Multiple olcDbIndex for the same attribute
by PenguinWhispererThe .
Hello,
I'm wondering what happens when you add multiple indexes for the same
attribute with the same keyword occuring in each of them but with a
different set.
So for example:
olcDbIndex: objectClass pres,eq
olcDbIndex: objectClass eq
Is this the same as if you'd only have:
olcDbIndex: objectClass pres,eq
?
Or does it really make a difference?
I've checked http://www.openldap.org/doc/admin24/slapdconf2.html but I
couldn't find an answer to this.
Thanks in advance!
5 years, 12 months
Re: Import data from hdb to bdb
by Jai Bheemsen Rao Dhanwada
Hello Quanah,
Thanks for the Info. this helps :)
On Thu, Mar 30, 2017 at 2:48 PM, Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
> --On Thursday, March 30, 2017 3:38 PM -0700 Jai Bheemsen Rao Dhanwada <
> jaibheemsen(a)gmail.com> wrote:
>
>
>> Hello,
>>
>>
>> We have N way master openldap replication with hdb backend for the data.
>> Now we would like to slapcat the data from this cluster and slapadd to
>> another cluster which is backed by bdb.
>>
>
> Both back-hdb and back-bdb (which both use BDB underneath) are deprecated
> backends. You should not be using either one. Instead, examine migrating
> to back-mdb, which is backed by LMDB: <https://en.wikipedia.org/wiki
> /Lightning_Memory-Mapped_Database>
>
> Regardless, LDIF exports are usable regardless of backend (bdb, hdb, mdb).
> The "DIF" stands for "Data Interchange Format". You might be best served
> by first learning more about LDIF: <https://en.wikipedia.org/wiki
> /LDAP_Data_Interchange_Format>
>
> --Quanah
>
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
>
5 years, 12 months
Re: Import data from hdb to bdb
by Quanah Gibson-Mount
--On Thursday, March 30, 2017 3:38 PM -0700 Jai Bheemsen Rao Dhanwada
<jaibheemsen(a)gmail.com> wrote:
>
> Hello,
>
>
> We have N way master openldap replication with hdb backend for the data.
> Now we would like to slapcat the data from this cluster and slapadd to
> another cluster which is backed by bdb.
Both back-hdb and back-bdb (which both use BDB underneath) are deprecated
backends. You should not be using either one. Instead, examine migrating
to back-mdb, which is backed by LMDB:
<https://en.wikipedia.org/wiki/Lightning_Memory-Mapped_Database>
Regardless, LDIF exports are usable regardless of backend (bdb, hdb, mdb).
The "DIF" stands for "Data Interchange Format". You might be best served
by first learning more about LDIF:
<https://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format>
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
5 years, 12 months
Import data from hdb to bdb
by Jai Bheemsen Rao Dhanwada
Hello,
We have N way master openldap replication with hdb backend for the data.
Now we would like to slapcat the data from this cluster and slapadd to
another cluster which is backed by bdb.
Any idea does this work as I am trying to slapcat from hdb and slapadd to
bdb?
if anyone has done this, please share some details.
5 years, 12 months
Parallel traversal
by Gabriel Tanase
Assuming I have an LMDB database: to traverse all data in a table I open a
cursor and go over each element in a loop using MDB_NEXT or MDB_NEXT_DUP
: :mdb_cursor_get (cur, &_entry.first, &_entry.second, MDB_NEXT_DUP);
How can one traverse the data in an LMDB table using multiple threads for a
faster overall traversal?
I am assuming a read only transaction and I would like each thread to work
on distinct entries; Like if there are 100 [key, value] and I use 4
threads, thread zero will work on first 25 elements, thread one will work
on the next 25 and so on. 25 doesn't have to be exactly 25 but ideally the
partitioned should be balanced.
A simple solution I designed is to read all keys into a vector first and
then subsequently parallelize with each thread working on a subset of key
from this vector. Each thread will traverse a subset of keys, and for each
key we find the corresponding [key, value] and work on the value.
Is there an alternative ?
Thx,
Gabriel
5 years, 12 months
Re: LDAP Replication settings
by Quanah Gibson-Mount
--On Wednesday, March 29, 2017 7:39 PM +0200 Ondřej Kuzník
<ondra(a)mistotebe.net> wrote:
> On the other hand, AFAIK syncprov knows what clients are in the
> persistent search state at any moment, so it might be able to export
> that under cn=monitor. Not that anyone has implemented this monitoring
> yet or even sure how useful that would be...
Yes, but you can pull that information out of syslog if you have stats
logging enabled. But I think (hard to know for sure) they are asking for a
way to know /all/ possibly replicas (currently connected or not). You used
to be able to do that with slurpd back in OpenLDAP 2.3 and prior. Simply
not possible with syncrepl if it's not set up using back-ldap to push out
to the clients.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
5 years, 12 months
Re: LDAP Replication settings
by Quanah Gibson-Mount
--On Tuesday, March 28, 2017 5:39 PM -0700 Jai Bheemsen Rao Dhanwada
<jaibheemsen(a)gmail.com> wrote:
>
> I am using OLC configuration for LDAP setup
>
>
> On Tue, Mar 28, 2017 at 4:21 PM, Jai Bheemsen Rao Dhanwada
> <jaibheemsen(a)gmail.com> wrote:
>
>
> Hello,
>
>
> I have multi master replication with 4 LDAP servers. Is there a
> ldapsearch query to get all the replica servers?
Not quite sure what you mean by your question. Since replication
configuration is most often done on the client (replica) side, the master
doesn't have any knowledge you can query about what its replicas are.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
5 years, 12 months
Re: SV: 100.000 pr. second: "connection_read(64): no connection" from slapd
by Quanah Gibson-Mount
--On Wednesday, March 29, 2017 3:37 PM +0000 Ole Nomann Thomsen
<ole.nomann(a)stil.dk> wrote:
> [Side note, do I answer this directly to you, or to the list? I choose
> directly for now ]
The list.
> Thanks for your answer
>
> I use -d because I run slapd under deamontools
> (https://cr.yp.to/daemontools/faq/create.html) and multilog
> (https://cr.yp.to/daemontools/multilog.html) that are both suited for
> servers that run in the foreground. So the "not in the background" thing
> is intentional. I realize that I might be misusing the -d facility
> somewhat, but it has been working fine until now. Reworking the setup to
> use backgrounding and syslog is really not an option at this time.
>
> I use bdb backend database.
I'd strongly advise not using back-bdb.
> I agree that I have lots of clients that disconnect without closing.
> Could this somehow provoke the error? It seems to be cycling in this
> line:
>
> /* get (locked) connection */
> c = connection_get( s );
>
> if( c == NULL ) {
> Debug( LDAP_DEBUG_ANY,
> "connection_read(%ld): no connection!\n",
> (long) s, 0, 0 );
>
> return -1;
> }
>
>
>
>
> 2017-03-06 13:56:23.140091500 58bd5c77 connection_read(64): no connection!
> 2017-03-06 13:56:23.140093500 58bd5c77 connection_read(64): no connection!
> 2017-03-06 13:56:23.140095500 58bd5c77 connection_read(64): no connection!
> 2017-03-06 13:56:23.140097500 58bd5c77 connection_read(64): no connection!
>
> Once in every 2 microseconds - that suggest som kind of unintended loop
> to me.
No, you simply have clients that have disconnected before slapd could
finish sending them results. Given that you clearly have broken clients,
I'd suggest you see about setting the (olc)writetimeout parameter
documented in slapd.conf(5)/slapd-config(5) and see if it alleviates the
issue you are facing.
--Quanah
> Regards
> Ole Nomann Thomsen
> Seniorkonsulent
>
> Undervisningsministeriet
> Styrelsen for It og Læring
> Center for Digitale Overgange og it-styring
>
> Telefon: 3587 8889
> Direkte: +45 35 87 85 35
>
> ole.nomann(a)stil.dk
> www.stil.dk
>
>
>
>> -----Oprindelig meddelelse-----
>> Fra: Quanah Gibson-Mount [mailto:quanah@symas.com]
>> Sendt: 23. marts 2017 19:42
>> Til: Ole Nomann Thomsen; 'openldap-technical(a)openldap.org'
>> Emne: Re: 100.000 pr. second: "connection_read(64): no connection" from
>> slapd
>>
>> --On Thursday, March 23, 2017 2:37 PM +0000 Ole Nomann Thomsen
>> <ole.nomann(a)stil.dk> wrote:
>>
>> >
>> >
>> > Hi all,
>> >
>> >
>> >
>> > my slapd (@(#) $OpenLDAP: slapd 2.4.44 (Feb 9 2017 13:38:13) $) has
>> > developed a tendency to become unresponsive for 10-30 minutes at a
>> time.
>> >
>> > I run it with -dStats,Sync which gets me a fair amount of debugging
>> > info. This I pipe thru multilog to get the timestamps below.
>>
>> Why are you using -d? This prevents slapd from forking. It is better to
>> set the loglevel to be stats+sync, and push out data to syslog.
>>
>> > 2017-03-10 14:39:08.686058500 58c2ac7c slapd shutdown: waiting for
>> > 3643059 operations/tasks to finish
>>
>> You need to determine why tasks are not finishing and instead are
>> remaining unfinished. What databse backend are you using? I would note
>> that it would appear that you have clients disconnecting w/o waiting for
>> the server to respond (thus the no connection messages).
>>
>> --Quanah
>>
>> --
>>
>> Quanah Gibson-Mount
>> Product Architect
>> Symas Corporation
>> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
>> <http://www.symas.com>
>
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
5 years, 12 months
LDAP Replication settings
by Jai Bheemsen Rao Dhanwada
Hello,
I have multi master replication with 4 LDAP servers. Is there a ldapsearch
query to get all the replica servers?
I am using LDAP 2.4.43
5 years, 12 months
Re: Dogtag CA with OpenLDAP?
by Howard Chu
Turbo Fredriksson wrote:
> On 27 Mar 2017, at 22:09, Michael Ströder <michael(a)stroeder.com> wrote:
>
>> I've looked at dogtag approx. two years ago. The use of LDAP was, uumh, somewhat strange:
>
> Ouch, nah that doesn’t make much sense :(.
>
>
> Do anyone know of any other product/project (open source preferred, but not
> a requirement) that can do the same - provide certificates programatically?
We had a module for OpenLDAP 2.0, way back when. It hasn't been maintained in
years.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5 years, 12 months
