Re: NO-USER-MODIFICATION and USAGE dSAOperation in custom schema
by Howard Chu
Michael Ströder wrote:
> HI!
>
> Why is it not allowed to use
>
> NO-USER-MODIFICATION
> USAGE dSAOperation
>
> in an attribute type declaration?
Because such an operational attribute requires server-side code to actually
implement it, and you haven't got any means to provide that code. Custom
operational attributes must be defined using code loaded in a module.
>
> For OATH-LDAP I'd like to define a "virtual" attribute (actually to be
> processed by back-sock listener) without having to write a slapd overlay.
>
> attributetype ( oath-ldap-at:16
> NAME 'oathOTPValue'
> DESC 'OATH-LDAP: currently valid OTP value of a token'
> X-ORIGIN 'OATH-LDAP'
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
> EQUALITY integerMatch
> SINGLE-VALUE )
> NO-USER-MODIFICATION
> USAGE dSAOperation )
>
> But slapd refuses to start:
>
> 5a00641b /home/michael/Proj/oath-ldap/oath-ldap.schema: line 241
> (attributetype ( oath-ldap-at:16 NAME 'oathOTPValue' DESC 'OATH-LDAP:
> currently valid OTP value of a token or associated user entry (not
> directly used)' X-ORIGIN 'OATH-LDAP' SYNTAX
> 1.3.6.1.4.1.1466.115.121.1.27 EQUALITY integerMatch SINGLE-VALUE
> NO-USER-MODIFICATION USAGE dSAOperation ))
> 5a00641b /home/michael/Proj/oath-ldap/oath-ldap.schema: line 241
> attributetype: "oath-ldap-at:16" is operational
>
> Ciao, Michael.
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5 years, 10 months
NO-USER-MODIFICATION and USAGE dSAOperation in custom schema
by Michael Ströder
HI!
Why is it not allowed to use
NO-USER-MODIFICATION
USAGE dSAOperation
in an attribute type declaration?
For OATH-LDAP I'd like to define a "virtual" attribute (actually to be
processed by back-sock listener) without having to write a slapd overlay.
attributetype ( oath-ldap-at:16
NAME 'oathOTPValue'
DESC 'OATH-LDAP: currently valid OTP value of a token'
X-ORIGIN 'OATH-LDAP'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
EQUALITY integerMatch
SINGLE-VALUE )
NO-USER-MODIFICATION
USAGE dSAOperation )
But slapd refuses to start:
5a00641b /home/michael/Proj/oath-ldap/oath-ldap.schema: line 241
(attributetype ( oath-ldap-at:16 NAME 'oathOTPValue' DESC 'OATH-LDAP:
currently valid OTP value of a token or associated user entry (not
directly used)' X-ORIGIN 'OATH-LDAP' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 EQUALITY integerMatch SINGLE-VALUE
NO-USER-MODIFICATION USAGE dSAOperation ))
5a00641b /home/michael/Proj/oath-ldap/oath-ldap.schema: line 241
attributetype: "oath-ldap-at:16" is operational
Ciao, Michael.
5 years, 10 months
Re: Load testing bind performance
by Tim
No.. unfortunately not... :)
I was/am grasping at straws a little bit currently and just tweaking things
one setting at a time to see if I can see any difference - admittedly,
increasing threads has not improved the situation at all.
--
Tim
On Fri, Nov 3, 2017 at 3:44 PM, Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
> --On Friday, November 03, 2017 1:11 PM +0000 Tim <tim(a)yetanother.net>
> wrote:
>
> olcThreads: 512
>>
>
> You have 128 cores on your box? More threads != better performance. In
> fact, it will cause significant problems if it is set beyond what your
> system can handle.
>
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
>
>
--
Tim
tim(a)yetanother.net
5 years, 10 months
Load testing bind performance
by Tim
Heya,
Could anyone recommend a quick and dirty way in which to load test an
OpenLDAP service to get an indication as to the potential capacity for the
platform to handle bind requests?
I've used the python-ldap library to simulate other varieties of
interactions successfully, but when it comes to binds, each interaction
seems to generate a substantial amount of traffic behind the scenes, so
suspect that *things* are happening that is artificially limiting the bind
rate/s.
I've seen some links to people using JMeter to perform this sort of load
testing, but thought there may be other (quicker to implement) tools also?
Thanks in advance,
--
Tim
tim(a)yetanother.net
5 years, 10 months
Re: Load testing bind performance
by Quanah Gibson-Mount
--On Friday, November 03, 2017 1:11 PM +0000 Tim <tim(a)yetanother.net> wrote:
> olcThreads: 512
You have 128 cores on your box? More threads != better performance. In
fact, it will cause significant problems if it is set beyond what your
system can handle.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
5 years, 10 months
Re: Load testing bind performance
by Howard Chu
Tim wrote:
> Heya,
>
> Could anyone recommend a quick and dirty way in which to load test an OpenLDAP
> service to get an indication as to the potential capacity for the platform to
> handle bind requests?
>
> I've used the python-ldap library to simulate other varieties of interactions
> successfully, but when it comes to binds, each interaction seems to generate a
> substantial amount of traffic behind the scenes, so suspect that *things* are
> happening that is artificially limiting the bind rate/s.
>
> I've seen some links to people using JMeter to perform this sort of load
> testing, but thought there may be other (quicker to implement) tools also?
You can look at slapd-bind and slapd-auth in the OpenLDAP test suite, that's
what they're for.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5 years, 10 months
