I have asked this question previously and didn't get any answers, really hoping someone can help here this time around.
I have configured multiple LDAPs in a Mirror-Mode configuration and fronted by OpenLDAP in proxy mode. I understand that the list contained in the DBURI attribute is used to define the backends, and all the proxies are configured with the same list. I understand that first URI in the DbURI attribute will be used unless this fails, in which case it will fall back to the second URI. It will then keep on the second one until that one fails. This seems fine for most failure cases, when all proxies recognise the same failure. If communication fails between one proxy and the one backend LDAP and doesn't affect all proxies, writes will now be directed to different backends from different proxies. Is there some way to keep the proxies in-line or recognise a failure on one proxy and force the others to change. Or is this not required?
I'm looking at a Prometheus graph of cn=Read,cn=Waiters,cn=Monitor
The object class is monitorCounterObject, the attribute is called
If it's a counter I'd expect the value to only increase.
But the graph shows decreasing values!?!
What's the exact meaning of this?
How to profile performance of different ACLs?
In theory one could run slapd with debug symbols under control of a
profiler for C code. But personally I don't have a clue which ACL
processing entry points to examine more closely.
Another approach could be to derive metrics from acl-loglevel messages.
As far as I understood the MDB disk format changed. So the MDB files
have to be re-created (either by simply removing/replicating or
Now I'm wondering how to automate things (with ansible and puppet) in a
truly idempotent way. Ideally I could determine whether existing MDB
files were last maintained by OpenLDAP 2.4.x or whether they already
have the 2.5 format.
Can I find out the disk format version in any way, e.g. with python-lmdb?
I'm trying to plug LMDB into a system where the user first modifies the value, and only afterwards notifies me that the value has been changed. In LMDB I've been simply passing the value pointer received from mdb_cursor_get (db opened with MDB_WRITEMAP), and if the user notifies me that the value has been changed, I commit the write transaction.
Is this an acceptable use pattern? It seems to work (but crashes without MDB_WRITEMAP). Only thing vaguely related I could find here was https://www.openldap.org/lists/openldap-technical/201510/msg00016.html
Hi, There is a specific requirement where the client needs the memberOf attribute to be returned by default. As per the current design the memberOf attribute is of type operational and thus needs to be explicitly asked for. Is there a easy way to update the schema and change the type of the attribute from Operational to userApplication so that the attribute will be returned by default ? I tried to update the schema using a ldif file but I am getting the following error:- error code 80 - olcAttributeTypes: Duplicate attributeType: 1.2.840.1135188.8.131.52
Please assist with this request.
My Ldif is as follows:-
olcAttributeTypes: ( 1.2.840.1135184.108.40.206 NAME 'memberOf' DESC 'Group that the entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 220.127.116.11.4.1.1418.104.22.168.12 USAGE dSAOperation X-ORIGIN 'iPlanet Delegated Administrator' )
olcAttributeTypes: ( 1.2.840.113522.214.171.124 NAME 'memberOf' DESC 'Group that the entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 126.96.36.199.4.1.14188.8.131.52.12 )
According to this post
http://blog.oddbit.com/post/2013-07-22-generating-a-membero/ it is possible
to use a strategy for generating a memberOf attribute for posixGroups
This need arose for a legacy OpenLDAP LDAP and with several applications
So, this seems to me the best solution to be able to use the memberOf as a
NOTE: Complete information about the problem here
*QUESTION:* Has anyone tested/used the procedure in the post
http://blog.oddbit.com/post/2013-07-22-generating-a-membero/ ? Ie,
generating a memberOf attribute for posixGroups (dynlist module)?
What I have for group OU and user OU is what goes below...
User Letter A
User Letter A
Tecnologia, Desenvolvimento e Software Livre
LightBase Consultoria em Software Público
*+55-61-3347-1949* - http://brlight.org <eduardo.lucio(a)LightBase.com.br> -
*Software livre! Abrace essa idéia! *
*"Aqueles que negam liberdade aos outros não a merecem para si mesmos."*