cn=test2,dc=srg,dc=com
objectclass: top
objectclass: person
userpassword:blah
sn:test2
don't replicate. But other entries do, like:
dn: uid=user1,ou=People,dc=srg,dc=com
uid: user1
cn: Advanced Open Systems
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword::
shadowLastChange: 14441
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 5000
gidNumber: 5000
homeDirectory: /home/user1
gecos: Advanced Open Systems
I've attached the slapd.conf for the master/provider.
Thank you in advance for any assistance.
--- On Thu, 8/20/09, Brian Neu <proclivity76(a)yahoo.com> wrote:
> From: Brian Neu <proclivity76(a)yahoo.com>
> Subject: Re: top-level data entries not replicating, 2.4.15
> To: "Jonathan Clarke" <jonathan(a)phillipoux.net>
> Cc: openldap-technical(a)openldap.org
> Date: Thursday, August 20, 2009, 8:39 AM
> Forgive me if pasting here is bad
> etiquette.
>
>
> <consumer slapd.conf>
>
> include
> /etc/openldap/schema/corba.schema
> include
> /etc/openldap/schema/core.schema
> include
> /etc/openldap/schema/cosine.schema
> include
> /etc/openldap/schema/duaconf.schema
> include
> /etc/openldap/schema/dyngroup.schema
> include
> /etc/openldap/schema/inetorgperson.schema
> include
> /etc/openldap/schema/java.schema
> include
> /etc/openldap/schema/misc.schema
> include
> /etc/openldap/schema/nis.schema
> include
> /etc/openldap/schema/openldap.schema
> include
> /etc/openldap/schema/ppolicy.schema
> include
> /etc/openldap/schema/collective.schema
> include
> /etc/openldap/schema/samba.schema
>
> allow bind_v2
>
> pidfile
> /var/run/openldap/slapd.pid
> argsfile
> /var/run/openldap/slapd.args
>
> TLSCACertificateFile /etc/openldap/cacerts/cavictory2.crt
> TLSCertificateFile /etc/openldap/keys/victory3cert.pem
> TLSCertificateKeyFile /etc/openldap/keys/victory3key.pem
>
> database hdb
> suffix "dc=srg,dc=com"
> checkpoint 1024 15
> rootdn
> "cn=Manager,dc=srg,dc=com"
>
> rootpw {MD5}blah
>
> directory /var/lib/ldap
>
> index objectClass
> eq,pres
> index ou,cn,mail,surname,givenname
> eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid
> eq,pres,sub
> index nisMapName,nisMapEntry
> eq,pres,sub
>
> syncrepl rid=0
>
> provider=ldap://victory2.srg.com:389
> bindmethod=simple
> starttls=critical
>
> binddn="cn=replicator,dc=srg,dc=com"
> credentials=blah
> searchbase="dc=srg,dc=com"
> logbase="cn=accesslog"
> schemachecking=on
> type=refreshAndPersist
> retry="60 +"
> syncdata=accesslog
>
> updateref
> ldaps://victory2.srg.com
>
> database monitor
>
> access to *
> by
> dn.exact="cn=Manager,dc=srg,dc=com" write
> by * none
>
> </consumer slapd.conf>
>
>
> --- On Thu, 8/20/09, Jonathan Clarke <jonathan(a)phillipoux.net>
> wrote:
>
> > From: Jonathan Clarke <jonathan(a)phillipoux.net>
> > Subject: Re: top-level data entries not replicating,
> 2.4.15
> > To: "Brian Neu" <proclivity76(a)yahoo.com>
> > Cc: openldap-technical(a)openldap.org
> > Date: Thursday, August 20, 2009, 8:02 AM
> > On 19/08/2009 19:29, Brian Neu
> > wrote:
> > > Even with no logfilter on the consumer,
> > >
> > cn=replicator,dc=domain,dc=com&
> > >
> > sambaDomainName=SRG,dc=domain,dc=com
> > >
> > > don't replicate, even after wiping the database
> and
> > restarting. Everything else seems to replicate
> fine.
> > >
> > > How do I get top-level data entries to
> replicate?
> >
> > This really depends on your syncrepl configuration on
> the
> > consumer.
> > If you provide it here, maybe we can take a look.
> >
> > Aside from that, the latest version, 2.4.17, contains
> a few
> > fixes that
> > might help with this problem.
> >
> > Jonathan
> >
>
14 years, 3 months
errors when trying to modify olcAttributeTypes
by Alexander 'Leo' Bergolth
Hi!
I'd like to slightly change the attribute definition of olcDbConfig by
modifying olcAttributeTypes in cn=schema,cn=config with openldap-2.4.16.
I tried to apply the modification using two different ways, both
failing with different errors:
1) Delete the old attribute value and adding the new one:
---------------------------------------------------------
$ ldapmodify -xvW -h bach-s49 -D cn=Manager,cn=config -f cn-schema-olcAttributeTypes-add-del.ldif
ldap_initialize( ldap://bach-s49 )
Enter LDAP Password:
delete olcAttributeTypes:
( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' )
add olcAttributeTypes:
( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX OMsIA5String EQUALITY CaseExactIA5Match X-ORDERED 'VALUES' )
modifying entry "cn=schema,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: olcAttributeTypes: Duplicate attributeType: ""
Apache DirectoryStudio shows a little bit more info:
#!ERROR [LDAP: error code 80 - olcAttributeTypes: Duplicate attributeType: "?? 6.1.4.1.4203.1.12.2.3.2.1.3"]
dn: cn=schema,cn=config
changetype: modify
add: olcAttributeTypes
olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONF
IG configuration directives' EQUALITY caseExactIA5Match SYNTAX OMsIA5String X
-ORDERED 'VALUES' )
-
delete: olcAttributeTypes
olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONF
IG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' )
-
2) Replace all olcAttributeTypes-attributes:
--------------------------------------------
$ ldapmodify -xvW -h bach-s49 -D cn=Manager,cn=config -f cn-schema-olcAttributeTypes-repl.ldif
ldap_initialize( ldap://bach-s49 )
Enter LDAP Password:
replace olcAttributeTypes:
( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: structural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creator' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has children' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change sequence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change sequence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'syncrepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the largest committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4512: features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'monitor context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'config context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of implementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: administrative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE directoryOperation )
( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtree specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE directoryOperation )
( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT structure rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT content rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute types' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching rule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordinate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE distributedOperation )
( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL entry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFrom' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RFC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common supertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common name(s) for which the entity is known by' SUP name )
( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uniform Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related object' SUP distinguishedName )
( OLcfgGlAt:78 NAME 'olcConfigFile' DESC 'File for slapd configuration directives' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:79 NAME 'olcConfigDir' DESC 'Directory for slapd configuration backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:1 NAME 'olcAccess' DESC 'Access Control List' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:86 NAME 'olcAddContentAcl' DESC 'Check ACLs against content of Add ops' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:2 NAME 'olcAllows' DESC 'Allowed set of deprecated features' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:3 NAME 'olcArgsFile' DESC 'File for slapd command line options' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:5 NAME 'olcAttributeOptions' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:4 NAME 'olcAttributeTypes' DESC 'OpenLDAP attributeTypes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:7 NAME 'olcAuthzPolicy' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:8 NAME 'olcAuthzRegexp' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:9 NAME 'olcBackend' DESC 'A type of backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBLINGS' )
( OLcfgGlAt:10 NAME 'olcConcurrency' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:11 NAME 'olcConnMaxPending' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:13 NAME 'olcDatabase' DESC 'The backend type for a database instance' SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )
( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' SYNTAX OMsDN SINGLE-VALUE )
( OLcfgGlAt:15 NAME 'olcDisallows' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:16 NAME 'olcDitContentRules' DESC 'OpenLDAP DIT content rules' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:17 NAME 'olcGentleHUP' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:0.17 NAME 'olcHidden' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:18 NAME 'olcIdleTimeout' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:19 NAME 'olcInclude' SUP labeledURI )
( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:84 NAME 'olcIndexIntLen' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:0.4 NAME 'olcLastMod' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP ldapSyntax' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgDbAt:0.5 NAME 'olcLimits' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:26 NAME 'olcLocalSSF' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:27 NAME 'olcLogFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:28 NAME 'olcLogLevel' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:0.16 NAME 'olcMirrorMode' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:30 NAME 'olcModuleLoad' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:31 NAME 'olcModulePath' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:0.18 NAME 'olcMonitoring' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:32 NAME 'olcObjectClasses' DESC 'OpenLDAP object classes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:33 NAME 'olcObjectIdentifier' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )
( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:36 NAME 'olcPasswordHash' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:37 NAME 'olcPidFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:38 NAME 'olcPlugin' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:39 NAME 'olcPluginLogFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:40 NAME 'olcReadOnly' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgGlAt:41 NAME 'olcReferral' SUP labeledURI SINGLE-VALUE )
( OLcfgDbAt:0.7 NAME 'olcReplica' SUP labeledURI EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' )
( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:44 NAME 'olcReplicaPidFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:45 NAME 'olcReplicationInterval' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:46 NAME 'olcReplogFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:47 NAME 'olcRequires' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:48 NAME 'olcRestrict' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:49 NAME 'olcReverseLookup' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:0.8 NAME 'olcRootDN' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( OLcfgGlAt:51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:0.9 NAME 'olcRootPW' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:53 NAME 'olcSaslHost' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:54 NAME 'olcSaslRealm' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:56 NAME 'olcSaslSecProps' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:58 NAME 'olcSchemaDN' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( OLcfgGlAt:59 NAME 'olcSecurity' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:81 NAME 'olcServerID' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgGlAt:60 NAME 'olcSizeLimit' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose values will always be sorted' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:0.15 NAME 'olcSubordinate' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:0.10 NAME 'olcSuffix' EQUALITY distinguishedNameMatch SYNTAX OMsDN )
( OLcfgDbAt:0.11 NAME 'olcSyncrepl' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgGlAt:66 NAME 'olcThreads' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgGlAt:67 NAME 'olcTimeLimit' SYNTAX OMsDirectoryString )
( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:82 NAME 'olcTLSCRLFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:74 NAME 'olcTLSRandFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgGlAt:80 NAME 'olcToolThreads' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:0.12 NAME 'olcUpdateDN' SYNTAX OMsDN SINGLE-VALUE )
( OLcfgDbAt:0.13 NAME 'olcUpdateRef' SUP labeledURI EQUALITY caseIgnoreMatch )
( OLcfgDbAt:0.1 NAME 'olcDbDirectory' DESC 'Directory for database content' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC 'monitored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'monitor managed info' SUP name )
( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'monitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' DESC 'monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' DESC 'monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumber' DESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuthzDN' DESC 'monitor connection authorization DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLocalAddress' DESC 'monitor connection local address' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeerAddress' DESC 'monitor connection peer address' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DESC 'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'name of overlays defined for a given database' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read/write status of a given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DESC 'name of restricted operation for a given database' SUP managedInfo )
( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionProtocol' DESC 'monitor connection protocol' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOpsReceived' DESC 'monitor number of operations received by the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOpsExecuting' DESC 'monitor number of operations in execution within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOpsPending' DESC 'monitor number of pending operations within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOpsCompleted' DESC 'monitor number of operations completed within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet' DESC 'number of times connection_get() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRead' DESC 'number of times connection_read() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWrite' DESC 'number of times connection_write() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMask' DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionListener' DESC 'monitor connection listener' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPeerDomain' DESC 'monitor connection peer domain' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionStartTime' DESC 'monitor connection start time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionActivityTime' DESC 'monitor connection activity time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DESC 'TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DESC 'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig' DESC 'TRUE if component allows runtime configuration' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' DESC 'Number of extra entries to free when max is reached' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' DESC 'Entry cache size in entries' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' DESC 'Database checkpoint interval in kbytes and minutes' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:1.16 NAME 'olcDbChecksum' DESC 'Enable database checksum validation' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' DESC 'Pathname of file containing the DB encryption key' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:1.14 NAME 'olcDbCryptKey' DESC 'DB encryption key' SYNTAX OMsOctetString SINGLE-VALUE )
( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' )
( OLcfgDbAt:1.4 NAME 'olcDbNoSync' DESC 'Disable synchronous database writes' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:1.15 NAME 'olcDbPageSize' DESC 'Page size of specified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' DESC 'Allow reads of uncommitted data' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize' DESC 'DN cache size' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' DESC 'IDL cache size in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:0.2 NAME 'olcDbIndex' DESC 'Attribute index parameters' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' DESC 'Index attributes one at a time' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' DESC 'Deadlock detection algorithm' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:0.3 NAME 'olcDbMode' DESC 'Unix permissions of database files' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' DESC 'Depth of search stack in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:1.10 NAME 'olcDbShmKey' DESC 'Key for shared memory region' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgOvAt:3.1 NAME 'olcChainingBehavior' DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgOvAt:3.2 NAME 'olcChainCacheURI' DESC 'Enables caching of URIs not present in configuration' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgOvAt:3.3 NAME 'olcChainMaxReferralDepth' DESC 'max referral depth' EQUALITY integerMatch SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgOvAt:3.4 NAME 'olcChainReturnError' DESC 'Errors are returned instead of the original referral' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:0.14 NAME 'olcDbURI' DESC 'URI (list) for remote DSA' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.1 NAME 'olcDbStartTLS' DESC 'StartTLS' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.2 NAME 'olcDbACLAuthcDn' DESC 'Remote ACL administrative identity' OBSOLETE SYNTAX OMsDN SINGLE-VALUE )
( OLcfgDbAt:3.3 NAME 'olcDbACLPasswd' DESC 'Remote ACL administrative identity credentials' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.4 NAME 'olcDbACLBind' DESC 'Remote ACL administrative identity auth bind configuration' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.5 NAME 'olcDbIDAssertAuthcDn' DESC 'Remote Identity Assertion administrative identity' OBSOLETE SYNTAX OMsDN SINGLE-VALUE )
( OLcfgDbAt:3.6 NAME 'olcDbIDAssertPasswd' DESC 'Remote Identity Assertion administrative identity credentials' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.7 NAME 'olcDbIDAssertBind' DESC 'Remote Identity Assertion administrative identity auth bind configuration' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.8 NAME 'olcDbIDAssertMode' DESC 'Remote Identity Assertion mode' OBSOLETE SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.9 NAME 'olcDbIDAssertAuthzFrom' DESC 'Remote Identity Assertion authz rules' SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
( OLcfgDbAt:3.10 NAME 'olcDbRebindAsUser' DESC 'Rebind as user' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.11 NAME 'olcDbChaseReferrals' DESC 'Chase referrals' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.12 NAME 'olcDbTFSupport' DESC 'Absolute filters support' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.13 NAME 'olcDbProxyWhoAmI' DESC 'Proxy whoAmI exop' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.14 NAME 'olcDbTimeout' DESC 'Per-operation timeouts' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.15 NAME 'olcDbIdleTimeout' DESC 'connection idle timeout' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.16 NAME 'olcDbConnTtl' DESC 'connection ttl' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.17 NAME 'olcDbNetworkTimeout' DESC 'connection network timeout' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.18 NAME 'olcDbProtocolVersion' DESC 'protocol version' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:3.19 NAME 'olcDbSingleConn' DESC 'cache a single connection per identity' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.20 NAME 'olcDbCancel' DESC 'abandon/ignore/exop operations when appropriate' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.21 NAME 'olcDbQuarantine' DESC 'Quarantine database if connection fails and retry according to rule' SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:3.22 NAME 'olcDbUseTemporaryConn' DESC 'Use temporary connections if the cached one is busy' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.23 NAME 'olcDbConnectionPoolMax' DESC 'Max size of privileged connections pool' SYNTAX OMsInteger SINGLE-VALUE )
( OLcfgDbAt:3.25 NAME 'olcDbNoRefs' DESC 'Do not return search reference responses' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:3.26 NAME 'olcDbNoUndefFilter' DESC 'Do not propagate undefined search filters' SYNTAX OMsBoolean SINGLE-VALUE )
( OLcfgDbAt:5.1 NAME 'olcRelay' DESC 'Relay DN' SYNTAX OMsDN SINGLE-VALUE )
( OLcfgDbAt:7.1 NAME 'olcDbSocketPath' DESC 'Pathname for Unix domain socket' EQUALITY caseExactMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( OLcfgDbAt:7.2 NAME 'olcDbSocketExtensions' DESC 'binddn, peername, or ssf' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( olmBDBAttributes:1 NAME 'olmBDBEntryCache' DESC 'Number of items in Entry Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( olmBDBAttributes:2 NAME 'olmBDBDNCache' DESC 'Number of items in DN Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( olmBDBAttributes:3 NAME 'olmBDBIDLCache' DESC 'Number of items in IDL Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( olmBDBAttributes:4 NAME 'olmDbDirectory' DESC 'Path name of the directory where the database environment resides' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
modifying entry "cn=schema,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
The corresponding ldif-files and the original cn=schema,cn=config entry
can be found at http://leo.kloburg.at/tmp/openldap-olcattributetypes/
Any hints?
Thanks,
--leo
--
e-mail ::: Leo.Bergolth (at) wu.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
14 years, 3 months
runtime config: adding values to olcDbConfig
by Alexander 'Leo' Bergolth
Hi!
I am experiencing troubles when trying to add an additional value to the
olcDbConfig attribute (openldap-2.4.16):
$ ldapmodify -xvW -h bach-s49 -D cn=Manager,cn=config <<EOF
> dn: olcDatabase={1}bdb,cn=config
> changetype: modify
> add: olcDbConfig
> olcDbConfig: {19}# urxn
> -
> EOF
ldap_initialize( ldap://bach-s49 )
Enter LDAP Password:
add olcDbConfig:
{19}# urxn
modifying entry "olcDatabase={1}bdb,cn=config"
ldap_modify: Inappropriate matching (18)
additional info: modify/add: olcDbConfig: no equality matching rule
replacing all attribute values with "changetype: modify" and "replace:
olcDbConfig" works fine but unfortunately Apache DirectoryStudio doesn't
seem to offer that way of committing changes...
Unfortunately the attribute definition of olcDbConfig seems to be
hardcoded, so is there any way to make the above modification work?
Thanks,
--leo
--
e-mail ::: Leo.Bergolth (at) wu.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
14 years, 3 months
question for some code in sasl binding
by Xu, Qiang (FXSGSC)
Hi, all:
In reading OpenLDAP code related to SASL binding, I found the following snippet:
========================================
int
ldap_sasl_bind(
LDAP *ld,
LDAP_CONST char *dn,
LDAP_CONST char *mechanism,
struct berval *cred,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
{
...
if( mechanism == LDAP_SASL_SIMPLE ) {
/* simple bind */
rc = ber_printf( ber, "{it{istON}" /*}*/,
id, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SIMPLE,
cred );
} else if ( cred == NULL || cred->bv_val == NULL ) {
/* SASL bind w/o credentials */
rc = ber_printf( ber, "{it{ist{sN}N}" /*}*/,
id, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SASL,
mechanism );
} else {
/* SASL bind w/ credentials */
rc = ber_printf( ber, "{it{ist{sON}N}" /*}*/,
id, LDAP_REQ_BIND,
ld->ld_version, dn, LDAP_AUTH_SASL,
mechanism, cred );
}
...
}
========================================
Just wanna know that if I remove the condition "|| cred->bv_val == NULL" in the "else if" brance, what will happen?
Anyone can tell me why this condition was added? What bug did it fix? My guess is that if it is removed, then the network trace will display some packet marked with "Malformed Packet", but the binding result should be the same.
Still, I need some confirmation from your guys.
P.S. Shouldn't another condtion, say, "|| cred->bv_len == 0" be added into the "else if" brance as well?
Thanks,
Xu Qiang
14 years, 3 months
Avoid unexistent user queries
by Jordi Espasa Clofent
Hi all,
I'm using OpenLDAP as account server. In the server I see a lot of
queries from inexistents users in LDAP:
filter="(&(objectClass=posixGroup)(|(memberUid=ivan)(uniqueMember=uid=ivan,ou=sat,ou=tecnic,dc=cdmon,dc=com)))"
filter="(&(objectClass=posixAccount)(uidNumber=900))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=postfix))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=nobody))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=postfix))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uidNumber=125))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=xatlantax))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uidNumber=900))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=cetr))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uidNumber=900))"
gidNumbercn
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=root))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
filter="(&(objectClass=posixAccount)(uid=www-data))"
I don't understand why because of users as '900, postfix, root,
www-data' don't exists as users in LDAP server. On the other hand, the
user 'ivan' exists and you can see the difference in the log record.
¿Where is the problem? Maybe in my /etc/nsswitch.conf of LDAP clients?
# cat /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
sudoers: ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Taking for example the common 'www-data' user query, I see in the LDAP
client the next:
# cat /var/log/auth.log | grep apache
Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:20:30 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:20:58 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:02 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:04 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:06 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:48 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:49 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:50 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:21:59 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:00 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:03 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:05 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:07 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:24 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
Aug 20 01:22:25 xen-ad0010 apache2: nss_ldap: reconnected to LDAP server
ldap://192.168.10.1/
¿Why Apache2 tries to connect to LDAP (192.168.10.1)? ¿How I can avoid it?
--
Thanks,
Jordi Espasa Clofent
14 years, 3 months
using ldapsearch to get whole data
by mukim pathan
Hi,
I am unable to use slapcat to get whole database into a ldif file because I
have a 32 bit machine which cannot write file having size more than 2 GB.
So I am looking for alternate ways to get full database into ldif file. So
please tell me if there are any alternate ways to do this.
I am using openldap-2.4.16 with BDB-4.5
Regards,
Mukim Pathan
14 years, 3 months
LDAP Multimaster Replication
by Paul bob
Hi -
I have question regarding the HA, configured LDAP Multimaster Replication
(Openldap 2.4.17 & BDB 4.6.21 ) I can see the Users data in both Server1
and Server2. When I turned off the server2 the users are not getting
authenticated through Server1. It always getting authentication through
Server2.
I would appreciate your valuable suggestion!
Thanks,
PB
14 years, 3 months
ldap_add: Already exists (68) errors when testing multi-master sync replication
by Barry Colston
While testing sync replication, I encountered a situation in which a
previously deleted DN cannot be added again because the ldapadd command
receives a 68 error code. If I perform an ldapsearch command for the DN,
the DN is not found. If I try to add the DN, the add fails with a 68 error
code. If I perform a slapcat command for that DN, slapcat displays the
record. I have removed all BDB index files and rerun the slapindex command,
but the DN is still not found with the ldapsearch command and fails to be
added because of a 68 error code. 1 reason I can think of is that deleting
a DN does not physically delete the record, but flags the DN as being
logically deleted. This condition does not happen all the time, but it does
happen eventually after I have been adding, modifying, and deleting records
for approximately 15 minutes.
I'm running openLDAP 2.4.17 with BDB 4.6.21 (and have not applied the 4 BDB
patches). Running sync replication with 2 masters defined in mirror mode
using refreshandpersist; issuing LDAP commands against only master slapd #1.
Barry Colston
14 years, 3 months
[PROBLEM] delta-syncrepl, accesslog and filters
by mkappe
Hello,
I use openldap 2.4.16.
I configured 2 servers using syncrepl. I would like to sync only a DIT
fragment and so i put these lines in the consumer slapd.conf file:
syncrepl rid=111
provider=ldaps://mydomain.it<http://ldapstudenti.cca.unipd.it:12315/>
type=refreshAndPersist
searchbase="dc=mydomain,dc=it"
filter="(&(objectClass=MyClass)(Email=true))"
attrs="Username,UserStatus,UserExpireDate"
schemachecking=off
bindmethod=simple
binddn="cn=reader,dc=mydomain,dc=it"
credentials=xxxxxx
retry="60 +"
When i try to get out of the scope an entry (setting its attribute 'Email' =
false) in the producer, i see that the same entry is removed from the
consumer.
Everything works fine if i don't activate delta syncrepl mode using
accesslog overlay.
If i do that, every changes in the producer is propagated to the consumer
even if the entry is out of the scope defined in the consumer.
How can i configure delta syncrepl (with accesslog) for sync only a DIT
fragment?
My producer (delta-syncrepl mode) slapd.conf is:
moduleload syncprov.la
#######################################################################
# ACCESSLOG database definitions
#######################################################################
moduleload accesslog.la
database bdb
suffix "cn=accesslog"
rootdn "cn=accesslog"
directory /openldap/data/accesslog
index default eq
index entryCSN,objectClass
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
#######################################################################
# BDB database definitions
#######################################################################
# RAMO LOCALE:
database bdb
suffix "dc=mydomain,dc=it"
rootdn "cn=manager,dc=mydomain,dc=it"
rootpw xxxxxxx
directory /openldap/data
index objectClass,uid eq
index entryCSN eq
index entryUUId eq
index Email pres,eq
#######################################################################
# Syncrepl - Sincprov
#######################################################################
overlay syncprov
syncprov-checkpoint 100 1
syncprov-sessionlog 100
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logpurge 00+01:00 00+00:15
#######################################################################
# ACL
#######################################################################
access to dn.subtree="dc=mydomain,dc=it" attrs="userPassword"
by anonymous auth
by self write
by * search
access to *
by dn.base="cn=reader,dc=mydomain,dc=it" read
by * break
My consumer (delta-syncrepl mode) slapd.conf is:
#######################################################################
# BDB database definitions
#######################################################################
# RAMO LOCALE:
database bdb
suffix "dc=mydomain,dc=it"
rootdn "cn=manager,dc=mydomain,dc=it"
rootpw xxxxxxx
directory /openldap/data
index objectClass,uid eq
index entryUUID,entryCSN eq
index Email pres,eq
#######################################################################
# DELTA-SYNCREPL
#######################################################################
syncrepl rid=005
provider=ldaps://mydomain.it:123
type=refreshAndPersist
searchbase="dc=mydomain,dc=it"
filter="(&(objectClass=myClass)(Email=true))"
logbase="cn=accesslog"
syncdata=accesslog
schemachecking=off
bindmethod=simple
binddn="cn=reader,dc=mydomain,dc=it"
credentials=xxxxxx
retry="60 +"
updateref ldaps://mydomain.it:123
######################################################################
# ACL
######################################################################
access to dn.subtree="dc=mydomain,dc=it" attrs="userPassword"
by anonymous auth
by self write
by * search
access to *
by dn.base="cn=reader,dc=mydomain,dc=it" read
by * break
Thank you!
Marco
14 years, 3 months