Trigger-like function
by Ervin Hegedüs
Hi,
as I described in my previous thread[1], I have a web frontend
tool, where user can modify its own password - here the password
is a set of passwd attributes: userPassword, sambaNTPassword,
sambaLMPassword.
Is there any way that when I give access to users to modify its
own password, and the user wants to modify it through LDAP(S),
instead of out web frontend, the samba passwords also updated
(with correct hash algorithm)?
I've found that the password policy and history should handle
inside of OpenLDAP, only this feature missing.
I've also found slapo-shell and slapo-sock overlays, but as I
interpret those mechanism, they sends the client request to an
external software, so when I want to change the userPassword, the
slapd send this request to the external tool, which sends a
modify request to slapd, which sends the request to external
tool, whcih.... Em I right?
Or should I use some filter to exclude, which requests sending to
external program and which not?
Is there any solution for this request?
Thanks,
a.
[1]: https://www.openldap.org/lists/openldap-technical/201809/msg00021.html
5 years
A couple of questions regarding replication and user mapping
by Karsten Heymann
Hi,
I'm having a rough week as a long planned ldap migration this week
went semi-bad, in that we noticed a good day after the new cluster
went productive that both masters and both clients started to diverge
data-wise. I'm still sorting out the details, but while
troubleshooting some questions arose already.
(I'm running 2.4.46+dfsg-5~bpo9+1 on debian 9 with two masters
(syncrepl, mirror mode) behind a load balancer and two slaves, also
behind a load balancer. I was authenticating the replication with
client certificates, but had to switch back to simple bind usind
rootdn/rootpw als sync credentials to rule out any acl problems
causing our problems.)
1. I've read in an older debian bug report, that changing
olcAuthRegexp requires a slapd restart in order to be effective. Is
that still the case? If yes, could this *please* be added to the
manpage and the documentation? Pretty please?
2. Is ldapwhoami supposed to also print out the result of a
authz-regexp mapping?
3. The slapd.conf manpage mentions: "The replaced name can be either a
DN, i.e. a string prefixed by "dn:", or an LDAP URI." Is prepending
dn: really required? The examples on
https://www.openldap.org/doc/admin24/sasl.html don't have it.
4. What happens when a lot of concurrent writes happen to two masters
configured in mirror mode? We had a loadbalancer misconfiguration and
the loadbalancers were using simple round robin to write to the
masters. Can this result in diverging content on the two masters?
5. At one time we had diverging content on both masters for the same
entries, probably due to a broken acl config that did not allow the
sync user to see all alltributes on the other master. Is there any way
to cause a "re-sync" of an entry without actually changing data on the
entry? The only way I found was to use slapd -c, but
And finally not a question, but a recommendation for anyone in a
similiar situation: The ldifdiff-tool
(https://github.com/nxadm/ldifdiff) proved extremely valuable in
sorting out the mess and understanding what actually was the situation
data-wise between the systems.
Best regards
Karsten
5 years
Password policy questions
by Ervin Hegedüs
Hi,
looks like I've successfully configured the ppolicy overlay, but
I have some questions.
The relevant config:
olcModuleLoad: {0}ppolicy
structuralObjectClass: olcModuleList
dn: olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {2}ppolicy
olcPPolicyDefault: cn=default,ou=pwpolicies,dc=hu
olcPPolicyHashCleartext: FALSE
olcPPolicyUseLockout: FALSE
dn: cn=default,ou=pwpolicies,dc=hu
cn: default
objectClass: pwdPolicy
objectClass: pwdPolicyChecker
objectClass: device
pwdAllowUserChange: TRUE
pwdInHistory: 5
pwdMinLength: 10
pwdAttribute: userPassword
pwdCheckQuality: 0
When I change my passwd with ldappasswd, the history check works:
ldappasswd -H ldaps://dev-ldap-01:636 -W -D uid=airween,ou=Users,ou=company,dc=comp,DC=hu -S
New password:
Re-enter new password:
Enter LDAP Password:
Result: Constraint violation (19)
Additional info: Password is in history of old passwords
but I can set up new password with less than 10 characters, eg
"abc". What em I missed?
I've never read it, but looks like the policy has effect only
when I'm changing passwd with 'ldappasswd', but when I'm using
ldapmodify, then I can bypass the rules
ldapmodify -H ldaps://dev-ldap-01:636 -D 'uid=airween,ou=Users,ou=company,dc=comp,dc=hu' -x -W -f file.ldif
modifying entry
"uid=airween,ou=Users,ou=company,dc=comp,DC=hu"
[DONE WITH PREV PASSWD]
Is it right?
How can I validate the policy for all methods?
Thanks,
a.
5 years
Worse search performance on a branch than at the tree base
by Glover, Matthew
I'm having a performance problem with searches on a branch and I'm hoping someone can explain it.
A search for "(uid=12345)" on basedn "dc=example,dc=com" with a subtree scope returns much more quickly than the same filter and scope on basedn "ou=People,dc=example,dc=com".
To confirm this wasn't just a problem with my schema or configuration, I loaded Ubuntu 18 (slapd 2.4.45+dfsg-1ubuntu1), used ldctl to generate 100,000 inetOrgPerson records with uids from 00000 to 99999, loaded them in with ldapadd, then used ldctl to test performance of searches:
Both tests were scope subtree, 20 seconds, hitting the test server as fast as possible with randomly generated filters of "(uid=<random uid from 00000 to 99999>)".
basedn: dc=example,dc=com - 5455.30/sec - total: 109106 successful searches
basedn: ou=People,dc=example,dc=com - 198.80/sec - total: 3976 successful searches
Also, while testing against ou=People, the CPU load from slaps went through the roof. It feels rather like the index isn’t being used when the base isn’t the root.
I can provide the ldif of my test users and the parameters I used for ldctl tests if desired.
Thanks for any help you can offer,
Matthew
5 years
groupOfMembers doesn't work with memberOf overlay
by tran dung
Hi
I am using groupOfNames and memberOf overlay works fine.
However, groupOfNames requires "member" attribute so in case a group
doesn't have a member, I have to use a dummy user.
Since groupOfMembers doesn't require "member" attribute, I replaced
groupOfNames by groupOfMembers in ldif file and re-built ldap server.
However, when I delete member attribute, corresponding menberOf isn't
deleted. When I add member attribute, memberOf isn't added.
Is this expected behavior of groupOfMembers or is something missing in
memberOf overlay setting?
Here is my memberOf overlay setting
-------------------------------------
# Memberof overlay
overlay memberof
memberof-dangling drop
memberof-refint true
-------------------------------------
Best Regards
-----------------------
Tran Dung
5 years
Insufficient acces in some cases
by Ervin Hegedüs
Hi, there is an interesting insufficient access problem...
There are 3 (in dev environment 2) multimaster ldap node.
There is a simple web frontend, written in PHP, where user can
change its own password, or can get a link to set up a new pass
if old one had lost.
In some cases (some users) the user can't change the own password
through PHP. When I change it from webserver with ldapmodify and
a simple ldif file, it works as well.
But when I try to modify the passwd through PHP, I got
"Insufficient access" error, and these lines are in syslog:
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: => access_allowed: search access to "uid=comp1_user1,ou=Users,ou=COMP1,dc=wificloud,dc=company,dc=hu" "objectClass" requested
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: => dn: [2] ou=djp,dc=wificloud,dc=company,dc=hu
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: => dnpat: [3] ou=(AH|Delta|Comp1|Comp2|Comp3),dc=wificloud,dc=company,dc=hu nsub: 1
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: => acl_get: [3] matched
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: => acl_get: [3] attr objectClass
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: => match[dn0]: 26 60
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: o
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: u
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: =
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: c
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: o
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: m
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: p
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: 1
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: ,
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: d
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: c
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: =
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: w
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: i
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: f
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: i
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: c
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: l
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: o
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: u
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: d
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: ,
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: d
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: c
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: =
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: c
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: o
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: m
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: p
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: a
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: n
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: y
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: ,
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: d
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: c
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: =
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: h
Sep 18 17:48:13 dev-ldap-01 slapd[12125]: u
Sep 18 17:48:13 dev-ldap-01 slapd[12125]:
(I replaced names and chars, so the match[dn0] numbers are not
correct).
Only few users can trigger this problem (don't know why), and
only through PHP.
What's the problem here?
Thanks,
a.
5 years
Re: Re: OpenLDAP instances crashes
by Saurabh Lahoti
Hi,
Tried with the clone command & received below error:
Initialized empty Git repository in
/usr/app/ldap/ReOpenLDAP-mobiuniquemember/ReOpenLDAP/.git/
error: while accessing
https://github.com/leo-yuriev/ReOpenLDAP.git/info/refs
fatal: HTTP request failed
What could be wrong here from my side..?
----
*Thanks & Kind Regards,*
Saurabh LAHOTI.
*Ideas enlighten Innovation**!!!*
Please consider the environment before printing this mail..!!
On Fri, 14 Sep 2018 at 12:19, Леонид Юрьев <leo(a)yuriev.ru> wrote:
> Hi, Saurbh.
>
> I apologize, long time did not answer, was off-line.
> But there would be no problem if you did everything exactly as I wrote.
>
> Once again:
> git clone https://github.com/leo-yuriev/ReOpenLDAP.git -b
> mobiuniquemember
> cd ReOpenLDAP
> ./bootstrap.sh
> ./configure --enable-contrib --prefix=... [other relevant options...]
> make
> make install
>
> On the other hand, building from the source requires certain competencies.
> For instance, you should be known about all implicit (git, make,
> autotools, gcc, binutils...) pre-requirements tools and packages/libraries,
> and be able to install it.
> Also you should known about `configure` and about corresponding options.
>
> Leonid.
>
>
> пт, 14 сент. 2018 г. в 12:40, Saurabh Lahoti <saurabh.astronomy(a)gmail.com
> >:
>
>> Many thanks Brian for your kind help.
>>
>> Tried with the command mentioned, below is the output:
>>
>> root@souslik # sh -x ./bootstrap.sh
>> + '[' '' = --dont-cleanup ']'
>> + rm -rf '/usr/app/ldap/LdapTest/*'
>> + git clean -x -f -d -e tests/testrun -e releasenotes.txt
>> fatal: Not a git repository (or any of the parent directories): .git
>> + failure cleanup
>> + echo 'Oops, cleanup failed ;('
>> Oops, cleanup failed ;(
>> + exit 2
>>
>> Could you please guide further on this..?
>> ----
>>
>> *Thanks & Kind Regards,*
>> Saurabh LAHOTI.
>> *Mob: +32.499.82.37.88*
>> *Ideas enlighten Innovation**!!!*
>> Please consider the environment before printing this mail..!!
>>
>>
>>
>>
>>
>> On Thu, 13 Sep 2018 at 23:56, Brian Reichert <reichert(a)numachi.com>
>> wrote:
>>
>>> On Thu, Sep 13, 2018 at 10:12:34PM +0200, Saurabh Lahoti wrote:
>>> > Dear,
>>> >
>>> > What does below error mean..?
>>> >
>>> > fatal: Not a git repository (or any of the parent directories): .git
>>> > Oops, cleanup failed ;(
>>> >
>>> > While running bootstrap.sh, above mentioned error was interpreted.
>>>
>>> I think the source for 'bootstrap.sh' is here:
>>>
>>> https://github.com/leo-yuriev/ReOpenLDAP/blob/master/bootstrap.sh
>>>
>>> I only see one invocation of 'git' in that script, and I don't see
>>> why that would fail.
>>>
>>> Try running
>>>
>>> sh -x ./bootstrap.sh
>>>
>>> That will show the commands the script is running; they may provide
>>> a clue as to what command was being run, and with what arguments.
>>>
>>> > ----
>>> >
>>> > *Thanks & Kind Regards,*
>>> > Saurabh LAHOTI.
>>> > *Ideas enlighten Innovation**!!!*
>>> > Please consider the environment before printing this mail..!!
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Thu, 30 Aug 2018 at 08:04, Ulrich Windl <
>>> > Ulrich.Windl(a)rz.uni-regensburg.de> wrote:
>>> >
>>> > > >>> Saurabh Lahoti <saurabh.astronomy(a)gmail.com> schrieb am
>>> 29.08.2018 um
>>> > > 14:45
>>> > > in
>>> > > Nachricht
>>> > > <CAB5-Mqq2Epvoz-U_=1zNoz-JVSE9e5mu=MWemjyTEM7QuXaZDQ(a)mail.gmail.com
>>> >:
>>> > > > Dear Leo,
>>> > > >
>>> > > > We tried the steps mentioned below using the ReOpenLDAP package
>>> provided
>>> > > by
>>> > > > you.
>>> > > >
>>> > > > But, we're start at the very first step while running bootstrap.sh
>>> &
>>> > > > encountered below errors:
>>> > > >
>>> > > > root@pygarg # ./bootstrap.sh
>>> > > > ./bootstrap.sh: line 39: git: command not found
>>> > > > Oops, cleanup failed ;(
>>> > >
>>> > > I wonder: How could you "git clone" without git?
>>> > >
>>> > > >
>>> > > >
>>> > > > Could you please guide us further into this..?
>>> > > >
>>> > > > ----
>>> > > >
>>> > > > *Thanks & Kind Regards,*
>>> > > > Saurabh LAHOTI.
>>> > > > *Ideas enlighten Innovation**!!!*
>>> > > > Please consider the environment before printing this mail..!!
>>> > > >
>>> > > >
>>> > > >
>>> > > >
>>> > > >
>>> > > > On Thu, 23 Aug 2018 at 23:17, ???????????? ?????????? <
>>> leo(a)yuriev.ru> wrote:
>>> > > >
>>> > > >> Hi, Saurabh.
>>> > > >>
>>> > > >> Your custom overlay "mobiuniquemember" now intergated into
>>> ReOpenLDAP
>>> > > >> (mobiuniquemember branch).
>>> > > >> Please check it:
>>> > > >>
>>> > > >> git clone https://github.com/leo-yuriev/ReOpenLDAP.git -b
>>> > > mobiuniquemember
>>> > > >> cd ReOpenLDAP
>>> > > >> ./bootstrap.sh
>>> > > >> ./configure --enable-contrib [other relevan options]
>>> > > >> make install
>>> > > >>
>>> > > >> Regards,
>>> > > >> Leonid.
>>> > > >>
>>> > > >>
>>> > > >> ????, 22 ??????. 2018 ??. ?? 18:04, ???????????? ?????????? <
>>> leo(a)yuriev.ru>:
>>> > > >>
>>> > > >>> You could submit source code of your custom overlay to
>>> > > >>> https://github.com/leo-yuriev/ReOpenLDAP, i.e. pull-request
>>> into the
>>> > > >>> 'devel' branch.
>>> > > >>>
>>> > > >>> Then I will try fix it and merge-in, in success case you will be
>>> able
>>> > > to
>>> > > >>> build and use it with ReOpenLDAP.
>>> > > >>>
>>> > > >>>
>>> > > >>> Regards,
>>> > > >>> Leonid.
>>> > > >>>
>>> > > >>> ????, 22 ??????. 2018 ??., 17:37 Saurabh Lahoti <
>>> saurabh.astronomy(a)gmail.com
>>> > > >:
>>> > > >>>
>>> > > >>>> Dear,
>>> > > >>>>
>>> > > >>>> What is you're recommendation to fix this problem on our
>>> side..? It's
>>> > > >>>> been haunting our operational activities on daily basis.. ??????
>>> > > >>>> ----
>>> > > >>>>
>>> > > >>>> *Thanks & Kind Regards,*
>>> > > >>>> Saurabh LAHOTI.
>>> > > >>>> *Mob: +32.499.82.37.88*
>>> > > >>>> *Ideas enlighten Innovation**!!!*
>>> > > >>>> Please consider the environment before printing this mail..!!
>>> > > >>>>
>>> > > >>>>
>>> > > >>>>
>>> > > >>>>
>>> > > >>>>
>>> > > >>>> On Fri, 17 Aug 2018 at 16:43, Brian Reichert <
>>> reichert(a)numachi.com>
>>> > > >>>> wrote:
>>> > > >>>>
>>> > > >>>>> On Thu, Aug 16, 2018 at 02:00:20PM +0200, Saurabh Lahoti wrote:
>>> > > >>>>> > Dear,
>>> > > >>>>> >
>>> > > >>>>> > Today, received below error in /var/log/messages with
>>> OpenLDAP
>>> > > >>>>> instance
>>> > > >>>>> > crashing.
>>> > > >>>>>
>>> > > >>>>> That looks like either:
>>> > > >>>>>
>>> > > >>>>> - You have a bad SIM (very unlikely)
>>> > > >>>>> - You have a corrupted uniquemember.so.0.0.0 shared library.
>>> > > >>>>> - You may have conflated OpenLDAP packages installed that have
>>> a
>>> > > >>>>> critical
>>> > > >>>>> incompatibility amidst the installed binaries/libraries.
>>> > > >>>>>
>>> > > >>>>> It did write a core file; there are many tutorials about
>>> exploring
>>> > > >>>>> a core file to help understand why the segfault occurred.
>>> > > >>>>>
>>> > > >>>>> >
>>> > > >>>>> > Aug 16 13:21:07 muledeer kernel: slapd[29253]: segfault at 0
>>> ip
>>> > > >>>>> > 00007fbeddf3af09 sp 00007fb72effc480 error 4 in
>>> > > >>>>> > uniquemember.so.0.0.0[7fbeddf3a000+2000]
>>> > > >>>>> > Aug 16 13:21:08 muledeer abrt[24629]: Saved core dump of pid
>>> 16470
>>> > > >>>>> > (/usr/app/ldap/openldap2.4.46/libexec/slapd) to
>>> > > >>>>> > /var/spool/abrt/ccpp-2018-08-16-13:21:07-16470 (472973312
>>> bytes)
>>> > > >>>>> > Aug 16 13:21:08 muledeer abrtd: Directory
>>> > > >>>>> 'ccpp-2018-08-16-13:21:07-16470'
>>> > > >>>>> > creation detected
>>> > > >>>>> > Aug 16 13:21:08 muledeer abrtd: Executable
>>> > > >>>>> > '/usr/app/ldap/openldap2.4.46/libexec/slapd' doesn't belong
>>> to any
>>> > > >>>>> package
>>> > > >>>>> > and ProcessUnpackaged is set to 'no'
>>> > > >>>>> > Aug 16 13:21:08 muledeer abrtd: 'post-create' on
>>> > > >>>>> > '/var/spool/abrt/ccpp-2018-08-16-13:21:07-16470' exited with
>>> 1
>>> > > >>>>> > Aug 16 13:21:08 muledeer abrtd: Deleting problem directory
>>> > > >>>>> > '/var/spool/abrt/ccpp-2018-08-16-13:21:07-16470'
>>> > > >>>>> >
>>> > > >>>>> >
>>> > > >>>>> > Could you please guide us in finding probable root of this
>>> error..?
>>> > > >>>>> > ----
>>> > > >>>>> >
>>> > > >>>>> > *Thanks & Kind Regards,*
>>> > > >>>>> > Saurabh LAHOTI.
>>> > > >>>>> > *Ideas enlighten Innovation**!!!*
>>> > > >>>>> > Please consider the environment before printing this mail..!!
>>> > > >>>>>
>>> > > >>>>> --
>>> > > >>>>> Brian Reichert <reichert(a)numachi.com>
>>> > > >>>>> BSD admin/developer at large
>>> > > >>>>>
>>> > > >>>>
>>> > >
>>> > >
>>> > >
>>> > >
>>>
>>> --
>>> Brian Reichert <reichert(a)numachi.com>
>>> BSD admin/developer at large
>>>
>>
5 years
Re: OpenLDAP instances crashes
by Saurabh Lahoti
Dear Leo,
We tried the steps mentioned below using the ReOpenLDAP package provided by
you.
But, we're start at the very first step while running bootstrap.sh &
encountered below errors:
root@pygarg # ./bootstrap.sh
./bootstrap.sh: line 39: git: command not found
Oops, cleanup failed ;(
Could you please guide us further into this..?
----
*Thanks & Kind Regards,*
Saurabh LAHOTI.
*Ideas enlighten Innovation**!!!*
Please consider the environment before printing this mail..!!
On Thu, 23 Aug 2018 at 23:17, Леонид Юрьев <leo(a)yuriev.ru> wrote:
> Hi, Saurabh.
>
> Your custom overlay "mobiuniquemember" now intergated into ReOpenLDAP
> (mobiuniquemember branch).
> Please check it:
>
> git clone https://github.com/leo-yuriev/ReOpenLDAP.git -b mobiuniquemember
> cd ReOpenLDAP
> ./bootstrap.sh
> ./configure --enable-contrib [other relevan options]
> make install
>
> Regards,
> Leonid.
>
>
> ср, 22 авг. 2018 г. в 18:04, Леонид Юрьев <leo(a)yuriev.ru>:
>
>> You could submit source code of your custom overlay to
>> https://github.com/leo-yuriev/ReOpenLDAP, i.e. pull-request into the
>> 'devel' branch.
>>
>> Then I will try fix it and merge-in, in success case you will be able to
>> build and use it with ReOpenLDAP.
>>
>>
>> Regards,
>> Leonid.
>>
>> ср, 22 авг. 2018 г., 17:37 Saurabh Lahoti <saurabh.astronomy(a)gmail.com>:
>>
>>> Dear,
>>>
>>> What is you're recommendation to fix this problem on our side..? It's
>>> been haunting our operational activities on daily basis.. 😓
>>> ----
>>>
>>> *Thanks & Kind Regards,*
>>> Saurabh LAHOTI.
>>> *Mob: +32.499.82.37.88*
>>> *Ideas enlighten Innovation**!!!*
>>> Please consider the environment before printing this mail..!!
>>>
>>>
>>>
>>>
>>>
>>> On Fri, 17 Aug 2018 at 16:43, Brian Reichert <reichert(a)numachi.com>
>>> wrote:
>>>
>>>> On Thu, Aug 16, 2018 at 02:00:20PM +0200, Saurabh Lahoti wrote:
>>>> > Dear,
>>>> >
>>>> > Today, received below error in /var/log/messages with OpenLDAP
>>>> instance
>>>> > crashing.
>>>>
>>>> That looks like either:
>>>>
>>>> - You have a bad SIM (very unlikely)
>>>> - You have a corrupted uniquemember.so.0.0.0 shared library.
>>>> - You may have conflated OpenLDAP packages installed that have a
>>>> critical
>>>> incompatibility amidst the installed binaries/libraries.
>>>>
>>>> It did write a core file; there are many tutorials about exploring
>>>> a core file to help understand why the segfault occurred.
>>>>
>>>> >
>>>> > Aug 16 13:21:07 muledeer kernel: slapd[29253]: segfault at 0 ip
>>>> > 00007fbeddf3af09 sp 00007fb72effc480 error 4 in
>>>> > uniquemember.so.0.0.0[7fbeddf3a000+2000]
>>>> > Aug 16 13:21:08 muledeer abrt[24629]: Saved core dump of pid 16470
>>>> > (/usr/app/ldap/openldap2.4.46/libexec/slapd) to
>>>> > /var/spool/abrt/ccpp-2018-08-16-13:21:07-16470 (472973312 bytes)
>>>> > Aug 16 13:21:08 muledeer abrtd: Directory
>>>> 'ccpp-2018-08-16-13:21:07-16470'
>>>> > creation detected
>>>> > Aug 16 13:21:08 muledeer abrtd: Executable
>>>> > '/usr/app/ldap/openldap2.4.46/libexec/slapd' doesn't belong to any
>>>> package
>>>> > and ProcessUnpackaged is set to 'no'
>>>> > Aug 16 13:21:08 muledeer abrtd: 'post-create' on
>>>> > '/var/spool/abrt/ccpp-2018-08-16-13:21:07-16470' exited with 1
>>>> > Aug 16 13:21:08 muledeer abrtd: Deleting problem directory
>>>> > '/var/spool/abrt/ccpp-2018-08-16-13:21:07-16470'
>>>> >
>>>> >
>>>> > Could you please guide us in finding probable root of this error..?
>>>> > ----
>>>> >
>>>> > *Thanks & Kind Regards,*
>>>> > Saurabh LAHOTI.
>>>> > *Ideas enlighten Innovation**!!!*
>>>> > Please consider the environment before printing this mail..!!
>>>>
>>>> --
>>>> Brian Reichert <reichert(a)numachi.com>
>>>> BSD admin/developer at large
>>>>
>>>
5 years
Failed to create more than 1024 LMDB environment objects
by Jeremy Chen
Hi
I have been using lmdb (with java binding on Ubuntu 14.04+, or Centos 7) to manage daily data sets for a while and so far it works beautifully. Now I am trying to add multi-tenancy support with physical partitioning, but fails to create more than 1024 environments (1017 to be exact). The error msg is "Resource temporarily unavailable" (not sure if it's accurate since it's from the lmdbjni binding), and it will only generate a lock.mdb of 0 length in the failed environment.
I tuned a few parameters, like reducing the map size to a few MB each, etc, but to no avail.
Is this a hard limit? Or I could change something in lmdb source code to extend it?
Thank you very much!
Jeremy
5 years
multiple syncrepl statements for partial DIT replication
by Manuela Mandache
Hi,
I just subscribed to ask this question, I found no answer in the archives -
sorry if I haven't looked well enough.
There are three branches in the DIT on the provider and only two of them
must be replicated to the consumers. Can this be done by defining two
syncrepl statements on the consumers, one for each branch to be replicated
and each one having a different rid? I run OpenLDAP 2.4.40 on CentOS 7.
I know this result can be obtained by defining the right ACLs for the
replication account on the provider and giving the parent of the three
branches in the syncrepl statement, I was wondering if there are other ways
of achieving it.
Thank you,
Manuela Mandache
5 years