deleting values from multivalued attribute
by Hugo Monteiro
Hello list,
is it possible to perform the deletion of only a certain number of
values, from a multivalued attribute, without having to perform full
deletion and then adding the ones we'd like to keep?
example, entry has:
mail: user(a)example.com
mailAlternateAddress: first.last(a)example.com
mailAlternateAddress: flast(a)example.com
mailAlternateAddress: firstl(a)example.com
I would like to be able to remove flast(a)example.com but keep the rest of
the addresses, using a single ldap operation, ending up with
mail: user(a)example.com
mailAlternateAddress: first.last(a)example.com
mailAlternateAddress: firstl(a)example.com
Best Regards,
Hugo Monteiro.
--
fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monteiro(a)fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt apoio(a)fct.unl.pt
fct.unl.pt:~# _
10 years, 8 months
Re: syncrepl and mass deletes
by LALOT Dominique
Yes, but I believe this is not the same case. We are replicating differents
datbases instead of subtree into a single database.
In case you have two providers, whole refresh is not working. What can I do
more to file a report?
Thanks
Dom
2011/3/24 Quanah Gibson-Mount <quanah(a)zimbra.com>
> --On Thursday, March 24, 2011 11:44 AM +0100 LALOT Dominique <
> dom.lalot(a)gmail.com> wrote:
>
> Well,
>>
>> To resume my tests:
>>
>> provider and consumer in 2.4.24 -> same behaviour
>> Get rid of session log -> same behaviour
>>
>> If I removed one of the providers of my consumer, everything went fine.
>> Even, if I stop the consumer during mass deletes, it sync very fast as
>> soon as it starts again
>> That's related to several providers for one consumer and may be something
>> else I don't see.
>> The second provider (first rid in my conf) has less that 15 entries and
>> no updates at all.
>>
>> I changed the order of the providers in my slapd.conf. There is no
>> difference.
>>
>
> Have you looked at the report in ITS#6872?
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
--
Dominique LALOT
Ingénieur Systèmes et Réseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot
10 years, 8 months
audit or accesslog remote IP
by Omer Faruk SEN
Hi,
Is there a way to also log IP address of remote system at audit and/or
accesslog events.
Regards.
10 years, 8 months
syncrepl and mass deletes
by LALOT Dominique
Hello,
I am testing the replication feature in a multimaster environment
replicating into a single database. As stated before, I added serverid to my
providers. I just have two providers for test purpose.
I tested mass updates on a provider, stopped my replica during updates, then
start again and it's OK, it updates the entries
If I do the same for mass deletes. I deleted 40000 entries while stopping
the consumer. My consumer is still with 30000 undeleted entries. I left the
consumer for hours, restarting it twice.
It seems there is no regular compare between consumer or provider in such
situation. I'll simplify to test in a single provider setup, to see if it
works.
All servers are 2.4.23
consumer side. A script is populating the DIT via slapadd first to create
the dc entries.
database bdb
suffix "dc=fr"
serverid 0x40 ldap://ldapmaitre.univ-yy.fr
syncrepl rid=040
provider=ldap://ldapmaitre.univ-yy.fr/
type=refreshAndPersist
searchbase="dc=univ-yy,dc=fr"
retry="60 10 300 +"
scope=sub
filter="(objectClass=*)"
attrs="*,+"
schemachecking=off
bindmethod=simple
serverid 0x20 ldap://anutest.univ-xx.fr
syncrepl rid=020
provider=ldap://anutest.univ-xx.fr/
type=refreshAndPersist
searchbase="dc=univ-xx,dc=fr"
retry="60 10 300 +"
scope=sub
filter="(objectClass=*)"
attrs="*,+"
schemachecking=off
bindmethod=simple
Mar 23 13:29:11 ldaprelay slapd[24319]: @(#) $OpenLDAP: slapd 2.4.23 (Nov 19
2010 17:41:28) $#012#011buildd@allspice
:/build/buildd/openldap-2.4.23/debian/build/servers/slapd
Mar 23 13:29:11 ldaprelay slapd[24320]: slapd starting
Mar 23 13:29:11 ldaprelay slapd[24320]: do_syncrep2: rid=040
LDAP_RES_INTERMEDIATE - REFRESH_DELETE
Mar 23 13:29:11 ldaprelay slapd[24320]: do_syncrep2: rid=020
LDAP_RES_INTERMEDIATE - REFRESH_DELETE
root@ldaprelay:/etc/ldap# ldapsearch -x -LLL -s base contextcsn
dn: dc=fr
contextCSN: 20110323101636.221613Z#000000#040#000000
contextCSN: 20110323100346.844382Z#000000#020#000000
Thanks for any hints
Dom
--
Dominique LALOT
Ingénieur Systèmes et Réseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot
10 years, 8 months
Efficient Searching for Groups & its members
by sim123
Hi All,
I am designing LDAP schema and the structure looks like :
--ROOT
---- ou = people
------- cn = john smith
---- ou = groups
------ ou = group1
-------- member:john smith
------ ou = group2
-------- member: john smith
I would like to find out what all groups john smith belongs to (I have full
dn) and all the members of a group. I am wondering about the performance of
such search, since one person can be part of multiple groups and there can
be thousands of groups in the server. If its a relational database I can
create a relationship table and put indexes in place. How can I get best
performance with OpenLDAP? Or is there any other way I should design this?
Thanks for the help.
10 years, 8 months
How to compile slapd as static binary
by Marco Pizzoli
Hi list,
could someone tell me how can I obtain a binary slapd with all libraries
linked statically in it?
I tried mixing many --enable-static / --enable-shared=no etc... without no
luck.
I also tried invoking make with LTFLAGS="-static"
Thanks
Marco
--
10 years, 8 months
OpenLDAP / Samba integration
by fuzzy_4711
Hi,
I am facing issues with implementing samba user and group
authentification using openldap. Is this the right place to ask?
-fuz
10 years, 8 months
Re: OpenLDAP / Samba integration
by fuzzy_4711
-------- Original - Text --------
>
> I had a similar problem on 11.4 after a rebuild. Try turning off apparmor.
>
> That worked for me.
>
Thank you Stuart.
I already did - and believe me: Every new install of openSuSE here at my
place will have turned of AppArmor in the future. It is just a pain in
the a.. not
only for OpenLDAP.
I found this behavior yesterday - it took me 3 hours or so to find out that
smbd won't start when this mess was switched on. But smbd is started
and working.
I missed something in user mapping between samba and ldap, i guess.
Search goes on.
-fuz
10 years, 8 months
Letting Users Create Groups
by Tim Gustafson
Hi,
I'd like to let users create posixGroup objects, but I don't want them to be able to pick a gidNumber that is already in use, or that is less than 1000 or greater than 10000, and I only want the groups to be created in the ou=Group,dc=example,dc=com container.
Is this possible with OpenLDAP ACLs?
Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
tjg(a)soe.ucsc.edu
831-459-5354
10 years, 8 months
Re: one user access all databases
by Buchan Milne
On Tuesday, 22 March 2011 12:12:53 Hendrik van der Ploeg wrote:
> ok thanks,
>
> But how can I set the user in a seperate database to have access to a
> different database?
> > Use a separate local database with a suitable backend (e.g. hdb or bdb).
Any "local" DN can appear in access control statements for any other database.
Here is one example (allowing "local" users in dc=ranger,dc=dnsalias,dc=com
access to cn=config)
[bgmilne@tiger ~]$ ldapsearch -Q -LLL -b cn=config "(olcDatabase=config)"
olcAccess
dn: olcDatabase={0}config,cn=config
olcAccess: {0}to * by group="cn=LDAP Admins,ou=System Groups,dc=ranger,dc=dnsa
lias,dc=com" ssf=112 write
olcAccess: {1}to * by * none
[bgmilne@tiger ~]$ ldapwhoami -Q
dn:uid=bgmilne,ou=people,dc=ranger,dc=dnsalias,dc=com
[bgmilne@tiger ~]$ ldapcompare -Q 'cn=LDAP Admins,ou=System
Groups,dc=ranger,dc=dnsalias,dc=com'
member:uid=bgmilne,ou=people,dc=ranger,dc=dnsalias,dc=com
TRUE
(BTW, please keep replies on-list, and while we're at it, try avoid
unnecessary top-posting)
Regards,
Buchan
10 years, 8 months
