Q: UNKNOWN attributeDescription "AUDITCONTEXT" inserted.
by Ulrich Windl
Hi!
After systemd tearing down one of our LDAP servers I noticed the following message when the server was restarted:
slapd[10525]: UNKNOWN attributeDescription "AUDITCONTEXT" inserted.
The next line logged was:
slapd[10525]: olcServerID: value #1: SID=0x002 (listener=ldap://...:389)
(the server is that of SLES12 SP4, 2.4.41 from opensuse-buildservice)
The server is one of three MM servers that all have the same configuration and the same version.
The schema knows in olcAttributeTypes (olcSchemaConfig):
( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'DN of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
What I'l like to know: Is there any thing I could fix in the configuration to make the message go away, or is it some software issue in slapd?
Regards,
Ulrich
2 years, 10 months
Re: (ITS#9159) mdb_put failed: MDB_MAP_FULL: Environment mapsize limit reached(-30792)
by Vijay Kumar
I could see some stats from mdb-stat tool as mentioned below,
mdb_stat.exe -rne "C:\openldap\mdb\data.mdb"
Environment Info
Map address: 0000000000000000
Map size: 268435456 (we have set the value as *104,857,600,000,000* in
mdb.c and back_mdb.h files, but it has taken only 256 MB, not sure why?)
Page size: 4096
Max pages: 65536
Number of pages used: 65527
Last transaction ID: 9555
Max readers: 126
Number of readers used: 0
Reader Table Status
(no active readers)
when i try to increase to set the dbMaxSize it fails,
*addDbMaxSize.ldif * has content as mentioned below,
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcDbMaxSize
olcDbMaxSize: 1073741824
olcDbMaxSize: *1073741824 - stops the service in windows*
openldap \bin>ldapmodify -H ldaps://localhost:6565 -D cn=admin,cn=config -w
d -f addDbMaxSize.ldif
modifying entry "olcDatabase={1}mdb,cn=config"
*ldap_modify: Other (e.g., implementation specific) error (80)
additional info: failed to reopen database, rc=87*
olcDbMaxSize: *536870912 - failed as below*
openldap \bin>ldapmodify -H ldaps://localhost:6565 -D cn=admin,cn=config -w
d -f addDbMaxSize.ldif
modifying entry "olcDatabase={1}mdb,cn=config"
*ldap_modify: Invalid syntax (21) additional info: olcDbMaxSize:
value #0 invalid per syntax*
*back-mdb.h - we added as below*
#define DEFAULT_MAPSIZE (10 * 10 * 10 * 10 * 10 * 10 * 10 * 10 * 1048576)
mdb.c - we added as below
#define DEFAULT_MAPSIZE (10 * 10 * 10 * 10 * 10 * 10 * 10 * 10 * 1048576)
if ((i = mdb_env_read_header(env, &meta)) != 0) {
if (i != ENOENT)
return i;
DPUTS("new mdbenv");
newenv = 1;
env->me_psize = env->me_os_psize;
if (env->me_psize > MAX_PAGESIZE)
env->me_psize = MAX_PAGESIZE;
memset(&meta, 0, sizeof(meta));
mdb_env_init_meta0(env, &meta);
meta.mm_mapsize = DEFAULT_MAPSIZE;
} else {
env->me_psize = meta.mm_psize;
}
*1. i am not getting why the size of the map (as per the stats info given
above) - 256 MB (268435456) only ? please provide me a clue once to
understand this.*
*2. Kindly let me know how to get debug logs ? i use DPRINTF, DPUT in mdb.c
but dint get see as logs printed.!*
*We observed this in Windows 2012 R2 and Window10 OS x64 Arch machines.*
Regards,
Vijay Kumar
On Thu, Jan 30, 2020 at 12:46 PM Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
>
>
> --On Thursday, January 30, 2020 6:09 AM +0000
> pasumarthivijaykumar(a)gmail.com wrote:
>
> > --00000000000025b743059d554b79
> > Content-Type: text/plain; charset="UTF-8"
> > Content-Transfer-Encoding: quoted-printable
> >
> > Thanks for your reply I do know that info for windows also is it the
> > same.? I am unable to use stats tool also.
>
> As I already stated, the maxsize parameter specifies the maximum size the
> database can reach.
>
> > As I don=E2=80=99t see any reply from our many mails to
> > openldap-technical(a)openldap.org I have created this case to clarify.
>
>
> The openldap-technical list is only open to subscribers, if you want to
> post to it you must subscribe first.
>
>
> > Why don=E2=80=99t you forward the query to the concerned team instead
> > closi= ng.
>
> Your query would not be forwarded because you failed to read and/or
> understand the documentation. This system is for bug reports only.
>
> > No reply to us.!
>
> I did reply. This is clearly shown in the ITS.
>
> > Please let us know answer to solve a issue.!
>
>
> I already provided you the answer in my earlier response. Set an
> approprate maxsize setting, the default of 10MB is clearly too low.
>
> Regards,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
--
Thanks & Regards,
Vijay Kumar
*+91-94944 44009*
3 years, 4 months
Re: How to fetch LDAP Server version using Java
by Vijay Kumar
Hi Quanah
Thanks a lot for your reply. I tried but dint get any reply
I think we need to add monitor database. Will try to add the same and let
you know.
Regards,
Vijay Kumar
On Thu, Jan 30, 2020 at 10:49 PM Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
>
>
> --On Thursday, January 30, 2020 2:34 PM +0530 Vijay Kumar
> <pasumarthivijaykumar(a)gmail.com> wrote:
>
> In the future, do not cross post to multiple lists. You were already told
> specifically to address your questions to openldap-technical(a)openldap.org.
>
> supportedLDAPVersion tracks the LDAP version (LDAP version 3), it does not
> track the underlying version of OpenLDAP.
>
> However, if you enable the monitor backend (See the man page for
> slapd-monitor(5)), the OpenLDAP version is contained in the monitoredInfo
> attribute:
>
> ldapsearch -x -LLL -H ldap:/// -s base -b cn=monitor monitoredInfo
> dn: cn=Monitor
> monitoredInfo: OpenLDAP: slapd 2.4.48 (Jan 29 2020 19:43:07)
>
> This of course requires that your program have permission to read from
> that
> database.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
--
Thanks & Regards,
Vijay Kumar
*+91-94944 44009*
3 years, 4 months
Re: How to use mdb_stat.c - memory-mapped database status tool
by Vijay Kumar
On Thu, Jan 30, 2020 at 11:29 AM Vijay Kumar <pasumarthivijaykumar(a)gmail.com>
wrote:
> Hi Team,
>
> Can i request to let me know how to use
> mdb_stat.c - memory-mapped database status tool
>
> google and docs of openldap dint help me.!
>
> Thank you.
> --
> Thanks & Regards,
>
> Vijay Kumar
> *+91-94944 44009*
>
--
Thanks & Regards,
Vijay Kumar
*+91-94944 44009*
3 years, 4 months
Re: How to fetch LDAP Server version using Java
by Vijay Kumar
Hi Team,
>From my Java Program i am in need to find the LDAP Server version.
i am able to get supportedLDAPVersion using below search query,
LDAPSearchResults ldapSearchResults = ldapConn.search("",
LDAPConnection.SCOPE_BASE, "(objectclass=*)", new String[]
{"supportedLDAPVersion"}, false);
No results found, when i try to use vendorVersion and vendorName (like that
queried like below)
ldapSearchResults = ldapConn.search("", LDAPConnection.SCOPE_BASE,
"(objectclass=*)", new String[] {"vendorVersion"}, false)
is there any approach that can follow, please let me know.
i am need to get info as below,
root@docker_container:/etc/ldap/slapd.d# ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch (Jul 30 2019 16:24:19) $
Debian OpenLDAP Maintainers <
pkg-openldap-devel(a)lists.alioth.debian.org>
* (LDAP library: OpenLDAP *20448*)*
root@docker_container:/etc/ldap/slapd.d#
Thank you.
--
Thanks & Regards,
Vijay Kumar
*+91-94944 44009*
3 years, 4 months
RE24 testing call #2 (2.4.49) LMDB RE0.9 testing call (0.9.25)
by Quanah Gibson-Mount
This is the second testing call for OpenLDAP 2.4.49. Depending on the
results, this may be the only testing call.
Generally, get the code for RE24:
<http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=snapshot;h=refs...>
Configure & build.
Execute the test suite (via make test) after it is built. Optionally, cd
tests && make its to run through the regression suite.
Thanks!
OpenLDAP 2.4.49 Engineering
Added slapd-monitor database entry count for slapd-mdb (ITS#9154)
Fixed client tools to not add controls on cancel/abandon (ITS#9145)
Fixed client tools SyncInfo message to be LDIF compliant (ITS#8116)
Fixed libldap to correctly free sb (ITS#9081, ITS#8755)
Fixed libldap descriptor leak if ldaps fails (ITS#9147)
Fixed libldap remove unnecessary global mutex for GnuTLS (ITS#9069)
Fixed slapd syntax evaluation of preferredDeliveryMethod (ITS#9067)
Fixed slapd to relax domainScope control check (ITS#9100)
Fixed slapd to have cleaner error handling during connection setup
(ITS#9112)
Fixed slapd data check when processing cancel exop (ITS#9124)
Fixed slapd attribute description processing (ITS#9128)
Fixed slapd-ldap to set oldctrls correctly (ITS#9076)
Fixed slapd-mdb to honor unchecked limit with alias deref (ITS#7657)
Fixed slapd-mdb missing final commit with slapindex (ITS#9095)
Fixed slapd-mdb drop attr mappings added in an aborted txn (ITS#9091)
Fixed slapd-mdb nosync FLAG configuration handling (ITS#9150)
Fixed slapd-monitor global operation counter reporting (ITS#9119)
Fixed slapo-ppolicy when used with slapauth (ITS#8629)
Fixed slapo-ppolicy to add a missed normalised copy of pwdChangedTime
(ITS#9126)
Fixed slapo-syncprov fix sessionlog init (ITS#9146)
Fixed slapo-unique loop termination (ITS#9077)
Build Environment
Fix mkdep to honor TMPDIR if set (ITS#9062)
Remove ICU library detection (ITS#9144)
Update config.guess and config.sub to support newer architectures
(ITS#7855)
Documentation
admin24 - Fix inconsistent whitespace in replication section
(ITS#9153)
slapd-config(5)/slapd.conf(5) - Fix missing bold tag for keyword
(ITS#9063)
slapd-ldap(5) - Document "tls none" option (ITS#9071)
slapo-ppolicy(5) - Correctly document pwdGraceAuthnLimit (ITS#9065)
LMDB 0.9.25 Engineering
ITS#9068 fix mdb_dump/load backslashes in printable content
ITS#9118 add MAP_NOSYNC for FreeBSD
ITS#9155 free mt_spill_pgs in non-nested txn on end
Thanks,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
3 years, 4 months
