openldap-technical December 2010

openldap-technical@openldap.org

82 participants
96 discussions

Re: Filesystem & backend options for embedded openldap
by Bruce Edge 18 Dec '10

18 Dec '10

On Sat, Dec 18, 2010 at 12:19 AM, Peter Lambrechtsen <plambrechtsen(a)gmail.com> wrote: > Why don't you use SQLite instead??? It's pretty rock solid backend database. > > Unless your client side only wants to talk LDAP. Hi, Thanks the the response. One of the reasons for ldap is that it handles all the authentication for a lot of the packages we're using out of the box so it was a natural progression to extend it to handle the other data we need as well. The only probems, it appears, is how to make it more failsafe on the back end. -Bruce > > On Sat, Dec 18, 2010 at 6:48 AM, Bruce Edge <bruce.edge(a)gmail.com> wrote: >> >> Perhaps a bit more detail... >> During testing our developers frequently hang the target machines. >> This usually results in a corrupted ldap database even though no write >> activity was present on the box since long before the crash. >> >> What ldap config tuning options are required to get slapd to sync the >> backend to a state where power loss / kernel crashes do not corrupt >> the data? >> >> Thanks >> >> -Bruce >> >> On Wed, Dec 15, 2010 at 10:25 AM, Bruce Edge <bruce.edge(a)gmail.com> wrote: >> > I'm working on an embedded system for which I would like to use >> > openldap as the means of config storage. >> > I've spent a lot of time RTFM'ing and still feel that there is a lot >> > that is escaping me as far as the optimal configuration. >> > >> > If the primary goal is data safety and zero human intervention, what >> > would be the optimal combination of file system / backend storage / >> > and config options? >> > >> > I would like to never have to manually recover a database and have it >> > gracefully recover from power failures. Speed is not an issue as it's >> > very low traffic. Integritiy is everything. >> > It's target storage is a USB flash device. Are there any special >> > considerations WRT flash storage and ldap? >> > >> > Thanks in advance. >> > >> > -Bruce >> > > >

1 0

Filesystem & backend options for embedded openldap
by Bruce Edge 17 Dec '10

17 Dec '10

I'm working on an embedded system for which I would like to use openldap as the means of config storage. I've spent a lot of time RTFM'ing and still feel that there is a lot that is escaping me as far as the optimal configuration. If the primary goal is data safety and zero human intervention, what would be the optimal combination of file system / backend storage / and config options? I would like to never have to manually recover a database and have it gracefully recover from power failures. Speed is not an issue as it's very low traffic. Integritiy is everything. It's target storage is a USB flash device. Are there any special considerations WRT flash storage and ldap? Thanks in advance. -Bruce

1 1

syncrep and memberof
by Yuri Bank 17 Dec '10

17 Dec '10

Are there any known issues with these two overlays when used together? I'm curious what the suggested configuration would be in a single Provider + many Consumer setup. Should the memberof overlay be enabled on the consumer nodes or just the provider? I've noticed that when I add new users to the database, all users under that OU will be refreshed and at which time I lose the memberof attribute for SOME of the users, on only 1 or 2 of the consumer nodes. It seems like a bug, but I wonder if there is any way to get around this. I was thinking of trying delta-sync replication.

1 0

can't contact the LDAP server
by kibirango moses 17 Dec '10

17 Dec '10

hullo everybody I have tested the SLAPD server and it is giving me the output below root@mailbackup:/etc/openldap# ldapsearch -x -W -D 'cn=Manager,dc=mak,dc=ac,dc=ug' -b "" -s base Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) How can i contact the LDAP server? Thanx

2 1

TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
by Martin Jungowski 17 Dec '10

17 Dec '10

Hi everybody, I'm trying to run OpenLDAP 2.2.13 on a CentOS 4.8 box with TLS/SSL enabled. Certificate should be ok (fqdn set as common name!), self-signed since I can't copy a cacert file to all clients that will one day have to connect to the server (among others a few iPhones). "openssl x509 -in slapd.pem -noout -text" returns the correct contents of the certificate, "openssl s_client -connect localhost:636 -showcerts" works too (although it does hang at the end right after "---" which I guess is normal.. haven't left it running for 300 seconds yet). However, whenever trying to connect to my LDAP server through port 636 I get the above error message. The full message when performing "ldapsearch -x -h localhost:636 -b dc=home" (no difference if I replace localhost with the fqdn): > daemon: activity on 1 descriptors > daemon: new connection on 10 > daemon: added 10r > daemon: activity on: > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > daemon: activity on 1 descriptors > daemon: activity on: 10r > daemon: read activity on 10 > connection_get(10): got connid=7 > connection_read(10): checking for input on id=7 > TLS trace: SSL_accept:before/accept initialization > TLS trace: SSL_accept:error in SSLv2/v3 read client hello A > TLS: can't accept. > TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:580 > connection_read(10): TLS accept error error=-1 id=7, closing > connection_closing: readying conn=7 sd=10 for close > connection_close: conn=7 sd=10 > daemon: removing 10 > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL > daemon: activity on 1 descriptors > daemon: select: listen=6 active_threads=0 tvp=NULL > daemon: select: listen=7 active_threads=0 tvp=NULL Same error message when trying to connect with jxplorer or Thunderbird. Any ideas what else I could try? I've tried various ways of creating a certificate, including both the CentOS recommended "make slapd.pem" in / usr/share/ssl/certs and the "openssl" way but neither made any difference. They all resulted in the exact same error pattern. Frankly, I'm out of ideas. Thanks in advance, Martin -- Rieke Computersysteme GmbH Hellerholz 5 D-82061 Neuried Email: martin[at]rhm[dot]de

2 1

using of db_stat
by Steeg Carson 16 Dec '10

16 Dec '10

Hello, can I really use db_stat with id2entry.bdb and dn2id.bdb without concern and impact of production (speed of ldap) to investigate the database statistic? - Is db_stat usable on a online database without any danger - If I use db_stat online, which impact I have to expect? Thanks for help!

1 1

posixAccount Object creation failing in 2.4.23 with ndb backend
by Nathanael Anderson 16 Dec '10

16 Dec '10

after I include the nis schema in slapd.conf and try to create a user with the new attributes, I recieve this error: ndb_oc_create: CREATE TABLE posixAccount failed, Can't create table 'OpenLDAP.posixAccount' (errno: 157) (1005) ndb_back_add: ndb_entry_put_data failed (80) Tuple did not exist(626) This seems like a ndb backend issue. I have lots of free space in my OpenLDAP ndb backend database for more tables and rows. mysql> select * from memoryusage; +---------+--------------+---------+------------+------------+---------+ | node_id | memory_type | used | used_pages | total | total_pages | +---------+--------------+---------+------------+------------+---------+ | 3 | Data memory | 2457600 | 75 | 1073741824 | 2768 | | 3 | Index memory | 475136 | 58 | 268697600 | 32800 | | 4 | Data memory | 2457600 | 75 | 1073741824 | 32768 | | 4 | Index memory | 475136 | 58 | 268697600 | 32800 | +---------+--------------+---------+------------+------------+---------+ 4 rows in set (0.00 sec) and manual table creation works fine. mysql> create table person2 (sn varchar(128)) engine=ndbcluster; Query OK, 0 rows affected (0.06 sec) mysql> drop table person2; Query OK, 0 rows affected (0.03 sec) any idea's? Nathanael

1 0

BDB File Size...
by Rowley, Mathew 16 Dec '10

16 Dec '10

I recently deleted about 25k entries in a specific OU. Since, the memory usage of the slapd process has consistently stayed at 70%-75% cpu usage: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 29911 openldap 18 0 12.6g 10g 4.1g S 0 69.6 1003:25 slapd I have also noticed that the DB files have stayed the same size - specifically one is 4gigs: -rw------- 1 openldap openldap 4.0G Nov 30 21:18 __db.003 On a slave to this box, the file size is drastically lower: -rw------- 1 openldap openldap 321M Dec 16 05:02 __db.003 I am assuming that the reason the CPU and memory usage is so high due to trying to keep the entire directory structure in memroy. Is this normal behavior? Is there a way to purge the database files? One other thing that happened was the slaves that are syncing to this server did not update the OU described above. Any help would be great. Thanks.

2 3

enabling monitoring of database
by kibirango moses 16 Dec '10

16 Dec '10

I have installed openldap and on testing the out below is given .How can i configure monitor database ? I thought it is enabled by --enable monitor root@mailbackup:/# slaptest -v -f /etc/openldap/slapd.conf bdb_monitor_db_open: monitoring disabled; configure monitor database to enable config file testing succeeded Installation command : ./configure --sysconfdir=/etc --with-cyrus-sasl --with-threads --with-tls --with-yielding-select --with-mp --enable-slapd --enable-slurpd --enable-cleartext --enable-bdb --enable-ldap --enable-monitor --enable-perl --enable-sql --enable-syslog --enable-spasswd

2 1

failing to "make test" in openldap installation
by kibirango moses 16 Dec '10

16 Dec '10

Hullo everyone I am installing Openldap but in am failing to test and below are my installation commands: env CPPFLAGS="-I/usr/local/BerkeleyDB.5.1/include -I/usr/local/ssl/include/openssl" \ LDFLAGS="-L/usr/local/BerkeleyDB.5.1/lib -L/usr/local/ssl/lib" \ ./configure --sysconfdir=/etc --with-cyrus-sasl --with-threads --with-tls --with-yielding-select --with-mp --enable-slapd --enable-slurpd --enable-cleartext --enable-bdb --enable-ldap --enable-monitor --enable-perl --enable-sql --enable-syslog --enable-spasswd make test has the following errors at the end Initiating LDAP tests for BDB... Could not locate slapd(8) make[2]: *** [bdb-yes] Error 1 make[2]: Leaving directory `/usr/local/src/openldap-2.4.23/tests' make[1]: *** [test] Error 2 make[1]: Leaving directory `/usr/local/src/openldap-2.4.23/tests' make: *** [test] Error 2 *root@mailbackup:/usr/local/src/openldap-2.4.23#* Anybody to help me go over this? Thanx

2 1

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2010