counters in cn=Waiters,cn=Monitor?
by Michael Ströder
HI!
I'm looking at a Prometheus graph of cn=Read,cn=Waiters,cn=Monitor
(slapd 2.4.59).
The object class is monitorCounterObject, the attribute is called
monitorCounter.
If it's a counter I'd expect the value to only increase.
But the graph shows decreasing values!?!
What's the exact meaning of this?
Ciao, Michael.
1 year, 9 months
Profiling ACLs
by Michael Ströder
HI!
How to profile performance of different ACLs?
In theory one could run slapd with debug symbols under control of a
profiler for C code. But personally I don't have a clue which ACL
processing entry points to examine more closely.
Another approach could be to derive metrics from acl-loglevel messages.
Any ideas?
Ciao, Michael.
1 year, 9 months
Slow LDAP query with PagedResul control and subtree scope
by thomas@guirriec.fr
Hi all,
Can someone explain me why there is a difference in behavior (especially response time for the last one) between these 4 LDAP queries ?
OpenLDAP 2.4.47 Debian 10 (~300K users)
The first three are quick ! :
1) Search with base dn corresponding to an user dn and scope base without PagedResult control :
time ldapsearch -LLL -s sub -a always -D '<BIND_DN>' -w 'BIND_PWD' -b "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" objectclass=* mail
dn: cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>
mail: user(a)org.country
real 0m0.019s
user 0m0.016s
sys 0m0.001s
Debug :
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: conn=1009 op=1 SRCH base="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=0 deref=3 filter="(objectClass=*)"
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: conn=1009 op=1 SRCH attr=mail
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => mdb_search
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: mdb_dn2entry("cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>")
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => mdb_dn2id("cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>")
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: <= mdb_dn2id: got id=0x41240
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => mdb_entry_decode:
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: <= mdb_entry_decode
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" "entry" requested
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access granted by manage(=mwrscxd)
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: base_candidates: base: "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" (0x00041240)
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => test_filter
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: PRESENT
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" "objectClass" requested
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access granted by manage(=mwrscxd)
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: <= test_filter 6
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => send_search_entry: conn 1009 dn="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>"
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" "entry" requested
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access granted by manage(=mwrscxd)
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: result not in cache (mail)
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" "mail" requested
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access granted by manage(=mwrscxd)
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: result was in cache (mail)
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: result was in cache (mail)
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: conn=1009 op=1 ENTRY dn="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>"
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: <= send_search_entry: conn 1009 exit.
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: conn=1009 op=1 p=3
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: err=0 matched="" text=""
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: send_ldap_response: msgid=2 tag=101 err=0
Aug 10 10:46:36 LDAP-CACHE3-R1 slapd[23879]: conn=1009 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
2) Search with base dn corresponding to an user dn and scope subtree without PagedResult control:
time ldapsearch -LLL -s sub -a always -D '<BIND_DN>' -w 'BIND_PWD' -b "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" objectclass=* mail
dn: cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>
mail: user(a)org.country
real 0m0.017s
user 0m0.006s
sys 0m0.007s
Debug :
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: conn=1010 op=1 SRCH base="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)"
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: conn=1010 op=1 SRCH attr=mail
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => mdb_search
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: mdb_dn2entry("cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>")
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => mdb_dn2id("cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>")
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= mdb_dn2id: got id=0x41240
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => mdb_entry_decode:
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= mdb_entry_decode
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" "entry" requested
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access granted by manage(=mwrscxd)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: search_candidates: base="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" (0x00041240) scope=2
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => mdb_filter_candidates
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: #011EQUALITY
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => mdb_equality_candidates (objectClass)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => key_read
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: mdb_idl_fetch_key: [01872a84]
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= mdb_index_read: failed (-30798)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= mdb_equality_candidates: id=0, first=0, last=0
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= mdb_filter_candidates: id=0 first=0 last=0
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => mdb_filter_candidates
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: #011PRESENT
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => mdb_presence_candidates (objectClass)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= mdb_filter_candidates: id=-1 first=1 last=299284
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: mdb_search_candidates: id=-1 first=1 last=299284
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => test_filter
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: PRESENT
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" "objectClass" requested
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access granted by manage(=mwrscxd)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= test_filter 6
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => send_search_entry: conn 1010 dn="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>"
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" "entry" requested
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access granted by manage(=mwrscxd)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: result not in cache (mail)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" "mail" requested
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access granted by manage(=mwrscxd)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: result was in cache (mail)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: result was in cache (mail)
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: conn=1010 op=1 ENTRY dn="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>"
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: <= send_search_entry: conn 1010 exit.
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: conn=1010 op=1 p=3
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: err=0 matched="" text=""
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: conn=1010 op=1 p=3
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: err=0 matched="" text=""
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: send_ldap_response: msgid=2 tag=101 err=0
Aug 10 10:51:24 LDAP-CACHE3-R1 slapd[23879]: conn=1010 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
3) Search with base dn corresponding to an user dn and scope base with PagedResult control:
time ldapsearch -LLL -E pr=500 -s base -a always -D '<BIND_DN>' -w 'BIND_PWD' -b "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" objectclass=* mail
dn: cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>
mail: user(a)org.country
# pagedresults: cookie=
real 0m0.019s
user 0m0.012s
sys 0m0.004s
Debug :
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: conn=1011 op=1 SRCH base="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)" scope=0 deref=3 filter="(objectClass=*)"
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: conn=1011 op=1 SRCH attr=mail
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => mdb_search
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: mdb_dn2entry("cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)")
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => mdb_dn2id("cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)")
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: <= mdb_dn2id: got id=0x41240
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => mdb_entry_decode:
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: <= mdb_entry_decode
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)" "entry" requested
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access granted by manage(=mwrscxd)
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: base_candidates: base: "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)" (0x00041240)
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => test_filter
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: PRESENT
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)" "objectClass" requested
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access granted by manage(=mwrscxd)
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: <= test_filter 6
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => send_search_entry: conn 1011 dn="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)"
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)" "entry" requested
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access granted by manage(=mwrscxd)
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: result not in cache (mail)
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)" "mail" requested
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: read access granted by manage(=mwrscxd)
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: result was in cache (mail)
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: result was in cache (mail)
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: conn=1011 op=1 ENTRY dn="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)"
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: <= send_search_entry: conn 1011 exit.
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: send_paged_response: lastid=0x00000000 nentries=1
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: conn=1011 op=1 p=3
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: err=0 matched="" text=""
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: send_ldap_response: msgid=2 tag=101 err=0
Aug 10 11:02:09 LDAP-CACHE3-R1 slapd[23879]: conn=1011 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
4) Search with base dn corresponding to an user dn and scope subtree with PagedResult control:
time ldapsearch -LLL -E pr=500 -s base -a always -D '<BIND_DN>' -w 'BIND_PWD' -b "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" objectclass=* mail
dn: cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>
mail: user(a)org.country
# pagedresults: cookie=
real 0m43.488s
user 0m0.013s
sys 0m0.000s
Debug :
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: conn=1012 op=1 SRCH base="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" scope=2 deref=3 filter="(objectClass=*)"
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: conn=1012 op=1 SRCH attr=mail
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => mdb_search
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_dn2entry("cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>")
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => mdb_dn2id("cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>")
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: <= mdb_dn2id: got id=0x41240
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => mdb_entry_decode:
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: <= mdb_entry_decode
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access to "cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" "entry" requested
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: <= root access granted
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => access_allowed: search access granted by manage(=mwrscxd)
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: search_candidates: base="cn=<USER>,ou=<UNIT>,o=<ORG>,c=<COUNTRY>" (0x00041240) scope=2
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => mdb_filter_candidates
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: #011EQUALITY
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => mdb_equality_candidates (objectClass)
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => key_read
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_idl_fetch_key: [01872a84]
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: <= mdb_index_read: failed (-30798)
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: <= mdb_equality_candidates: id=0, first=0, last=0
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: <= mdb_filter_candidates: id=0 first=0 last=0
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => mdb_filter_candidates
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: #011PRESENT
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: => mdb_presence_candidates (objectClass)
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: <= mdb_filter_candidates: id=-1 first=1 last=299284
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search_candidates: id=-1 first=1 last=299284
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 1 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 2 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 3 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 4 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 5 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 6 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 7 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 8 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 9 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 10 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 11 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 12 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 13 scope not okay
Aug 10 11:09:06 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 14 scope not okay
...
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299265 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299266 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299267 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299268 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299269 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299270 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299271 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299272 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299273 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299274 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299275 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299276 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299277 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299278 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299279 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299280 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299281 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299282 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299283 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: mdb_search: 299284 scope not okay
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: send_paged_response: lastid=0x00000000 nentries=1
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: conn=1012 op=1 p=3
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: err=0 matched="" text=""
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: conn=1012 op=1 p=3
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: send_ldap_result: err=0 matched="" text=""
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: send_ldap_response: msgid=2 tag=101 err=0
Aug 10 11:09:50 LDAP-CACHE3-R1 slapd[23879]: conn=1012 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
It's as if the last request iterate over all entries matching with objectclass=*.
Is this the expected behavior ?
Thomas
1 year, 9 months
migrate from 2.4 to 2.5, determine existing MDB format
by Michael Ströder
HI!
As far as I understood the MDB disk format changed. So the MDB files
have to be re-created (either by simply removing/replicating or
slapcat/slapadd). Right?
Now I'm wondering how to automate things (with ansible and puppet) in a
truly idempotent way. Ideally I could determine whether existing MDB
files were last maintained by OpenLDAP 2.4.x or whether they already
have the 2.5 format.
Can I find out the disk format version in any way, e.g. with python-lmdb?
Ciao, Michael.
1 year, 9 months
Modify memberOf olcAttributetype in schema
by shekhar.shrinivasan@gmail.com
Hi, There is a specific requirement where the client needs the memberOf attribute to be returned by default. As per the current design the memberOf attribute is of type operational and thus needs to be explicitly asked for. Is there a easy way to update the schema and change the type of the attribute from Operational to userApplication so that the attribute will be returned by default ? I tried to update the schema using a ldif file but I am getting the following error:- error code 80 - olcAttributeTypes: Duplicate attributeType: 1.2.840.113556.1.2.102
Please assist with this request.
My Ldif is as follows:-
dn: cn=schema,cn=config
changetype: modify
delete: olcAttributeTypes
olcAttributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation X-ORIGIN 'iPlanet Delegated Administrator' )
-
add: olcAttributeTypes
olcAttributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
1 year, 9 months
Generating a memberOf attribute for posixGroups (dynlist module)
by Eduardo Lúcio Amorim Costa
According to this post
http://blog.oddbit.com/post/2013-07-22-generating-a-membero/ it is possible
to use a strategy for generating a memberOf attribute for posixGroups
(dynlist module).
This need arose for a legacy OpenLDAP LDAP and with several applications
using it.
So, this seems to me the best solution to be able to use the memberOf as a
filter.
NOTE: Complete information about the problem here
https://stackoverflow.com/questions/68583838/ldap-add-a-filter-to-an-ldap...
).
*QUESTION:* Has anyone tested/used the procedure in the post
http://blog.oddbit.com/post/2013-07-22-generating-a-membero/ ? Ie,
generating a memberOf attribute for posixGroups (dynlist module)?
What I have for group OU and user OU is what goes below...
*GROUP*
```
cn:
accessgroup
gidNumber:
1004
memberUid:
usera
userb
userc
userd
usere
userf
userg
userh
useri
objectClass:
top
posixGroup
```
*USERS*
```
cn:
User Letter A
gecos:
User Letter A
gender:
M
gidNumber:
544
givenName:
User
gotoLastSystemLogin:
01.01.1970 00:00:00
homeDirectory:
/home/usera
loginShell:
/bin/bash
mail:
user.letter.a(a)domain.abc.de
objectClass:
top
person
organizationalPerson
inetOrgPerson
gosaAccount
posixAccount
shadowAccount
sambaSamAccount
[...]
uid:
usera
uidNumber:
1004
[...]
```
*Thanks! =D*
--
*Eduardo Lúcio*
Tecnologia, Desenvolvimento e Software Livre
LightBase Consultoria em Software Público
eduardo.lucio(a)lightbase.com.br <eduardo.lucio(a)LightBase.com.br>
*+55-61-3347-1949* - http://brlight.org <eduardo.lucio(a)LightBase.com.br> -
*Brasil-DF*
*Software livre! Abrace essa idéia! *
*"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*
*Abraham Lincoln*
1 year, 9 months