openldap-technical May 2013

openldap-technical@openldap.org

67 participants
76 discussions

Re: use ldif backup with operational attributes in conjunction with slapadd?
by Meike Stone 31 May '13

31 May '13

2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>: > --On Thursday, May 30, 2013 8:04 PM +0200 Meike Stone > <meike.stone(a)googlemail.com> wrote: > >> I want to preserve the operational attributes from the ldapsearch ldif >> (created with '+' '*'). >> But I saw, that a ldapsearch ldif with operational attributes has a >> more operational attributes than from the slapcat ldif. > > > An ldapsearch generated and slapcat generated LDIF of the same db will be > identical for *,+ for ldapsearch. So your statement doesn't really make > much sense. I compared it and found this three additional attributes are in the ldapsearch, but not in slapcat: - entryDN - subschemaSubentry - hasSubordinates It seems, that slapcat ignores this values or at least, it does not complain... Kindly regards Meike

1 0

Re: use ldif backup with operational attributes in conjunction with slapadd?
by Meike Stone 31 May '13

31 May '13

2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>: > --On Thursday, May 30, 2013 7:51 PM +0200 Meike Stone > <meike.stone(a)googlemail.com> wrote: > >> 2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>: >>> >>> --On Thursday, May 30, 2013 11:39 AM +0200 Meike Stone >>> <meike.stone(a)googlemail.com> wrote: >>> >>>> Hello, >>>> >>>> >>>> is it possible to use a ldif-backup with operation attributes >>>> (ldapsearch ... '+' '*') with slapadd, to save the operation >>>> attributes, if no slapcat backup is available? Are there any concerns? >>> >>> >>> >>> If you can't get a slapcat backup, how would you get a ldapsearch backup? >>> >> >> That's a a ldif created from a colleague, before the database on the >> test system was deleted.. >> I want to simulate some documented test from this colleague, but ony >> the ldif exist and no slapcat. > > > So slapadd it. slapadd will automatically generate the operational attrs. > > I want to preserve the operational attributes from the ldapsearch ldif (created with '+' '*'). But I saw, that a ldapsearch ldif with operational attributes has a more operational attributes than from the slapcat ldif. Is it possible with this ldif, to create the database like my colleague it used? Thanks Meike

4 4

Post-clone Cleanup of Hostname on Version Query
by Kim, Robert 31 May '13

31 May '13

I've been cloning servers with LDAP server set up on them and the process has been working fine but when I recently queried the version with slapd -V, the hostname of the original server shows up. I tried re-running make and make install with no luck. How can I change the hostname that shows up on the version query without redoing the whole installation? OpenLDAP 2.4.30 Red Hat 5.7 Robert Kim Staff Systems Engineer Lockheed Martin IS&GS National/Defense 3100 Zanker Rd San Jose, CA 95134 408-473-4260 Office 408-505-8717 Cell

3 2

Re: how to take hot backup of MDB ...
by anil beniwal 31 May '13

31 May '13

Hi Sanjay e.g /opt/symas/bin/mdb_copy /openldap-data /backup/ syntax:- mdb_copy /<db-dir> /<backup destination> You only need data.mdb file. We are having very big db size(about 500Gb) and we never face any problem with backup. lock.mdb is not required. You can simply copy back data.mdb to your db directory for restoration and it will work like magic. On Thu, May 30, 2013 at 3:21 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > --On Wednesday, May 29, 2013 2:26 PM -0700 Sanjay Jain <sjain74(a)gmail.com> > wrote: > > How do I take backup of data.mdb and lock.mdb files while server >> is up and provisioning is going on? Is mdb_copy not the right tool for >> this purpose? What am I missing? >> > > a) What version of OpenLDAP are you using? I can mdb_copy a live DB just > fine. > > b) You only need a backup of data.mdb. That's why lock.mdb isn't copied. > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > > -- Thanks&Regards Anil Beniwal +919891695048

1 0

Re: use ldif backup with operational attributes in conjunction with slapadd?
by Meike Stone 31 May '13

31 May '13

2013/5/30 Quanah Gibson-Mount <quanah(a)zimbra.com>: > --On Thursday, May 30, 2013 11:39 AM +0200 Meike Stone > <meike.stone(a)googlemail.com> wrote: > >> Hello, >> >> >> is it possible to use a ldif-backup with operation attributes >> (ldapsearch ... '+' '*') with slapadd, to save the operation >> attributes, if no slapcat backup is available? Are there any concerns? > > > If you can't get a slapcat backup, how would you get a ldapsearch backup? > That's a a ldif created from a colleague, before the database on the test system was deleted.. I want to simulate some documented test from this colleague, but ony the ldif exist and no slapcat. Kind regards Meike

2 1

use ldif backup with operational attributes in conjunction with slapadd?
by Meike Stone 31 May '13

31 May '13

Hello, is it possible to use a ldif-backup with operation attributes (ldapsearch ... '+' '*') with slapadd, to save the operation attributes, if no slapcat backup is available? Are there any concerns? Thanks Meike

2 1

how to take hot backup of MDB ...
by Sanjay Jain 30 May '13

30 May '13

Hi, I have a server that runs on top of MDB. While provisioning is going on, I would like to take the backup of MDB (data.mdb and lock.mdb files). While trying to use mdb_copy command line tool, I noticed: - mdb_copy utility hangs while server is up, I guess waiting for a lock (on DB?) to be released by the server. - if I shutdown the server, mdb_copy works but copies only data.mdb and NOT lock.mdb How do I take backup of data.mdb and lock.mdb files while server is up and provisioning is going on? Is mdb_copy not the right tool for this purpose? What am I missing? Thanks, Sanjay

2 1

extend groupOfURLs
by Carlos Santos 30 May '13

30 May '13

Greetings, I have a dynamic group whose objectclass is groupOfURLs. I want to add a few parameters to the group, such as groupname and others. However, when I go to the schema file and create my own dygroup objectclass, ldap doesn't accept groupOfURLs as dygroup's SUP objectclass. What am I doing wrong and if possible how to fix it? -- Thanks in advance, Carlos Santos

2 1

bind-dyndb-ldap and AttributeType not found
by Brendan Kearney 29 May '13

29 May '13

all, i am trying to load the bind-dyndb-ldap schema into my ldap instance and keep getting an error 'AttributeType not found: "ARecord"'. from what i can tell, the ARecord AttributeType is defined by the cosine schema, which is loaded and present in the ldap instance. I have the dnszone schema loaded too and i am serving static dns entries out of ldap right now. it would seem that the prerequisites for bind-dyndb-ldap are fulfilled, but i cant load the schema. some details: [root@server cn=schema]# slapd -V @(#) $OpenLDAP: slapd 2.4.26 (Jun 27 2012 15:27:46) $ mockbuild@x86-16.phx2.fedoraproject.org:/builddir/build/BUILD/openldap-2.4.26/openldap-2.4.26/build-servers/servers/slapd [root@server schema]# slaptest -v -d9 -f ./dns-dyndb.schema -F ../slapd.d/cn\=config/cn\=schema/ slaptest init: initiated tool. slap_sasl_init: initialized! bdb_back_initialize: initialize BDB backend bdb_back_initialize: Berkeley DB 5.2.36: (September 14, 2011) hdb_back_initialize: initialize HDB backend hdb_back_initialize: Berkeley DB 5.2.36: (September 14, 2011) null_back_initialize: initialize null backend backend_startup_one: starting "cn=config" ./dns-dyndb.schema: line 296 objectclass: AttributeType not found: "ARecord" slaptest: bad configuration directory! Since the cosine schema is loaded, the ARecord AttributeType is available for reference by this schema, but it does not seem to load. am i missing something obvious? can anyone shed light on this? to make sure i was going about this right, i also tried it this way: [root@server openldap]# cat this.out include /etc/openldap/schema/dns-dyndb.schema [root@server openldap]# slaptest -v -d9 -f /etc/openldap/this.out -F /etc/openldap/slapd.d/ slaptest init: initiated tool. slap_sasl_init: initialized! bdb_back_initialize: initialize BDB backend bdb_back_initialize: Berkeley DB 5.2.36: (September 14, 2011) hdb_back_initialize: initialize HDB backend hdb_back_initialize: Berkeley DB 5.2.36: (September 14, 2011) null_back_initialize: initialize null backend backend_startup_one: starting "cn=config" /etc/openldap/schema/dns-dyndb.schema: line 296 objectclass: AttributeType not found: "ARecord" slaptest: bad configuration directory! still got the error...

1 1

Re: ldap query performance issue
by Meike Stone 29 May '13

29 May '13

Hello, because of this, does it make sense in a directory with > 1,000,000 people to index the sex? thanks Meike 2013/5/23 Quanah Gibson-Mount <quanah(a)zimbra.com>: > --On Thursday, May 23, 2013 4:40 PM +0000 Chris Card <ctcard(a)hotmail.com> > wrote: > >> Hi all, >> >> I have an openldap directory with about 7 million DNs, running openldap >> 2.4.31 with a BDB backend (4.6.21), running on CentOS 6.3. >> >> The structure of the directory is like this, with suffix dc=x,dc=y >> >> dc=x,dc=y >> account=a,dc=x,dc=y >> mail=m,account=a,dc=x,dc=y // Users >> .... >> licenceId=l,account=a,dc=x,dc=y // Licences, >> objectclass=licence .... >> group=g,account=a,dc=x,dc=y // Groups >> .... >> // etc. >> >> account=b,dc=x,dc=y >> .... >> >> Most of the DNs in the directory are users or groups, and the number of >> licences is small (<10) for each account. >> >> If I do a query with basedn account=a,dc=x,dc=y and filter >> (objectclass=licence) I see wildly different performance, depending on >> how many users are under account a. For an account with ~30000 users the >> query takes 2 seconds at most, but for an account with ~60000 users the >> query takes 1 minute. >> >> It only appears to be when I filter on objectclass=licence that I see >> that behaviour. If I filter on a different objectclass which matches a >> similar number of objects to the objectclass=licence filter, the >> performance doesn't seem to depend on the number of users. >> >> There is an index on objectclass (of course), but the behaviour I'm >> seeing seems to indicate that for this query, at some point slapd stops >> using the index and just scans all the objects under the account. >> >> Any ideas? > > > Increase the IDL range. This is how I do it: > > --- openldap-2.4.35/servers/slapd/back-bdb/idl.h.orig 2011-02-17 > 16:32:02.598593211 -0800 > +++ openldap-2.4.35/servers/slapd/back-bdb/idl.h 2011-02-17 > 16:32:08.937757993 -0800 > @@ -20,7 +20,7 @@ > /* IDL sizes - likely should be even bigger > * limiting factors: sizeof(ID), thread stack size > */ > -#define BDB_IDL_LOGN 16 /* DB_SIZE is 2^16, UM_SIZE is 2^17 > */ > +#define BDB_IDL_LOGN 17 /* DB_SIZE is 2^16, UM_SIZE is 2^17 > */ > #define BDB_IDL_DB_SIZE (1<<BDB_IDL_LOGN) > #define BDB_IDL_UM_SIZE (1<<(BDB_IDL_LOGN+1)) > #define BDB_IDL_UM_SIZEOF (BDB_IDL_UM_SIZE * sizeof(ID)) > > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

2 4

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical May 2013