I have a strange requirement to setup a Server with as much as possible
subordinate databases. In a test environment I could create any number
of databases, but a one level search presents the results of 27
databases and after this an internal error is reported.
(thread_pool_setkey failed err (12)) I did this tests with back-hdb and
Is there any way to increase the number of subordinate databases?
Dieter Klünter | Systemberatung
GPG Key ID:DA147B05
Quite some time ago, Pierangelo Masarati wrote a patch to brind ctrl and
exop support to PHP. Unfortunately the patch was never checked in upstream
and broke with PHP 5.3
I trieed to upgrade the patch for PHP 5.3 support. Here is my first attempt,
which builds on PHP 5.3.17:
I successfully tested ldap_exop_passwd, ldap_exop_whoami, and ldap_refresh.
Everything else was not tested and is broken without any doubt
(zend_parse_parameters 3rd argument is wrong, it should probably be Z
Feel free to help, either by fixing the remaining bits, or by providing
a test case for the broken parts (I never used controls and therefore I
am not going to do it).
I'm using OL 2.4.33 and I'm trying to replicate a tree to an instace of OL
2.4.33 composed by multiple databases.
My tree is something as this:
If I have all my subtrees, on the master, served by a single db... then I
can syncrepl to the consumer without problems.
If my master is composed by separate databases (ou1, ou2, etc.. are all
distinct databases), then the replica stops after completing the first one
So to recap:
- single database to multiple database --> ok
- multiple database to multiple database --> ko
Is it a known problem?
I read that it was as of OL 2.3, but also that it was fixed in OL2.4.
My logs present no indication of any kind of problem, even at debug level.
If I try to configure a second replica configration targeted directly to
(in example) to ou=ou3, then that ou get replicated.
Any help/advice is welcome.
Thanks in advance as usual
I'm in the process of learning the OpenLDAP authentication mechanics.
I'd need to know what is the best way to configure an host based authentication system that allow to configure a per-user rule to include a group of host to which the user is allowed to login.
user Bob needs to authenticate on systems:
some configuration on the LDAP server enable this hostnames for Bob with a regular expression like:
Is it feasable?
thanks for the fast answer.
I'm looking at pam_ldap component and I already saw the host based authentication that enables to list hostnames on the server per user.
Your idea, if I'm not mistaken, would be to specify this host parameter as some kind of LDAP data structure (ie: groupOfNames) and have the authentication mechanism match on that structure.
I'm looking at groupOfNames and it's not clear to me if it can really be used for that purpose but the most obscure point is where the logic for the matching should go.
I'm really open to any input on this subject whether it is some example of already implemented solutions or just some direction on how to go forward with the development.
On Oct 29, 2012, at 2:40 PM, Olivier <ldap(a)guillard.nom.fr> wrote:
> ---Previous mail sent accidently before ending (sorry for doublon)---
> Feasable it is (there different ways to do that).
> BTW, I'm also interested to gather some input on that topic.
> @simone : I suggest that you look at pam mecanisms :
> And more specifically at the access.conf syntax.
> You may be interested in :
> Hosts, posix groups, group of names and netgroups
> @list : I would appreciate some input from others about the
> best way to store hosts in ldap for this kind of usage :
> Which container to use for hosts (structural class account?
> device ? ... )
> How to deal with groups of hosts : groupOfNames ? posixGroup ?
> Any advice ?
> 2012/10/29 Simone Scremin <simone.scremin(a)gmail.com>:
>> Hi all,
>> I'm in the process of learning the OpenLDAP authentication mechanics.
>> I'd need to know what is the best way to configure an host based authentication system that allow to configure a per-user rule to include a group of host to which the user is allowed to login.
>> In example:
>> user Bob needs to authenticate on systems:
>> some configuration on the LDAP server enable this hostnames for Bob with a regular expression like:
>> Is it feasable?
I've compiled openldap 2.4.33 on AIX 6.1 and had to edit the file
In mdb_cursor_pop I had to comment out the #if MDB_DEBUG directive to make
MDB_page *top = mc->mc_pg[mc->mc_top];
Is this something particular to xlc?
VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen
bestimmt, an den sie adressiert ist und kann vertrauliche Informationen
enthalten. Falls Sie nicht der Empfänger dieser Nachricht sind, weisen wir
Sie darauf hin, dass die unberechtigte Weitergabe oder Verwendung sowie das
unberechtigte Verteilen oder Kopieren dieser Nachricht strikt untersagt
sind. Falls Sie diese Nachricht irrtümlich erhalten haben, vernichten Sie
sie bitte sofort.
CONFIDENTIALITY: This message is intended only for the use of the
individuality or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure. If
you are not the intended recipient you are notified that any dissemination,
distribution, use or copying of this communication is strictly prohibited.
If you received this message in error, please immediately destroy this
With paramater retry="60 30 300 +", i can to replicate users.
But, I see the groups not copyed for LDAP. I can't replicate the groups.
retry="60 30 300 +"
Do I have modificate the objectClass ?
I'm trying make a replication from master for slave.
My configure master:
syncprov-checkpoint 100 10
I syslog i see this message:
Oct 23 10:23:32 replica slapd: syncrepl rid=123 searchbase="dc=company,dc=mg,dc=gov,dc=br": no retry defined, using default.
How I can to resolve it ?
I've searched and think I know the answer, but...
This post from several years ago is exactly my issue:
See this one too:
I would like to know if anything has changed in 10+ years.
I'm in the middle of coverting from Critical Path LDAP to OpenLDAP 2.4.26.
Critical Path returns the alias name (when requested in search) in search
Has there been a magic configuration flag added to make the transition to
openldap a bit easier?
I understand that openLDAP conforms to the LDAPv3 standard, but had to ask.
I have an odd issue, where I have some new slaves that I added to my pool,
they ran fine sync'ing with the master, etc. for weeks, until I added them
into use (we're using an F5 frontend) whereupon they started getting a
contextCSN which was larger than that of the master.
How is the contextCSN generated, I thought the slave could never get ahead
of the master, but it's happening consistently, it's not a transient
thing, the slave gets a larger contextCSN and keeps it, until the master
is updated again.
master: contextCSN: 20121010154339.775633Z#000000#000#000000
slave1: contextCSN: 20121010154442.858054Z#000000#000#000000
slave2: contextCSN: 20121010154351.807575Z#000000#000#000000
As soon as I remove them from use, and update the master, they come back
Thanks in advance.