openldap-technical May 2016

openldap-technical@openldap.org

39 participants
41 discussions

problems connecting to ldaps:// under high load with ppc64 client
by Matthias Leopold 27 May '16

27 May '16

hi, i'm operating an owncloud server that connects to an IBM Tivoli Directory Server as LDAP backend. the ldap admin tells me he is seeing "null binds" from my owncloud server in his logs: 2016-05-24T14:32:56.349452+2:00 srvr_ssl_read: EIO in handshake. EWOULDBLOCK timeout. Read: -2 of 0 2016-05-24T14:32:56.350445+2:00 GLPSSL019E The SSL layer has reported an unidentified internal error, SSL extended error code:406. 2016-05-24T14:32:56.351813+2:00 GLPSRV022E Failed to initialize secure … [View More]

3 2

Use OpenLDAP for some users and as a proxy for another set of users?
by Siebrand Mazeland 26 May '16

26 May '16

Hi. I'm a first time poster, new to OpenLDAP, and I have identified this list as the (hopefully) best place for my question. I have an Active Directory that contains accounts and groups for employees. Besides that, there is a group of around 1000 people that also need to authenticated and authorized (based on group membership). I'm trying to assess if OpenLDAP can be used for a scenario to avoid Windows CAL license costs. Is it possible to administer and authenticate the non-employees in … [View More]

2 1

ABI report for LMDB
by Ponomarenko Andrey 26 May '16

26 May '16

Hello, The LMDB library is now tracked by the ABI tracker project: http://abi-laboratory.pro/tracker/timeline/lmdb/ One can look at the recent changes in the API/ABI and analysis of backward compatibility and navigate over the history of API/ABI changes in the library. The reports are generated daily by the abi-compliance-checker and abi-tracker tools: https://github.com/lvc/abi-tracker Thank you.

1 0

Re: entryCSN is larger (later) in consumer node than in provider node
by Frank Luo 25 May '16

25 May '16

same error if I try to update this ppolicy attribute "changetype: modify replace: pwdMinLength pwdMinLength: 9" ldap_modify: Server is unwilling to perform (53) additional info: shadow context; no update referral On Wed, May 25, 2016 at 4:26 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > --On Wednesday, May 25, 2016 5:21 PM -0400 Frank Luo <frank.luoy(a)gmail.com> > wrote: > >> yes >> >> overlay ppolicy > > > So ppolicy maintains … [View More]

1 0

Re: entryCSN is larger (later) in consumer node than in provider node
by Frank Luo 25 May '16

25 May '16

yes overlay ppolicy and overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 So it looks like on node 3 I have both syncprov and syncrepl defined? "overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 syncrepl rid=003 ..... " But actully when I try to write to node 3 directly, I have a error like this, "ldap_modify: Server is unwilling to perform (53) additional info: shadow context; no update referral " Thanks Frank On Tue, May 24, 2016 at 7:… [View More]31 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > Do you have any overlays on the replicas? > > --Quanah > > --On Tuesday, May 24, 2016 4:55 PM -0400 Frank Luo <frank.luoy(a)gmail.com> > wrote: > >> but we always have two masters - and you can tell that this is pretty >> current time tag. >> >> contextCSN: 20160521215740.310825Z#000000#000#000000 >> >> Does this mean the slave gets updated from some other source in >> additional to the two masters. >> >> I am attache the replication portion of the slaver sever 3, >> server2.u.com is one of the two masters >> >> >> syncrepl rid=003 >> provider=ldap://server2.u.com >> bindmethod=simple >> binddn="cn=Manager,dc=u,dc=com" >> credentials=password >> searchbase="dc=u,dc=com" >> schemachecking=on >> type=refreshAndPersist >> retry="60 +" >> >> Thanks >> >> Frank >> >> >> >> On Tue, May 24, 2016 at 12:54 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> >> wrote: >>> >>> Sure -- 000 is from when things were single master. >>> >>> --Quanah >>> >>> --On Tuesday, May 24, 2016 12:37 PM -0400 Frank Luo >>> <frank.luoy(a)gmail.com> wrote: >>> >>>> Thanks. The two servers were off by 15 seconds >>>> >>>> I also checked contextCSN and see there were more than 1 values - any >>>> idea there are multiple? >>>> >>>> To help you understand we have a multiple(2) masters and three slaves. >>>> >>>> on two masters (node1 and node 2), each has two contextCSN like this, >>>> I can understand since they are in mirror mode, it get updates from >>>> each other >>>> >>>> node 1: >>>> contextCSN: 20160524152519.525094Z#000000#001#000000 >>>> contextCSN: 20160524152340.159717Z#000000#002#000000 >>>> >>>> node 2: >>>> contextCSN: 20160524152519.525094Z#000000#001#000000 >>>> contextCSN: 20160524152340.159717Z#000000#002#000000 >>>> >>>> >>>> on three slavers (nodes3,4 and5), each has 3 contextCSN. Where does >>>> the third contextCSN come from - you can see the third one is out of >>>> sync with each other. >>>> >>>> node 3: >>>> contextCSN: 20160524152519.525094Z#000000#001#000000 >>>> contextCSN: 20160521215740.310825Z#000000#000#000000 >>>> contextCSN: 20160524152340.159717Z#000000#002#000000 >>>> >>>> node 4: >>>> contextCSN: 20160524152519.525094Z#000000#001#000000 >>>> contextCSN: 20160524152558.806951Z#000000#000#000000 >>>> contextCSN: 20160524152340.159717Z#000000#002#000000 >>>> >>>> node 5: >>>> contextCSN: 20150723095205.352520Z#000000#000#000000 >>>> contextCSN: 20160524152519.525094Z#000000#001#000000 >>>> contextCSN: 20160524152340.159717Z#000000#002#000000 >>>> >>>> THanks >>>> >>>> Frank >>>> >>>> >>>> On Mon, May 23, 2016 at 5:11 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> >>>> wrote: >>>>> >>>>> >>>>> --On Monday, May 23, 2016 5:56 PM -0400 Frank Luo >>>>> <frank.luoy(a)gmail.com> wrote: >>>>> >>>>>> All, >>>>>> >>>>>> I am having a out-of sync situation now with some entries' entryCSN >>>>>> is larger (later) in consumer node than in provider node. So the >>>>>> consumer never gets updated since it thinks it has the latest value. >>>>> >>>>> >>>>> >>>>> >>>>> Check the clocks on each server. It is required that your clocks be >>>>> tightly sync'd. >>>>> >>>>> --Quanah >>>>> >>>>> >>>>> -- >>>>> >>>>> Quanah Gibson-Mount >>>>> Platform Architect >>>>> Zimbra, Inc. >>>>> -------------------- >>>>> Zimbra :: the leader in open source messaging and collaboration >>>>> A division of Synacor, Inc >>> >>> >>> >>> >>> >>> -- >>> >>> Quanah Gibson-Mount >>> Platform Architect >>> Zimbra, Inc. >>> -------------------- >>> Zimbra :: the leader in open source messaging and collaboration >>> A division of Synacor, Inc > > > > > -- > > Quanah Gibson-Mount > Platform Architect > Zimbra, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > A division of Synacor, Inc [View Less]

2 1

Partial SyncRepl replication
by Frank Swasey 25 May '16

25 May '16

I am running OpenLDAP 2.4.44 locally built on RHEL7 using mdb as the database backend. I am attempting to replicate just the inetLocalMailRecipient objectclass and the DSA attributes to a new set of replicas that will be in charge of delivering mail. I would like the DSA attributes (creator, modifier, contextCSN, entryCSN, entryUUID - etc) to be included, so I can more easily tell if the partial replica is actually staying sync'd to the master. My reading of the man pages for slapd.… [View More]

4 8

Re: entryCSN is larger (later) in consumer node than in provider node
by Frank Luo 25 May '16

25 May '16

but we always have two masters - and you can tell that this is pretty current time tag. contextCSN: 20160521215740.310825Z#000000#000#000000 Does this mean the slave gets updated from some other source in additional to the two masters. I am attache the replication portion of the slaver sever 3, server2.u.com is one of the two masters syncrepl rid=003 provider=ldap://server2.u.com bindmethod=simple binddn="cn=Manager,dc=u,dc=com" … [View More]credentials=password searchbase="dc=u,dc=com" schemachecking=on type=refreshAndPersist retry="60 +" Thanks Frank On Tue, May 24, 2016 at 12:54 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote: > Sure -- 000 is from when things were single master. > > --Quanah > > --On Tuesday, May 24, 2016 12:37 PM -0400 Frank Luo <frank.luoy(a)gmail.com> > wrote: > >> Thanks. The two servers were off by 15 seconds >> >> I also checked contextCSN and see there were more than 1 values - any >> idea there are multiple? >> >> To help you understand we have a multiple(2) masters and three slaves. >> >> on two masters (node1 and node 2), each has two contextCSN like this, >> I can understand since they are in mirror mode, it get updates from >> each other >> >> node 1: >> contextCSN: 20160524152519.525094Z#000000#001#000000 >> contextCSN: 20160524152340.159717Z#000000#002#000000 >> >> node 2: >> contextCSN: 20160524152519.525094Z#000000#001#000000 >> contextCSN: 20160524152340.159717Z#000000#002#000000 >> >> >> on three slavers (nodes3,4 and5), each has 3 contextCSN. Where does >> the third contextCSN come from - you can see the third one is out of >> sync with each other. >> >> node 3: >> contextCSN: 20160524152519.525094Z#000000#001#000000 >> contextCSN: 20160521215740.310825Z#000000#000#000000 >> contextCSN: 20160524152340.159717Z#000000#002#000000 >> >> node 4: >> contextCSN: 20160524152519.525094Z#000000#001#000000 >> contextCSN: 20160524152558.806951Z#000000#000#000000 >> contextCSN: 20160524152340.159717Z#000000#002#000000 >> >> node 5: >> contextCSN: 20150723095205.352520Z#000000#000#000000 >> contextCSN: 20160524152519.525094Z#000000#001#000000 >> contextCSN: 20160524152340.159717Z#000000#002#000000 >> >> THanks >> >> Frank >> >> >> On Mon, May 23, 2016 at 5:11 PM, Quanah Gibson-Mount <quanah(a)zimbra.com> >> wrote: >>> >>> --On Monday, May 23, 2016 5:56 PM -0400 Frank Luo <frank.luoy(a)gmail.com> >>> wrote: >>> >>>> All, >>>> >>>> I am having a out-of sync situation now with some entries' entryCSN >>>> is larger (later) in consumer node than in provider node. So the >>>> consumer never gets updated since it thinks it has the latest value. >>> >>> >>> >>> Check the clocks on each server. It is required that your clocks be >>> tightly sync'd. >>> >>> --Quanah >>> >>> >>> -- >>> >>> Quanah Gibson-Mount >>> Platform Architect >>> Zimbra, Inc. >>> -------------------- >>> Zimbra :: the leader in open source messaging and collaboration >>> A division of Synacor, Inc > > > > > -- > > Quanah Gibson-Mount > Platform Architect > Zimbra, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration > A division of Synacor, Inc [View Less]

3 2

Re: entryCSN is larger (later) in consumer node than in provider node
by Frank Luo 24 May '16

24 May '16

Thanks. The two servers were off by 15 seconds I also checked contextCSN and see there were more than 1 values - any idea there are multiple? To help you understand we have a multiple(2) masters and three slaves. on two masters (node1 and node 2), each has two contextCSN like this, I can understand since they are in mirror mode, it get updates from each other node 1: contextCSN: 20160524152519.525094Z#000000#001#000000 contextCSN: 20160524152340.159717Z#000000#002#000000 node 2: contextCSN:… [View More]

2 1

back-ldap and Proxy operation retry failed
by Abdelkader Chelouah 24 May '16

24 May '16

(Sorry for posting this message again, but it's better with a Subject) OpenLDAP 2.4.44 under RHEL 7.1 I'm using back-ldap to proxy a back-mdb instance with 1K users. The relevant part of the proxy configuration is dn: olcDatabase={2}ldap,cn=config objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {2}ldap olcSuffix: dc=example,dc=com olcDbURI: "ldap://ldap-server.example.com:389/" olcDbIDAssertBind: bindmethod=none olcDbIDAssertAuthzFrom: {0}"*" olcDbRebindAsUser: TRUE … [View More]

1 0

issue with filter string for numerical uid
by Rene Zeipelt 24 May '16

24 May '16

Hello , I hope this is the right point for my problem: we have a 2.4.40 slapd running on Debian Jessie with inetOrgPerson entries that have (indexed) numerical uid values. No problems if the user login on our web app (moodle) but some users get input mistakes and use superscripted first letter which also works. Here an example: uid=1228849 and uid=¹228849 works also. If I check the debug output for the superscripted version I got: May 24 09:44:23 rldapd slapd[600]: begin get_filter May 24 09:… [View More]

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical May 2016