DB config and log files
by jeevan kc
Hello thereMy DB_CONFIG looks like this set_cachesize 0 716800 0set_lg_bsize 2097512set_lg_dir /usr/local/var/openldap-logsset_flags DB_LOG_AUTOREMOVE
Recently , we have few batch processes running in the LDAP server for Datawarehouse groups and other apps and this is causing DB logs to grow . When I do a ls -l the size of the logs are almost 4GB in size. This is causing trouble and we don't want this many logs. How do I limit the log size so that it doesn't exceed lets say 1 GB . These DB logs are of very little importance to us. We periodically do a backup using slapcat and we can use this in case we have a fatal crash .Please throw some light on how to limit these DB logs . Thanks
Jeevan
9 years, 9 months
Re: RE24 testing call (OpenLDAP 2.4.36)
by Marco Pizzoli
On Mon, Jul 29, 2013 at 9:44 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote:
> If you know how to build OpenLDAP manually, and would like to participate
> in testing the next set of code for the 2.4.36 release, please do so.
>
> Generally, get the code for RE24:
>
> <http://www.openldap.org/**devel/gitweb.cgi?p=openldap.**
> git;a=snapshot;h=refs/heads/**OPENLDAP_REL_ENG_2_4;sf=tgz<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...>
> >
>
> Configure & build.
>
> Execute the test suite (via make test) after it is built.
>
> Thanks!
>
> --Quanah
>
All MDB tests passed with current RE24 (apart from the very last additions
you just made).
RHEL6.4 x86_64
>
> --
>
> Quanah Gibson-Mount
> Lead Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
>
9 years, 9 months
MAC and Network Asset Inventory on LDAP
by Nick Milas
Hello,
We are planning on using FreeRadius for MAC-auth based on MAC addresses
(to be) stored on our OpenLDAP (in parallel to 802.1x using our
ldap-stored users).
With that opportunity we would be aiming at starting a comprehensive
network asset inventory. So, I would like to ask people to share their
experience regarding storing MAC addresses and other device info on LDAP.
If using LDAP for device inventory, are you simply using device and
ieee802Device object classes (in core.schema and nis.schema
respectively), or you would suggest a more specialized/extensive schema
to be used instead or additionally (auxiliary object class(es))? Which?
An example method (found with some googling):
http://collaboration.cmc.ec.gc.ca/science/rpn/biblio/ddj/Website/articles...
Of course, one could try to re-invent the wheel (custom schema, custom
apps), but I am sure there should be some well designed schema(s) around
for this purpose.
I think that it would also make sense, if possible, to be able to use a
storage format that can be leveraged by other open-source network assets
management software (like ocsinventory-ng or openipam, which however use
SQL backends).
Any experiences/suggestions would be highly appreciated.
Thanks and Regards,
Nick
9 years, 9 months
Linux quota problem for LDAP users
by Osman ÜNALAN (ULAKBİM)
Hi,
I'm trying to set quotas for LDAP users on a Linux server. But all the users' name begins with number and when I try to set quota for a user like "123456" it sets a quota for "#123456"
I set quota like this:
setquota -u 123456 1500 1500 0 0 -a
repquota output is like:
user used soft hard grace used soft hard grace
123456 -- 500 0 0 100 0 0
# 123456 -- 0 1500 1500 0 0 0
That's why the quota I set applies to non existing user named #123456.
Does anyone know how can I fix that?
Thanks,
Osman Ünalan
9 years, 9 months
One questions about nested gourp support of openldap
by ctosgh
Hi, there
To meet the following requirement:
"groupA" contains user entries:
cn=a,ou=users,dc=test,dc=com
cn=b,ou=users,dc=test,dc=com
"groupB" contains "groupA"
I have following questions:
1 Which object classes should I use to implement above requirement? Could anyone give a simple sample ldif file?
2 Is there a standard or commonly used way to implement nested groups?
Appreciate your feedback~~~
Thanks,
Jacky
9 years, 9 months
developing module that instantiates check_password() function
by Scott Koranda
Hello,
I wish to develop a user-defined loadable module that instantiates the
check_password() function as described in the slapo-ppolicy man page.
The man page specifies the function prototype as
int check_password (char *pPasswd, char **ppErrStr, Entry *pEntry);
In which header file is the 'Entry' type defined?
Thanks,
Scott
9 years, 9 months
separate login/password for several services?
by Zeus Panchenko
hi all,
please, may somebody advice
I need to set separate credentials for each service I provide
(optionally) to my users
I think of something like this:
dn: uid=target-user,ou=People,dc=ibs
userPassword: ******
...
authorizedService: xmpp
authorizedService: smtp
authorizedService: pop
authorizedService: imap
authorizedService: mail
...
loginSMTP: mail-send-login
passwSMTP: xxx
loginPOP3: mail-get-login
passwPOP3: yyy
...
loginXMPP: login-xmpp
passwXMPP: zzz
can I achieve it? from which side to approach the issue?
--
Zeus V. Panchenko jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
9 years, 9 months
Re: Schema Replication and data replication
by Christian Kratzer
Hi,
On Thu, 8 Aug 2013, espeake(a)oreillyauto.com wrote:
> Christian,
>
> The olcServerID goes in the cn=config file correct? I will do a ldapmodify to change this.
yes. use the following:
dn: olcDatabase={0}config
changetype: modify
replace: olcServerID
olcServerID: 1 ldap://tntest-ldap-master-1.oreillyauto.com
olcServerID: 2 ldap://tntest-ldap-master-2.oreillyauto.com
> The consumer config is what was on there and that's why I asked the question about wiping it out and then using slapcat to put it back in.
slapcat NEVER shows the checksums and protecting comments that you only see when you go looking at the files under slapd.d
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 3411e7fc
Once you have the correct configuration on one server dump it with slapcat -n0 and import it to the second server using slapadd -n0.
Be sure to wipe ALL of the contents in the slapd.d directory before importing with slapadd.
ps: please keep the mailinglist on the Cc: so what we learn from this is for the greater good.
Greetings
Christian
>
> Thanks,
> Eric
>
>
>
> -----openldap-technical-bounces(a)OpenLDAP.org wrote: -----To: espeake(a)oreillyauto.com
> From: Christian Kratzer
> Sent by: openldap-technical-bounces(a)OpenLDAP.org
> Date: 08/08/2013 06:58AM
> Cc: openldap-technical(a)openldap.org
> Subject: Re: Schema Replication and data replication
>
> Hi,
>
> On Wed, 7 Aug 2013, espeake(a)oreillyauto.com wrote:
>
> >
> > So we are cooking with warm oil and I wan to the cooking with hot oil!!!!
> >
> > I have been able to get upgraded 2.4.28 on open ldap. Having issue with
> > getting a good build of 2.4.35. But that isn't the problem. Below is the
> > log on my log from one of my consumers after starting the slapd service.
> >
> <snipp>
> >
> > Here is where is stops.
> >
> > Here in the ldif file from my master:
> >
> > # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
> > # CRC32 3411e7fc
>
> use slapcat -n0 instead of copying manually the files from the slapd.d directory.
>
> > dn: olcDatabase={0}config
> > objectClass: olcDatabaseConfig
> > olcDatabase: {0}config
> > olcUpdateRef: ldap://tntest-ldap-master-1.oreillyauto.com
> > olcsyncrepl: rid=002 provider=ldap://tntest-ldap-master-1.oreillyauto.com
> > type=refreshAndPersist retry="10 +" searchbase="cn=config"
> > bindmethod=simple binddn="uid=admin,dc=oreillyauto,dc=com"
> > credentials=<password>
> > olcAccess: to * by dn="uid=admin,dc=oreillyauto,dc=com" write by
> > dn="uid=ldapadmin,ou=system,dc=oreillyauto,dc=com" write by * none
> > olcRootDN: cn=admin,cn=config
> > olcRootPW:: c2VjcmV0
> > structuralObjectClass: olcDatabaseConfig
> > entryUUID: 35b75e72-93c2-1032-9ca4-711c013d2dcb
> > creatorsName: cn=config
> > createTimestamp: 20130807153144Z
> > entryCSN: 20130807153144.468097Z#000000#000#000000
> > modifiersName: cn=config
> > modifyTimestamp: 20130807153144Z
> >
> > Here is the ldif from my consumer:
> >
> > dn: olcDatabase={0}config
> > objectClass: olcDatabaseConfig
> > olcDatabase: {0}config
> > olcRootDN: cn=admin,cn=config
> > olcRootPW: secret
> > structuralObjectClass: olcDatabaseConfig
> > olcsyncrepl: {0}rid=002
> > provider=ldap://tntest-ldap-master-1.oreillyauto.com type=refreshOnly
> > retry="5 +" searchbase="cn=config" bindmethod=simple
> > binddn="cn=admin,cn=config" credentials=<password> schemachecking=on
> > olcAccess: to * by dn="uid=admin,dc=oreillyauto,dc=com" write by
> > dn="uid=ldapadmin,ou=system,dc=oreillyauto,dc=com" write by * none
> > entryUUID: f074ba7c-09ed-1030-952b-0bb60fbd91a8
> > creatorsName: cn=config
> > createTimestamp: 20110503162710Z
> > entryCSN: 20110503162710.319234Z#000000#000#000000
> > modifiersName: cn=config
> > ModifyTimestamp: 20110503162710Z
> >
>
> both your entryCSN have #000# for the serverID. Even though it seems you
> have somehow modified the configuration.
>
> Your replication cannot work when you have not configured a serverID.
>
> You need at least the following in your configs.
>
> olcServerID: 1 ldap://tntest-ldap-master-1.oreillyauto.com
> olcServerID: 2 ldap://tntest-ldap-master-2.oreillyauto.com
>
> Also why does the ModifyTimestamp: attribute from your second server start with a capital 'M'.
>
> Are you still somehow manually poking at the files in slapd.d ?
>
> Please use slapcat / slapadd with the -n0 option to export and import your configuration.
>
>
> Greetings
> Christian
>
> --
> Christian Kratzer CK Software GmbH
> Email: ck(a)cksoft.de Wildberger Weg 24/2
> Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
> Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
> Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
>
>
> --
> This message has been scanned for viruses and dangerous content,
> and is believed to be clean.
> Message id: 7014E600847.AEC40
>
>
> This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended
> recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
>
>
--
Christian Kratzer CK Software GmbH
Email: ck(a)cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
9 years, 9 months