LMDB usage on windows - to much memory needed
by Frank Offermanns
Hello,
we would like to change our backend from hdb to mdb.
I did some initial tests and found out the following:
When setting maxsize to 1.4 GB, the size of the database on the file
system is about 1.4 GB. I thought I read that the maxsize has nothing to
do with the actual physical size needed. (If I have only 10 MB of data my
database should be about 10 MB).
Even worse is the fact, that slapd.exe then needs about 1.5 GB virtual
size memory.
And if I use 32 Bit slapd.exe the process will crash when reaching 2 GB
virtual size. (as every 32 bit process will do)
Now my conclusion is, that the things described in the mdb paper are only
valid for unix/linux, because windows uses another memory system. Is this
correct? Or is there a way I haven't found to configure OpenLDAP on
windows so that it does not need so much RAM.
The size on the disk does not matter for us, but since we use only 32 bit
slapd.exe the RAM does matter.
Best regards,
Frank
8 years, 4 months
LDAPCon 2015 Call for Papers
by Andrew Findlay
LDAPCon 2015
============
The fifth International Conference on LDAP and Directory Services will be
held in the UK at the University of Edinburgh School of Informatics Forum.
Tutorials: 11th November 2015
Conference: 12th and 13th November 2015
Call for papers and tutorials
=============================
Topics
You are using LDAP in interesting projects?
You do LDAP client or server development?
You have used LDAP in a new way?
You do identity and access management on top of LDAP?
Why not share your ideas and experiences with others?
We are looking for speakers who are willing to talk about any topic
related to LDAP and identity management, including:
LDAP technology implementation (Servers, API, User interfaces etc.)
LDAP Usage (Schema, Security, Operations, Scaling, big data, etc.)
LDAP related technologies (PKI, XACML, SAML, etc.)
LDAP and Beyond (IAM, Identity Federation, Authentication on the web, etc.)
Best Practices for directory services.
Accepted talks will be grouped into tracks such as a
standards/development and deployment/administration.
Deadlines & Important Dates
Submission Deadline: 28th June
Author Notification: 10th July
Final Papers due: 10th October 2015
Tutorials: 11th November 2015
Conference: 12th-13th November 2015
Talk Submissions
Main presentations should last about 45 minutes including discussion;
we will also provide smaller slots of 15 minutes and 5 minutes for
poster presentations or lightning talks. Please tell us which duration
you prefer when proposing your talk. The talk must be in English.
The one and only way to submit your abstract (approximately 200-800 words,
accompanied by your biography of about 100-300 words) is via email to
submissions(a)lists.ldapcon.org. Abstracts must reach the Program Committee
by 28th June 2015. Early submission is encouraged.
All abstracts will be reviewed by the program committee.
For accepted talks we expect you to submit slides and/or a paper
of approximately 2-10 pages (A4 or US Letter format, 25mm borders,
preferably LaTeX source or OpenOffice).
For 5-minute talks, a brief abstract is required. A short paper, slides or
a poster should be provided for accepted talks. We will provide display
boards for posters throughout the conference.
By submitting a paper you grant the conference organizers the
non-exclusive right to publish your paper in the conference proceedings
and on the website; you maintain the right to publish it elsewhere at
your discretion.
Tutorial Submissions
We are looking for high-quality tutorials on LDAP and related subjects,
at any level from introductory to advanced. Tutorial length can range from an
hour to a full day. Wireless Internet access will be available if required.
The purpose of the tutorials is focussed education, so they should cover
established topics and best practice rather than presenting new work.
Tutorials will be on Wednesday 11th November 2015.
The Programme Committee has an open mind about the format of the tutorial
day, but has a limited number of rooms available. Make your proposal early
and we will aim to build an attractive programme for the day.
Expenses
Speakers get free access to the conference, including the social event.
If requested in advance we will provide accommodation for speakers.
Travel expenses might also be covered in special cases.
If you need this, please contact us early so we can try to arrange it.
Website
http://ldapcon.org/2015/
Contacts
General enquiries: enquiries(a)lists.ldapcon.org
Paper/Tutorial submissions: submissions(a)lists.ldapcon.org
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
8 years, 4 months
Search with wildcard
by Alessandro Lasmar Mourao
I have the following structure in my OpenLDAP:
ou = groups
|_cn = system1
| | _cn = Group1
| | _cn = Group2
|_cn = system2
| _cn = Group1
| _cn = Group2
I need to perform a search and return only users who are registered on system1, regardless of the registered group.
When I use the search with the filter: memberOf=cn=*,cn=system1,ou=groups nothing is returned.
How do I perform this search in OpenLDAP? In search Oracle SJDS works!
8 years, 4 months
Different DIT on separate database
by Maily Peng
Hello,
I'd like to set up a single instance of slapd from two DIT that have
been defined in separate mdb databases in order to manage more
efficiently indexes.
Is-it possible ?
thank you
#######################################################################
# mdb primary database definitions
#######################################################################
backend mdb
database mdb
suffix "ou=users,dc=domain,dc=net"
rootdn "cn=Manager,dc=domain,dc=net"
envflags writemap,nometasync
lastmod on
rootpw
directory /usr/local/var/users-data/
#######################################################################
# mdb second database definitions
#######################################################################
backend mdb
database mdb
suffix "ou=profiles,dc=domain,dc=net"
rootdn "cn=Manager,dc=domain,dc=net"
envflags writemap,nometasync
lastmod on
rootpw
directory /usr/local/var/profile-data/
--
Maï-Ly PENG
Database Administrator
Keyyo Communications
92-98 bd Victor Hugo
92115 Clichy - France
Tél. : 01 72 38 77 87
mpeng(a)keyyo.com <mailto:mpeng@keyyo.com>
www.keyyo.com <http://www.keyyo.com/>
8 years, 4 months
simple authentication
by Bharath K
env.put(Context.SECURITY_PRINCIPAL,args[0]);
env.put(Context.SECURITY_CREDENTIALS,args[1]);
what values i have to provide for this parameters??
the code which i am trying is not doing simple authentication
> dn: uid=nagios,ou=People,dc=
example,dc=com
> ...
> userPassword::
> dn: uid=test1,ou=People,dc=example,dc=com
> ...
> userPassword::
>
> dn: uid=test2,ou=People,dc=example,dc=com
> ...
> userPassword::
for above thing i have password...
my problem is... it is not doing simple authentication
i am expecting to be ask password on output ....but for me its not asking
any password it is directly showing output it means it is not doing simple
authentication
8 years, 4 months
slapacl Read:Allow - ldapsearch no result
by Uli Tehrani
Hello all,
i want to allow general read access for attribute sshPublicKey.
I configured the following rule on top
access to attrs=sshPublicKey
by * read
slapacl -f /etc/openldap/slapd.conf -vvv -b
uid=utehrani,ou=ActiveUser,ou=PosixUser,ou=User,dc=example,dc=com
sshPublicKey/read
read access to sshPublicKey: ALLOWED
But when i run ldapsearch. I get no such object
ldapsearch -LLL -h ldap1 -x -b
uid=utehrani,ou=ActiveUser,ou=PosixUser,ou=User,dc=example,dc=com
sshPublicKey
No such object (32)
Who can helps ?
I am running openldap 2.4.39-8
Thanks in advance
Regards
Uli
Uli
--
===================================
Ulrich Tehrani
Am Ulrichshof 19
79189 Bad Krozingen
+497633806246
u_tehrani(a)yahoo.de
===================================
8 years, 4 months
OpenLDAP Replication Issue
by Tony S. Wu
We have 5 servers running OpenLDAP, 001 - 005. Server is CentOS 6.4, LDAP
version is openldap-servers-2.4.23-32.el6_4.1.x86_64, current replication
topology is:
001 <=> 002
001 <=> 003
001 <=> 004
001 <=> 005
001 is where the phpLDAPAdmin GUI is running on. 002 - 005 are behind a
load balancer, 001 is never directly accessed from clients. I understand
this makes 001 the single point of failure in terms of replication, but we
would like to fix the current issues before exploring more changes.
The issue we are running is intermittent failure in replication.
Replication is configured as multi-way master with mirror mode, it always
works from 001 to the rest, but sometimes fails the other direction. This
is particularly bad when user changes password and it doesn't get
replicated to back to 001, and when that happens it doesn't get replicated
to the rest of the other servers. In the log we see the following error
messages sometimes, but when replication fails sometimes there is no log:
Error Log: Jan 21 10:56:42 001 slapd[27161]: do_syncrepl: rid=004 rc -2
retrying (4 retries left)
Another issue is failure on slapd service. On each of the server we have a
cronjob running that basically dumps the database using slapcat once an
hour. However once every 2 weeks or so we would find slapd dead right
around the same time slapcat was run. There is no obvious error in ldap
log, system log, or dmesg. According to the documentation it is safe to run
slapcat while slapd is running, is this not true?
Below is the replication section of the configuration on 001 and 004. If
someone could advise on this it would be very much appreciated.
moduleload syncprov.la
serverid 1
cachesize 50000
idlcachesize 50000
syncrepl rid=002
provider=ldap://002.server.com
binddn="uid=replication,ou=Services,dc=server,dc=com"
bindmethod=simple
credentials=********
searchbase="dc=server,dc=com"
type=refreshAndPersist
interval=00:00:00:10 retry="5 5 300 5" timeout=1
starttls=yes
tls_reqcert=never
* repeat for 003, 004, and 005 *
mirrormode true
overlay syncprov
syncprov-checkpoint 1000 60
syncprov-sessionlog 100
index entryCSN,entryUUID eq
8 years, 4 months
Re: OpenLDAP Replication Issue
by Marc Patermann
Tony,
Tony S. Wu schrieb (23.01.2015 20:19 Uhr):
please keep replies on the list.
> We kinda did this out of necessity.
This is hell of an answer! :)
> Out ultimate goal is to remove
> 001, move web UI to 002, and move the replication hub role to 002.
>
> The reason we haven't done so is because of replication issue. We
> would like to at least figure out what's wrong before introducing
> additional changes.
You may consider moving to a 4 node MMR cluster.
Or make 001 and 002 a MMR cluster, which work as provider for your 003
to 005 as read-only replicas, which sent referrals to the provider
cluster or use chaining. (You may use a service address for the cluster
and move phpLDAPAdmin GUI to the cluster as well.)
Maybe these are more commonly used setups than your current one.
Marc
8 years, 4 months
LDAP ldapsearch filter: return uidNumber if person has sub ou=mail
by Leander Schäfer
I'm trying to construct a ldap filter for my Dovecot/Postfix setup which
acts as the example pseudo code & result below:
|return uidNumber OF objectClass=posixAccount IF they have a ou=mail AND the mailAddress in this ou=mail IS EQUAL to test(a)Mydomain.TLD
||
# User-1, people, Mydomain.TLD
dn: uid=||User-1,ou=people,dc=MyDomain,dc=TLD
uidNumber: 2110
|
More specific like this while %s holds e.g.: test(a)Mydomain.TLD:
|search_base = dc=Mydomain,dc=TLD
query_filter = ( &(objectClass=posixAccount)(ou=mail)(mailAddress=%s) )
result_attribute = uidNumber
|
But obviously uidNumber is being hold by the posixAccount container one
level above - and therewith it won't display what I want. Unfortunately
I couldn't figure out how to get it work. My LDAP structure looks like this:
=> dc=MyDomain,dc=TLD
==> ou=People
===> uid=User-1
====> uidNumber=4035
====> ou=mail
=====> mailAddress=test(a)Mydomain.TLD
===> uid=User-2
Any help would be greatly apprecitated
Thanks
Best Regards
Leander
8 years, 4 months
I am new to ldap and i dont know much about ldap simple authentication could you plz help me and give some suggestions......and below is the simple code which i tried and ther is also uid test 1&2 which i want to authenticate
by Bharath K
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.
NamingEnumeration;
import javax.naming.NamingException;
public class SimpleBindDemo {
public static void main(String[] args) throws NamingException {
if (args.length < 2) {
System.err.println("Usage: java SimpleBindDemo <userDN>
<password>");
System.exit(1);
}
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389/");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
//env.put(Context.SECURITY_PRINCIPAL,"cn=Manager,
ou=People,dc=example,dc=com");
//env.put(Context.SECURITY_CREDENTIALS,"ldap123");
env.put(Context.SECURITY_PRINCIPAL,args[0]);
env.put(Context.SECURITY_CREDENTIALS,args[1]);
try {
Context ctx = new InitialContext(env);
NamingEnumeration enm = ctx.list("");
while (enm.hasMore()) {
System.out.println(enm.next());
}
enm.close();
ctx.close();
} catch (NamingException e) {
System.out.println(e.getMessage());
}
}
}
------------------------------------------------------------------------------------------------------------------------
--
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
# People, example.com
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
# Group, example.com
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
# nagios, People, example.com
dn: uid=nagios,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: nagios
sn: nagios
givenName: nagios
cn: nagios
displayName: nagios
uidNumber: 500
gidNumber: 500
userPassword::
gecos: nagios
loginShell: /bin/bash
homeDirectory: /home/nagios
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 0
shadowMax: 99999
shadowLastChange: 15496
# test1, People, example.com
dn: uid=test1,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: test1
sn: test1
givenName: test1
cn: test1
displayName: test1
uidNumber: 501
gidNumber: 501
userPassword::
gecos: test1
loginShell: /bin/bash
homeDirectory: /home/test1
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 0
shadowMax: 99999
shadowLastChange: 16447
# test2, People, example.com
dn: uid=test2,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: test2
sn: test2
givenName: test2
cn: test2
displayName: test2
uidNumber: 502
gidNumber: 502
userPassword::
gecos: test2
loginShell: /bin/bash
homeDirectory: /home/test2
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 0
shadowMax: 99999
shadowLastChange: 16447
# nagios, Group, example.com
dn: cn=nagios,ou=Group,dc=example,dc=com
objectClass: posixGroup
cn: nagios
gidNumber: 500
# test1, Group, example.com
dn: cn=test1,ou=Group,dc=example,dc=com
objectClass: posixGroup
cn: test1
gidNumber: 501
# test2, Group, example.com
dn: cn=test2,ou=Group,dc=example,dc=com
objectClass: posixGroup
cn: test2
gidNumber: 502
# search result
search: 2
result: 0 Success
# numResponses: 10
# numEntries: 9
8 years, 4 months
