openldap-technical

openldap-technical@openldap.org

12 participants
9794 discussions

Re: OpenLDAP 2.5.5 PPA for Ubuntu 20.04 LTS
by Dave Macias 24 Aug '21

24 Aug '21

> It's our replacement for Symas OpenLDAP for Linux and Symas OpenLDAP for > Gold. They are free to use and optional support contracts are available. > We're currently working on an official announcement to post, but thought > I'd point you at them since they're ready from the technical perspective. > > --Quanah > Was about to ask if they were still considered WIP... Thank you again for the support!! -Dave

1 0

Re: OpenLDAP 2.5.5 PPA for Ubuntu 20.04 LTS
by Saša-Stjepan Bakša 24 Aug '21

24 Aug '21

Hi Quanah, Long time has passed since our last conversation. :-) Thank you for your info. I was looking around your site and didn't find this repo. Are those commercial release packages or public? Br Saša On Mon, 23 Aug 2021 at 18:12, Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Monday, August 23, 2021 3:15 PM +0200 Saša-Stjepan Bakša > <ssbaksa(a)gmail.com> wrote: > > > > Does anyone maintain PPA for OpenLDAP 2.5.5 PPA for Ubuntu 20.04 LTS? > > On the Symas page, there is a package only for 2.4.59+dfsg-1ppa~bionic1 > > and since Quanah recommends the latest version for using dynlist I am in > > a bit of a problem. I just can't find the proper deb package for Ubuntu. > > Hi Saša-Stjepan Bakša, > > Symas OpenLDAP 2.5 can be obtained from: > > <https://repo.symas.com/soldap/ubuntu20/> > > Regards, > Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

2 1

OpenLDAP 2.5.5 PPA for Ubuntu 20.04 LTS
by Saša-Stjepan Bakša 24 Aug '21

24 Aug '21

Hi, Does anyone maintain PPA for OpenLDAP 2.5.5 PPA for Ubuntu 20.04 LTS? On the Symas page, there is a package only for 2.4.59+dfsg-1ppa~bionic1 and since Quanah recommends the latest version for using dynlist I am in a bit of a problem. I just can't find the proper deb package for Ubuntu. Well to be honest, there is one for the latest Ubuntu but that one is still under development and I can't use that in production. Switching to another distro? Well, after so many years using Ubuntu I am not fond of the idea of switching to another distro. Building it from scratch? Maybe, if I can create an Ubuntu building environment. Br, Saša-Stjepan Bakša

3 3

Re: migrate from 2.4 to 2.5, determine existing MDB format
by kevin martin 20 Aug '21

20 Aug '21

i understand that ldap is a protocol but it occurred to me that a database change (where tables and the like might be different and slapd version dependent) might need to be a sitewide thing, not a server by server thing (meaning the 2.4 servers, once the "database" is mirrored from the master server, might not understand the new format?). --- Regards, Kevin Martin On Thu, Aug 19, 2021 at 12:31 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Thursday, August 19, 2021 1:23 PM -0500 kevin martin > <ktmdms(a)gmail.com> wrote: > > > > > > > if I have multiple slapd servers running 2.4 can I update my master > > server to 2.5 with the new format and will the 2.4 mirrors be able to > > handle the new format or is it an all or nothing upgrade of all servers > > at once? > > LDAP is a protocol, the internal change to the MDB database structure is > immaterial. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

3 3

Re: migrate from 2.4 to 2.5, determine existing MDB format
by kevin martin 19 Aug '21

19 Aug '21

Ok, thanks for the clarification. That's what I needed to know. --- Regards, Kevin Martin On Thu, Aug 19, 2021 at 12:45 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Thursday, August 19, 2021 1:35 PM -0500 kevin martin > <ktmdms(a)gmail.com> wrote: > > > > > > > i understand that ldap is a protocol but it occurred to me that a > > database change (where tables and the like might be different and slapd > > version dependent) might need to be a sitewide thing, not a server by > > server thing (meaning the 2.4 servers, once the "database" is mirrored > > from the master server, might not understand the new format?). > > The only limitation would be that you could not mdb_copy a 2.5 database > and > run that under a 2.4 slapd. Since it's purely internal, the replication > protocol has no "knowledge" of it, and it would not appear in an LDIF > created by slapcat. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

1 0

Re: pwdHistory setting not being honored
by kevin martin 19 Aug '21

19 Aug '21

yeah, just found that in the CHANGE file for 2.4. thanks. and that's why I had asked the other question about the 2.4 vs 2.5 database format and servers. figured if I have to update anyway (and should, granted) I should do it to 2.5 but didn't necessarily want to take on a weekends worth of work if I could get away with doing it bit by bit over time. --- Regards, Kevin Martin On Thu, Aug 19, 2021 at 12:33 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Thursday, August 19, 2021 1:17 PM -0500 kevin martin > <ktmdms(a)gmail.com> wrote: > > > > > > > we HAD a password history setting with ppolicy to store 10 passwords in > > history, and that worked fine. Now, our policy has changed and only the > > last 4 passwords can't be used but when I try to change to a password > > that I know was not in the last 4 password changes I'm told that the > > password exists in my history. looking at an ldif dump my user has 10 > > pwdHistory entries but shouldn't the change in policy cause slapd to only > > look at my last 4 most recent pwdHistory entries, because it's certainly > > not doing so. do I have to dump the ldap into an ldif, remove > > pwdHistory entries, and reload it to make the password history stuff work > > correctly? version of slapd is 2.4.45. > > This is <https://bugs.openldap.org/show_bug.cgi?id=8349> > > Fixed in OpenLDAP 2.4.48. I strongly advise upgrading to current > supported > release for many reasons. > > --Quanah > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

1 0

pwdHistory setting not being honored
by kevin martin 19 Aug '21

19 Aug '21

we HAD a password history setting with ppolicy to store 10 passwords in history, and that worked fine. Now, our policy has changed and only the last 4 passwords can't be used but when I try to change to a password that I know was not in the last 4 password changes I'm told that the password exists in my history. looking at an ldif dump my user has 10 pwdHistory entries but shouldn't the change in policy cause slapd to only look at my last 4 most recent pwdHistory entries, because it's certainly not doing so. do I have to dump the ldap into an ldif, remove pwdHistory entries, and reload it to make the password history stuff work correctly? version of slapd is 2.4.45. --- Regards, Kevin Martin

2 1

Re: migrate from 2.4 to 2.5, determine existing MDB format
by kevin martin 19 Aug '21

19 Aug '21

if I have multiple slapd servers running 2.4 can I update my master server to 2.5 with the new format and will the 2.4 mirrors be able to handle the new format or is it an all or nothing upgrade of all servers at once? --- Regards, Kevin Martin On Sat, Aug 7, 2021 at 2:31 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Saturday, August 7, 2021 3:48 PM +0200 Michael Ströder > <michael(a)stroeder.com> wrote: > > > On 8/7/21 1:34 PM, Howard Chu wrote: > >> Michael Ströder wrote: > >>> On 8/7/21 9:58 AM, Michael Ströder wrote: > >>>> On 8/7/21 12:02 AM, Quanah Gibson-Mount wrote: > >>>>> With OpenLDAP 2.5.7 and later it is possible to export a 2.4 > >>>>> database with slapcat in all circumstances. > >>>> > >>>> This will be very helpful because downstream packagers won't have to > >>>> provide two different versions of slapcat (as currently discussed on > >>>> opensuse-factory list). > >>> > >>> Is it sufficient to use commit d00efea7d19ad339f244f1325883031830125876 > >>> as back-port patch? > >> > >> backport into 2.5? Yes. > > > > Yes, of course into 2.5. > > I would also backport: > > commit dffa47ed752fd840e7a7cc0d1b95e4474f2de95b > Author: Howard Chu <hyc(a)openldap.org> > Date: Fri Aug 6 22:13:47 2021 +0100 > > ITS#9611 bconfig: canonicalize structuralObjectclass > > until 2.5.7 is available, as that is also for 2.4 to 2.5 upgrade > compatibility. It affects the dyngroup, dynlist, and memberof overlays. > > --Quanah > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

2 1

Antw: [EXT] Re: Index seems to return wrong amount of candidate causing really poor search performance
by Ulrich Windl 19 Aug '21

19 Aug '21

>>> Quanah Gibson-Mount <quanah(a)symas.com> schrieb am 16.08.2021 um 23:20 in Nachricht <45379D5CBFA94DE3B1EA38E5(a)[192.168.1.4]>: > > ‑‑On Monday, August 16, 2021 10:00 PM +0000 Petteri Stenius > <Petteri.Stenius(a)ubisecure.com> wrote: > >> >> Thank you for your quick response. >> >> >> If idlexp is the accepted solution then I'd like to understand how to >> choose correct value for idlexp? >> >> >> I have quickly tested with most values. With my quick tests I could not >> find any significant impact on performance. Setting idlexp to maximum 31 >> did however cause slapd to crash with segmentation fault on my system. > > The appropriate value for any environment is entirely dependent on that > environment's indexing and attribute value distribution for those indexed > attributes. You generally want the minimum value for idlexp that allows > searches to function without performance problems. Increasing the idlexp > size increases slapd memory usage. Keep in mind that every increase in the > idlexp value increases the index slot range by a power of 2. The largest Did you mean "to a power of 2", or do you really mean "by a power of 2"? > value I've ever needed for a massively large db with wide value > distributions was 22. ... Regards, Ulrich

2 3

Re: OpenLDAP 2.5.7 available
by Michael Ströder 18 Aug '21

18 Aug '21

On 8/18/21 8:09 PM, project(a)openldap.org wrote: > OpenLDAP 2.5.7 is now available for download as detailed on our download page: As usual you can find packages for several openSUSE/SLE versions in this OBS project: https://build.opensuse.org/project/show/home:stroeder:openldap25 Feedback welcome! Notes: - Always backup your data before upgrading! - The packages received some packaging fixes and are usable now. - This is my private work not related to the OpenLDAP nor the openSUSE projects => blame me if something looks wrong with the packaging. - If unsure install openldap-ms, not openldap2. This uses a separate prefix /opt/openldap-ms. Ciao, Michael.

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical