openldap-technical July 2011

openldap-technical@openldap.org

80 participants
92 discussions

Updating Shema in cn=config
by Andy Carlson 06 Jul '11

06 Jul '11

I have recently updated the schema (added new attributes) via the cn=config LDAP context. Once I do this, do changes get saved in real-time to the local configuration files or would I have to stop and restart the service to save the settings? Thanks much, Andy Carlson Identity Administrator | Information Systems 312-329-4385

1 0

Multi Master OpenLdap.
by arun.sasi1＠wipro.com 06 Jul '11

06 Jul '11

Hello Team, I have configured Multi-master Mirror mode replica setup in our environment. We have 3 regions slave Ldap server which is read only and two location we have configured as mirror mode replica Ldap. My problem here is... Master Ldap is going hang some times and some ID`s are disappearing from the master server. I couldn't find any logs over there for why ID`s are disappearing and also why Ldap is going hung state. Thanks & Regards, Arun Sasi V Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com

1 0

schema updates and cn=config
by E.S. Rosenberg 06 Jul '11

06 Jul '11

Hi all, I was wondering about the following thing (after just reading the long cn=config thread), programs may distribute .schema files only, in which case as already pointed out you should: 1. Request in a friendly manner that they provide an ldif if possible 2. convert it yourself using slaptest and add it using ldapadd/modiy etc. The question I had is like this, a project may update/change it's schema and if they ship only .schema files or .ldif that assume that the schema is not loaded yet (ie. that do the initial add and not modify operations, what you would also get from a .schema conversion) then you are it would seem to me a bit stuck because you either: - have to unload the old schemas (using ldapmodify) which leaves you with invalid entries in your DIT while their schema is missing or - you have to manually figure out what the differences are between the currently loaded schema and the new version of the schema (diff may be helpful there) and the manually create an ldif that does all the necessary modify operations. So I was wondering if there is any way to generate a "diff-ldif" (for lack of a better name) automatically to update the schema based either on provided ldifs or provided .schema files (after conversion). Obviously the other way is to ask the project in a friendly way that they provide said "diff-ldifs" as well as regular ldifs. Maybe I am completely wrong but so far this is what I understood from all the manuals etc. Thanks for all your great work, Eli

3 2

Fwd: ldap_sasl_interactive_bind_s: Other (e.g., implementation specific ) error (80)
by Fabien COMBERNOUS 06 Jul '11

06 Jul '11

Here a test. I didn't receive my own mail. This mail was it received by the list ? -------- Original Message -------- Subject: ldap_sasl_interactive_bind_s: Other (e.g., implementation specific ) error (80) Date: Tue, 05 Jul 2011 17:52:54 +0200 From: Fabien COMBERNOUS <fcombernous(a)kezia.com> To: openldap-technical(a)openldap.org Hi There, I have an openldap master (hosted by server) and an openldap replica (hosted by replica). Authentication use SASL/GSSAPI with kerberos. On the master i get the following output : server:~ admin$ kinit root Please enter the password for root(a)SERVER.LAN: server:~ admin$ ldapsearch -b cn=mounts,dc=server,dc=lan SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Other (e.g., implementation specific ) error (80) On the replica all looks fine : replica:~ admin$ kinit root Please enter the password for root(a)SERVER.LAN: server:~ admin$ ldapsearch -b cn=mounts,dc=server,dc=lan SASL/GSSAPI authentication started SASL username: root(a)SERVER.LAN SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base<cn=mounts,dc=server,dc=lan> with scope subtree # filter: (objectclass=*) # requesting: ALL # etc ... I saw some thread on mailing list that say to take care of owner, groups and permissions of files krb5.keytab and database. All looks good in this side. Any other areas to check ? Regards, -- *Fabien COMBERNOUS* /unix system engineer/ www.kezia.com<http://www.kezia.com/> *Tel: +33 (0) 467 992 986* Kezia Group

1 0

database monitor
by Friedrich Locke 05 Jul '11

05 Jul '11

I have configured database monitor and setted two access rules in its context. By the log messages below keep annoying me: /etc/openldap/slapd.conf: line 110: warning: cannot assess the validity of the ACL scope within backend naming context Backend ACL: access to dn.subtree="cn=monitor" by dn.base="cn=oldap,dc=ufv,dc=br" read by * none Backend ACL: access to * by * none /etc/openldap/slapd.conf: line 123: warning: cannot assess the validity of the ACL scope within backend naming context Backend ACL: access to * by * none config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context slapd starting How may i "fix" that. (Altough i used the word "fix", i know it is not a error message). Thanks in advance

3 5

problem with the ppolicy overlay
by Cyril Grosjean 05 Jul '11

05 Jul '11

2 1

dumping
by Friedrich Locke 05 Jul '11

05 Jul '11

Hi, i would like to restore data generated by slapcat. I realized some field (like userPassword) in the lidf file generated was encoded in base64. How should i restore the ldif with slapadd taking the real value string for the attribute without redefined attribute value. Thanks in advance

2 1

server side sorting
by Chris Card 05 Jul '11

05 Jul '11

Hi, this FAQ http://www.openldap.org/faq/data/cache/649.html says that openldap 2.3 doesn't support Server Side Sorting (RFC 2891). Looking at openldap 2.4.23, it seems that Server Side Sorting is now supported - is this documented somewhere? Chris

7 21

deleting tree
by Friedrich Locke 05 Jul '11

05 Jul '11

I am trying to delete a complete tree, but i got the error messages: ldap_delete: Other (e.g., implementation specific) error (80) ldap_prune: Other (e.g., implementation specific) error (80) ldap_delete: Operation not allowed on non-leaf (66) additional info: subordinate objects must be deleted first But when i remove from /etc/openldap/slapd.conf the line: index cn,uid eq I can delete perfectly. Does anybody know why?

1 0

slapd "vs." db_archive
by Peter Palmreuther 04 Jul '11

04 Jul '11

Hello, I tried to use 'db_archive' to figure, which of those many log.* files already accumulated I can safely remove. Unluckily it didn't print any name, albeit there're 170 file and according to 'fuser log.*' only the last one is held open by a process (the slapd one). After restarting slapd db_archive prints 169 file names, to be precise all but the last. So it seems slapd keeps used BDB in a state it does not release the logs for archival and removal. I assume it's me that has to configure slapd or BDB environment appropriately, but unluckily I don't know which setting would have the desired effect. Any help on this? I tried to find something in Admin Guide and man pages, but I must have missed it. I only saw auto remove settings, which is not what I was out for ... I want to remove by myself, after keeping a backup for recovery. I'm using OpenLDAP 2.4.20 compiled against Berkeley 4.7. Thank for any help, and regards, Peter

2 3

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical July 2011