Re: use ldif backup with operational attributes in conjunction with slapadd?
by Meike Stone
2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>:
> --On Thursday, May 30, 2013 8:04 PM +0200 Meike Stone
> <meike.stone(a)googlemail.com> wrote:
>
>> I want to preserve the operational attributes from the ldapsearch ldif
>> (created with '+' '*').
>> But I saw, that a ldapsearch ldif with operational attributes has a
>> more operational attributes than from the slapcat ldif.
>
>
> An ldapsearch generated and slapcat generated LDIF of the same db will be
> identical for *,+ for ldapsearch. So your statement doesn't really make
> much sense.
I compared it and found this three additional attributes are in the
ldapsearch, but not in slapcat:
- entryDN
- subschemaSubentry
- hasSubordinates
It seems, that slapcat ignores this values or at least, it does not complain...
Kindly regards
Meike
10 years, 6 months
Re: use ldif backup with operational attributes in conjunction with slapadd?
by Meike Stone
2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>:
> --On Thursday, May 30, 2013 7:51 PM +0200 Meike Stone
> <meike.stone(a)googlemail.com> wrote:
>
>> 2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>:
>>>
>>> --On Thursday, May 30, 2013 11:39 AM +0200 Meike Stone
>>> <meike.stone(a)googlemail.com> wrote:
>>>
>>>> Hello,
>>>>
>>>>
>>>> is it possible to use a ldif-backup with operation attributes
>>>> (ldapsearch ... '+' '*') with slapadd, to save the operation
>>>> attributes, if no slapcat backup is available? Are there any concerns?
>>>
>>>
>>>
>>> If you can't get a slapcat backup, how would you get a ldapsearch backup?
>>>
>>
>> That's a a ldif created from a colleague, before the database on the
>> test system was deleted..
>> I want to simulate some documented test from this colleague, but ony
>> the ldif exist and no slapcat.
>
>
> So slapadd it. slapadd will automatically generate the operational attrs.
>
>
I want to preserve the operational attributes from the ldapsearch ldif
(created with '+' '*').
But I saw, that a ldapsearch ldif with operational attributes has a
more operational attributes than from the slapcat ldif.
Is it possible with this ldif, to create the database like my colleague it used?
Thanks Meike
10 years, 6 months
Post-clone Cleanup of Hostname on Version Query
by Kim, Robert
I've been cloning servers with LDAP server set up on them and the process has been working fine but when I recently queried the version with slapd -V, the hostname of the original server shows up. I tried re-running make and make install with no luck. How can I change the hostname that shows up on the version query without redoing the whole installation?
OpenLDAP 2.4.30
Red Hat 5.7
Robert Kim
Staff Systems Engineer
Lockheed Martin IS&GS National/Defense
3100 Zanker Rd
San Jose, CA 95134
408-473-4260 Office
408-505-8717 Cell
10 years, 6 months
Re: how to take hot backup of MDB ...
by anil beniwal
Hi Sanjay
e.g /opt/symas/bin/mdb_copy /openldap-data /backup/
syntax:- mdb_copy /<db-dir> /<backup destination>
You only need data.mdb file. We are having very big db size(about
500Gb) and we never face any problem with backup.
lock.mdb is not required.
You can simply copy back data.mdb to your db directory for restoration and
it will work like magic.
On Thu, May 30, 2013 at 3:21 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote:
> --On Wednesday, May 29, 2013 2:26 PM -0700 Sanjay Jain <sjain74(a)gmail.com>
> wrote:
>
> How do I take backup of data.mdb and lock.mdb files while server
>> is up and provisioning is going on? Is mdb_copy not the right tool for
>> this purpose? What am I missing?
>>
>
> a) What version of OpenLDAP are you using? I can mdb_copy a live DB just
> fine.
>
> b) You only need a backup of data.mdb. That's why lock.mdb isn't copied.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
>
--
Thanks&Regards
Anil Beniwal
+919891695048
10 years, 6 months
Re: use ldif backup with operational attributes in conjunction with slapadd?
by Meike Stone
2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>:
> --On Thursday, May 30, 2013 11:39 AM +0200 Meike Stone
> <meike.stone(a)googlemail.com> wrote:
>
>> Hello,
>>
>>
>> is it possible to use a ldif-backup with operation attributes
>> (ldapsearch ... '+' '*') with slapadd, to save the operation
>> attributes, if no slapcat backup is available? Are there any concerns?
>
>
> If you can't get a slapcat backup, how would you get a ldapsearch backup?
>
That's a a ldif created from a colleague, before the database on the
test system was deleted..
I want to simulate some documented test from this colleague, but ony
the ldif exist and no slapcat.
Kind regards Meike
10 years, 6 months
how to take hot backup of MDB ...
by Sanjay Jain
Hi,
I have a server that runs on top of MDB. While provisioning is going
on, I would like to take the backup of MDB (data.mdb and lock.mdb files).
While trying to use mdb_copy command line tool, I noticed:
- mdb_copy utility hangs while server is up, I guess waiting for a lock (on
DB?) to be released by the server.
- if I shutdown the server, mdb_copy works but copies only data.mdb and NOT
lock.mdb
How do I take backup of data.mdb and lock.mdb files while server is up
and provisioning is going on? Is mdb_copy not the right tool for this
purpose? What am I missing?
Thanks,
Sanjay
10 years, 6 months
extend groupOfURLs
by Carlos Santos
Greetings,
I have a dynamic group whose objectclass is groupOfURLs. I want to add a
few parameters to the group, such as groupname and others. However, when I
go to the schema file and create my own dygroup objectclass, ldap doesn't
accept groupOfURLs as dygroup's SUP objectclass.
What am I doing wrong and if possible how to fix it?
--
Thanks in advance,
Carlos Santos
10 years, 6 months
bind-dyndb-ldap and AttributeType not found
by Brendan Kearney
all,
i am trying to load the bind-dyndb-ldap schema into my ldap instance and
keep getting an error 'AttributeType not found: "ARecord"'. from what i
can tell, the ARecord AttributeType is defined by the cosine schema,
which is loaded and present in the ldap instance. I have the dnszone
schema loaded too and i am serving static dns entries out of ldap right
now. it would seem that the prerequisites for bind-dyndb-ldap are
fulfilled, but i cant load the schema. some details:
[root@server cn=schema]# slapd -V
@(#) $OpenLDAP: slapd 2.4.26 (Jun 27 2012 15:27:46) $
mockbuild@x86-16.phx2.fedoraproject.org:/builddir/build/BUILD/openldap-2.4.26/openldap-2.4.26/build-servers/servers/slapd
[root@server schema]# slaptest -v -d9 -f ./dns-dyndb.schema
-F ../slapd.d/cn\=config/cn\=schema/
slaptest init: initiated tool.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 5.2.36: (September 14, 2011)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 5.2.36: (September 14, 2011)
null_back_initialize: initialize null backend
backend_startup_one: starting "cn=config"
./dns-dyndb.schema: line 296 objectclass: AttributeType not found:
"ARecord"
slaptest: bad configuration directory!
Since the cosine schema is loaded, the ARecord AttributeType is
available for reference by this schema, but it does not seem to load.
am i missing something obvious? can anyone shed light on this?
to make sure i was going about this right, i also tried it this way:
[root@server openldap]# cat this.out
include /etc/openldap/schema/dns-dyndb.schema
[root@server openldap]# slaptest -v -d9 -f /etc/openldap/this.out
-F /etc/openldap/slapd.d/
slaptest init: initiated tool.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 5.2.36: (September 14, 2011)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 5.2.36: (September 14, 2011)
null_back_initialize: initialize null backend
backend_startup_one: starting "cn=config"
/etc/openldap/schema/dns-dyndb.schema: line 296 objectclass:
AttributeType not found: "ARecord"
slaptest: bad configuration directory!
still got the error...
10 years, 6 months
Re: ldap query performance issue
by Meike Stone
Hello,
because of this, does it make sense in a directory with > 1,000,000
people to index the sex?
thanks Meike
2013/5/23 Quanah Gibson-Mount <quanah(a)zimbra.com>:
> --On Thursday, May 23, 2013 4:40 PM +0000 Chris Card <ctcard(a)hotmail.com>
> wrote:
>
>> Hi all,
>>
>> I have an openldap directory with about 7 million DNs, running openldap
>> 2.4.31 with a BDB backend (4.6.21), running on CentOS 6.3.
>>
>> The structure of the directory is like this, with suffix dc=x,dc=y
>>
>> dc=x,dc=y
>> account=a,dc=x,dc=y
>> mail=m,account=a,dc=x,dc=y // Users
>> ....
>> licenceId=l,account=a,dc=x,dc=y // Licences,
>> objectclass=licence ....
>> group=g,account=a,dc=x,dc=y // Groups
>> ....
>> // etc.
>>
>> account=b,dc=x,dc=y
>> ....
>>
>> Most of the DNs in the directory are users or groups, and the number of
>> licences is small (<10) for each account.
>>
>> If I do a query with basedn account=a,dc=x,dc=y and filter
>> (objectclass=licence) I see wildly different performance, depending on
>> how many users are under account a. For an account with ~30000 users the
>> query takes 2 seconds at most, but for an account with ~60000 users the
>> query takes 1 minute.
>>
>> It only appears to be when I filter on objectclass=licence that I see
>> that behaviour. If I filter on a different objectclass which matches a
>> similar number of objects to the objectclass=licence filter, the
>> performance doesn't seem to depend on the number of users.
>>
>> There is an index on objectclass (of course), but the behaviour I'm
>> seeing seems to indicate that for this query, at some point slapd stops
>> using the index and just scans all the objects under the account.
>>
>> Any ideas?
>
>
> Increase the IDL range. This is how I do it:
>
> --- openldap-2.4.35/servers/slapd/back-bdb/idl.h.orig 2011-02-17
> 16:32:02.598593211 -0800
> +++ openldap-2.4.35/servers/slapd/back-bdb/idl.h 2011-02-17
> 16:32:08.937757993 -0800
> @@ -20,7 +20,7 @@
> /* IDL sizes - likely should be even bigger
> * limiting factors: sizeof(ID), thread stack size
> */
> -#define BDB_IDL_LOGN 16 /* DB_SIZE is 2^16, UM_SIZE is 2^17
> */
> +#define BDB_IDL_LOGN 17 /* DB_SIZE is 2^16, UM_SIZE is 2^17
> */
> #define BDB_IDL_DB_SIZE (1<<BDB_IDL_LOGN)
> #define BDB_IDL_UM_SIZE (1<<(BDB_IDL_LOGN+1))
> #define BDB_IDL_UM_SIZEOF (BDB_IDL_UM_SIZE * sizeof(ID))
>
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
10 years, 6 months
