MMR config question - serverID without URL and CSN too old, ignoring in the log
by Daniel Jung
Set up 4 way MMR setup with 2.4.37, centos 6.
Reading the doc[0] indicates that adding the URL is an optional and is used
to avoid future serverID collision and using the number alone does work
without any issue.
Based on that information, i created 3 MMR setup with each provider with
unique serverids and unique rid within each sever pointing to other
providers.
I have seen examples where each provider has multiple serverIDs (all
providers), as the doc indicates, this is possible only if URL option is
specified. Since i didnt use the URL, i only configured single serverID per
the provider in the global cn=config.
I had tested cn=config with 2 MMR and i didnt see the CSN too old, ignoring
message in the log. But, when i set it up to be 3 way MMR, i am seeing this
msg with new sync where other provider sends do_synrepl2 to the original
provider and hence CSN too old, ignoring is logged.
I searched the mailing list and some of the reputable members here have
mentioned it is due to wrong MMR serverID setup. Could you point out if
serverid without URL may be the culprit to this problem? I see no other
issues other than this, replication to other consumers work fine and data
are in synced.
my setup serverID and rid setup.
serverID 1
rid 000 for replicating from serverID 2
rid 001 for replication from serverID 3
serverID 2
rid 000 for serverID 1
rid 001 for serverID 3
serverID 3
rid 000 for serverID 1
rid 001 for serverID 2
Thank you
[0]
http://www.zytrax.com/books/ldap/ch6/#serverid
9 years, 5 months
missing libldif.so library ?
by Daniel Jung
Hi,
I can't seem to find this lib anymore after upgrading to 2.4.37. Is this
lib not being built anymore?
Thanks
9 years, 5 months
LDAP Proxy
by Keith Hamburg
I'm trying to configure a third party product to obtain the list of valid
users based on a group membership in a corporate active directory server.
The third party product is not capable of querying for users based on group
membership. It can only use an OU or objectClass. The corporate AD server
has a very broad "All Users" OU and we can't add an OU or objectClass to AD
.
I would like to configure an OpenLDAP proxy using that can dynamically
create an OU by querying the members of a group. Is this possible using
overlays? Another possibility is that try to synchronize OpenLDAP with AD
based on a filter that includes membership in only one group. Would either
of these methods work or is there another solution I haven't mentioned?
Thanks,
Keith
9 years, 5 months
MDB_BAD_RSLOT while executing slapacl
by Igor Zinovik
Hello.
Today I run slapacl to test access rights and saw this:
ldap3# sudo slapacl -F /etc/openldap/slapd.d/ ...
...
52a8ae51 mdb_opinfo_get: err MDB_BAD_RSLOT: Invalid reuse of reader
locktable slot(-30783)
read access to o: ALLOWED
At
http://symas.com/mdb/doc/group__errors.html#ga1b6cbb28da30e28c48c9df66dd3...
I read explanation that this error means: Txn has too many dirty pages.
slapd 2.4.36 with Linux kernel 3.7.10 x86_64.
In my slapd I have single database with mdb backend:
dn: olcDatabase={1}mdb,config
...
olcDbNoSync: FALSE
olcDbMaxSize: 1073741824
olcDbMode: 0600
olcDbSearchStack: 16
Two questions:
0. What might cause this error?
1. Should I worry about this?
9 years, 5 months
How to configure LDAP for sync passwd and group between ubuntu machines?
by Peng Yu
Hi,
I'm trying to find a succinct description on how to use LDAP for sync
passwd and group between ubuntu machines. I only find some general
information on LDAP but not specific for sync passwd and group. Could
anybody point me some simple instructions on how to do so? Thanks.
--
Regards,
Peng
9 years, 5 months
Question about search performance
by Ferne Quinlan
Hi,
Is there someone use openldap on windows? I found the query performance on
windows is too bad, Any solution or relevant official documents?
9 years, 5 months
Fw: Fw: host Attribute --- Low Sensitivity/Aerospace Internal Use Only
by Warron S French
Low Sensitivity/Aerospace Internal Use Only
NetWarrior, are you attempting to apply a TCP_Wrappers like behavior but
implement it through LDAP?
Warron French, MBA, SCSA
----- Forwarded by Warron S French/Emp/Aerospace/US on 12/23/2013 07:42 AM
-----
From: Net Warrior <netwarrior863(a)gmail.com>
To: openldap-technical <openldap-technical(a)openldap.org>,
Date: 12/23/2013 07:36 AM
Subject: host Attribute
Sent by: openldap-technical-bounces(a)OpenLDAP.org
Hi guys.
I'm trying to restric some user to login to some server, googling
around I found that some things can be donde with the host attribute,
this is what I got.
A user with host attribute and and a FQDN server on it
server.comap.com , the pam_check_host_attr set to yes in the client
configuration ( pam_ldap.conf / ldap.conf ), If I understand well the
user can now login to that server, in my tests I can confirm that,
what I notice is that the user can loging to all the other servers in
the farm whaterver I set to the host attribute
I read this article as a reference:
thornelabs dot net
/documentation/2013/02/01/linux-restrict-server-login-via-ldap-hostobject-objectclass-and-host-attribute.html
Please, can someone shed some light on this or clarify what I'm trying
to to is correct or wrong?
Thanks for your time and support
Regards
Low Sensitivity/Aerospace Internal Use Only
9 years, 5 months
host Attribute
by Net Warrior
Hi guys.
I'm trying to restric some user to login to some server, googling
around I found that some things can be donde with the host attribute,
this is what I got.
A user with host attribute and and a FQDN server on it
server.comap.com , the pam_check_host_attr set to yes in the client
configuration ( pam_ldap.conf / ldap.conf ), If I understand well the
user can now login to that server, in my tests I can confirm that,
what I notice is that the user can loging to all the other servers in
the farm whaterver I set to the host attribute
I read this article as a reference:
thornelabs dot net
/documentation/2013/02/01/linux-restrict-server-login-via-ldap-hostobject-objectclass-and-host-attribute.html
Please, can someone shed some light on this or clarify what I'm trying
to to is correct or wrong?
Thanks for your time and support
Regards
9 years, 5 months
Fw: Fw: ADDING OBJECT CLASS --- Low Sensitivity/Aerospace Internal Use Only
by Warron S French
Low Sensitivity/Aerospace Internal Use Only
John, I agree with Dieter, in fact I haven't finished reading this full
thread yet, but my instinct was to suggest inetOrgPerson as the
appropriate schema as well.
Also, Terje, that is a great website I agree, but here's another one I
discovered that was also very useful:
http://ldap.akbkhome.com/index.php
Warron French, MBA, SCSA
The Aerospace Corporation
Sr. UNIX SA & Storage Admin
Mailstop: CH1-230
Desk: 571-307-5311
Cell: 703-967-8936
----- Forwarded by Warron S French/Emp/Aerospace/US on 12/23/2013 07:06 AM
-----
From: Terje Trane <terjet(a)funcom.com>
To: openldap-technical(a)openldap.org,
Date: 12/20/2013 04:10 AM
Subject: Re: ADDING OBJECT CLASS
Sent by: openldap-technical-bounces(a)OpenLDAP.org
On 19.12.2013 22:39, Borresen, John - 0442 - MITLL wrote:
>
> I would like to add and objectClass(es) so that I can add,
> emailAddress, employee number. Can someone refresh my memory on what
> I need (objectClasses)?
>
>
The objectClass inetOrgPerson that you can find in the file
inetorgperson.schema has employeeNumber and mail and several other
useful attributes. That is what we use.
PS:
I have found this useful: http://www.zytrax.com/books/ldap/ape/
---
This email is free from viruses and malware because avast! Antivirus
protection is active.
http://www.avast.com
Low Sensitivity/Aerospace Internal Use Only
9 years, 5 months