Index seems to return wrong amount of candidate causing really poor search performance
by chrichardso27@gmail.com
Hi,
Considering the following assumptions;
- OpenLDAP version 2.4.51
- attributes objectClass and abc are indexed based on equality
- the EQUALITY of attribute abc is based on distinguishedNameMatch
- The database contains roughly 2 million entries
- 2 entries have defined the attribute abc with a dn value cn=foo,dc=bar and objectClass=someClass
- 2 entries have defined the attribute abc with a dn value cn=bar,dc=baz and objectClass=someClass
Now, the issue started with really slow search performance using objectClass=someClass & abc=cn=foo,dc=bar as filter criteria. Debugging a while seems to indicate that the objectClass filter returns roughly 2 million entries as candidates. Now, one would expect that the second filter would return only the 2 potential candidates from the abc index, or a subset of the whole database but this is not the case. The second filter also returns nearly the whole database entries as potential candidates and causes really slow query performance. Interestingly, this only occurs when attribute abc has value cn=foo,dc=bar, but for some reason for the entry having attribute abc with value cn=bar,dc=baz the query returns immediately. In both cases, the actual entries matching the search return immediately but for the problematic search "(&(objectClass=someClass)(abc=cn=foo,dc=bar))", the completion of the search takes a long time (around 15 seconds to be precise).
The issue started suddenly and wasn't a degradation of query performance over time.
Few things I have tried
- Rebuilt the whole database again
- Reindex the existing database again
- Testing with bdb and mdb as backends
- Increased cache sizes for bdb to hold the whole database in cache
- For bdb adjust the page size of the indexes according to suggestion by db_tuner
- Change the order of the filters
None of these made any difference. At the moment, there does not seem to be any good options to try. Any ideas or help would be greatly appreciated!
2 years, 1 month
unable to add DB DIT , getting value #0 invalid per syntax error in alpine Linux.
by govid
unable to add DB DIT , getting value #0 invalid per syntax error
command used : ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif
below is the content of "create_sns_db.ldif" file
dn: olcDatabase=mdb,cn=config
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbMaxSize: 1073741824
olcSuffix: dc=smartsan
olcDbDirectory: /usr/local/var/openldap-data/sns_db
olcRootDN: cn=admin,dc=smartsan
olcRootPW: secret2
olcDbIndex: objectClass eq
below is the debug output for the ldapadd command used:
#ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif -d 255
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x7f1aa9d18010 ptr=0x7f1aa9d18010 end=0x7f1aa9d1802d len=29
0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c
0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret
ber_scanf fmt ({i) ber:
ber_dump: buf=0x7f1aa9d18010 ptr=0x7f1aa9d18015 end=0x7f1aa9d1802d len=24
0000: 60 16 02 01 03 04 09 63 6e 3d 63 6f 6e 66 69 67 `......cn=config
0010: 80 06 73 65 63 72 65 74 ..secret
ber_flush2: 29 bytes to sd 4
0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c
0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret
ldap_write: want=29, written=29
0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c
0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret
ldap_result ld 0x7f1aaa121dc0 msgid 1
wait4msg ld 0x7f1aaa121dc0 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f1aaa121dc0 msgid 1 all 1
** ld 0x7f1aaa121dc0 Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Tue May 25 05:42:41 2021
** ld 0x7f1aaa121dc0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f1aaa121dc0 request count 1 (abandoned 0)
** ld 0x7f1aaa121dc0 Response Queue:
Empty
ld 0x7f1aaa121dc0 response count 0
ldap_chkResponseList ld 0x7f1aaa121dc0 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f1aaa121dc0 NULL
ldap_int_select
read1msg: ld 0x7f1aaa121dc0 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 61 07 0a 0....a..
ldap_read: want=6, got=6
0000: 01 00 04 00 04 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b10 end=0x7f1aaa048b1c len=12
0000: 02 01 01 61 07 0a 01 00 04 00 04 00 ...a........
read1msg: ld 0x7f1aaa121dc0 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b13 end=0x7f1aaa048b1c len=9
0000: 61 07 0a 01 00 04 00 04 00 a........
read1msg: ld 0x7f1aaa121dc0 0 new referrals
read1msg: mark request completed, ld 0x7f1aaa121dc0 msgid 1
request done: ld 0x7f1aaa121dc0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b13 end=0x7f1aaa048b1c len=9
0000: 61 07 0a 01 00 04 00 04 00 a........
ber_scanf fmt (}) ber:
ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b1c end=0x7f1aaa048b1c len=0
ldap_msgfree
adding new entry "olcDatabase=mdb,cn=config"
ldap_add_ext
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x7f1aa9d18020 ptr=0x7f1aa9d18020 end=0x7f1aa9d18148 len=296
0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc
0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn=
0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj
0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM
0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD
0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0.
0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1.
0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240...
0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc=
0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD
00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v
00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap-
00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o
00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a
00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan
00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1..
0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD
0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object
0120: 43 6c 61 73 73 20 65 71 Class eq
ber_scanf fmt ({) ber:
ber_dump: buf=0x7f1aa9d18020 ptr=0x7f1aa9d18027 end=0x7f1aa9d18148 len=289
0000: 68 82 01 1d 04 19 6f 6c 63 44 61 74 61 62 61 73 h.....olcDatabas
0010: 65 3d 6d 64 62 2c 63 6e 3d 63 6f 6e 66 69 67 30 e=mdb,cn=config0
0020: 81 ff 30 1d 04 0b 6f 62 6a 65 63 74 43 6c 61 73 ..0...objectClas
0030: 73 31 0e 04 0c 6f 6c 63 4d 64 62 43 6f 6e 66 69 s1...olcMdbConfi
0040: 67 30 14 04 0b 6f 6c 63 44 61 74 61 62 61 73 65 g0...olcDatabase
0050: 31 05 04 03 6d 64 62 30 1c 04 0c 6f 6c 63 44 62 1...mdb0...olcDb
0060: 4d 61 78 53 69 7a 65 31 0c 04 0a 31 30 37 33 37 MaxSize1...10737
0070: 34 31 38 32 34 30 1a 04 09 6f 6c 63 53 75 66 66 418240...olcSuff
0080: 69 78 31 0d 04 0b 64 63 3d 73 6d 61 72 74 73 61 ix1...dc=smartsa
0090: 6e 30 31 04 0e 6f 6c 63 44 62 44 69 72 65 63 74 n01..olcDbDirect
00a0: 6f 72 79 31 1f 04 1d 2f 76 61 72 2f 6c 69 62 2f ory1.../var/lib/
00b0: 6f 70 65 6e 6c 64 61 70 2d 64 61 74 61 2f 73 6e openldap-data/sn
00c0: 73 5f 64 62 30 23 04 09 6f 6c 63 52 6f 6f 74 44 s_db0#..olcRootD
00d0: 4e 31 16 04 14 63 6e 3d 61 64 6d 69 6e 2c 64 63 N1...cn=admin,dc
00e0: 3d 73 6d 61 72 74 73 61 6e 30 16 04 09 6f 6c 63 =smartsan0...olc
00f0: 52 6f 6f 74 50 57 31 09 04 07 73 65 63 72 65 74 RootPW1...secret
0100: 32 30 1e 04 0a 6f 6c 63 44 62 49 6e 64 65 78 31 20...olcDbIndex1
0110: 10 04 0e 6f 62 6a 65 63 74 43 6c 61 73 73 20 65 ...objectClass e
0120: 71 q
ber_flush2: 296 bytes to sd 4
0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc
0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn=
0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj
0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM
0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD
0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0.
0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1.
0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240...
0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc=
0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD
00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v
00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap-
00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o
00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a
00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan
00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1..
0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD
0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object
0120: 43 6c 61 73 73 20 65 71 Class eq
ldap_write: want=296, written=296
0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc
0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn=
0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj
0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM
0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD
0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0.
0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1.
0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240...
0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc=
0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD
00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v
00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap-
00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o
00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a
00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan
00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1..
0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD
0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object
0120: 43 6c 61 73 73 20 65 71 Class eq
ldap_result ld 0x7f1aaa121dc0 msgid 2
wait4msg ld 0x7f1aaa121dc0 msgid 2 (timeout 100000 usec)
wait4msg continue ld 0x7f1aaa121dc0 msgid 2 all 1
** ld 0x7f1aaa121dc0 Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Tue May 25 05:42:41 2021
** ld 0x7f1aaa121dc0 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f1aaa121dc0 request count 1 (abandoned 0)
** ld 0x7f1aaa121dc0 Response Queue:
Empty
ld 0x7f1aaa121dc0 response count 0
ldap_chkResponseList ld 0x7f1aaa121dc0 msgid 2 all 1
ldap_chkResponseList returns ld 0x7f1aaa121dc0 NULL
ldap_int_select
read1msg: ld 0x7f1aaa121dc0 msgid 2 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 34 02 01 02 69 2f 0a 04...i/.
ldap_read: want=46, got=46
0000: 01 15 04 00 04 28 6f 62 6a 65 63 74 43 6c 61 73 .....(objectClas
0010: 73 3a 20 76 61 6c 75 65 20 23 30 20 69 6e 76 61 s: value #0 inva
0020: 6c 69 64 20 70 65 72 20 73 79 6e 74 61 78 lid per syntax
ber_get_next: tag 0x30 len 52 contents:
ber_dump: buf=0x565118724fb0 ptr=0x565118724fb0 end=0x565118724fe4 len=52
0000: 02 01 02 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 ...i/......(obje
0010: 63 74 43 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 ctClass: value #
0020: 30 20 69 6e 76 61 6c 69 64 20 70 65 72 20 73 79 0 invalid per sy
0030: 6e 74 61 78 ntax
read1msg: ld 0x7f1aaa121dc0 msgid 2 message type add
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x565118724fb0 ptr=0x565118724fb3 end=0x565118724fe4 len=49
0000: 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 63 74 43 i/......(objectC
0010: 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 30 20 69 lass: value #0 i
0020: 6e 76 61 6c 69 64 20 70 65 72 20 73 79 6e 74 61 nvalid per synta
0030: 78 x
read1msg: ld 0x7f1aaa121dc0 0 new referrals
read1msg: mark request completed, ld 0x7f1aaa121dc0 msgid 2
request done: ld 0x7f1aaa121dc0 msgid 2
res_errno: 21, res_error: <objectClass: value #0 invalid per syntax>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x565118724fb0 ptr=0x565118724fb3 end=0x565118724fe4 len=49
0000: 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 63 74 43 i/......(objectC
0010: 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 30 20 69 lass: value #0 i
0020: 6e 76 61 6c 69 64 20 70 65 72 20 73 79 6e 74 61 nvalid per synta
0030: 78 x
ber_scanf fmt (}) ber:
ber_dump: buf=0x565118724fb0 ptr=0x565118724fe4 end=0x565118724fe4 len=0
ldap_msgfree
ldap_err2string
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 4
0000: 30 05 02 01 03 42 00 0....B.
ldap_write: want=7, written=7
0000: 30 05 02 01 03 42 00 0....B.
ldap_free_connection: actually freed
Note: i have manually typed the contents of the ldif file to make sure no extra characters are there.
2 years, 3 months
LMDB MAP_LOCK flag on readers to minimize major page faults
by Vitaly Zuevsky
Hi
MAP_LOCK flag to mmap() on LMDB readers should populate page cache from the
file being mapped and preclude those pages from eviction. I was wondering if
that was ever tested, especially with frequent writes to the underlying
file. And is there a standard way (a compile option) to include that flag
without modifying source code directly? I see quite a few major faults with
perf stat, and I am looking if they could be avoided.
I am new to LMDB and I guess this discussion may have taken place before, if
you could point me out to the right place..
Thank you.
Vitaly
2 years, 3 months
RE24 testing call #1 (OpenLDAP 2.4.59)
by Quanah Gibson-Mount
his is the first testing call for OpenLDAP 2.4.59. Depending on the
results, this may be the only testing call.
Generally, get the code for RE24:
<https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_4...>
Extract, configure, and build.
Execute the test suite (via make test) after it is built. Optionally, cd
tests && make its to run through the regression suite.
Thanks!
OpenLDAP 2.4.59 Engineering
Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed slapd syncrepl handling of add+delete on single value attr
(ITS#9295)
Fixed slapd-mdb cursor init check (ITS#9526)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapo-pcache locking during expiration (ITS#9529)
Contrib
Fixed slapo-autogroup to not thrash thead context (ITS#9494)
Documentation
ldap_modify(3) - Delete non-existent mod_next parameter
(ITS#9559)
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
2 years, 3 months
Configure autoca in slapd.d
by Stefan Kania
Hallo,
I try to get autoca running using the configuration via slapd.d. With
slapd.conf it'S working with this configuration:
-------
overlay autoca
caKeybits 4096
userKeybits 4096
serverKeybits 4096
-------
When I try to configure it with the following settings:
---------
dn: olcOverlay={1}autoca,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
olcserverKeybits: 4096
olccaKeybits: 4096
olcuserKeybits: 4096
---------
I'll getting:
-------------
additional info: olcserverKeybits: attribute type undefined
-------------
If I try to configure autoca with the default values, it works.
I use OpenLDAP 2.5.4 on a Debian10
Is there any documentation, more then the manpage?
Stefan
2 years, 3 months
Re: RE25 testing call #1 (OpenLDAP 2.5.5)
by Nick Folino
Make test and make its successful on Fedora 34.
Nick
On Fri, May 28, 2021 at 5:39 PM Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
> This is the first testing call for OpenLDAP 2.5.55. Depending on the
> results, this may be the only testing call.
>
> Generally, get the code for RE25:
>
> <
> https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_5...
> >
>
> Extract, configure, and build.
>
> Execute the test suite (via make test) after it is built. Optionally, cd
> tests && make its to run through the regression suite.
>
> Thanks!
>
> OpenLDAP 2.5.5 Engineering
> Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502)
> Added lloadd tcp-user-timeout support (ITS#9502)
> Added slapd-asyncmeta tcp-user-timeout support (ITS#9502)
> Added slapd-ldap tcp-user-timeout support (ITS#9502)
> Added slapd-meta tcp-user-timeout support (ITS#9502)
> Fixed incorrect control OIDs for AuthZ Identity (ITS#9542)
> Fixed libldap typo in util-int.c (ITS#9541)
> Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
> Fixed libldap better TLS1.3 cipher suite handling (ITS#9521,
> ITS#9546)
> Fixed lloadd multiple issues (ITS#8747)
> Fixed slapd slap_op_time to avoid duplicates across restarts
> (ITS#9537)
> Fixed slapd typo in daemon.c (ITS#9541)
> Fixed slapd slapi compilation (ITS#9544)
> Fixed slapd to handle empty DN in extended filters (ITS#9551)
> Fixed slapd syncrepl searches with empty base (ITS#6467)
> Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534)
> Fixed slapd-asyncmeta quarantine handling (ITS#8721)
> Fixed slapd-asyncmeta to have a default operations timeout
> (ITS#9555)
> Fixed slapd-ldap quarantine handling (ITS#8721)
> Fixed slapd-mdb deletion of context entry (ITS#9531)
> Fixed slapd-meta quarantine handling (ITS#8721)
> Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552)
> Fixed slapo-pcache locking during expiration (ITS#9529)
> Fixed slappw-argon2 module installation (ITS#9548)
> Contrib
> Update ldapc++/ldaptcl to use configure.ac (ITS#9554)
> Documentation
> ldap_first_attribute(3) - Document ldap_get_attribute_ber
> (ITS#8820)
> ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
2 years, 3 months
RE25 testing call #1 (OpenLDAP 2.5.5)
by Quanah Gibson-Mount
This is the first testing call for OpenLDAP 2.5.55. Depending on the
results, this may be the only testing call.
Generally, get the code for RE25:
<https://git.openldap.org/openldap/openldap/-/archive/OPENLDAP_REL_ENG_2_5...>
Extract, configure, and build.
Execute the test suite (via make test) after it is built. Optionally, cd
tests && make its to run through the regression suite.
Thanks!
OpenLDAP 2.5.5 Engineering
Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502)
Added lloadd tcp-user-timeout support (ITS#9502)
Added slapd-asyncmeta tcp-user-timeout support (ITS#9502)
Added slapd-ldap tcp-user-timeout support (ITS#9502)
Added slapd-meta tcp-user-timeout support (ITS#9502)
Fixed incorrect control OIDs for AuthZ Identity (ITS#9542)
Fixed libldap typo in util-int.c (ITS#9541)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed libldap better TLS1.3 cipher suite handling (ITS#9521,
ITS#9546)
Fixed lloadd multiple issues (ITS#8747)
Fixed slapd slap_op_time to avoid duplicates across restarts
(ITS#9537)
Fixed slapd typo in daemon.c (ITS#9541)
Fixed slapd slapi compilation (ITS#9544)
Fixed slapd to handle empty DN in extended filters (ITS#9551)
Fixed slapd syncrepl searches with empty base (ITS#6467)
Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534)
Fixed slapd-asyncmeta quarantine handling (ITS#8721)
Fixed slapd-asyncmeta to have a default operations timeout
(ITS#9555)
Fixed slapd-ldap quarantine handling (ITS#8721)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapd-meta quarantine handling (ITS#8721)
Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552)
Fixed slapo-pcache locking during expiration (ITS#9529)
Fixed slappw-argon2 module installation (ITS#9548)
Contrib
Update ldapc++/ldaptcl to use configure.ac (ITS#9554)
Documentation
ldap_first_attribute(3) - Document ldap_get_attribute_ber
(ITS#8820)
ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
2 years, 3 months
Openldap trying to setup mozillaAbPersonAlpha.schema
by bob@gunas.co.uk
I don't know if this is the best place to ask for help but I can only try please don't shoot me down.
I'm new to openldap and find it hard going so any help would great.
Trying to setup an Address book to work with Thunderbird.
Trying to Include mozillaAbPersonAlpha.schema in to Ldap 2.4.7 on Ubuntu server 20.04.2
The steps I have taken
1) mkdir /tmp/ldapworkingdir
2) cd /tmp/ldapworkingdir/
3) touch ldap.conf
4) echo "include /etc/ldap/schema/mozillaAbPersonAlpha.schema" > ldap.conf
5) slaptest -f ldap.conf -F .
6) the error message
60b0fc5f /etc/ldap/schema/mozillaAbPersonAlpha.schema: line 148 objectclass: AttributeType not found: "c"
slaptest: bad configuration directory!
I have tried look for example of how to setup Thunderbird address book but with no look.
I do hope someone can help.
Thanks
Bob H
2 years, 3 months
radlib.h: No such file or directory - passwd slapd-module
by rguichardspam@Gmail.com
Hi,
while compile passwd slapd-modules, I've got error on Radius compilation.
gcc -DOPENLDAP_FD_SETSIZE=4096 -O2 -g -DSLAP_SCHEMA_EXPOSE -g -O2 -I/usr/kerberos/include -I../../../include -I../../../include -I../../../servers/slapd -c radius.c -fPIC -DPIC -o .libs/radius.o
radius.c:27:20: fatal error: radlib.h: No such file or directory
#include <radlib.h>
I've searched which package could provide the radlib file but I didn't found it.
Please confirm which package should be used .. or link to the source..
I'm on CentOS
2 years, 3 months
Using the openldap c api
by matt_hannay1@yahoo.com.au
We are in the throw of migrating to openldap however we have a problem.
we currently have the 2.4 release of the client libraries.
I have a problem in the mean time. we have a ldap repository that does not support TLS
but only supports the SSL v1.3 standard .....yes I know about the security risks that's why we are migrating.
Currently the Old Mozilla C api is in use which I have to replace.
From looking at the 2.4 API docs would I be correct in saying the API does not support SSL v1.3 ?
Would the Deprecated API calls get me over the line in replacing the mozilla and establishing a SSL connection,
Or should I look at going to an older openldap API version?
Thanks Matt
2 years, 3 months