configure: error: BDB/HDB: BerkeleyDB not available
by Mónico Briseño
Hi, all. I decided to install openldap release 2.4.36 from tarball file
with BerkeleyDB support.
According openldap documentation I downloaded and installed Berkeley DB
release 6.0
I configured the configure script as follows:
CPPFLAGS="-I/usr/local/BerkeleyDB.6.0/include"
LDFLAGS="-L/usr/local/BerkeleyDB.6.0/lib"
export CPPFLAGS LDFLAGS
./configure --enable-sql
Sadly, I have the following error:
configure: error: BDB/HDB: BerkeleyDB not available
Any idea?
How I did wrong?
TIA
--
M.S. José M. Briseño Cortés
Universidad de Guadalajara
Instructional Technologist Univ. Houston
Moodle Teacher Certificate
NTCM, IACEP, iNACOL, ACM member
10 years
OLC (online config error)
by pramod kulkarni
I am trying to establish online config for openLDAP on windows but I am
getting this below error how to make online config
5230324d ldif_write_entry: could not put entry file for "cn=config" in
place: Invalid argument
5230324d config_build_entry: build "cn=config" failed: "(null)"
5230324d backend_startup_one (type=config, suffix="cn=config"): bi_db_open
failed! (-1)
my slapd.conf file
database config
rootdn "cn=admin,cn=config"
rootPw config
I did slapd test
slapd -T test -f slapd.conf -F slapd.d
waiting for your response
Regards,
Pramod
10 years
ppolicy I need help
by Jacques Foucry
Hello experts,
I tried to enable ppolicy on a test openldap server.
As I read I first create an OU policies with the default cn
# LDIF Export for cn=default,ou=policies,dc=example,dc=com
# Server: My Slave LDAP Server (ldap://localhost)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on
September 10, 2013 2:10 pm
# Version: 1.2.0.5
version: 1
# Entry 1: cn=default,ou=policies,dc=example,dc=com
dn: cn=default,ou=policies,dc=example,dc=com
cn: default
objectclass: top
objectclass: device
objectclass: pwdPolicy
objectclass: pwdPolicyChecker
pwdallowuserchange: TRUE
pwdattribute: userPassword
pwdcheckmodule: mmc-check-password.so
pwdcheckquality: 0
pwdexpirewarning: 600
pwdfailurecountinterval: 0
pwdgraceauthnlimit: 5
pwdinhistory: 5
pwdlockout: TRUE
pwdlockoutduration: 0
pwdmaxage: 90
pwdmaxfailure: 5
pwdminlength: 8
pwdmustchange: TRUE
pwdsafemodify: FALSE
and add it to my base.
I also added the ppolicy schema, the module load and the overlay
include /etc/ldap/schema/ppolicy.schema
moduleload ppolicy.la
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=example,dc=com"
ppolicy_hash_cleartext
ppolicy_use_lockout
In /etc/ldap/ldap.conf I change
pam_lookup_policy yes
I restarted slapd and change my own client to use my test open ldap
server. And it seems working.
But suddenly I was not able to do a sudo, change my passwd or login in
another session.
I checked the log of my server and found
Sep 10 16:17:22 ldap-slave slapd[1672]: conn=1075 op=1 ENTRY
dn="cn=jacques foucry,ou=people,dc=example,dc=com"
Sep 10 16:17:22 ldap-slave slapd[1672]: conn=1075 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Sep 10 16:17:22 ldap-slave slapd[1672]: conn=1075 op=2 BIND
dn="cn=Jacques Foucry,ou=People,dc=example,dc=com" method=128
Sep 10 16:17:22 ldap-slave slapd[1672]: conn=1075 op=2 BIND
dn="cn=Jacques Foucry,ou=People,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 10 16:17:22 ldap-slave slapd[1672]: ppolicy_bind: Entry cn=Jacques
Foucry,ou=People,dc=example,dc=com has an expired password: 0 grace logins
Sep 10 16:17:22 ldap-slave slapd[1672]: conn=1075 op=2 RESULT tag=97
err=49 text=
Sep 10 16:17:22 ldap-slave slapd[1672]: conn=1075 op=3 BIND anonymous
mech=implicit ssf=0
Sep 10 16:17:22 ldap-slave slapd[1672]: conn=1075 op=3 BIND dn="" method=128
Sep 10 16:17:22 ldap-slave slapd[1672]: conn=1075 op=3 RESULT tag=97
err=0 text=
So I added to my user some attributes. First the OU pwdPolicy (with
userPassord as attribute) then pwdAllowUserChange, pwdGraceAuthNLimit
(and put 7 on it) PwdLockout (false) pwdLockoutDuration (0)
pwdMustChange (true) pwdSafeModify(true).
I still have the same error.
So there is something I misunderstood.
Can some on explain what's wrognand how can I correct it?
Thanks in advance for your help,
Best regards,
Jacques Foucry
--
Jacques Foucry
*NOVΛSPARKS *
IT Manager
Tel : +33 (0)1 42 68 12 61
jacques.foucry(a)novasparks.com
10 years
Re: SyncRepl Chaining
by espeake@oreillyauto.com
From: Quanah Gibson-Mount <quanah(a)zimbra.com>
To: espeake(a)oreillyauto.com
Date: 09/06/2013 10:42 AM
Subject: Re: SyncRepl Chaining
--On Friday, September 06, 2013 10:39 AM -0500 espeake(a)oreillyauto.com
wrote:
> root@tntest-ldap-3:~# ldapwhoami -d -1 -Wx -D
> "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
Debug output from ldapwhoami is useless
> ldap_bind: Invalid credentials (49)
This error can indicate any of a number of things:
a) Wrong password
b) Acls block the ability to auth to the password
c) The DN specified doesn't exist
What you would need to provide is the debug output from *slapd* to see
which of a, b, or c was the problem.
--Quanah
--
Here is the olcAcces from the slapcat on the database. Rule {0} should
what it is using but becaus eof it not authenticating rule {2} is being
applied instead.
Here is the slapd debug.
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: conn=1015 op=0 BIND
dn="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" method=128
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (userPassword)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: auth access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => acl_get: [1] attr
userPassword
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => acl_mask: access to entry
"uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => acl_mask: to value by "",
(=0)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= check a_dn_pat:
uid=syncrepl,ou=system,dc=oreillyauto,dc=com
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= check a_dn_pat:
uid=readonlyuser,ou=system,dc=oreillyauto,dc=com
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= check a_dn_pat:
uid=ldapadmin,ou=system,dc=oreillyauto,dc=com
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= check a_dn_pat:
uid=newuseradmin,ou=system,dc=oreillyauto,dc=com
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= check a_dn_pat:
uid=passwordadmin,ou=system,dc=oreillyauto,dc=com
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= acl_mask: no more <who>
clauses, returning =0 (stop)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => slap_access_allowed: auth
access denied by =0
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: no more
rules
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 11:01:25 slapd[20347]: last message repeated 3 times
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => test_filter
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: PRESENT
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= test_filter 6
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => test_filter
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: PRESENT
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= test_filter 6
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => test_filter
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: EQUALITY
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= test_filter 5
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => test_filter
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: EQUALITY
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= test_filter 5
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= acl_access_allowed: granted
to database root
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => test_filter
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: PRESENT
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= test_filter 6
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (objectClass)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result was
in cache (objectClass)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (uid)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (description)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (pwdPolicySubentry)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (structuralObjectClass)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => test_filter
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: PRESENT
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= test_filter 6
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: add access
to "cn=accesslog" "children" requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
"structuralObjectClass" requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: add access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: add access
to "reqStart=20130906160125.000000Z,cn=accesslog" "entry" requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (entryUUID)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (creatorsName)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (createTimestamp)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (pwdHistory)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result was
in cache (pwdHistory)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (userPassword)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (pwdChangedTime)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (pwdFailureTime)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result was
in cache (pwdFailureTime)
Sep 6 11:01:25 slapd[20347]: last message repeated 33 times
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (entryCSN)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryCSN" requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (modifiersName)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "modifiersName"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (modifyTimestamp)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "modifyTimestamp"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (entryDN)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryDN" requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result was
in cache (entryDN)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (subschemaSubentry)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "subschemaSubentry"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result was
in cache (subschemaSubentry)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (hasSubordinates)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "hasSubordinates"
requested
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result was
in cache (hasSubordinates)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: <= root access granted
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep 6 11:01:25 tntest-ldap-1 slapd[20347]: => access_allowed: result not
in cache (objectClass)
Sep 6 11:01:25 tntest-ldap-1 rsyslogd-2177: imuxsock begins to drop
messages from pid 20347 due to rate-limiting
Sep 6 11:01:27 tntest-ldap-1 rsyslogd-2177: imuxsock lost 116 messages
from pid 20347 due to rate-limiting
Thanks,
Eric
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
Message id: CA5BC600DE5.AFB93
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
10 years
Log service time?
by Покотиленко Костик
Hi,
Is there a way to log the time each operation took?
I have strange CPU load (~200%) with just ~15 operations per second.
SRCH is >90% of all operations. All attributed involved in search a
indexed (many single attribute indexes, ~30).
The point is to find which search operations a taking long time to
develop a solution.
10 years
Slapd High CPU usage on Solaris 9
by Luca Polidoro
Hello,
I am writing to to submit a case that has been happening in the last 2 weeks in
our infrastructure. This is structured as follows:
1 provider: Solaris 9 SPARC - Sun Fire V490 - last OS patch level
CPU: 4-1500 Mhz
RAM: 32 GB
OpenLDAP version used: Berkeley DB 2.4.23 and 4.8.30 (with database bdb) all
64-bit
18 consumer: Solaris 9 SPARC - last OS patch level with different types of
features (CPU, RAM)
On the following consumer products:
Consumer 1: Solaris 9 SPARC - Sun Fire 480R - last OS patch level
CPU: 4-900 Mhz
RAM: 8 GB
Consumer 2: Solaris 9 SPARC - Sun Fire 480R - last OS patch level
CPU: 4-1050 Mhz
RAM: 8 GB
Consumer 3: Solaris 9 SPARC - Sun Fire 480R - last OS patch level
CPU: 4-1050 Mhz
RAM: 8 GB
Consumer 4: Solaris 9 SPARC - Sun Fire V210 - last OS patch level
CPU: 2-1336 Mhz
RAM: 8 GB
we are noticing an increase in the cpu used by the slapd process. In fact,
the process is constantly between 85% and 95%, and became completely unusable
and then we are forced to restart.
LDAP with 1.000.000 objects.
This is the consumer's slapd.conf (I have omitted parts of the ACL, includes,
etc..):
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
#
# VERSION v2 - Digital Tru64
#
allow bind_v2
Some include
...
#
# tuning parameters - START
# ------------------------------
#
conn_max_pending 1000
conn_max_pending_auth 1000
idletimeout 500
sizelimit unlimited
threads 8
timelimit 500
disallow bind_anon
#
# tuning parameters - END
# ----------------------------
#
...
#######################################################################
# bdb database definitions
#######################################################################
database bdb
suffix "xxxxxxxxxxxx"
rootdn "cn=root,ou=ldapusers,xxxxx"
directory /var/openldap-2.4.23_64/var/openldap-data
#####disallow limit for syncuser
limits dn.children="ou=syncusers,xxxx" size=unlimited
index objectClass,entryCSN,entryUUID eq
index ou eq,sub,subinitial,subany,subfinal
index uidOwner eq
index uid eq
index memberUid eq
#shm_key 1100
cachesize 1000000
cachefree 10000
dncachesize 1000000
idlcachesize 1000000
searchstack 16
checkpoint 1024 10
overlay ppolicy
ppolicy_default "cn=Standard,ou=Policies,xxxx"
ppolicy_use_lockout
############################SYNCREPL CONF
syncrepl rid=011
provider=ldap://xxxxxx
type=refreshAndPersist
interval=00:00:15:00
retry="15 10 120 +"
searchbase="xxxxx"
filter="(objectClass=*)"
attrs="*,+"
scope=sub
schemachecking=on
bindmethod=simple
binddn="xxxxxx"
credentials=xxxx
############################SYNCREPL CONF
These are the bdb files:
420M dn2id.bdb
30M entryCSN.bdb
32M entryUUID.bdb
1,4G id2entry.bdb
18M memberUid.bdb
4,9M objectClass.bdb
5,3M ou.bdb
17M uid.bdb
17M uidOwner.bdb
this is DB CONFIG:
-----------------------------------------------------------
##########################################
###########################################
#set_cachesize 0 300000000 10
#set_lg_regionmax 262144
#set_lg_bsize 2097152
###########################################
###########################################
# replaces lockdetect directive
#set_lk_detect DB_LOCK_EXPIRE
set_lk_detect DB_LOCK_DEFAULT
# uncomment if dbnosync required
#AGGIUNTO TUTTO
#set_flags DB_TXN_WRITE_NOSYNC
####AGGIUNTO
set_flags DB_LOG_AUTOREMOVE
# multiple set_flags directives allowed
# sets max log size = 5M (BDB default=10M)
set_lg_max 25242880
set_lg_dir /var/openldap-2.4.23_64/logs
set_cachesize 2 274726912 1
# sets a database cache of 5M and
# allows fragmentation
# does NOT replace slapd.conf cachesize
# this is a database parameter
#txn_checkpoint 128 15 0
# replaces checkpoint in slap.conf
# writes checkpoint if 128K written or every 15 mins
# 0 = no writes - no update
set_lk_max_locks 2500
set_lk_max_lockers 2500
set_lk_max_objects 2500
---------------------------------------------------
We have tried to change the number of threads bringing them to 16, we
lowered the parameters idletimeout and timelimit, but without result.
Appreciate your feedback.
Thanks,
Luca
10 years
Re: Problem pwdChangedTime
by felas
The problem is
i have this LDIF file with this attribute pwdChangedTime, and because
that i have a error to import this file LDIF.
2013/9/6 Quanah Gibson-Mount <quanah(a)zimbra.com>
> --On Friday, September 06, 2013 9:50 PM +0200 felas <felas85(a)gmail.com>
> wrote:
>
>
> I try to add ppolicy.ldif to my schema, but no success.
>>
>>
>> how i can do to resolve this problem?
>>
>
> add ppolicy.ldif with success
>
> You need to be more detailed about how you tried to add the schema, to
> start with.
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Lead Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
10 years
RE: Antw: Re: Log service time?
by Chris Jacobs
You left off the part where I remind that he was looking for information - specifically how to get said information:
"If the information Casper requested isn't available, say so. If it is, how would he get it?"
As it stands now, his initial question remains unanswered, with the only guidance being "upgrade"; which lacking anything else he is running with in the blind hope it makes things faster (his actual issue, not his questions).
That's really the meat of my response/addition to this conversation, and it's been simply side stepped again.
-----Original Message-----
From: Michael Ströder [mailto:michael@stroeder.com]
Sent: Friday, September 06, 2013 2:16 PM
To: Chris Jacobs
Cc: openldap-technical(a)openldap.org
Subject: Re: Log service time?
Chris Jacobs wrote:
> Michael: I cannot tell if you're being sarcastic or not, so, I'm running
> with your words:
I'm completely serious.
> Software isn't developed in a vacuum - when truly useful, it's intended use
> it to be used and it cannot be used sans distros (in any realistic
> production operation; sure you can compile everything from source and
> create StroderOS).
Are you sarcastic here?
Serious: Using packages from a Linux distribution is the normal case and works
fine mostly for cases where you don't use very advanced features of a given
software.
If you experience certain bugs in a software packaged by your distro then
build a newer distro package of that software. Yes, that's work but it's worth
the effort if the component is really important for your infrastructure. This
is about getting real control over important components.
> While you may be blessed with using whatever software,
> from whatever source you desire, with any (or no) support available, many
> system administrators are under edicts and must work within the policies
> and instructions of their company.
Policies and instructions are always subject to controlled change process. If
you don't have a change process then your policies are missing a very
essential part.
> SOX is a big deal at any organization that is publicly traded or works with
> government entities.
Be assured that I'm quite aware of what it means to run systems governed by
lots of policies.
> The support model of essentially "it's not the latest; go away until you update (compile it)" isn't helpful.
Do you have a support contract with the OpenLDAP community?
Everything here is community effort. If you insist on getting commercial-grade
support model then pay people providing support (e.g. buy Symas' build for
your favourite OS platform).
> Quanah: "I would highly advise upgrading to a current release (2.4.36) and
> switching to back-mdb."
While I personally agree that Quanah should not just write "yuck" because of
someone is using back-hdb (given that back-mdb is really usable just since
2.4.36) he's right in pointing out that someone should try to reproduce issues
with the latest release first before asking.
Ciao, Michael.
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
10 years
Problem pwdChangedTime
by felas
Hi,
i have this ldif file to import, but i have this error:
pwdChangedTime: attribute type undefined
I try to add ppolicy.ldif to my schema, but no success.
how i can do to resolve this problem?
10 years