openldap-technical

openldap-technical@openldap.org

24 participants
9804 discussions

Re: checking replica dbs for consistency
by Nick Milas 23 May '12

23 May '12

On 23/5/2012 4:39 μμ, Charles T. Brooks wrote: > I u s e s l a p c a t t o d u m p t h e d a t a b a s e s t o L D I F f i l e s , s o r t t o n o r m a l i z e t h e o r d e r i n g , a n d d i f f t o c h e c k f o r d i f f e r e n c e s . Thank you, As I said, this actually would work only when replicating *the whole* DIT. By the way, what happens with the operational attributes - are they (supposed to be) identical on both ends? I am expecting any hints on comparing partial replicated data (based on consumer bind DN) ! Nick

2 1

ppolicy 'Constraint violation' with no additional info
by Jean-Philippe Braun 23 May '12

23 May '12

Hi all, I'm using ppolicy for some time now but sometimes when a user changes its password we get a 'Constraint violation' error without any additional info like 'Password is too young to change' or 'Password is in history of old passwords'. So I'm not sure where it fails. Does anybody have some idea on which case(s) this could happen ? (still using 2.4.23 on debian stable) Thanks

2 1

Re: Concerns with OLC (cn=config) for editing schema, ACLs, and deleting entries
by Michael Ströder 22 May '12

22 May '12

harry.jede(a)arcor.de wrote: > Michael Ströder wrote: >> The goal was to make the ACLs more readable for the admin. > This is my intend. Now the question is: Where to make them more readable. >> The GUI >> just makes it possible for the admin to add the LFs and display the >> ACL as multiple lines. And now this has the effect that the >> attributes values in LDIF are base64-encoded. The admin decides >> whether to add LFs or not. > Right, but are you sure all admins, can handle base64 encoded strings > properly. Tools, especially GUI-Tools should make life easier, not more > complex. Again: Did you read the whole thread in the mailing list archive? >> Please add it via LDAP and display it in a LDAP client. It will be a >> single line which was considered to be less readable. > Yes, and it should be a single line. It's entirely up to you whether you want to add LFs or not. There's no GUI tool forcing you to do so. Not my web2ldap nor Apache Directory Studio mentioned in this thread. Ciao, Michael.

2 2

Re: Fwd: Root cause: Strange OpenLdap performace issue
by Michele Mase' 22 May '12

22 May '12

Sorry, I'didn't understand. Which should be better compile/build options? Michele MAsè On Tue, May 22, 2012 at 12:40 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > --On Tuesday, May 22, 2012 12:06 AM +0200 Michele Mase' < > michele.mase(a)gmail.com> wrote: > > > This is how redhat builds openldap; which are the bad libs? Are they the >> lib crypt (--enable-crypt); what should I use instead? >> Michele Masè >> > > Not crypt. crypto. as in using NSS instead of OpenSSL. > > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

2 3

Compiling on Windows, using VC or Windows SDK
by Tom Schuetz 22 May '12

22 May '12

Has anyone successfully compiled openldap using Visual Studio, or Windows SDK? If so, could you share your process with me, what you used for a makefile (or vcproj), approach to dependencies, etc? I have VC 2010 Express on a 64-bit Windows 7 box, and then I also have Windows SDK 7.1. I am comfortable with POSIX OSs and have MinGW installed, but for this I would prefer not to use it to actually compile. Am open to using MinGW to make a useable / translatable makefile, though. Thanks very much, Tom S

3 3

Re: Fwd: Root cause: Strange OpenLdap performace issue
by Michele Mase' 22 May '12

22 May '12

configure \ --with-threads=posix \ --enable-local \ --enable-rlookups \ --with-tls=no \ --with-cyrus-sasl \ --enable-wrappers \ --enable-passwd \ --enable-cleartext \ --enable-crypt \ --enable-spasswd \ --disable-lmpasswd \ --enable-modules \ --disable-sql \ --libexecdir=%{_libdir} build \ --enable-plugins \ --enable-slapd \ --enable-multimaster \ --enable-bdb \ --enable-hdb \ --enable-ldap \ --enable-ldbm \ --with-ldbm-api=%{ldbm_backend} \ --enable-meta \ --enable-monitor \ --enable-null \ --enable-shell \ --enable-sql=mod \ --disable-ndb \ --enable-passwd \ --enable-sock \ --disable-perl \ --enable-relay \ --disable-shared \ --disable-dynamic \ --with-kerberos=k5only \ --enable-overlays=mod This is how redhat builds openldap; which are the bad libs? Are they the lib crypt (--enable-crypt); what should I use instead? Michele Masè On Mon, May 21, 2012 at 11:47 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > --On Monday, May 21, 2012 11:40 PM +0200 Michele Mase' < > michele.mase(a)gmail.com> wrote: > > Is it really bad? Is it buggy? Since redhat has its own ldap 389 dir. >> server, I suppose they don't care of openldap. isn't it? >> Michele Masè >> > > There are known issues with the release they use, and the crypto libraries > it is linked to. > > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

2 1

Re: Fwd: Root cause: Strange OpenLdap performace issue
by Michele Mase' 21 May '12

21 May '12

Is it really bad? Is it buggy? Since redhat has its own ldap 389 dir. server, I suppose they don't care of openldap. isn't it? Michele Masè On Mon, May 21, 2012 at 6:33 PM, Quanah Gibson-Mount <quanah(a)zimbra.com>wrote: > --On Sunday, May 20, 2012 2:13 PM +0200 Michele Mase' < > michele.mase(a)gmail.com> wrote: > > Tx for the suggestion! We plan to migrate where possible to rhel6, that >> has included the 2.4.x openldap (and the possibility of hot adding ram >> and cpu in VM env). We have already tested a multi-master conf. that >> works fine. >> > > Using the OpenLDAP included with RHEL6 is a terrible idea. If you want to > use OpenLDAP as a server, then build it yourself, or use packages from any > of the numerous other sites that will build it out for you, so that you can > stay current. Distro packages are in general only for using the client > libraries. > > > --Quanah > > -- > > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration >

2 1

Migrating from slapd 2.3 to 2.4
by Bobby Krupczak 21 May '12

21 May '12

Hi! I'm finally updating my file/ldap server and am struggling with converting my 2.3 slapd.conf file to 2.4 ldif format. My plan to upgrade was: - dump my old ldap db to a single ldif file - convert slapd.conf using slaptest - connect to slapd using an ldap browser and import my old db via the ldif file I created Is this an appropriate approach that will work? Am I missing something? I ran the slaptest program on my old slapd.conf file and generated a slew of configs under slapd.d. However, I'm now running into an error when I try to start slapd. slapd[4320]: config error processing cn={1}core,cn=schema,cn=config: olcAttributeTypes: Duplicate attributeType: "2.5.4.2" slaptest: bad configuration file! systemd[1]: PID file /var/run/slapd.pid not readable (yet?) after start. I saw via google where the attribute is duplicated but I never could find how to edit/modify the configs to remove the duplicate entry. Any ideas how to remove this duplicate entry? Thanks, Bobby

4 19

RE: Migrating from slapd 2.3 to 2.4
by Quanah Gibson-Mount 21 May '12

21 May '12

--On Monday, May 21, 2012 5:18 PM -0400 "Charles T. Brooks" <brooksct(a)hbcs.org> wrote: > I prefer testing and solid evidence rather than trusting to luck. And > I'm well aware of OpenSSL/NSS issues. But I think our architectures are > based on different assumptions, Quanah. > > I don't use syncrepl. I use slurpd, and I run it without incident for > years at a time. I am currently feeding OL 2.4 systems (Red Hat 6.2) > and 2.3 systems (Red Hat 5.x) from a master 2.3 system without issues, > all using Red Hat packages. Slurpd is more bandwidth efficient than > syncrepl, and I do not have any of the problems syncrepl was designed to > solve, so using syncrepl would be a regression for me. I already have > the ability to sync any or all replicas in minutes if needed, and all my > applications implement LDAP failover at the client, so I can bring down > any server any time I wish. Syncrepl offers me nothing. Cn=config > offers less; it does not yet have all the functions of slapd.conf > (although I am running it on the 2.4 nodes) and it puts a master > password in the database, a password which previously was not LDAP > accessible. Then your usage vastly differs from the norm, and should not in any way, shape, or form, be used as a platform for giving advice to people who are freshly deploying OpenLDAP. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

size of bdb database, master vs replica
by jehan procaccia 21 May '12

21 May '12

hello I use syncrepl between my master and replicas I am surprise with the apparent size of my database (~4000 people entries with jpegphotos of ~10KB each) on the master I have # du -sk *.bdb | sort -n 172 gidNumber.bdb 188 uidNumber.bdb 332 memberUid.bdb 772 ou.bdb 812 modifyTimestamp.bdb 1020 givenName.bdb 1204 uid.bdb 1368 dn2id.bdb 1620 sn.bdb 1908 IntEPersInetServ.bdb 2068 objectClass.bdb 2804 eduPersonOrgUnitDN.bdb 2828 eduPersonPrimaryOrgUnitDN.bdb 3064 cn.bdb 3368 schacUserStatus.bdb 6784 mail.bdb *195412 id2entry.bdb * Plus BDB # du -sk __db* | sort -n 12 __db.001 12 __db.006 464 __db.005 548 __db.004 67540 __db.002 205072 __db.003 but these are shared memory and doesn't matter I suppose !? On the replica I have # du -sk *.bdb | sort -n 8 cn.bdb 8 dn2id.bdb 8 eduPersonOrgUnitDN.bdb 8 eduPersonPrimaryOrgUnitDN.bdb 8 entryCSN.bdb 8 entryUUID.bdb 8 gidNumber.bdb 8 givenName.bdb 8 IntEPersInetServ.bdb 8 mail.bdb 8 memberUid.bdb 8 modifyTimestamp.bdb 8 objectClass.bdb 8 ou.bdb 8 schacUserStatus.bdb 8 sn.bdb 8 uid.bdb 8 uidNumber.bdb *32 id2entry.bdb* # du -sk __* | sort -n 12 __db.001 12 __db.006 380 __db.005 740 __db.004 7060 __db.002 53860 __db.003 So the size of the file are very different, why ? 4000 objects with at least 3000 jpegphoto of 10K each seems to fit in a 32K id2entry.bdb, but why then on the master it is at 195412K id2entry.bdb !? Thanks .

3 4

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical