openldap-technical March 2011

openldap-technical@openldap.org

102 participants
107 discussions

deleting values from multivalued attribute
by Hugo Monteiro 25 Mar '11

25 Mar '11

Hello list, is it possible to perform the deletion of only a certain number of values, from a multivalued attribute, without having to perform full deletion and then adding the ones we'd like to keep? example, entry has: mail: user(a)example.com mailAlternateAddress: first.last(a)example.com mailAlternateAddress: flast(a)example.com mailAlternateAddress: firstl(a)example.com I would like to be able to remove flast(a)example.com but keep the rest of the addresses, using a single ldap operation, ending up with mail: user(a)example.com mailAlternateAddress: first.last(a)example.com mailAlternateAddress: firstl(a)example.com Best Regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email : hugo.monteiro(a)fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.pt apoio(a)fct.unl.pt fct.unl.pt:~# _

4 7

Re: syncrepl and mass deletes
by LALOT Dominique 25 Mar '11

25 Mar '11

Yes, but I believe this is not the same case. We are replicating differents datbases instead of subtree into a single database. In case you have two providers, whole refresh is not working. What can I do more to file a report? Thanks Dom 2011/3/24 Quanah Gibson-Mount <quanah(a)zimbra.com> > --On Thursday, March 24, 2011 11:44 AM +0100 LALOT Dominique < > dom.lalot(a)gmail.com> wrote: > > Well, >> >> To resume my tests: >> >> provider and consumer in 2.4.24 -> same behaviour >> Get rid of session log -> same behaviour >> >> If I removed one of the providers of my consumer, everything went fine. >> Even, if I stop the consumer during mass deletes, it sync very fast as >> soon as it starts again >> That's related to several providers for one consumer and may be something >> else I don't see. >> The second provider (first rid in my conf) has less that 15 entries and >> no updates at all. >> >> I changed the order of the providers in my slapd.conf. There is no >> difference. >> > > Have you looked at the report in ITS#6872? > > --Quanah > > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > -- Dominique LALOT Ingénieur Systèmes et Réseaux http://annuaire.univmed.fr/showuser.php?uid=lalot

2 1

audit or accesslog remote IP
by Omer Faruk SEN 25 Mar '11

25 Mar '11

Hi, Is there a way to also log IP address of remote system at audit and/or accesslog events. Regards.

2 1

syncrepl and mass deletes
by LALOT Dominique 24 Mar '11

24 Mar '11

Hello, I am testing the replication feature in a multimaster environment replicating into a single database. As stated before, I added serverid to my providers. I just have two providers for test purpose. I tested mass updates on a provider, stopped my replica during updates, then start again and it's OK, it updates the entries If I do the same for mass deletes. I deleted 40000 entries while stopping the consumer. My consumer is still with 30000 undeleted entries. I left the consumer for hours, restarting it twice. It seems there is no regular compare between consumer or provider in such situation. I'll simplify to test in a single provider setup, to see if it works. All servers are 2.4.23 consumer side. A script is populating the DIT via slapadd first to create the dc entries. database bdb suffix "dc=fr" serverid 0x40 ldap://ldapmaitre.univ-yy.fr syncrepl rid=040 provider=ldap://ldapmaitre.univ-yy.fr/ type=refreshAndPersist searchbase="dc=univ-yy,dc=fr" retry="60 10 300 +" scope=sub filter="(objectClass=*)" attrs="*,+" schemachecking=off bindmethod=simple serverid 0x20 ldap://anutest.univ-xx.fr syncrepl rid=020 provider=ldap://anutest.univ-xx.fr/ type=refreshAndPersist searchbase="dc=univ-xx,dc=fr" retry="60 10 300 +" scope=sub filter="(objectClass=*)" attrs="*,+" schemachecking=off bindmethod=simple Mar 23 13:29:11 ldaprelay slapd[24319]: @(#) $OpenLDAP: slapd 2.4.23 (Nov 19 2010 17:41:28) $#012#011buildd@allspice :/build/buildd/openldap-2.4.23/debian/build/servers/slapd Mar 23 13:29:11 ldaprelay slapd[24320]: slapd starting Mar 23 13:29:11 ldaprelay slapd[24320]: do_syncrep2: rid=040 LDAP_RES_INTERMEDIATE - REFRESH_DELETE Mar 23 13:29:11 ldaprelay slapd[24320]: do_syncrep2: rid=020 LDAP_RES_INTERMEDIATE - REFRESH_DELETE root@ldaprelay:/etc/ldap# ldapsearch -x -LLL -s base contextcsn dn: dc=fr contextCSN: 20110323101636.221613Z#000000#040#000000 contextCSN: 20110323100346.844382Z#000000#020#000000 Thanks for any hints Dom -- Dominique LALOT Ingénieur Systèmes et Réseaux http://annuaire.univmed.fr/showuser.php?uid=lalot

3 8

Efficient Searching for Groups & its members
by sim123 24 Mar '11

24 Mar '11

Hi All, I am designing LDAP schema and the structure looks like : --ROOT ---- ou = people ------- cn = john smith ---- ou = groups ------ ou = group1 -------- member:john smith ------ ou = group2 -------- member: john smith I would like to find out what all groups john smith belongs to (I have full dn) and all the members of a group. I am wondering about the performance of such search, since one person can be part of multiple groups and there can be thousands of groups in the server. If its a relational database I can create a relationship table and put indexes in place. How can I get best performance with OpenLDAP? Or is there any other way I should design this? Thanks for the help.

3 4

How to compile slapd as static binary
by Marco Pizzoli 23 Mar '11

23 Mar '11

Hi list, could someone tell me how can I obtain a binary slapd with all libraries linked statically in it? I tried mixing many --enable-static / --enable-shared=no etc... without no luck. I also tried invoking make with LTFLAGS="-static" Thanks Marco --

1 0

OpenLDAP / Samba integration
by fuzzy_4711 23 Mar '11

23 Mar '11

Hi, I am facing issues with implementing samba user and group authentification using openldap. Is this the right place to ask? -fuz

5 7

Re: OpenLDAP / Samba integration
by fuzzy_4711 22 Mar '11

22 Mar '11

-------- Original - Text -------- > > I had a similar problem on 11.4 after a rebuild. Try turning off apparmor. > > That worked for me. > Thank you Stuart. I already did - and believe me: Every new install of openSuSE here at my place will have turned of AppArmor in the future. It is just a pain in the a.. not only for OpenLDAP. I found this behavior yesterday - it took me 3 hours or so to find out that smbd won't start when this mess was switched on. But smbd is started and working. I missed something in user mapping between samba and ldap, i guess. Search goes on. -fuz

1 0

Letting Users Create Groups
by Tim Gustafson 22 Mar '11

22 Mar '11

Hi, I'd like to let users create posixGroup objects, but I don't want them to be able to pick a gidNumber that is already in use, or that is less than 1000 or greater than 10000, and I only want the groups to be created in the ou=Group,dc=example,dc=com container. Is this possible with OpenLDAP ACLs? Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg(a)soe.ucsc.edu 831-459-5354

3 6

Re: one user access all databases
by Buchan Milne 22 Mar '11

22 Mar '11

On Tuesday, 22 March 2011 12:12:53 Hendrik van der Ploeg wrote: > ok thanks, > > But how can I set the user in a seperate database to have access to a > different database? > > Use a separate local database with a suitable backend (e.g. hdb or bdb). Any "local" DN can appear in access control statements for any other database. Here is one example (allowing "local" users in dc=ranger,dc=dnsalias,dc=com access to cn=config) [bgmilne@tiger ~]$ ldapsearch -Q -LLL -b cn=config "(olcDatabase=config)" olcAccess dn: olcDatabase={0}config,cn=config olcAccess: {0}to * by group="cn=LDAP Admins,ou=System Groups,dc=ranger,dc=dnsa lias,dc=com" ssf=112 write olcAccess: {1}to * by * none [bgmilne@tiger ~]$ ldapwhoami -Q dn:uid=bgmilne,ou=people,dc=ranger,dc=dnsalias,dc=com [bgmilne@tiger ~]$ ldapcompare -Q 'cn=LDAP Admins,ou=System Groups,dc=ranger,dc=dnsalias,dc=com' member:uid=bgmilne,ou=people,dc=ranger,dc=dnsalias,dc=com TRUE (BTW, please keep replies on-list, and while we're at it, try avoid unnecessary top-posting) Regards, Buchan

2 3

← Newer
1
2
3
4
5
6
7
...
11
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical March 2011