openldap-technical

openldap-technical@openldap.org

13 participants
9906 discussions

Re: OpenLDAP 2.6.0 testing call
by Nick Folino 30 Sep '21

30 Sep '21

Yes. Logging now continues to work after changes to config. But - adding levels works on the fly, but removing them doesn't. For instance this works fine: olcLogLevel: stats If I change it to "stats ACL" then the ACL data starts getting added to the log. No restart required. If I change it back to "stats" I keep getting ACL data until the directory is restarted. Nick On Wed, Sep 29, 2021 at 5:49 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Wednesday, September 29, 2021 9:17 AM -0400 Nick Folino > <nick(a)folino.us> wrote: > > > > > I don't know what the expected results should be, but changing > > olcLogLevel while running causes all logging to the specified file to > > stop. > > > > Logging starts with the new level upon restart. > > This should now be fixed. :) > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

3 6

Re: OpenLDAP 2.6.0 testing call
by Nick Folino 29 Sep '21

29 Sep '21

Verified. New log options look good on Fedora 34. No issues with tests either. Thanks! Nick On Tue, Sep 28, 2021 at 3:10 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Friday, September 17, 2021 10:13 AM -0700 Quanah Gibson-Mount > <quanah(a)symas.com> wrote: > > > > > > > --On Tuesday, September 7, 2021 7:07 PM -0400 Nick Folino > > <nick(a)folino.us> wrote: > > > >> > >> Thanks Quanah. olcLogFile and olcLogFileOnly seem to have no effect. > >> Using them I still get logs only to the journal on Fedora 34. > > > > Hi Nick, > > > > I was able to reproduce this and have reopened the issue report. > > This is now fixed for slapd, work pending to fix for lloadd. > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

2 2

Re: OpenLDAP 2.6.0 testing call
by Nick Folino 28 Sep '21

28 Sep '21

Thanks Quanah. olcLogFile and olcLogFileOnly seem to have no effect. Using them I still get logs only to the journal on Fedora 34. Nick On Tue, Sep 7, 2021 at 5:19 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > > > --On Tuesday, September 7, 2021 4:15 PM -0400 Nick Folino <nick(a)folino.us> > > wrote: > > > > > No issues on Fedora 34. Any docs on how to work with the new logging > > options? > > See slapd.conf(5) or slapd-config(5). In slapd.conf(5), search for > "logfile", in slapd-config(5), search for olcLogFile > > > Regards, > Quanah > > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

2 2

RESULT etime vs. qtime
by Michael Ströder 28 Sep '21

28 Sep '21

HI! I'm adapting my mtail program for log-based slapd metrics for release 2.5. 2.5 introduces qtime= and etime= in RESULT lines. Great! I could easily grab histogram metrics for both but that doubles time-series data in Prometheus. So I wonder what's the difference? Is it worth to always look at both? Ciao, Michael.

3 3

delta-sync replication setup
by frederic.goudal＠bordeaux-inp.fr 28 Sep '21

28 Sep '21

Hello, I'm trying to setup delta-sync replication. One difficulty I encounter is that the documentation only refer to the old slapd.conf syntax and not the cn=config one. It is a bit tricky to guess the olc names, objectClass and so on. Is it posssible to update the documentation ? By the way while trying to add the accesslog overlay to my main suffix the slapd daemon stopped with the following syslog entry : slapd[219917]: ch_realloc of 18446744071562067968 bytes failed Slapd 2.5.7 -- Frédéric Goudal Administrateur Systèmes et Réseaux Bordeaux-INP

2 2

struggling with meta_backend, active directory and memberof
by Marco Baiguera 27 Sep '21

27 Sep '21

Hello everyone, I am struggling to make an openldap/meta configuration work: i have two active directory domain/servers: dc=mysite,cd=com and dc=other,dc=mysite,dc=com my goal is to integrate both domains with an application who can integrate with a SINGLE ldap source for user authentication. i'd like to build an openldap meta/proxy to build a virtual tree with mysite.com (empty) --- ou=virtual, dc= mysite,dc =com --- ou=other, dc= mysite,dc =com I'm working with these configuration: database meta suffix "dc=mysite,cd=com" .. uri "ldap://SRV-xxxxxx/ou=virtual, dc= mysite,dc =com" readonly yes lastmod off suffixmassage "ou=virtual, dc= mysite,dc =com" "dc= mysite,dc =com" uri "ldap://SRV-yyyy/ou=other, dc= mysite,dc =com" readonly yes lastmod off suffixmassage "ou=other, dc= mysite,dc =com" "dc=other,dc=mysite,dc=com" The ldap tree is accessible but the group membership is wrong: the value of memberof attributes for every user still has the original value, not the remapped value,for example: cn=user,ou=someou,dc=mysite,cd=com cn=somegroup,ou=groups,dc=mysite,cd=com are seen by the client as cn=user,ou=someou,ou=virtual,dc=mysite,cd=com cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com but the membeof attribute of user.someou.mysite.com is cn=somegroup,ou=groups,dc=mysite,cd=com i expect it to be membeof=cn=somegroup,ou=groups,ou=virtual,dc=mysite,cd=com Can someone advice if this is the correct way to address this problem ? Can someone point me to the proper documentation ? Thank you Marco

1 1

Failing while Configuring the OpenLDAP
by Challa N Kumar Reddy 27 Sep '21

27 Sep '21

Hi There, I am new to OpenLDAP and followed the steps mentioned in this quick start guide as it is https://www.openldap.org/doc/admin25/quickstart.html but failing the configuration of OpenLDAP. I followed the below steps on CentOS 8 with 2.5.7 and successfully installed but while configuring facing issues, please correct me if I am doing this in the wrong way. 1. Created a Linux user dedicated to OpenLDAP with the name "nchalla" which has sudo permissions. 2. Login with Root user and created a folder /u01 3. change permissions on /u01 (for time being granted 777 ( 4. change ownership of /u01 to "nchalla" 5. downloaded the tarball and extracted the OpenLDAP 2.5.7 7. downloaded the required developer libraries 8. Logged in as nchalla and navigated to the OpenLDAP 2.5.7 extracted folder and start compiling and installing with the below commands ./configure --prefix=/u01/ldap make depend make make test (all tests were passed) make install 9. Started the configuration following the below steps a. created a folder /u01/ldap/etc/slapd.d b. updated the slapd.ldif with our domain name c. navigate to /u01/ldap and executed the command below, sbin/slapadd -n 0 -F /u01/ldap/etc/slapd.d -l /u01/ldap/etc/openldap/slapd.ldif But getting an error message issue the above command Also , the next step is to start the slapd service but It seems like I couldn't start the service as shown in the below screenshot Please help! Thanks in advance.

2 3

Re: 2.5.7 - help understanding syslog local4
by Dave Macias 23 Sep '21

23 Sep '21

Just to update: by adding to cn=config : olcLogLevel: Stats or loglevel 256 to slapd.conf and with -d 0 and no other change to rsyslog.conf nor to journal.conf I get all my connections, LDAP operations, results logged via syslog to /var/log/slapd/slapd.conf Thank you!!! On Thu, Sep 23, 2021 at 12:23 PM Quanah Gibson-Mount <quanah(a)symas.com> wrote: > --On Thursday, September 23, 2021 6:45 PM +0200 Michael Ströder > <michael(a)stroeder.com> wrote: > > > Personally I have on my systems: > > > > In file /etc/systemd/journald.conf: > > > > [Journal] > > Storage=none > > ForwardToSyslog=yes > > > > In /etc/rsyslog.conf: > > > > $AddUnixListenSocket /dev/log > > > > And I start slapd with -d 0 and loglevel set. > > As a side note, I've encountered deadlocks on RHEL7 on extremely busy > systems when journald is integrated with syslog like this. It also has a > strong negative effect on performance. Whether the deadlock is RHEL7 > specific or not is unknown. > > When OpenLDAP 2.6 releases, syslog (and journald) can be bypassed entirely > and a purely local log file can be used, resulting in a significant > performance increase. > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >

1 0

Uplift from 2.3.20 to 2.4.50
by Viggo Simonsen 23 Sep '21

23 Sep '21

Hi community, I am trying to uplift a very old adaptation of OpenLDAP from 2.3.20 to 2.4.50. I first tried a one-step approach, cherry-picking my delta, based on 2.3.20 into 2.4.50 - but that was a daunting task, given that there is 14 years between the two releases I am now trying again with a step-wise approach, merging one revision at a time from 2.3.20 .. 2.3.43 - and then through the 2.4 releases. So far up to 2.3.43, this has been simple - however now, merging the 2.4 releases, I am facing a huge number of conflicts on nearly all files. It is most certainly due to a lack of ancestry between the 2.4 and 2.3 branches I assume that 2.3 has been merged to master, and 2.4 branched of master at some point, possibly before the 2.3.43 release In short, there is a unclear, and possible collapsed merge path between the 2.3 and 2.4 branches that makes the leap between them difficult Can someone from the development team advise, how I can get about making this transition in a smooth manner? Thanks /Viggo

3 2

configure: error: Could not locate Cyrus SASL
by Challa N Kumar Reddy 23 Sep '21

23 Sep '21

Hi There, I have installed all the libraries including Cyrus SASL but while trying to compile I am getting the captioned error, Could you please advise. [nchalla@server openldap-2.5.7]$ ./configure --prefix=/u01/ldap --disable-static --enable-debug --with-tls=auto --with-cyrus-sasl --enable-dynamic --enable-crypt --enable-spasswd --enable-slapd --enable-modules --enable-rlookups --enable-backends=mod --disable-ndb --disable-sql --disable-wt --enable-overlays=mod Configuring OpenLDAP 2.5.7-Release ... checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking target system type... x86_64-pc-linux-gnu checking configure arguments... done checking for cc... cc checking for ar... ar checking for strip... strip checking whether make sets $(MAKE)... yes checking how to print strings... printf checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether cc accepts -g... yes checking for cc option to accept ISO C89... none needed checking for a sed that does not truncate output... /usr/bin/sed checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for fgrep... /usr/bin/grep -F checking for ld used by cc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B checking the name lister (/usr/bin/nm -B) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... 1572864 checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop checking for /usr/bin/ld option to reload object files... -r checking for objdump... objdump checking how to recognize dependent libraries... pass_all checking for dlltool... dlltool checking how to associate runtime and link libraries... printf %s\n checking for archiver @FILE support... @ checking for ranlib... ranlib checking for gawk... gawk checking command to parse /usr/bin/nm -B output from cc object... ok checking for sysroot... no checking for a working dd... /usr/bin/dd checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1 checking for mt... no checking if : is a manifest tool... no checking how to run the C preprocessor... cc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for dlfcn.h... yes checking for objdir... .libs checking if cc supports -fno-rtti -fno-exceptions... no checking for cc option to produce PIC... -fPIC -DPIC checking if cc PIC flag -fPIC -DPIC works... yes checking if cc static flag -static works... no checking if cc supports -c -o file.o... yes checking if cc supports -c -o file.o... (cached) yes checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking for shl_load... no checking for shl_load in -ldld... no checking for dlopen... no checking for dlopen in -ldl... yes checking whether a program can dlopen itself... yes checking whether a statically linked program can dlopen itself... yes checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no checking how to run the C preprocessor... cc -E checking whether we are using MS Visual C++... no checking for windres... no checking for be_app in -lbe... no checking whether we are using the GNU C compiler... (cached) yes checking whether cc accepts -g... (cached) yes checking for cc option to accept ISO C89... (cached) none needed checking for cc depend flag... -M checking for afopen in -ls... no checking ltdl.h usability... yes checking ltdl.h presence... yes checking for ltdl.h... yes checking for lt_dlinit in -lltdl... yes checking for EBCDIC... no checking for ANSI C header files... yes checking for dirent.h that defines DIR... yes checking for library containing opendir... none required checking for sys/wait.h that is POSIX.1 compatible... yes checking whether termios.h defines TIOCGWINSZ... no checking whether sys/ioctl.h defines TIOCGWINSZ... yes checking arpa/inet.h usability... yes checking arpa/inet.h presence... yes checking for arpa/inet.h... yes checking arpa/nameser.h usability... yes checking arpa/nameser.h presence... yes checking for arpa/nameser.h... yes checking assert.h usability... yes checking assert.h presence... yes checking for assert.h... yes checking bits/types.h usability... yes checking bits/types.h presence... yes checking for bits/types.h... yes checking conio.h usability... no checking conio.h presence... no checking for conio.h... no checking crypt.h usability... yes checking crypt.h presence... yes checking for crypt.h... yes checking direct.h usability... no checking direct.h presence... no checking for direct.h... no checking errno.h usability... yes checking errno.h presence... yes checking for errno.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking filio.h usability... no checking filio.h presence... no checking for filio.h... no checking getopt.h usability... yes checking getopt.h presence... yes checking for getopt.h... yes checking grp.h usability... yes checking grp.h presence... yes checking for grp.h... yes checking io.h usability... no checking io.h presence... no checking for io.h... no checking libutil.h usability... no checking libutil.h presence... no checking for libutil.h... no checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking locale.h usability... yes checking locale.h presence... yes checking for locale.h... yes checking malloc.h usability... yes checking malloc.h presence... yes checking for malloc.h... yes checking for memory.h... (cached) yes checking psap.h usability... no checking psap.h presence... no checking for psap.h... no checking pwd.h usability... yes checking pwd.h presence... yes checking for pwd.h... yes checking process.h usability... no checking process.h presence... no checking for process.h... no checking sgtty.h usability... yes checking sgtty.h presence... yes checking for sgtty.h... yes checking shadow.h usability... yes checking shadow.h presence... yes checking for shadow.h... yes checking stddef.h usability... yes checking stddef.h presence... yes checking for stddef.h... yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking sysexits.h usability... yes checking sysexits.h presence... yes checking for sysexits.h... yes checking sys/file.h usability... yes checking sys/file.h presence... yes checking for sys/file.h... yes checking sys/filio.h usability... no checking sys/filio.h presence... no checking for sys/filio.h... no checking sys/fstyp.h usability... no checking sys/fstyp.h presence... no checking for sys/fstyp.h... no checking sys/errno.h usability... yes checking sys/errno.h presence... yes checking for sys/errno.h... yes checking sys/ioctl.h usability... yes checking sys/ioctl.h presence... yes checking for sys/ioctl.h... yes checking sys/param.h usability... yes checking sys/param.h presence... yes checking for sys/param.h... yes checking sys/privgrp.h usability... no checking sys/privgrp.h presence... no checking for sys/privgrp.h... no checking sys/resource.h usability... yes checking sys/resource.h presence... yes checking for sys/resource.h... yes checking sys/select.h usability... yes checking sys/select.h presence... yes checking for sys/select.h... yes checking sys/socket.h usability... yes checking sys/socket.h presence... yes checking for sys/socket.h... yes checking for sys/stat.h... (cached) yes checking sys/syslog.h usability... yes checking sys/syslog.h presence... yes checking for sys/syslog.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking for sys/types.h... (cached) yes checking sys/uio.h usability... yes checking sys/uio.h presence... yes checking for sys/uio.h... yes checking sys/vmount.h usability... no checking sys/vmount.h presence... no checking for sys/vmount.h... no checking syslog.h usability... yes checking syslog.h presence... yes checking for syslog.h... yes checking termios.h usability... yes checking termios.h presence... yes checking for termios.h... yes checking for unistd.h... (cached) yes checking utime.h usability... yes checking utime.h presence... yes checking for utime.h... yes checking for resolv.h... yes checking for netinet/tcp.h... yes checking for sys/ucred.h... no checking for sigaction... yes checking for sigset... yes checking for fmemopen... yes checking for socket... yes checking for select... yes checking for sys/select.h... (cached) yes checking for sys/socket.h... (cached) yes checking types of arguments for select... int,fd_set *,struct timeval * checking for poll... yes checking poll.h usability... yes checking poll.h presence... yes checking for poll.h... yes checking sys/poll.h usability... yes checking sys/poll.h presence... yes checking for sys/poll.h... yes checking sys/epoll.h usability... yes checking sys/epoll.h presence... yes checking for sys/epoll.h... yes checking for epoll system call... yes checking sys/event.h usability... no checking sys/event.h presence... no checking for sys/event.h... no checking sys/devpoll.h usability... no checking sys/devpoll.h presence... no checking for sys/devpoll.h... no checking for strerror... yes checking for strerror_r... yes checking non-posix strerror_r... no checking for regex.h... yes checking for library containing regfree... none required checking for compatible POSIX regex... yes checking sys/uuid.h usability... no checking sys/uuid.h presence... no checking for sys/uuid.h... no checking uuid/uuid.h usability... no checking uuid/uuid.h presence... no checking for uuid/uuid.h... no checking to see if -lrpcrt4 is needed for win32 UUID support... no checking for resolver link (default)... no checking for resolver link (-lresolv)... yes checking for hstrerror... yes checking for getaddrinfo... yes checking for getnameinfo... yes checking for gai_strerror... yes checking for inet_ntop... yes checking INET6_ADDRSTRLEN... yes checking struct sockaddr_storage... yes checking sys/un.h usability... yes checking sys/un.h presence... yes checking for sys/un.h... yes checking openssl/ssl.h usability... no checking openssl/ssl.h presence... no checking for openssl/ssl.h... no checking gnutls/gnutls.h usability... no checking gnutls/gnutls.h presence... no checking for gnutls/gnutls.h... no configure: WARNING: Could not locate TLS/SSL package configure: WARNING: TLS data protection not supported! checking for _beginthread... no checking pthread.h usability... yes checking pthread.h presence... yes checking for pthread.h... yes checking POSIX thread version... 10 checking for LinuxThreads pthread.h... no checking for GNU Pth pthread.h... no checking sched.h usability... yes checking sched.h presence... yes checking for sched.h... yes checking for pthread_create in default libraries... no checking for pthread link with -kthread... no checking for pthread link with -pthread... yes checking for sched_yield... yes checking for pthread_yield... yes checking for thr_yield... no checking for pthread_kill... yes checking for pthread_rwlock_destroy with <pthread.h>... yes checking for pthread_detach with <pthread.h>... yes checking for pthread_setconcurrency... yes checking for pthread_getconcurrency... yes checking for thr_setconcurrency... no checking for thr_getconcurrency... no checking for pthread_kill_other_threads_np... no checking for LinuxThreads implementation... no checking for LinuxThreads consistency... no checking if pthread_create() works... yes checking if select yields when using pthreads... yes checking for thread specific errno... yes checking for thread specific h_errno... yes checking for ctime_r... yes checking for gmtime_r... yes checking for localtime_r... yes checking for gethostbyname_r... yes checking for gethostbyaddr_r... yes checking number of arguments of ctime_r... 2 checking number of arguments of gethostbyname_r... 6 checking number of arguments of gethostbyaddr_r... 8 checking for openlog... yes checking sasl/sasl.h usability... no checking sasl/sasl.h presence... no checking for sasl/sasl.h... no checking sasl.h usability... no checking sasl.h presence... no checking for sasl.h... no configure: error: Could not locate Cyrus SASL Thanks in advance! -Narendra

3 2

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical