openldap-technical

openldap-technical@openldap.org

12 participants
9794 discussions

Initialize ldap with mdb
by rammohan ganapavarapu 02 Oct '17

02 Oct '17

Hi, I am trying to follow this thread ( http://blog.roeften.com/2015/03/openldap-24-on-centos-7-using-mdb.html ) to initialize the ldap config in non-default directory but i am getting this error. cat example.ldif | slapadd -v -F /opt/data/slapd.d -n 0 -d -1 59d29ce6 >>> dnPrettyNormal: <cn=config> 59d29ce6 <<< dnPrettyNormal: <cn=config>, <cn=config> 59d29ce6 str2entry: entry -1 has multiple DNs "cn=config" and "cn=module,cn=config" slapadd: could not parse entry (line=1) If i add one by one (one dn at a time) it seems to be working. Any idea? Thanks

1 0

Re: Openldap periodic cpu spikes in one of the servers in two node MMR
by rammohan ganapavarapu 02 Oct '17

02 Oct '17

Quanah, Thank you. Ram On Mon, Oct 2, 2017 at 10:11 AM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Monday, October 02, 2017 10:59 AM -0700 rammohan ganapavarapu < > rammohanganap(a)gmail.com> wrote: > > >> Quanah, >> >> >> Where can i get a minimal slapd.conf/cn=config for mdb? also all >> supported properties for mdb? >> > > The man page for slapd-mdb notes what its configuration options are: > > <http://www.openldap.org/software/man.cgi?query=slapd-mdb& > apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html> > > If you want a minimal slapd.conf for mdb, it's pretty basic: > > database mdb > directory </path/to/database> > index <indices> > maxsize 85899345920 > <db specific ACLs> > > > You could use slaptest to convert that trivially to cn=config > representation. > > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > >

1 0

Re: Openldap periodic cpu spikes in one of the servers in two node MMR
by Quanah Gibson-Mount 02 Oct '17

02 Oct '17

--On Monday, October 02, 2017 10:59 AM -0700 rammohan ganapavarapu <rammohanganap(a)gmail.com> wrote: > > Quanah, > > > Where can i get a minimal slapd.conf/cn=config for mdb? also all > supported properties for mdb? The man page for slapd-mdb notes what its configuration options are: <http://www.openldap.org/software/man.cgi?query=slapd-mdb&apropos=0&sektion=…> If you want a minimal slapd.conf for mdb, it's pretty basic: database mdb directory </path/to/database> index <indices> maxsize 85899345920 <db specific ACLs> You could use slaptest to convert that trivially to cn=config representation. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: Openldap periodic cpu spikes in one of the servers in two node MMR
by rammohan ganapavarapu 02 Oct '17

02 Oct '17

Quanah, Where can i get a minimal slapd.conf/cn=config for mdb? also all supported properties for mdb? Thanks, Ram On Fri, Sep 29, 2017 at 2:32 PM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Friday, September 29, 2017 2:50 PM -0700 rammohan ganapavarapu < > rammohanganap(a)gmail.com> wrote: > > >> Quanah, >> >> >> Yes that is the plan but till i moved to latest version with mdb, i have >> to live with it. Regarding upgrading to latest with mdb, how can i >> migrate from hdb to mdb with out downtime? can i add latest openldap with >> mdb as replica to existing older/hdb instance? >> > > Yes, you can have an mdb-based server that is a replica from an existing > back-hdb server. > > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > >

1 0

country attribute
by richard lucassen 02 Oct '17

02 Oct '17

Hello list, Just a newbie question: I try to create a simple addressbook in LDAP and I just wondered why there is no country attribute in the standard structure: objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson Just an "st" attribute, but this should not be used for a country AFAIK. Is there an easy way to add the country or friendlyCountryName as a MAY attribute without having to create my own objectClass? R. -- richard lucassen http://contact.xaq.nl/

4 10

What is the current OLC way to replace the nis schema with the rfc2307bis schema?
by John Lewis 02 Oct '17

02 Oct '17

What is the current OLC way to replace the nis schema with the rfc2307bis schema? There are hacks published, but I couldn't find a document that takes advantage of OLC, removes the nis schema, and installs the rfc2307bis schema. It feels like something that I would do often enough that I would want to be able to do it one ldapmodify operation. There is a problem. There wasn't delete support in OLC 2.4 2012 in http ://www.openldap.org/lists/openldap-technical/201204/msg00245.html. OLC does support delete in 2.5 as of 2013 https://www.slideshare.net/ld apcon/whats-new-in-openldap. Since that has been established, what is the least hacky way to replace the nis schema with the rfc2307bis schema in 2.4?

2 1

Email based self registration
by John Lewis 02 Oct '17

02 Oct '17

Is there an application that supports both email based self registration and OpenLDAP storage of the account data?

2 1

Re: Openldap periodic cpu spikes in one of the servers in two node MMR
by Quanah Gibson-Mount 29 Sep '17

29 Sep '17

--On Friday, September 29, 2017 2:50 PM -0700 rammohan ganapavarapu <rammohanganap(a)gmail.com> wrote: > > Quanah, > > > Yes that is the plan but till i moved to latest version with mdb, i have > to live with it. Regarding upgrading to latest with mdb, how can i > migrate from hdb to mdb with out downtime? can i add latest openldap with > mdb as replica to existing older/hdb instance? Yes, you can have an mdb-based server that is a replica from an existing back-hdb server. --Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: Openldap periodic cpu spikes in one of the servers in two node MMR
by rammohan ganapavarapu 29 Sep '17

29 Sep '17

Quanah, Yes that is the plan but till i moved to latest version with mdb, i have to live with it. Regarding upgrading to latest with mdb, how can i migrate from hdb to mdb with out downtime? can i add latest openldap with mdb as replica to existing older/hdb instance? Thanks for all you suggestions Ram On Fri, Sep 29, 2017 at 1:38 PM, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Friday, September 29, 2017 2:31 PM -0700 rammohan ganapavarapu < > rammohanganap(a)gmail.com> wrote: > > >> Quanah, >> >> >> Sorry i was searching for one attribute, i have close to 80mil entries. >> > > Then these settings may be too low: > > cachesize 100000 > idlcachesize 300000 > > Essentally, cachesize needs to hold your working set of data (active > entries). So this is saying slapd will only cache 100,000 active entries. > It will then be removing/adding entries in blocks of one (cachefree > defaults to 1 if not set). idlcachesize generally is 3x cachesize. > > If your active set is > 100,000 users, then you need to increase the > cachesize and idlcachesize parameters accordingly. You may also need to > increase cachefree from its default of "1". > > Overall, you would likely be much better served to switch to back-mdb, > where you do not have to set any of these parameters at all. > > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> > >

1 0

Re: Openldap and sssd: getting slapd to do TLS negotiation or getting sssd to NOT do TLS negotiation
by Quanah Gibson-Mount 29 Sep '17

29 Sep '17

--On Friday, September 29, 2017 5:03 PM -0400 Robert Heller <heller(a)deepsoft.com> wrote: > At Fri, 29 Sep 2017 10:29:11 -0700 Quanah Gibson-Mount <quanah(a)symas.com> > wrote: > >> >> --On Friday, September 29, 2017 2:17 PM -0400 Robert Heller >> <heller(a)deepsoft.com> wrote: >> >> > Signature Algorithm: sha1WithRSAEncryption >> >> The above is probably your problem. I believe MozNSS will no longer >> accept SHA1 certs. This was in the link I sent you yesterday. >> Generate a more secure cert (I.e., SHA256 or higher). > > I replaced the certs with SHA256 versions and it is still not working: You need logs from SSSD detailing why it is failing to negotiate. As you noted before, ldapsearch/ldapwhoami etc work for you. If that is still the case now with your new certs, you will need to pursue support with RedHat, as this clearly is not an OpenLDAP issue. Sorry I can't be of any more help than that. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical