ldap_modify: Other (e.g., implementation specific) error (80) when adding new certificates
by Sami Ait Ali Oulahcen
Hi,
I'm setting up a new instance of openldap, and I'm running into error
(80) when trying to add new certificates.
I've checked for the usual suspects:
- certs in PEM format
- file permissions along the path OK
I'm using Symas' CentOS 7 repo: slapd 2.4.50 (Apr 28 2020 21:18:35)
I've enabled debugging on the server (logs attached), but can't get
anything out of it.
Any pointers are appreciated.
Regards,
Sami
3 years, 4 months
OpenLDAP in different directories
by Mig Ovie
Hello,
I am new to OpenLDAP y would like to know whether I can install it on the /mnt.
For this case, I am not allowed to install it on /etc or /usr or /var , which I believe will create many issues.
Is it feasible/advisable?
3 years, 4 months
Ppolicy control missing from supportedControl
by Côme Chilliet
Hello,
I have ppolicy overlay correctly set up, but the ppolicy control
1.3.6.1.4.1.42.2.27.8.5.1 is not returned in supportedControl by
openldap when querying the root DSE.
Is this a bug or a feature?
Is there something to do configuration wise to fix this?
It is causing problems for PHP automated extension tests, the php-ldap
module skips tests depending on whether associated controls are listed
by the server or not, but ppolicy is never returned so the ppolicy test
cannot run.
Côme
3 years, 4 months
Re: [EXT] Re: syncrepl does not work as expected
by kumar rahul
Hi Quanah
Just to be sure I manually removed the line and typed it back but still
see the ERROR. Following line is causing the issue
objectClass: olcAccessLogConfig
I am attaching the ldif file for your reference.
Thanks
Rahul
On Mon, Jul 6, 2020 at 2:40 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote:
>
>
> --On Monday, July 6, 2020 3:18 PM -0400 kumar rahul
> <rahul2002mit(a)gmail.com> wrote:
>
> > adding new entry "olcOverlay={1}accesslog,olcDatabase={3}mdb,cn=config"
> > ldap_add: Invalid syntax (21)
> > additional info: objectClass: value #1 invalid per syntax
>
> At a guess, you have something like a space or tab after the objectClass
> value.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
3 years, 4 months
Re: slapd 2.4.44 Performance problems
by Daniel Zuniga
Is there a reason why OpenLDAP does not seem to use more than 8 cores
regardless of the number of threads it is being told to use? With 16
threads it saturates 8 cores, 16 threads and 16 cores still uses 8 cores,
32 threads and 16 cores... only 8 cores are used.
On Tue, Jun 30, 2020 at 6:43 PM Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
> --On Tuesday, June 30, 2020 10:49 PM +0000 daniel.zuniga(a)gmail.com wrote:
>
> > Can you offer any guidance? Thanks.
>
> The OpenLDAP 2.4.44 release is over 4 years old.
>
> You need to:
>
> a) Upgrade to a current release
> b) Migrate off of the back-bdb/hdb backend it seems like is being used to
> back-mdb. They are deprecated and have serious performance issues vs
> back-mdb
> (<
> https://mishikal.wordpress.com/2013/05/16/openldap-a-comparison-of-back-m...
> >).
>
> If you are using RHEL7 or RHEL8, my company provides a free drop-in
> replacement:
>
> <https://repo.symas.com/sofl/>
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
3 years, 4 months
Re: [EXT] Re: syncrepl does not work as expected
by kumar rahul
Hi Quanah
I re installed openldap with all the overlays
Here is the slapd -VVV output. I do see accesslog part of static overlays.
[HPE SmartFabric:root@SN2100-106 initial_config]#slapd -VVV
@(#) $OpenLDAP: slapd 2.4.50 (Jul 6 2020 18:11:26) $
@SN2100-106:/root/smartfabric/open-ldap/initial_config/openldap-2.4.50/servers/slapd
Included static overlays:
accesslog
auditlog
collect
constraint
dds
deref
dyngroup
dynlist
memberof
ppolicy
pcache
refint
retcode
rwm
seqmod
sssvlv
syncprov
translucent
unique
valsort
Included static backends:
config
ldif
monitor
mdb
relay
++++++++++++++++++++++++++++++++++++++++
How ever i still see following ERROR
ldapmodify -x -D 'cn=config' -w <password> -f update_config.ldif
adding new entry "olcDatabase={2}mdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}mdb,cn=config"
adding new entry "olcOverlay={0}syncprov,olcDatabase={3}mdb,cn=config"
*adding new entry
"olcOverlay={1}accesslog,olcDatabase={3}mdb,cn=config"ldap_add: Invalid
syntax (21) additional info: objectClass: value #1 invalid per
syntax*
here is the section which throws the ERROR
dn: olcOverlay={1}accesslog,olcDatabase={3}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
olcAccessLogPurge: 01+00:00 00+04:00
Thanks
Rahul
On Mon, Jul 6, 2020 at 1:15 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote:
>
>
> --On Monday, July 6, 2020 11:18 AM -0400 kumar rahul
> <rahul2002mit(a)gmail.com> wrote:
>
> >
> >
> > Hi Quanah
> >
> >
> > Here is how I am building it
> >
> >
> > 1) Download version 2.4.50 from
> > https://www.openldap.org/software/download/
> > 2) Unpack the zip files
> > 3) ./configure --enable-bdb=no --enable-hdb=no --enable-ipv6=yes
>
> I strongly advise you to really read the output of ./configure --help. It
> explicitly tells you what overlays are and are not enabled by default.
>
> Regards,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
3 years, 4 months
Re: [EXT] Re: syncrepl does not work as expected
by kumar rahul
Hi Quanah
Here is how I am building it
1) Download version 2.4.50 from https://www.openldap.org/software/download/
2) Unpack the zip files
3) ./configure --enable-bdb=no --enable-hdb=no --enable-ipv6=yes
4) make depend
5) make
6) make test
7) su root -c 'make install'
Let me know what I am missing so that accesslog modulegets included in
slapd.
Thanks
Rahul
On Fri, Jul 3, 2020 at 5:41 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote:
>
>
> --On Friday, July 3, 2020 4:09 PM -0400 kumar rahul
> <rahul2002mit(a)gmail.com> wrote:
>
> >
> >
> > Hi Quanah
> >
> >
> > How do I include accesslog module in slapd ?
>
> Depends on how you built it, since you seem to be building your own.
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
3 years, 4 months
Re: [EXT] Re: syncrepl does not work as expected
by kumar rahul
Hi Quanah
How do I include accesslog module in slapd ?
Thanks
Rahul
On Fri, Jul 3, 2020 at 11:44 AM Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
>
>
> --On Wednesday, July 1, 2020 9:36 PM -0400 kumar rahul
> <rahul2002mit(a)gmail.com> wrote:
>
> >
> > adding new entry "olcOverlay={1}accesslog,olcDatabase={3}mdb,cn=config"
> > ldap_add: Invalid syntax (21)
> > additional info: objectClass: value #1 invalid per syntax
>
> This would indicate the accesslog module is not part of your slapd binary.
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
3 years, 4 months
Re: [EXT] Re: syncrepl does not work as expected
by kumar rahul
Hi Quanah
If i comment out the module loading part then I am getting following
ERROR
[HPE SmartFabric:root@SN2100-106 initial_config]#ldapmodify -x -D
'cn=config' -w secret -f update_config.ldif
adding new entry "olcDatabase={2}mdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}mdb,cn=config"
adding new entry "olcOverlay={0}syncprov,olcDatabase={3}mdb,cn=config"
adding new entry "olcOverlay={1}accesslog,olcDatabase={3}mdb,cn=config"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
and this ERROR is for section
dn: olcOverlay={1}accesslog,olcDatabase={3}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
olcAccessLogPurge: 01+00:00 00+04:00
Let me know what is wrong with this.
Thanks
Rahul
On Wed, Jul 1, 2020 at 6:16 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote:
>
>
> --On Wednesday, July 1, 2020 6:43 PM -0400 kumar rahul
> <rahul2002mit(a)gmail.com> wrote:
>
> >
> >
> > Hi Quanah
> >
> >
> > Here is the output of slapd -VVV command. I do see accesslog as
> > static overlays.
> >
> >
> >
> > What changes i need to make in below snippet
>
> Moduleloading is only for dynamic modules. Since you don't have a dynamic
> module, you don't need to load it.
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
3 years, 5 months
Re: [EXT] Re: syncrepl does not work as expected
by kumar rahul
Hi Quanah
accesslog overlay file exists at following location
/var/lib/ldap/accesslog
What changes I need to make in below lines for moduleload to work
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
olcModuleLoad: accesslog
Thanks
Rahul
On Wed, Jul 1, 2020 at 1:38 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote:
> --On Wednesday, July 1, 2020 11:09 AM -0400 kumar rahul
> <rahul2002mit(a)gmail.com> wrote:
>
> > I am seeing following ERROR
>
> I have no idea how your slapd was built, etc. But essentially the
> accesslog overlay must be loaded into slapd to be of use. It looks like
> at
> least some of the modules in your system are compiled statically, which is
> likely why you currently do not have a module{0} section for loading
> modules. You'll also have to verify where on disk the accesslog overlay
> exists so that the moduleload statement pulls from the right directory.
>
> Regards,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
3 years, 5 months
