LMDB data growth - overflow pages
by Christian Sell
Hello,
I am trying to use LMDB to store large (huge) amounts of binary data which, for
the reason of limiting memory footprint, are split into chunks. Each chunk ist
stored under a separate key, made up of [collectionId, chunkId], so that I can
later iterate the chunks using a LMDB cursor. Chunk size is configurable.
During my tests, I encountered a strange scenario where, after inserting some
2000 chunks consisting of 512KB each, the database size had grown to a value
that was roughly 135 times the calculated size of the data. I ran stat over the
db and saw that there were > 12000 overflow pages vs. approx. 2000 data pages.
When I reduced the chunk size to 4060 bytes, the number of overflow pages went
down to 1000, and the database size went down to the expected number (I
experimented with different sizes, this was the best result). I did not find any
documentation that would explain this behavior, or how to deal with it. Of
course it makes me worry about database bloat and the consequences. Can anyone
shed light on this?
thanks,
Christian
7 years, 4 months
Human-friendly olcAccess management
by Bogdan Rudas
Hello all,
I would like to start use of olcAccess rules, are there human-friendly
editor for that ACLs?
I can't even use line breaks in ldif file to make my restrictions a bit
more readable! I strongly dislike very long string values, one day this
will cause mistake and access violation.
I've tried with Apache DS, ldif import and few puppet modules, everything
require huge line ACL.
Any help will be welcome.
--
Bogdan Rudas
Head of Minsk IT Support Department
Exadel Inc.
http://www.exadel.com/
E-mail: brudas(a)exadel.com <mandrushkevich(a)exadel.com>
Skype ID: bogdan.rudas
--
CONFIDENTIALITY NOTICE: This email and files attached to it are
confidential. If you are not the intended recipient you are hereby notified
that using, copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited. If you have received
this email in error please notify the sender and delete this email.
7 years, 4 months
Tuning number of entries sent during syncrepl?
by Bannister, Mark
It takes about 10 minutes to synchronise about 300,000 entries across the WAN, but the WAN isn't that slow here, I can transfer an LDIF file much faster than that over NFS.
Before LDAPCon last week, I had been working on a solution to this problem, where I would get the master server to dump its contents once a day to NFS, and then replicas could build initially from that. It was taking quite a bit of work, and it was slightly annoying that I needed to jump through these hoops.
Last week I was speaking with someone at LDAPCon who told me he had come across the same problem, and it turned out to be something to do with the maximum number of entries that can be transferred in one go? - although I may have misheard this, so please forgive me if details are not entirely accurate. But apparently this is tunable, and if I increase it, my 300,000 entries will replicate much much faster.
Any ideas? Sorry I'm a bit sketchy on details.
Thanks,
Mark.
________________________________
NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies; do not disclose, use or act upon the information; and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers If you cannot access these links, please notify us by reply message and we will send the contents to you. By messaging with Morgan Stanley you consent to the foregoing.
7 years, 4 months
Problem making refint_nothing working
by katgb
Hi all,
I tried for some days to make refint overlay work with refint_nothing
filled.
The slapo-refint man page says :
refint_nothing <string>
Specify an arbitrary value to be used as a placeholder
when the last value would otherwise be deleted from an attribute. This
can be useful in cases where the schema requires the existence of an
attribute for which
referential integrity is enforced. The attempted deletion
of a required attribute will otherwise result in an Object Class
Violation, causing the request to fail. The string must be a valid DN.
but each time I try to delete the last member from a groupOfNames group,
the deletion is refused because of schema violation. That's ok without
refint_nothing but with the string set it should replace last member,
right ?
I tried to increase loglevel to 16383 but can't see any debug for refint
overlay. So I'm not sure if refint is working or not. Is there another
way to have some debug information from refint ?
I have included my configuration, ldap tree and log content below. For
the logs, I have snipped the content to the error directly but can
provide full log if required.
The tests are running on debian jessie 8.2 and slapd version
2.4.40+dfsg-1.
And I know I can place the placeholder manually but doing it by hand
each time is not what I want and, more important, I want to understand
why the module is not worrking like it should.
I hope I have posted to the right list and if there is something missing
please ask.
Thanks for help.
######### START CONF LDIF ########
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: a00e3106-20ce-1035-8943-a9586533ca5e
creatorsName: cn=config
createTimestamp: 20151116165546Z
olcLogLevel: 16383
entryCSN: 20151116173108.585343Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20151116173108Z
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_mdb
olcModuleLoad: {1}refint
olcModuleLoad: {2}memberof.la
structuralObjectClass: olcModuleList
entryUUID: a00edd9a-20ce-1035-894b-a9586533ca5e
creatorsName: cn=admin,cn=config
createTimestamp: 20151116165546Z
entryCSN: 20151116172537.271031Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20151116172537Z
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
structuralObjectClass: olcSchemaConfig
entryUUID: a00e5a96-20ce-1035-8946-a9586533ca5e
creatorsName: cn=admin,cn=config
createTimestamp: 20151116165546Z
entryCSN: 20151116165546.131180Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20151116165546Z
... schema listing skipped as they are not modified ...
dn: olcBackend={0}mdb,cn=config
objectClass: olcBackendConfig
olcBackend: {0}mdb
structuralObjectClass: olcBackendConfig
entryUUID: a00ef6cc-20ce-1035-894c-a9586533ca5e
creatorsName: cn=admin,cn=config
createTimestamp: 20151116165546Z
entryCSN: 20151116165546.135178Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20151116165546Z
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth manage by * break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
olcSizeLimit: 500
structuralObjectClass: olcDatabaseConfig
entryUUID: a00e4ec0-20ce-1035-8944-a9586533ca5e
creatorsName: cn=config
createTimestamp: 20151116165546Z
entryCSN: 20151116165546.130875Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20151116165546Z
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth manage by * break
olcRootDN: cn=admin,cn=config
structuralObjectClass: olcDatabaseConfig
entryUUID: a00e5654-20ce-1035-8945-a9586533ca5e
creatorsName: cn=config
createTimestamp: 20151116165546Z
olcRootPW:: e1NTSEF9NkdpY3VMWFhTUGpBa1IzM3UzcnkxVm1qY2N2ZVZXNHY=
entryCSN: 20151116170655.978168Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20151116170655Z
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=nodomain
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by
anonym
ous auth by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=nodomain
olcDbCheckpoint: 512 30
olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq
olcDbIndex: uidNumber,gidNumber eq
olcDbIndex: member,memberUid eq
olcDbMaxSize: 1073741824
structuralObjectClass: olcMdbConfig
entryUUID: a00efa64-20ce-1035-894d-a9586533ca5e
creatorsName: cn=admin,cn=config
createTimestamp: 20151116165546Z
olcRootPW:: e1NTSEF9SlExdmxnN1E0a0hNTTZtanZzdEtIcHBSYjBmNHJyaGI=
entryCSN: 20151116170852.768823Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20151116170852Z
dn: olcOverlay={0}refint,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {0}refint
structuralObjectClass: olcRefintConfig
entryUUID: cd95de54-20d2-1035-86bf-517b01ed1806
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20151116172540Z
olcRefintNothing: uid=myuser2,ou=users,dc=nodomain
olcRefintAttribute: member
entryCSN: 20151116174304.336010Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20151116174304Z
######### END CONF LDIF ########
######### START DB LDIF ########
dn: dc=nodomain
objectClass: top
objectClass: dcObject
objectClass: organization
o: nodomain
dc: nodomain
structuralObjectClass: organization
entryUUID: a01fd816-20ce-1035-8deb-e11fbfc8d840
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20151116165546Z
entryCSN: 20151116165546.245753Z#000000#000#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20151116165546Z
dn: cn=admin,dc=nodomain
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9Z2doUHZPQVo2dnV5NzVSY1dFLzhhUFNGQjVZY1FXRHY=
structuralObjectClass: organizationalRole
entryUUID: a02629b4-20ce-1035-8dec-e11fbfc8d840
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20151116165546Z
entryCSN: 20151116165546.287209Z#000000#000#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20151116165546Z
dn: ou=groups,dc=nodomain
objectClass: organizationalUnit
objectClass: top
ou: groups
structuralObjectClass: organizationalUnit
entryUUID: 25ff55cc-20d1-1035-86b9-517b01ed1806
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20151116171349Z
entryCSN: 20151116171349.840889Z#000000#000#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20151116171349Z
dn: ou=users,dc=nodomain
objectClass: organizationalUnit
objectClass: top
ou: users
structuralObjectClass: organizationalUnit
entryUUID: 351d4e6a-20d1-1035-86ba-517b01ed1806
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20151116171415Z
entryCSN: 20151116171415.203147Z#000000#000#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20151116171415Z
dn: uid=myuser1,ou=users,dc=nodomain
cn: myuser1
objectClass: inetOrgPerson
objectClass: top
sn: myuser1
uid: myuser1
structuralObjectClass: inetOrgPerson
entryUUID: bba534d4-20d1-1035-86bb-517b01ed1806
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20151116171800Z
entryCSN: 20151116171800.908475Z#000000#000#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20151116171800Z
dn: uid=myuser2,ou=users,dc=nodomain
cn: myuser2
objectClass: inetOrgPerson
objectClass: top
sn: myuser2
uid: myuser2
structuralObjectClass: inetOrgPerson
entryUUID: d175bac2-20d1-1035-86bc-517b01ed1806
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20151116171837Z
entryCSN: 20151116171837.507205Z#000000#000#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20151116171837Z
dn: cn=mygroup1,ou=groups,dc=nodomain
cn: mygroup1
member: uid=myuser1,ou=users,dc=nodomain
objectClass: groupOfNames
objectClass: top
structuralObjectClass: groupOfNames
entryUUID: f9657978-20d1-1035-86bd-517b01ed1806
creatorsName: cn=admin,dc=nodomain
createTimestamp: 20151116171944Z
entryCSN: 20151116171944.509541Z#000000#000#000000
modifiersName: cn=admin,dc=nodomain
modifyTimestamp: 20151116171944Z
######### END DB LDIF ########
######### START LOG ########
...
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: read active on 13
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: epoll: listen=9
active_threads=0 tvp=zero
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: epoll: listen=10
active_threads=0 tvp=zero
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: epoll: listen=11
active_threads=0 tvp=zero
Nov 16 18:43:31 vm-rt1 slapd[15110]: connection_get(13)
Nov 16 18:43:31 vm-rt1 slapd[15110]: connection_get(13): got connid=1154
Nov 16 18:43:31 vm-rt1 slapd[15110]: connection_read(13): checking for
input on id=1154
Nov 16 18:43:31 vm-rt1 slapd[15110]: op tag 0x66, time 1447695811
Nov 16 18:43:31 vm-rt1 slapd[15110]: conn=1154 op=4 do_modify
Nov 16 18:43:31 vm-rt1 slapd[15110]: conn=1154 op=4 do_modify: dn
(cn=mygroup1,ou=groups,dc=nodomain)
Nov 16 18:43:31 vm-rt1 slapd[15110]: >>> dnPrettyNormal:
<cn=mygroup1,ou=groups,dc=nodomain>
Nov 16 18:43:31 vm-rt1 slapd[15110]: <<< dnPrettyNormal:
<cn=mygroup1,ou=groups,dc=nodomain>, <cn=mygroup1,ou=groups,dc=nodomain>
Nov 16 18:43:31 vm-rt1 slapd[15110]: conn=1154 op=4 modifications:
Nov 16 18:43:31 vm-rt1 slapd[15110]: #011replace: member
Nov 16 18:43:31 vm-rt1 slapd[15110]: #011#011no values
Nov 16 18:43:31 vm-rt1 slapd[15110]: conn=1154 op=4 MOD
dn="cn=mygroup1,ou=groups,dc=nodomain"
Nov 16 18:43:31 vm-rt1 slapd[15110]: conn=1154 op=4 MOD attr=member
Nov 16 18:43:31 vm-rt1 slapd[15110]: mdb_modify:
cn=mygroup1,ou=groups,dc=nodomain
Nov 16 18:43:31 vm-rt1 slapd[15110]:
mdb_dn2entry("cn=mygroup1,ou=groups,dc=nodomain")
Nov 16 18:43:31 vm-rt1 slapd[15110]: =>
mdb_dn2id("cn=mygroup1,ou=groups,dc=nodomain")
Nov 16 18:43:31 vm-rt1 slapd[15110]: <= mdb_dn2id: got id=0x7
Nov 16 18:43:31 vm-rt1 slapd[15110]: => mdb_entry_decode:
Nov 16 18:43:31 vm-rt1 slapd[15110]: <= mdb_entry_decode
Nov 16 18:43:31 vm-rt1 slapd[15110]: mdb_modify_internal: 0x00000007:
cn=mygroup1,ou=groups,dc=nodomain
Nov 16 18:43:31 vm-rt1 slapd[15110]: <= acl_access_allowed: granted to
database root
Nov 16 18:43:31 vm-rt1 slapd[15110]: mdb_modify_internal: replace member
Nov 16 18:43:31 vm-rt1 slapd[15110]: mdb_modify_internal: replace
entryCSN
Nov 16 18:43:31 vm-rt1 slapd[15110]: mdb_modify_internal: replace
modifiersName
Nov 16 18:43:31 vm-rt1 slapd[15110]: mdb_modify_internal: replace
modifyTimestamp
Nov 16 18:43:31 vm-rt1 slapd[15110]: oc_check_required entry
(cn=mygroup1,ou=groups,dc=nodomain), objectClass "groupOfNames"
Nov 16 18:43:31 vm-rt1 slapd[15110]: Entry
(cn=mygroup1,ou=groups,dc=nodomain): object class 'groupOfNames'
requires attribute 'member'
Nov 16 18:43:31 vm-rt1 slapd[15110]: entry failed schema check: object
class 'groupOfNames' requires attribute 'member'
Nov 16 18:43:31 vm-rt1 slapd[15110]: mdb_modify: modify failed (65)
Nov 16 18:43:31 vm-rt1 slapd[15110]: send_ldap_result: conn=1154 op=4
p=3
Nov 16 18:43:31 vm-rt1 slapd[15110]: send_ldap_result: err=65 matched=""
text="object class 'groupOfNames' requires attribute 'member'"
Nov 16 18:43:31 vm-rt1 slapd[15110]: send_ldap_response: msgid=5 tag=103
err=65
Nov 16 18:43:31 vm-rt1 slapd[15110]: conn=1154 op=4 RESULT tag=103
err=65 text=object class 'groupOfNames' requires attribute 'member'
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: activity on 1 descriptor
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: activity on:
Nov 16 18:43:31 vm-rt1 slapd[15110]:
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: epoll: listen=9
active_threads=0 tvp=zero
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: epoll: listen=10
active_threads=0 tvp=zero
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: epoll: listen=11
active_threads=0 tvp=zero
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: activity on 1 descriptor
Nov 16 18:43:31 vm-rt1 slapd[15110]: daemon: activity on:
######### END LOG ########
7 years, 4 months
Trying to set up multimaster syncrepl, error attribute 'olcTLSCertificateFile' not allowed , why?
by Betsy Schwartz
I inherited a pair of (interestingly configured) ldap servers from a
previous owner and I'm trying to get them to replicate to each other
(actually, starting with two new VM copies, with the goal of ending up with
four masters spread over two data centers). The VM's are running RHEL6 and
openldap 2.4.40.
When I try to add replication using the ldif included at the bottom of
this post , I get this error and then cannot restart slapd
--
[root@ldap01 tmp]# ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/repl.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
modifying entry "olcDatabase={2}bdb,cn=config"
ldap_modify: Object class violation (65)
additional info: attribute 'olcTLSCertificateFile' not allowed
--
slapd restart error in the log is
read_config: no serverID / URL match found. Check slapd -h arguments.
(I assume this is coming from my three new syncprov providers which have
nothing to provide?)
The only reference I found to TLS anywhere was here
[root@ldap01 tmp]# slapcat -s olcDatabase=\{2}bdb,cn=config |grep TLS
olcTLSCertificateFile: /etc/pki/tls/certs/foobar_cert.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/foobar_key.pem
Those files do not exist, never have!
(I admit I tried, and failed, to delete the reference)
What can I do to fix the TLS error? Where is there a TLS dependency in this
picture? Thank you for any clues!
[root@ldap01 tmp]# cat post.ldif
olcServerID: 1 ldap://ldap02.example.com
olcServerID: 2 ldap://ldap2.example.com
olcServerID: 3 ldap://ldap.example.com
dn: olcOverlay=syncprov,olcDatabase={2}bdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://ldap02.example.com
binddn="uid=Manager,dc=example,dc=com"
bindmethod=simple
credentials="managerpassword"
searchbase="dc=example,dc=com"
type=refreshAndPersist
retry="60 +"
timeout=1
olcSyncRepl: rid=002
provider=ldap://ldap2.example.com
binddn="uid=Manager,dc=example,dc=com"
bindmethod=simple
credentials="managerpassword"
searchbase="dc=example,dc=com"
type=refreshAndPersist
retry="60 1 300 12 7200 +"
timeout=1
olcSyncRepl: rid=003
provider=ldap://ldap.example.com
binddn="uid=Manager,dc=example,dc=com"
bindmethod=simple
credentials="managerpassword"
searchbase="dc=example,dc=com"
type=refreshAndPersist
retry="60 1 300 12 7200 +"
timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
thank you very much!
7 years, 4 months
replicating cn=config generates LDAP_NOT_ALLOWED_ON_RDN
by Chris Cook
Openldap 2.4.31
I create my read-only ldap hosts with a stub config that contains a syncrepl statement:
olcSyncrepl: {0}rid=001 provider=ldaps://ldap.savagebeast.com binddn="cn=
admin,cn=config,cn=slave" bindmethod=simple credentials=$PW searchbase="cn=
config,cn=slave" type=refreshAndPersist retry="60 +" timeout=3 suffixmassage=
"cn=config" schemachecking=off
That on first run with a –c ‘rid=001’ flag syncs the rest of the configs and associated databases from the primary servers. Leaving the config database as:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 3c65cc7d
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcUpdateRef: ldaps://ldap.savagebeast.com
structuralObjectClass: olcDatabaseConfig
entryUUID: fee78e38-2723-1030-8342-0d5a80dcc32a
creatorsName: cn=admin,cn=config
createTimestamp: 20110609203711Z
olcRootPW:: x==
olcSyncrepl: {0}rid=001 provider=ldaps://guess-who.savagebeast.com binddn="cn=
admin,cn=config,cn=slave" bindmethod=simple credentials=x searchbase
="cn=config,cn=slave" schemachecking=off type=refreshAndPersist retry="60 +"
timeout=3 suffixmassage="cn=config"
entryCSN: 20151119013205.450738Z#000000#000#000000
modifiersName: cn=admin,dc=savagebeast,dc=com
modifyTimestamp: 20151119013205Z
This works great for the first run, but subsequent changes to the cn=config,cn=slave entries on the primary servers generate a replication error on the downstream hosts.
564fc719 syncrepl_entry: rid=001 be_search (0)
564fc719 syncrepl_entry: rid=001 olcDatabase={2}hdb,cn=config
564fc719 <= acl_access_allowed: granted to database root
564fc719 send_ldap_result: conn=-1 op=0 p=3
564fc719 send_ldap_result: err=67 matched="" text="Use modrdn to change the entry name"
564fc719 null_callback : error code 0x43
564fc719 syncrepl_entry: rid=001 be_modify olcDatabase={2}hdb,cn=config (67)
564fc719 syncrepl_entry: rid=001 be_modify failed (67)
Which is LDAP_NOT_ALLOWED_ON_RDN.
The only change to be synced was the addition of an olcDbIndex to one of the databases.
The suffix massage seems to still be in place:
564fc719 syncrepl_message_to_entry: rid=001 DN: olcDatabase={2}hdb,cn=config,cn=slave, UUID: ef2a6d04-b2cf-1033-9ca0-37a633abeda5
564fc719 ==> rewrite_context_apply [depth=1] string='olcDatabase={2}hdb,cn=config,cn=slave'
564fc719 ==> rewrite_rule_apply rule='(.*)cn=config,cn=slave$' string='olcDatabase={2}hdb,cn=config,cn=slave' [1 pass(es)]
564fc719 ==> rewrite_context_apply [depth=1] res={0,'olcDatabase={2}hdb,cn=config'}
564fc719 >>> dnPrettyNormal: <olcDatabase={2}hdb,cn=config>
Any pointers on how to troubleshoot why this error is called?
7 years, 4 months
Building for windows. Again.
by Kristoffer Sjögren
Hi
I'm trying to build LMDB with Java/JNI bindings with Visual C++
Project Builder 9.00.30729 (vcbuild).
Unfortunately, vcbuild don't ship with inttypes.h, stdint.h, or a sane
ssize_t. So I searched around and found a few candidates [1] of
inttypes.h and stdint.h that seems to be working for py-lmdb.
However, unistd.h seems broken for windows - and the python guys use
python.h instead.
Any ideas where I might find a good unistd.h?
Cheers,
-Kristoffer
[1] https://github.com/deephacks/lmdbjni/tree/master/lmdbjni-win64/headers
7 years, 4 months
multi-value attribute virtual view of single attribute
by Jason Whitener
If I had a multi-valued attribute like
cn: var0:value
cn: var2:value
cn: var3:value
is there a way to expose each varX as if it were an attribute for search
filter purposes?
For instance, ldapsearch.....&((objectclass=person)(var0=value))
I started looking into slapo-rwm. Is that the best way to accomplish this?
7 years, 4 months
ERR_employeeadd {'info': 'modifications require authentication', 'desc': 'Strong(er) authentication required'}
by Andrei Valoshyn
Hello!
I have slapd 2.4.39 and python 2.6
I tried to create an user via python when I tried do that with root
permission - it's OK. But when I did this with config in slapd.conf
"access to * by
group.exact="cn=LDAP_admins,ou=Roles,ou=Groups,dc=exadel,dc=com" write"
I have an error " ERR_employeeadd {'info': 'modifications require
authentication', 'desc': 'Strong(er) authentication required'} "
I tried to use " l.protocol_version = ldap.VERSION{2,3} " via 389 port
My function for adding ldif is :
l = ldap.initialize(server)
l.simple_bind(username, ldapsrvpassword)
def employeeadd():
ldif = modlist.addModlist(attrs)
l.add_s(dn,ldif)
Will be very appreciate for any help
--
With Best Wishes
Andrei Valoshyn
Exadel Inc.
System Administrator
avaloshyn(a)exadel.com
--
CONFIDENTIALITY NOTICE: This email and files attached to it are
confidential. If you are not the intended recipient you are hereby notified
that using, copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited. If you have received
this email in error please notify the sender and delete this email.
7 years, 4 months
sasl-auxprop (and sasl/slapd.conf)
by Simone Piccardi
I'm trying to understand which values I can use for the sasl-auxprop
directives and how to configure (if possible) sasl/slapd.conf.
I was trying to use the users created with slappasswd2 -c (as written in
the Administration guide) but no sasldb file was open by the server (I
straced out a full session). I tried to put an explicit configuration in
sasl/slapd.conf, and stracing the server I saw it was open and read, but
the configuration inside is just ignored.
Reading the manpage I found it says that sasl-auxprops "Specify which
auxprop plugins to use for authentication lookups." and that the default
is use the slapd internal support.
But I did not define this one, and sasl/slapd.conf still seems to be
ignored. And no possible values for the available plugins to use as
sasl-auxprops parameter are listed.
I could get DIGEST-MD5 authentication working putting the password
inside the server (userPassword in CLEARTEXT), so it seems that the
default is used anyway. But I'd like to have it working using using
sasldb or configuring sasl/slapd.conf to use saslauthd.
Regards
Simone
--
Simone Piccardi Truelite Srl
piccardi(a)truelite.it (email/jabber) Via Monferrato, 6
Tel. +39-347-1032433 50142 Firenze
http://www.truelite.it Tel. +39-055-7879597 Fax. +39-055-7333336
7 years, 4 months
