max. numbers of subordinate databases
by Dieter Klünter
Hello,
I have a strange requirement to setup a Server with as much as possible
subordinate databases. In a test environment I could create any number
of databases, but a one level search presents the results of 27
databases and after this an internal error is reported.
(thread_pool_setkey failed err (12)) I did this tests with back-hdb and
back-mdb.
Is there any way to increase the number of subordinate databases?
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E
10 years, 7 months
[PATCH] ctrl & exop for PHP 5.3
by Emmanuel Dreyfus
Hello
Quite some time ago, Pierangelo Masarati wrote a patch to brind ctrl and
exop support to PHP. Unfortunately the patch was never checked in upstream
and broke with PHP 5.3
I trieed to upgrade the patch for PHP 5.3 support. Here is my first attempt,
which builds on PHP 5.3.17:
http://ftp.espci.fr/shadow/manu/ldap-ctrl-exop-20121025.patch
I successfully tested ldap_exop_passwd, ldap_exop_whoami, and ldap_refresh.
Everything else was not tested and is broken without any doubt
(zend_parse_parameters 3rd argument is wrong, it should probably be Z
more often).
Feel free to help, either by fixing the remaining bits, or by providing
a test case for the broken parts (I never used controls and therefore I
am not going to do it).
--
Emmanuel Dreyfus
manu(a)netbsd.org
10 years, 7 months
Problem in sync-repling multiple databases
by Marco Pizzoli
Hi all,
I'm using OL 2.4.33 and I'm trying to replicate a tree to an instace of OL
2.4.33 composed by multiple databases.
My tree is something as this:
- basedn
- ou=ou1
- ou=ou2
- ou=ou3
If I have all my subtrees, on the master, served by a single db... then I
can syncrepl to the consumer without problems.
If my master is composed by separate databases (ou1, ou2, etc.. are all
distinct databases), then the replica stops after completing the first one
of them.
So to recap:
- single database to multiple database --> ok
- multiple database to multiple database --> ko
Is it a known problem?
I read that it was as of OL 2.3, but also that it was fixed in OL2.4.
My logs present no indication of any kind of problem, even at debug level.
If I try to configure a second replica configration targeted directly to
(in example) to ou=ou3, then that ou get replicated.
Any help/advice is welcome.
Thanks in advance as usual
Marco
10 years, 7 months
Newbie question about host base authentication
by Simone Scremin
Hi all,
I'm in the process of learning the OpenLDAP authentication mechanics.
I'd need to know what is the best way to configure an host based authentication system that allow to configure a per-user rule to include a group of host to which the user is allowed to login.
In example:
user Bob needs to authenticate on systems:
sys01pra
sys02pre
sys03pra
sys03pre
some configuration on the LDAP server enable this hostnames for Bob with a regular expression like:
sys0*pr*
Is it feasable?
Thanks
Simone
10 years, 7 months
Re: Newbie question about host base authentication
by Simone Scremin
Hi Olivier,
thanks for the fast answer.
I'm looking at pam_ldap component and I already saw the host based authentication that enables to list hostnames on the server per user.
Your idea, if I'm not mistaken, would be to specify this host parameter as some kind of LDAP data structure (ie: groupOfNames) and have the authentication mechanism match on that structure.
I'm looking at groupOfNames and it's not clear to me if it can really be used for that purpose but the most obscure point is where the logic for the matching should go.
I'm really open to any input on this subject whether it is some example of already implemented solutions or just some direction on how to go forward with the development.
Thank you
Simone
On Oct 29, 2012, at 2:40 PM, Olivier <ldap(a)guillard.nom.fr> wrote:
> ---Previous mail sent accidently before ending (sorry for doublon)---
>
> Feasable it is (there different ways to do that).
>
> BTW, I'm also interested to gather some input on that topic.
>
> @simone : I suggest that you look at pam mecanisms :
> http://www.padl.com/OSS/pam_ldap.html
> And more specifically at the access.conf syntax.
>
> You may be interested in :
> Hosts, posix groups, group of names and netgroups
>
>
> @list : I would appreciate some input from others about the
> best way to store hosts in ldap for this kind of usage :
>
> Which container to use for hosts (structural class account?
> device ? ... )
>
> How to deal with groups of hosts : groupOfNames ? posixGroup ?
>
> Any advice ?
>
> Thanks,
>
>
> 2012/10/29 Simone Scremin <simone.scremin(a)gmail.com>:
>> Hi all,
>> I'm in the process of learning the OpenLDAP authentication mechanics.
>> I'd need to know what is the best way to configure an host based authentication system that allow to configure a per-user rule to include a group of host to which the user is allowed to login.
>>
>> In example:
>>
>> user Bob needs to authenticate on systems:
>>
>> sys01pra
>> sys02pre
>> sys03pra
>> sys03pre
>>
>> some configuration on the LDAP server enable this hostnames for Bob with a regular expression like:
>>
>> sys0*pr*
>>
>> Is it feasable?
>>
>> Thanks
>>
>> Simone
>>
10 years, 7 months
compile 2.4.33 on AIX 6.1 with IBM vac - mdb.c - mdb_cursor_pop fails
by Howard Allison
Hi
I've compiled openldap 2.4.33 on AIX 6.1 and had to edit the file
libraries/libmdb/mdb.c.
In mdb_cursor_pop I had to comment out the #if MDB_DEBUG directive to make
*top visible.
#if MDB_DEBUG
*/
MDB_page *top = mc->mc_pg[mc->mc_top];
/*
#endif
*/
Is this something particular to xlc?
Thanks
Howard Allison
--------------------------------------------------------------------------------------------------------
VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen
bestimmt, an den sie adressiert ist und kann vertrauliche Informationen
enthalten. Falls Sie nicht der Empfänger dieser Nachricht sind, weisen wir
Sie darauf hin, dass die unberechtigte Weitergabe oder Verwendung sowie das
unberechtigte Verteilen oder Kopieren dieser Nachricht strikt untersagt
sind. Falls Sie diese Nachricht irrtümlich erhalten haben, vernichten Sie
sie bitte sofort.
CONFIDENTIALITY: This message is intended only for the use of the
individuality or entity to which it is addressed and may contain
information that is privileged, confidential and exempt from disclosure. If
you are not the intended recipient you are notified that any dissemination,
distribution, use or copying of this communication is strictly prohibited.
If you received this message in error, please immediately destroy this
message.
--------------------------------------------------------------------------------------------------------
10 years, 7 months
Sincrony groups in LDAP
by rodrigo tavares
Hello,
With paramater retry="60 30 300 +", i can to replicate users.
But, I see the groups not copyed for LDAP. I can't replicate the groups.
syncrepl rid=123
provider=ldap://10.26.7.45:389
type=refreshOnly
interval=00:00:05:00
retry="60 30 300 +"
searchbase="dc=company,dc=mg,dc=gov,dc=br"
filter="(objectClass=organizationalPerson)"
scope=sub
attrs="*,+"
schemachecking=off
bindmethod=simple
binddn="cn=admin,dc=company,dc=mg,dc=gov,dc=br"
credentials=secret
Do I have modificate the objectClass ?
Best regards,
Rodrigo Faria
10 years, 7 months
Using replication LDAP
by rodrigo tavares
Hello !
I'm trying make a replication from master for slave.
My configure master:
moduleload syncprov.la
moduleload back_monitor.la
moduleload back_bdb
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
Slave:
syncrepl rid=123
provider=ldap://10.26.7.45:389
type=refreshOnly
interval=00:00:05:00
searchbase="dc=company,dc=mg,dc=gov,dc=br"
filter="(objectClass=organizationalPerson)"
scope=sub
attrs="*,+"
schemachecking=off
bindmethod=simple
binddn="cn=admin,dc=company,dc=mg,dc=gov,dc=br"
credentials=secret
I syslog i see this message:
Oct 23 10:23:32 replica slapd[1827]: syncrepl rid=123 searchbase="dc=company,dc=mg,dc=gov,dc=br": no retry defined, using default.
How I can to resolve it ?
Best regards,
Rodrigo Faria
10 years, 7 months
Search response attribute/alias names
by Tele Fone
Hello,
I've searched and think I know the answer, but...
This post from several years ago is exactly my issue:
www.openldap.org/its/?findid=787
See this one too:
www.openldap.org/lists/openldap-software/200105/msg00160.html
I would like to know if anything has changed in 10+ years.
I'm in the middle of coverting from Critical Path LDAP to OpenLDAP 2.4.26.
Critical Path returns the alias name (when requested in search) in search
responses.
Has there been a magic configuration flag added to make the transition to
openldap a bit easier?
I understand that openLDAP conforms to the LDAPv3 standard, but had to ask.
Thanks.
10 years, 7 months
ContextCSN generation
by Sven Jourgensen
I have an odd issue, where I have some new slaves that I added to my pool,
they ran fine sync'ing with the master, etc. for weeks, until I added them
into use (we're using an F5 frontend) whereupon they started getting a
contextCSN which was larger than that of the master.
How is the contextCSN generated, I thought the slave could never get ahead
of the master, but it's happening consistently, it's not a transient
thing, the slave gets a larger contextCSN and keeps it, until the master
is updated again.
master: contextCSN: 20121010154339.775633Z#000000#000#000000
slave1: contextCSN: 20121010154442.858054Z#000000#000#000000
slave2: contextCSN: 20121010154351.807575Z#000000#000#000000
As soon as I remove them from use, and update the master, they come back
into sync.
Thanks in advance.
SJ
10 years, 7 months
