reordering email aliases ?
by Frank Bonnet
Hello
I'm facing a cosmetic problem with email aliases.
Some users has aliases for their email adresses some has not.
For example a professor named Jean Dupont has two valid email adresses :
dupontj(a)domain.tld ( which is unixlogin(a)domain.tld )
j.dupont(a)domain.tld ( which is the alias that point to
duponj(a)domain.tld )
Students have only one email adress of the form : unixlogin(a)domain.tld
In many applications we use LDAP to fetch the user's email address and
other data.
The problem is sometime we get unixlogin(a)domain.tld and sometime we get
emailalias(a)domain.tld
I would like to do the following :
if a user has an alias of the form emailalias(a)domain.tld then display it
first
Is it possible to reorder my LDAP database to do so ?
Thanks a lot !
12 years, 4 months
Abou 'make test'
by su heng
Hi All,
I encountered an error when I was installing openLDAP.
I mean 'make test'
It gave me a message at the end of the output message:
...
...
No race errors found after 10 iterations
Found 2 errors
>>>>>> Exiting with a false success status for now
>>>>> ./scripts/test058-syncrepl-asymmetric completed OK for hdb.
make[2]: Leaving directory
`/home/suheng/Downloads/openldap-2.4.23/tests'
make[1]: Leaving directory
`/home/suheng/Downloads/openldap-2.4.23/tests'
He said I had 2 errors encountered, however, I couldn't locate where the
error is.
Although I can install it, I worried about if it works fine.
So, How can I locate the error location when I do 'make test'?
Thanks & Best Regards,
Su Heng
12 years, 4 months
Configuring the chain overlay with cn=config
by Jaap Winius
Hi folks,
My old chain configuration in slapd.conf works fine and looks like this:
#################################################
moduleload back_ldap
overlay chain
chain-uri ldap://ldaps.example.com:389/
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod=simple
binddn="cn=ldaps2,dc=example,dc=com"
credentials=bilineatus
mode=self
chain-return-error TRUE
#################################################
(Debian lenny, slapd v2.4.11-1)
Some research has led me to believe that the proper cn=config
equivalent in LDIF format would start like this:
#################################################
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: {1}back_ldap
dn: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
#################################################
(Debian squeeze, slapd v2.4.23-6)
Does that look correct? If so, could someone please explain how to
translate the other chain overlay directives I've used as well?
I've tried translating the old configuration with slaptest, but it
seems to ignore the existing chain configuration completely -- not
even the back_ldap module gets loaded as a result.
I've also tried searching the schema for them with this command:
~# ldapsearch -LLQY EXTERNAL -H ldapi:/// -b cn=schema,cn=config \
-s base | grep -A 2 -i chain
However, the list of candidates that I've found with it seems incomplete:
slapd.conf chain overlay directive => cn=config equivalent attribute
----------------------------------------------------------------------
chain-cache-uri => olcChainCacheURI
chain-chaining => olcChainingBehavior
chain-idassert-bind => ??
chain-max-depth => olcChainMaxReferralDepth
chain-rebind-as-user => ??
chain-return-error => olcChainReturnError
chain-uri => ??
?? => olcChainConfig
?? => olcChainDatabase
Can anyone fill in what's missing?
Thanks,
Jaap
12 years, 4 months
Syncprov checkpoint and sessionlog with cn=config
by Jaap Winius
Hi folks,
When configuring a sync provider with cn=config, it was not too
difficult to figure out how to load the syncprov module and create the
entry for its overlay, but it is unclear how to configure two
associated statements that appear as follows when using slapd.conf:
syncprov-checkpoint 100 10
syncprov-sessionlog 100
Can anyone say how this might be accomplished?
Thanks,
Jaap
12 years, 4 months
Syncrepl filtering
by Bram Cymet
Hi,
I would like to control what gets replicated to my ldap slaves.
How would I specify what I don't want to be replicated? Is this even
possible or do I have to create a filter that finds everything that I
want to send down?
Thanks,
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
12 years, 4 months
Accesslog overlay to get IP from user connection
by Alberto Frontera
Hello
this is my scenario:
- Centos 5.2
- ldap 2.420
- Mysql 5.07
Ldap is used to authenticate users from Ubuntu systems. We want to
storage some info from the connections:
- date
- IP
I can see this info on ldap logs, but i want to save this info on a ldap
DB (mysql backend if possible). Actually i have configured accesslog
overlay, but i think this info is not registered or i can not see it. :p
The question is: is access overlay the tool to register this info? (i
think the answer is no) ... and if it is not, how can i do this? I need
some advice on this.
Thx
12 years, 4 months
Re: unable to perform authenticated binds
by Tim Dunphy
Hey guys,
And sorry to Quanah for the type-o. ;)
At any rate thanks for the ldapsearch. It did return a ton of
information on the attributes defined in my schema:
[root@ldap2 ~]# ldapsearch -x -h ldap.acadaca.net -s base -b
"cn=subschema" + | more
# extended LDIF
#
# LDAPv3
# base <cn=subschema> with scope baseObject
# filter: (objectclass=*)
# requesting: +
#
# Subschema
dn: cn=Subschema
structuralObjectClass: subentry
createTimestamp: 20101105183240Z
modifyTimestamp: 20101105183240Z
ldapSyntaxes: ( 1.3.6.1.1.16.1 DESC 'UUID' )
ldapSyntaxes: ( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )
ldapSyntaxes: ( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' )
ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' X-BIN
ARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' )
ldapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
However, nothing shows up under the search regarding sudoRole.
[root@ldap ldif]# ldapsearch -x -h ldap.acadaca.net -s base -b
"cn=subschema" | grep sudoRole
[root@ldap ldif]#
This is curious to me as the sudoers.schema file (which has sudoRole
defined) is most definitely entered correctly into my slapd.conf file.
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
inlcude /etc/openldap/schema/sudoers.schema
include /etc/openldap/schema/openldap.schema
I checked the modes and permissions on sudoers.schema:
[root@ldap ~]# ls -l /etc/openldap/schema/sudoers.schema
-r--r--r-- 1 ldap ldap 1655 Nov 4 18:38 /etc/openldap/schema/sudoers.schema
But when I try to add this LDIF entry to my directory:
# defaults, sudoers, Services, acadaca.net
dn: cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
I am still getting this error:
[root@ldap ldif]# ldapadd -h ldap.acadaca.net -a -W -x -D
"cn=Manager,dc=acadaca,dc=net" -f /home/tim/txt/ldif/acadaca2.ldif
Enter LDAP Password:
adding new entry "cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net"
ldapadd: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
And these errors in the logs:
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on:
Nov 5 15:00:33 ldap slapd[4429]:
Nov 5 15:00:33 ldap slapd[4429]: slap_listener_activate(7):
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7 busy
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: >>> slap_listener(ldap:///)
Nov 5 15:00:33 ldap slapd[4429]: daemon: listen=7, new connection on 12
Nov 5 15:00:33 ldap slapd[4429]: daemon: added 12r (active) listener=(nil)
Nov 5 15:00:33 ldap slapd[4429]: conn=5 fd=12 ACCEPT from
IP=75.101.129.124:55873 (IP=0.0.0.0:389)
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 2 descriptors
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on:
Nov 5 15:00:33 ldap slapd[4429]: 12r
Nov 5 15:00:33 ldap slapd[4429]:
Nov 5 15:00:33 ldap slapd[4429]: daemon: read active on 12
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: connection_get(12)
Nov 5 15:00:33 ldap slapd[4429]: connection_get(12): got connid=5
Nov 5 15:00:33 ldap slapd[4429]: connection_read(12): checking for
input on id=5
Nov 5 15:00:33 ldap slapd[4429]: do_bind
Nov 5 15:00:33 ldap slapd[4429]: >>> dnPrettyNormal:
<cn=Manager,dc=acadaca,dc=net>
Nov 5 15:00:33 ldap slapd[4429]: <<< dnPrettyNormal:
<cn=Manager,dc=acadaca,dc=net>, <cn=manager,dc=acadaca,dc=net>
Nov 5 15:00:33 ldap slapd[4429]: do_bind: version=3
dn="cn=Manager,dc=acadaca,dc=net" method=128
Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=0 BIND
dn="cn=Manager,dc=acadaca,dc=net" method=128
Nov 5 15:00:33 ldap slapd[4429]: ==> bdb_bind: dn: cn=Manager,dc=acadaca,dc=net
Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=0 BIND
dn="cn=Manager,dc=acadaca,dc=net" mech=SIMPLE ssf=0
Nov 5 15:00:33 ldap slapd[4429]: do_bind: v3 bind:
"cn=Manager,dc=acadaca,dc=net" to "cn=Manager,dc=acadaca,dc=net"
Nov 5 15:00:33 ldap slapd[4429]: send_ldap_result: conn=5 op=0 p=3
Nov 5 15:00:33 ldap slapd[4429]: send_ldap_result: err=0 matched="" text=""
Nov 5 15:00:33 ldap slapd[4429]: send_ldap_response: msgid=1 tag=97 err=0
Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=0 RESULT tag=97 err=0 text=
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on:
Nov 5 15:00:33 ldap slapd[4429]:
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on:
Nov 5 15:00:33 ldap slapd[4429]: 12r
Nov 5 15:00:33 ldap slapd[4429]:
Nov 5 15:00:33 ldap slapd[4429]: daemon: read active on 12
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: connection_get(12)
Nov 5 15:00:33 ldap slapd[4429]: connection_get(12): got connid=5
Nov 5 15:00:33 ldap slapd[4429]: connection_read(12): checking for
input on id=5
Nov 5 15:00:33 ldap slapd[4429]: do_add
Nov 5 15:00:33 ldap slapd[4429]: >>> dnPrettyNormal:
<cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net>
Nov 5 15:00:33 ldap slapd[4429]: <<< dnPrettyNormal:
<cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net>,
<cn=defaults,ou=sudoers,ou=services,dc=acadaca,dc=net>
Nov 5 15:00:33 ldap slapd[4429]: do_add: dn
(cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net)
Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=1 ADD
dn="cn=defaults,ou=sudoers,ou=Services,dc=acadaca,dc=net"
Nov 5 15:00:33 ldap slapd[4429]: send_ldap_result: conn=5 op=1 p=3
Nov 5 15:00:33 ldap slapd[4429]: send_ldap_result: err=21 matched=""
text="objectClass: value #1 invalid per syntax"
Nov 5 15:00:33 ldap slapd[4429]: send_ldap_response: msgid=2 tag=105 err=21
Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=1 RESULT tag=105 err=21
text=objectClass: value #1 invalid per syntax
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on:
Nov 5 15:00:33 ldap slapd[4429]:
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on:
Nov 5 15:00:33 ldap slapd[4429]: 12r
Nov 5 15:00:33 ldap slapd[4429]:
Nov 5 15:00:33 ldap slapd[4429]: daemon: read active on 12
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: connection_get(12)
Nov 5 15:00:33 ldap slapd[4429]: connection_get(12): got connid=5
Nov 5 15:00:33 ldap slapd[4429]: connection_read(12): checking for
input on id=5
Nov 5 15:00:33 ldap slapd[4429]: ber_get_next on fd 12 failed errno=0 (Success)
Nov 5 15:00:33 ldap slapd[4429]: connection_read(12): input error=-2
id=5, closing.
Nov 5 15:00:33 ldap slapd[4429]: connection_closing: readying conn=5
sd=12 for close
Nov 5 15:00:33 ldap slapd[4429]: connection_close: deferring conn=5 sd=-1
Nov 5 15:00:33 ldap slapd[4429]: do_unbind
Nov 5 15:00:33 ldap slapd[4429]: conn=5 op=2 UNBIND
Nov 5 15:00:33 ldap slapd[4429]: connection_resched: attempting
closing conn=5 sd=12
Nov 5 15:00:33 ldap slapd[4429]: connection_close: conn=5 sd=-1
Nov 5 15:00:33 ldap slapd[4429]: daemon: removing 12
Nov 5 15:00:33 ldap slapd[4429]: conn=5 fd=12 closed
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on 1 descriptor
Nov 5 15:00:33 ldap slapd[4429]: daemon: activity on:
Nov 5 15:00:33 ldap slapd[4429]:
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=7
active_threads=0 tvp=NULL
Nov 5 15:00:33 ldap slapd[4429]: daemon: epoll: listen=8
active_threads=0 tvp=NULL
And as mentioned this exact schema configuration is working fine under
OpenLDAP 2.4 under FreeBSD and behaving as you saw under OpenLDAP 2.3
CentOS 5.4
And everything looks correct to me. Any further ideas on why this isn't working?
Thanks!
On Thu, Nov 4, 2010 at 6:03 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
> --On Thursday, November 04, 2010 5:47 PM -0400 Tim Dunphy
> <bluethundr(a)gmail.com> wrote:
>
>> however when I do a search for sudoRole it doesn't seem to show up
>>
>> [root@ldap openldap]# ldapsearch -b '' -s base '(objectclass=*)'
>> sudoRole -x -W -D "cn=Manager,dc=acadaca,dc=net"
>
> That is not a valid search of the cn=subschema entry. I would note you fail
> to offer a -h or -H option, so who knows what LDAP server it is talking to.
>
> ldapsearch -x -h zre-ldap001 -s base -b "cn=subschema" +
>
> for example, searches the subschema entry on my system.
>
>
> And my name has only one "n" in it.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
--
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
Share and enjoy!!
12 years, 4 months
Re: Issue with OpenLDAP shared libraries complie on AIX 6.1 using IBM xL Compiler
by Peter Lambrechtsen
On Wed, Nov 3, 2010 at 4:28 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote:
> Examine config.log to see why it failed.
>
As per what I get in the config.log
configure:8474: checking if cc_r -qlanglvl=extc89 static flag works
configure:8502: result: yes
configure:8570: checking for cc_r -qlanglvl=extc89 option to produce PIC
configure:8774: result:
configure:8841: checking if cc_r -qlanglvl=extc89 supports -c -o file.o
configure:8862: cc_r -qlanglvl=extc89 -c -I/opt/openldap/include
-I/opt/openldap/include -o out/conftest2.o conftest.c >&5
configure:8866: $? = 0
configure:8888: result: yes
configure:8914: checking whether the cc_r -qlanglvl=extc89 linker
(/usr/ccs/bin/ld) supports shared libraries
configure:9790: result: no
--- Any way to get a more verbose output from what it's trying to do??
configure:9861: checking dynamic linker characteristics
configure:10415: result: no
configure:10419: checking how to hardcode library paths into programs
configure:10444: result: unsupported
configure:10458: checking whether stripping libraries is possible
configure:10479: result: no
configure:10586: checking for shl_load
configure:10642: cc_r -qlanglvl=extc89 -o conftest -I/opt/openldap/include
-I/opt/openldap/include -L/opt/openldap/lib conftest.c >&5
ld: 0711-317 ERROR: Undefined symbol: .shl_load
-- I think this is the prolbem, shl_load, looks like I may need another
include or figure out why it's complaining.
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more
information.
configure:10648: $? = 8
configure: failed program was:
| /* confdefs.h. */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define OPENLDAP_PACKAGE "OpenLDAP"
| #define OPENLDAP_VERSION "2.4.23"
| #define LDAP_VENDOR_VERSION 20423
| #define LDAP_VENDOR_VERSION_MAJOR 2
| #define LDAP_VENDOR_VERSION_MINOR 4
| #define LDAP_VENDOR_VERSION_PATCH 23
| #define HAVE_MKVERSION 1
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| /* end confdefs.h. */
| /* Define shl_load to an innocuous variant, in case <limits.h> declares
shl_load.
| For example, HP-UX 11i <limits.h> declares gettimeofday. */
| #define shl_load innocuous_shl_load
|
| /* System header to define __stub macros and hopefully few prototypes,
| which can conflict with char shl_load (); below.
| Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
| <limits.h> exists even on freestanding compilers. */
|
| #ifdef __STDC__
| # include <limits.h>
| #else
| # include <assert.h>
| #endif
|
| #undef shl_load
|
| /* Override any GCC internal prototype to avoid an error.
| Use char because int might match the return type of a GCC
| builtin and then its argument prototype would still apply. */
| #ifdef __cplusplus
| extern "C"
| #endif
| char shl_load ();
| /* The GNU C library defines this for functions which it implements
| to always fail with ENOSYS. Some functions are actually named
| something starting with __ and the normal name is an alias. */
| #if defined __stub_shl_load || defined __stub___shl_load
| choke me
| #endif
|
| int
| main ()
| {
| return shl_load ();
| ;
| return 0;
| }
configure:10665: result: no
configure:10670: checking for shl_load in -ldld
configure:10705: cc_r -qlanglvl=extc89 -o conftest -I/opt/openldap/include
-I/opt/openldap/include -L/opt/openldap/lib conftest.c -ldld >&5
ld: 0706-006 Cannot find or open library file: -l dld
ld:open(): No such file or directory
configure:10711: $? = 255
configure: failed program was:
| /* confdefs.h. */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define OPENLDAP_PACKAGE "OpenLDAP"
| #define OPENLDAP_VERSION "2.4.23"
| #define LDAP_VENDOR_VERSION 20423
| #define LDAP_VENDOR_VERSION_MAJOR 2
| #define LDAP_VENDOR_VERSION_MINOR 4
| #define LDAP_VENDOR_VERSION_PATCH 23
| #define HAVE_MKVERSION 1
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| /* end confdefs.h. */
|
| /* Override any GCC internal prototype to avoid an error.
| Use char because int might match the return type of a GCC
| builtin and then its argument prototype would still apply. */
| #ifdef __cplusplus
| extern "C"
| #endif
| char shl_load ();
| int
| main ()
| {
| return shl_load ();
| ;
| return 0;
| }
configure:10729: result: no
configure:10734: checking for dlopen
configure:10790: cc_r -qlanglvl=extc89 -o conftest -I/opt/openldap/include
-I/opt/openldap/include -L/opt/openldap/lib conftest.c >&5
configure:10796: $? = 0
configure:10813: result: yes
configure:11046: checking whether a program can dlopen itself
configure:11118: cc_r -qlanglvl=extc89 -o conftest -I/opt/openldap/include
-I/opt/openldap/include -DHAVE_DLFCN_H -L/opt/openldap/lib conftest.c >&5
configure:11121: $? = 0
configure:11139: result: no
configure:11260: checking if libtool supports shared libraries
configure:11262: result: no
configure:11265: checking whether to build shared libraries
configure:11286: result: no
configure:11289: checking whether to build static libraries
configure:11293: result: yes
Also found something similar for Samba:
http://samba.2283325.n4.nabble.com/Failing-to-make-Samba-3-5-4-on-AIX-5-3...
So going to do more digging, or suggestions are welcome ;)
12 years, 4 months
loglevel question / problem
by Aaron Bennett
Hi,
I have two reasonably identical Ubuntu Server 10.04 boxes running OpenLdap 2.4.21. ( I say reasonable identical because one is a master and the other pulls via syncrepl ).
The master box is sending copious amount of query log info to syslog -- it looks like it's logging every search and connection. The other box looks like it's only logging syncrepl information to the debug facility.
What I can't figure out is how this is happening. When I started, neither machine had olcLogLevel entries in cn=config.ldif ; I have since added olcLogLevel: none (no effect) and even olcLogLevel: 0 to the master, restarting slapd each time. I've verified that it's not getting any "-d" switch on startup, both by looking at the SLAPD_OPTIONS in /etc/default/slapd and with ps -ax (which shows /usr/sbin/slapd -h ldaps:/// ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d).
Here's sample syslog output from the master:
Nov 5 07:48:06 nyx slapd[5100]: conn=1008 op=1357 SRCH attr=mailRoutingAddress
Nov 5 07:48:06 nyx slapd[5100]: conn=1008 op=1357 SEARCH RESULT tag=101 err=0 nentries=0 text=
Nov 5 07:48:06 nyx slapd[5100]: conn=1008 op=1358 SRCH base="dc=clarku,dc=edu" scope=2 deref=0 filter="(|(mail=@clarku.edu)(mailAlternateAddress=@clarku.edu))"
Nov 5 07:48:06 nyx slapd[5100]: conn=1008 op=1358 SRCH attr=mailRoutingAddress
Nov 5 07:48:06 nyx slapd[5100]: conn=1008 op=1358 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 5 07:48:06 nyx slapd[5100]: conn=1007 op=10647 SRCH base="dc=clarku,dc=edu" scope=2 deref=0 filter="(|(mail=clarku.edu)(mailAlternateAddress=clarku.edu))"
And here's sample from the slave:
Nov 5 07:54:21 erebus slapd[7913]: syncrepl_entry: rid=001 be_modify uid=dgoldman,ou=Users,dc=clarku,dc=edu (0)
Nov 5 07:54:21 erebus slapd[7913]: slap_queue_csn: queing 0x7f730550e7e0 20101105115421.300608Z#000000#000#000000
Nov 5 07:54:21 erebus slapd[7913]: slap_graduate_commit_csn: removing 0x7f730407f560 20101105115421.300608Z#000000#000#000000
Nov 5 07:54:21 erebus slapd[7913]: do_syncrep2: rid=001 cookie=rid=001,csn=20101105115421.483388Z#000000#000#000000
Nov 5 07:54:21 erebus slapd[7913]: syncrepl_entry: rid=001 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_MODIFY)
Is there some other place that this information could be living?
Thanks,
Aaron Bennett
Clark University ITS
12 years, 4 months
openldap 2.4.2[13] socket close bug ?
by Arjan Filius
Hello openldap ml,
while researching more or less regular xen/centos/openldap crash
situation, i ran into a
situation which i think is a (openldap) bug.
Tested with self compiled/packed openldap 2.4.21 and 2.4.23 on centos 5.2
64 bits
The most easy way to explain and test (for me) is:
1) Set threads to 2 in slapd.conf
2) Start a ldap search query which takes some time (say longer then a
minute or so)
ps: local or remote ldapsearch doesn't matter
ps: i used ldapsearch and a "slowcat" to simulate
3) start a second ldap search querry as with 2)
4) Try to start a third ldapsearch query, which you may notice would
connect (tcp backlog), but not yet handled by slapd.
Normally when the first ldapsearch session would stop, the third session
will be handled by slapd, which works just fine as expected, no need to
test that now.
>From now on you have some slightly different situations, which i will
number 5a ....)
5a) while those first 2 sessions are still running, and session 3 is waiting,
lets kill session 1 or 2, and here it happens:
-slapd won't log the killed session, and the third session isn't going
to handled.
-The third session is going to be handled as soon as the second session
finishes in a normal way.
5b) while those first 2 sessions are still running, and session 3 is
waiting,
kill all ldap search querries (press ^C within your ldapsearch for
example) , and here it happens:
-slapd won't log died sessions
-new ldapsearch sessions are accepted by the backlog buffer, but are
never going to be accepted by the slapd process.
-when stopping slapd it complains about closing already died
sessions/socket.
So it looks like killed sessions, are not quite handled correctly within
slapd, and i noticed as soon there is one session which finishes in a
normal way, it will also clear and free the killed sessions. The other way
arond, when killing all sessions, you've a denial of service, and no
session will ever be cleared.
Please confirm or deny, feedback welcome.
Regards,
--
Arjan Filius
iafilius(a)xs4all.nl
12 years, 4 months