openldap-technical December 2015

openldap-technical@openldap.org

53 participants
66 discussions

Re: openldap-technical Digest, Vol 97, Issue 15
by Andrei Valoshyn 18 Dec '15

18 Dec '15

>> >Hello guys! >> >I tried to deploy openldap replica on Ubuntu 14.04. I copy database >> >via slapcat(slapadd) and slapd.conf from another replica(Centos 6.7 >> >with OpenLDAP: slapd 2.4.40). >> >After all slaptest errors were fixed slapd service run once, but >> >after 5 minutes without any changes it's failed to start again and >> >currently it's still doesn't work. I can't find any ldap log. >> > >> >May be somebody faced with such kind of the problem. Will be very >> >appreciate for any advices >> > > run both slapd(8) in debugging mode and level stats sync > > -Dieter > > -- Dieter Kl?nter | Systemberatung http://sys4.de GPG Key ID: E9ED159B > 53?37'09,95"N 10?08'02,42"E In debug slapd -d -1 output I saw that ldap is trying to load from /etc/ldap/slap.d/ directory although i had put "SLAPD_CONF=/etc/ldap/slapd.conf" to /etc/default/slapd. After I clean up /etc/ldap/slap.d/ directory ldap starting load db and schema, but still can't start with error: " TLS: could not set cipher list HIGH:+TLSv1:+SSLv2:+SSLv3. 56728db6 main: TLS init def ctx failed: -1 56728db6 slapd destroy: freeing system resources. 56728db6 syncinfo_free: rid=115 56728db6 slapd stopped. 56728db6 connections_destroy: nothing to destroy. " When I try "openssl ciphers -v HIGH:+TLSv1:+SSLv2:+SSLv3" it's work fine without any error On 12/16/2015 03:00 PM, openldap-technical-request(a)openldap.org wrote: -- With Best Wishes Andrei Valoshyn Exadel Inc. System Administrator avaloshyn(a)exadel.com -- CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.

3 4

(LMDB) Correct use of mdb_env_sync
by Pierre Chapuis 16 Dec '15

16 Dec '15

I am having a hard time understanding how exactly mdb_env_sync should be used. Suppose I have an environment with MDB_NOSYNC and I do not use MDB_WRITEMAP. I still want to sync at some points, which is why mdb_env_sync exists. But I wonder: - How does it interact with transactions? Is it safe (or necessary) to call it outside of a transaction? During a read-only transaction? During a write transaction? - What about thread safety? Can it be called concurrently with writes? Can it be called concurrently with another mdb_env_sync in another thread? -- Pierre Chapuis

3 2

Ubuntu Server 14.04.3 LTS and openldap-2.4.41 with static slapd.conf configuration
by Andrei Valoshyn 16 Dec '15

16 Dec '15

Hello guys! I tried to deploy openldap replica on Ubuntu 14.04. I copy database via slapcat(slapadd) and slapd.conf from another replica(Centos 6.7 with OpenLDAP: slapd 2.4.40). After all slaptest errors were fixed slapd service run once, but after 5 minutes without any changes it's failed to start again and currently it's still doesn't work. I can't find any ldap log. May be somebody faced with such kind of the problem. Will be very appreciate for any advices -- With Best Wishes Andrei Valoshyn Exadel Inc. System Administrator avaloshyn(a)exadel.com -- CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.

2 1

Import/include schema file
by David Gabriel 15 Dec '15

15 Dec '15

Hi, I am new to use OpenLdap and I want to import/include new .schema file into my OpenLdap database but I don't how. Could you please point some useful links dealing with this issue or tell me how shall I proceede ? Thanks in advance. Regards

4 6

ldapmodify failing with large attribute
by Geoff Swan 15 Dec '15

15 Dec '15

I have a problem appearing where a large (16.6MB approx) value is to be saved to an attribute (certificateRevocationList). Prior to the value being this large, ldapmodify had no problems updating it. However it appears to have crossed some magic threshold where it will no longer be accepted, and aborts with: ldap_modify: Can't contact LDAP server (-1) The ldapmodify operation is being performed on the ldap host machine using the ldap root user with simple password authentication. Openldap version is 2.4.30 using back-bdb with Linux OS (2.6.32 64 bit). There is no replication configured. It's a fairly simple setup. I've seen a couple of similar threads alluding to the same problme, however without any solution. http://www.openldap.org/lists/openldap-software/200905/msg00062.html http://www.openldap.org/lists/openldap-technical/201501/msg00006.html I'm curious to know where the limit is that is causing the sudden inability for ldapmodify to complete. Nothing was immediately apparent after a quick look through some of the source. Also, if the issue is a known one, was it addressed in a newer release? I can run the same test on a machine with openldap-2.4.40 to see if it persists if that is of any help. Thanks, Geoff

2 2

Error updating olcDbConfig
by Angel L. Mateo 13 Dec '15

13 Dec '15

Hello, I have a few ubuntu 14.04 servers running slapd 2.4.31 installed from ubuntu packages. Now I want to upgrade these servers to last openldap version, so I I have downloaded 2.4.43 and compiled from myself. Since then, whenever I tri to make a change in the config, slapd crashes with: Dec 11 08:34:56 canis30 slapd[9640]: conn=1000 op=0 RESULT tag=97 err=0 text= Dec 11 08:34:56 canis30 slapd[9640]: conn=1000 op=1 MOD dn="olcDatabase={3}hdb,cn=config" Dec 11 08:34:56 canis30 slapd[9640]: conn=1000 op=1 MOD attr=olcDbcheckpoint olcDbindex olcDbNosync olcDbcachesize olcDbidlcachesize olcDbConfig olcDbNosync olcDbshmkey olcDbcachesize olcDbcheckpoint olcDbidlcachesize olcDbConfig olcDbindex Dec 11 08:34:56 canis30 slapd[9640]: bdb(dc=Telematica): BDB4511 Error: closing the transaction region with active transactions Dec 11 08:34:56 canis30 slapd[9640]: bdb_db_close: database "dc=Telematica": close failed: Invalid argument (22) Dec 11 08:34:56 canis30 slapd[9640]: hdb_cf_cleanup: failed to reopen database, rc=22 Dec 11 08:34:56 canis30 slapd[9640]: daemon: abnormal condition, shutdown initiated. Dec 11 08:34:56 canis30 slapd[9640]: slapd shutdown: waiting for 1 operations/tasks to finish Dec 11 08:34:56 canis30 slapd[9640]: conn=1000 op=1 RESULT tag=103 err=80 text=failed to reopen database, rc=22 Dec 11 08:34:56 canis30 slapd[9640]: conn=1000 fd=13 closed (slapd shutdown) Dec 11 08:34:56 canis30 kernel: [ 876.777046] slapd[9640]: segfault at e0 ip 00007f7efcd86ac2 sp 00007ffd843c2fe0 error 4 in libdb-5.3.so[7f7efcc39000+19b000] I have tried with my own openldap compilation and with the package installed from rtandy ppa, with the same results. Although the upgrade procedure recreate the databases, I have also tried to completely remove the database (dc=telematica), but it fails too. I have tried with different ldifs, and the problem seems to happen whenever a try to make a modification for the olcDbConfig attributes. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337

2 2

relax control
by Marc Patermann 11 Dec '15

11 Dec '15

Hi, according to this list a change of a structural object class should work with: # ldapmodify -E relax OID of relax control is 1.3.6.1.4.1.4203.666.5.12, right? My servers do not advertise this control, do they? # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectClass=*) # requesting: + # # dn: structuralObjectClass: OpenLDAProotDSE configContext: cn=config namingContexts: ou=foo namingContexts: cn=log monitorContext: cn=Monitor supportedControl: 1.3.6.1.4.1.4203.1.9.1.1 supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.3344810.2.3 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.12 supportedExtension: 1.3.6.1.4.1.1466.20037 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.1.8 supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 3 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: GSSAPI entryDN: subschemaSubentry: cn=Subschema Do I have to activate the relax control on any way to get this working? Marc

2 2

(LMDB) read-only transactions and DBI handles
by Viacheslav Usov 11 Dec '15

11 Dec '15

I have a question about mdb_dbi_open and the handles it returns. The official documentation suggests to me that mdb_dbi_open is supposed to be called early on and then the obtained handle should just be reused by other transactions without any further calls to mdb_dbi_open and mdb_dbi_close. The code in sample-mdb.txt does that (ignoring the final close-all sequence). The sample also uses mdb_txn_abort to end a read-only transaction, which I take as the recommended way to end read-only transactions. The docs state that if a transaction aborts, then the associated DBI handles are closed, and so mdb_dbi_open must be used again to obtain a valid handle, which, as far as I can tell, requires a process-wide serialization of transactions with calls to mdb_dbi_open. Which feels contrary to the style described above, and, more importantly, just wrong with read-only transactions, because the need to serialize them would negate the benefits of LMDB's lock-free paradigm. Which probably means I misunderstand something. Can read-only transactions keep DBI handles reusable? How? Thanks, V.

3 10

LMDB transcations - how
by Christian Sell 11 Dec '15

11 Dec '15

Hello, I am looking for advice about how to best handle LMDB transactions and to avoid pitfalls. Our application is multi-threaded, with several threads accessing persistent data in a streaming fashion (reading lots of data sequentially). I am also not sure that it will be practical to stick with one transaction per thread, so MDB_NOTLS may be needed. In this scenario, there are few "natural" transaction boundaries, which is why I am asking when or how often a commit/abort (or reset/renew) should be issued. Also, is there any issue with multiple individual read transactions being opened from different places in the application? thanks, Christian

2 1

Ubuntu PPA of OpenLDAP?
by Khitai Pang 10 Dec '15

10 Dec '15

Hi, Is there any well maintained Ubuntu (14.04) PPA for OpenLDAP? I didn't find any. I want the latest stable OpenLDAP server. Thanks Khitai

3 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical December 2015