openldap-technical October 2017

openldap-technical@openldap.org

28 participants
75 discussions

Re: Initialize ldap with mdb
by rammohan ganapavarapu 03 Oct '17

03 Oct '17

Quanah, Quick question regarding "maxsize" in mdb, slapd-mdb man page says we have to preallocate the db size based on future growth of your data, that means will it create a data.mdb of maxsize? what i read from docs is, mdb loads whole database into memory, is it right? if my db size is grater then my RAM how does mdb handles? do we have any configuration options to set RAM allocation for mdb as i may have other applications sharing the same RAM? Thanks, Ram On Tue, Oct 3, 2017 at 8:08 AM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Monday, October 02, 2017 5:14 PM -0700 rammohan ganapavarapu < > rammohanganap(a)gmail.com> wrote: > > >> Thank you, would you recommend different user for replication or just use >> the roodn? i know its upto me but just trying to follow the best >> practices :) >> > > It is generally recommended not to use the rootdn for replication. > > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > >

1 0

Re: Initialize ldap with mdb
by Quanah Gibson-Mount 03 Oct '17

03 Oct '17

--On Monday, October 02, 2017 5:14 PM -0700 rammohan ganapavarapu <rammohanganap(a)gmail.com> wrote: > > Thank you, would you recommend different user for replication or just use > the roodn? i know its upto me but just trying to follow the best > practices :) It is generally recommended not to use the rootdn for replication. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: slapd: null_callback : error code 0x14
by Quanah Gibson-Mount 02 Oct '17

02 Oct '17

--On Monday, October 02, 2017 2:20 PM -0700 "Paul B. Henson" <henson(a)acm.org> wrote: > On Mon, Sep 25, 2017 at 04:31:40PM +0200, Ondřej Kuzník wrote: > >> I'd apply it everywhere you have syncprov configured, these could send a >> cookie with too little information for a replica to spot and skip a >> duplicate. > > Hmm, I applied the patch to all four of my servers but I'm still seeing > the errors :(... Are you positive the servers are in sync at this point? I.e., did you freshly reload from whatever you consider your golden master them after applying the patch? --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

2 1

Re: Initialize ldap with mdb
by rammohan ganapavarapu 02 Oct '17

02 Oct '17

Thank you, would you recommend different user for replication or just use the roodn? i know its upto me but just trying to follow the best practices :) Ram On Mon, Oct 2, 2017 at 2:38 PM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Monday, October 02, 2017 3:30 PM -0700 rammohan ganapavarapu < > rammohanganap(a)gmail.com> wrote: > > > database config >> # rootdn directive for config >> rootdn "cn=admin,cn=config" >> rootpw {SSHA}XXXXXXXXX >> > > As noted in the slapd-config(5) man page, the default rootdn for cn=config > is cn=config. I'd generally go with the default. You would need to set > the rootpw as you've done above though. ;) > > I.e., I'd just do: > > database config > rootpw {SSHA}XXXXXXXXXXXXXXXX > > And go with the default rootdn. > > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > >

1 0

Re: Initialize ldap with mdb
by Quanah Gibson-Mount 02 Oct '17

02 Oct '17

--On Monday, October 02, 2017 3:30 PM -0700 rammohan ganapavarapu <rammohanganap(a)gmail.com> wrote: > database config ># rootdn directive for config > rootdn "cn=admin,cn=config" > rootpw {SSHA}XXXXXXXXX As noted in the slapd-config(5) man page, the default rootdn for cn=config is cn=config. I'd generally go with the default. You would need to set the rootpw as you've done above though. ;) I.e., I'd just do: database config rootpw {SSHA}XXXXXXXXXXXXXXXX And go with the default rootdn. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: Initialize ldap with mdb
by rammohan ganapavarapu 02 Oct '17

02 Oct '17

Quanah, My slapd.d dir is empty and my initialization script only create config if slapd.d dir is empty, i tried with slapd.conf every thing looks good except i don't find a way to connect to cn=config db as i don't see roodDN in "cn\=config/olcDatabase\=\{0\}config.ldif" Thanks, Ram On Mon, Oct 2, 2017 at 1:35 PM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Monday, October 02, 2017 2:19 PM -0700 rammohan ganapavarapu < > rammohanganap(a)gmail.com> wrote: > > >> >> Hi, >> >> >> >> I am trying to follow this thread ( >> http://blog.roeften.com/2015/03/openldap-24-on-centos-7-using-mdb.html ) >> to initialize the ldap config in non-default directory but i am getting >> this error. >> >> >> cat example.ldif | slapadd -v -F /opt/data/slapd.d -n 0 -d -1 >> >> >> >> >> 59d29ce6 >>> dnPrettyNormal: <cn=config> >> 59d29ce6 <<< dnPrettyNormal: <cn=config>, <cn=config> >> 59d29ce6 str2entry: entry -1 has multiple DNs "cn=config" and >> "cn=module,cn=config" >> slapadd: could not parse entry (line=1) >> >> >> If i add one by one (one dn at a time) it seems to be working. >> >> >> Any idea? >> > > Well, if you already have your own cn=config database, then you're just > making a real mess out of it. That would be my guess. I'm not sure why > you're following some random "how to" guide. If you already had a working > slapd.conf, then all you needed to do was convert it to cn=config using > "slaptest". > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > >

1 1

Re: Initialize ldap with mdb
by Quanah Gibson-Mount 02 Oct '17

02 Oct '17

--On Monday, October 02, 2017 2:19 PM -0700 rammohan ganapavarapu <rammohanganap(a)gmail.com> wrote: > > > Hi, > > > > I am trying to follow this thread ( > http://blog.roeften.com/2015/03/openldap-24-on-centos-7-using-mdb.html ) > to initialize the ldap config in non-default directory but i am getting > this error. > > > cat example.ldif | slapadd -v -F /opt/data/slapd.d -n 0 -d -1 > > > > > 59d29ce6 >>> dnPrettyNormal: <cn=config> > 59d29ce6 <<< dnPrettyNormal: <cn=config>, <cn=config> > 59d29ce6 str2entry: entry -1 has multiple DNs "cn=config" and > "cn=module,cn=config" > slapadd: could not parse entry (line=1) > > > If i add one by one (one dn at a time) it seems to be working. > > > Any idea? Well, if you already have your own cn=config database, then you're just making a real mess out of it. That would be my guess. I'm not sure why you're following some random "how to" guide. If you already had a working slapd.conf, then all you needed to do was convert it to cn=config using "slaptest". --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: slapd: null_callback : error code 0x14
by Quanah Gibson-Mount 02 Oct '17

02 Oct '17

--On Thursday, September 21, 2017 9:59 PM -0700 "Paul B. Henson" <henson(a)acm.org> wrote: > It seems there are updates for that group coming from rid 002 > (egeria.ldap.cpp.edu) and 003 (minerva.ldap.cpp.edu), but none from rid > 001 (themis.ldap.cpp.edu) which is serverid 4, where the change was > actually made? Oh, I thought you had said you only had two masters. This could well be ITS#8444 (ignore the ITS title, it has nothing to do with memberOf), where there are out of sync problems with 3+ MMR nodes and delta-syncrepl when syncprov checkpoints. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

4 4

Initialize ldap with mdb
by rammohan ganapavarapu 02 Oct '17

02 Oct '17

Hi, I am trying to follow this thread ( http://blog.roeften.com/2015/03/openldap-24-on-centos-7-using-mdb.html ) to initialize the ldap config in non-default directory but i am getting this error. cat example.ldif | slapadd -v -F /opt/data/slapd.d -n 0 -d -1 59d29ce6 >>> dnPrettyNormal: <cn=config> 59d29ce6 <<< dnPrettyNormal: <cn=config>, <cn=config> 59d29ce6 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module,cn=config" slapadd: could not parse entry (line=1) If i add one by one (one dn at a time) it seems to be working. Any idea? Thanks

1 0

Re: Openldap periodic cpu spikes in one of the servers in two node MMR
by rammohan ganapavarapu 02 Oct '17

02 Oct '17

Quanah, Thank you. Ram On Mon, Oct 2, 2017 at 10:11 AM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Monday, October 02, 2017 10:59 AM -0700 rammohan ganapavarapu < > rammohanganap(a)gmail.com> wrote: > > >> Quanah, >> >> >> Where can i get a minimal slapd.conf/cn=config for mdb? also all >> supported properties for mdb? >> > > The man page for slapd-mdb notes what its configuration options are: > > <http://www.openldap.org/software/man.cgi?query=slapd-mdb& > apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html> > > If you want a minimal slapd.conf for mdb, it's pretty basic: > > database mdb > directory </path/to/database> > index <indices> > maxsize 85899345920 > <db specific ACLs> > > > You could use slaptest to convert that trivially to cn=config > representation. > > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > >

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical October 2017