openldap-technical

openldap-technical@openldap.org

12 participants
9948 discussions

Fwd: CSN too old, ignoring - and therefore not syncing
by Gavin Henry 23 Dec '08

23 Dec '08

---------- Forwarded message ---------- From: Pat Riehecky <prieheck(a)iwu.edu> Date: Tue, 23 Dec 2008 12:34:33 -0600 Subject: Re: CSN too old, ignoring - and therefore not syncing To: Gavin Henry <gavin.henry(a)gmail.com> On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote: > Where did you read that those were needed anyway? If it was the admin > guide then I need to fix it ;-) > > Gavin. I have no idea where I found those at... I know it wasn't the (recent) admin guide. It may have been from around the 2.4.8 release, but that is long gone... Pat > > On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote: > >> Try dropping nopresent and reloadhint relating to ITS5669. You only > >> need these two syncprov settings on an accesslog db. > >> > >> Gavin. > > > > Thanks, that did the job! > > > > Pat > > > >> > >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote: > >> >> Can you post your config somewhere? > >> > > >> > > >> > allow bind_v2 > >> > > >> > include /etc/ldap/schema/core.schema > >> > include /etc/ldap/schema/cosine.schema > >> > include /etc/ldap/schema/nis.schema > >> > include /etc/ldap/schema/inetorgperson.schema > >> > include /etc/ldap/schema/samba.schema > >> > include /etc/ldap/schema/eduperson-200412.schema > >> > include /etc/ldap/schema/hdb.schema > >> > include /etc/ldap/schema/IWU.schema > >> > > >> > pidfile /var/run/slapd/slapd.pid > >> > argsfile /var/run/slapd/slapd.args > >> > > >> > modulepath /usr/lib/ldap > >> > moduleload back_hdb > >> > moduleload back_monitor > >> > moduleload memberof > >> > moduleload syncprov > >> > moduleload smbk5pwd > >> > > >> > tool-threads 2 > >> > sizelimit 500 > >> > idletimeout 7200 > >> > > >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt > >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt > >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key > >> > TLSVerifyClient allow > >> > > >> > localSSF 160 > >> > security ssf=1 update_ssf=128 simple_bind=112 > >> > sasl-secprops noanonymous > >> > > >> > access to dn.base="" by * read > >> > access to dn.base="cn=Subschema" by * read > >> > > >> > backend hdb > >> > database hdb > >> > > >> > overlay memberof > >> > overlay smbk5pwd > >> > overlay syncprov > >> > > >> > smbk5pwd-enable samba > >> > smbk5pwd-enable krb5 > >> > smbk5pwd-must-change 0 > >> > > >> > syncprov-checkpoint 100 10 > >> > syncprov-sessionlog 200 > >> > syncprov-nopresent TRUE > >> > syncprov-reloadhint TRUE > >> > > >> > suffix "dc=iwu,dc=edu" > >> > > >> > rootdn "cn=admin,dc=iwu,dc=edu" > >> > rootpw {redacted} > >> > > >> > authz-regexp "uidNumber=0\\\ > >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth" > >> > "cn=ldapi,dc=iwu,dc=edu" > >> > authz-regexp "gidNumber=.*\\\ > >> > +uidNumber=0,cn=peercred,cn=external,cn=auth" > >> > "cn=ldapi,dc=iwu,dc=edu" > >> > > >> > authz-regexp "uid=(.+),cn=.+,cn=auth" "uid=$1,ou=People,dc=iwu,dc=edu" > >> > > >> > directory "/var/lib/ldap/" > >> > > >> > dbconfig set_cachesize 0 62914560 0 > >> > dbconfig set_lk_max_objects 1500 > >> > dbconfig set_lk_max_locks 1500 > >> > dbconfig set_lk_max_lockers 1500 > >> > > >> > # Make sure to do a nightly slapcat > >> > dbconfig set_flags DB_LOG_AUTOREMOVE > >> > > >> > index objectClass eq,pres > >> > index default eq,sub,pres > >> > index mail eq,sub,pres > >> > index sn eq,sub,pres > >> > index cn eq,sub,pres > >> > index displayName eq,sub,pres > >> > index gecos eq,sub,pres > >> > index uid eq,sub,pres > >> > index memberUid eq,sub,pres > >> > index uidNumber eq,pres > >> > index gidNumber eq,pres > >> > index entryCSN eq,pres > >> > index entryUUID eq,pres > >> > index uniqueMember eq,pres > >> > index userPassword eq,pres > >> > index krb5PrincipalName eq,pres > >> > index krb5PrincipalRealm eq,pres > >> > index sambaDomainName eq,pres > >> > index sambaSID eq,pres > >> > index sambaPrimaryGroupSID eq,pres > >> > index sambaSIDList eq,pres > >> > > >> > lastmod on > >> > > >> > checkpoint 256 15 > >> > > >> > password-hash {SSHA} > >> > > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write > >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write > >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read > >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key > >> > by anonymous auth > >> > by self write > >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write > >> > by users auth > >> > by * break > >> > > >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none > >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none > >> > > >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read by * > >> > none > >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none > >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none > >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self read > >> > by * none > >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by self > >> > read by * none > >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read by * > >> > none > >> > > >> > access to > >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by self > >> > read by * none > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName > >> > by self write > >> > by users read > >> > by anonymous none > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber > >> > by self read > >> > by anonymous none > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid > >> > by * none > >> > > >> > access to dn.sub="dc=iwu,dc=edu" > >> > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength > >> > by self read > >> > by anonymous none > >> > by * break > >> > > >> > access to dn.sub="dc=iwu,dc=edu" by * read > >> > > >> > serverID 1 > >> > > >> > syncrepl rid=2 > >> > provider=ldap://ldap2.iwu.edu/ > >> > schemachecking=off > >> > searchbase="dc=iwu,dc=edu" > >> > scope=sub > >> > type=refreshAndPersist > >> > binddn="cn=mirror,dc=iwu,dc=edu" > >> > credentials={redacted} > >> > bindmethod=simple > >> > starttls=yes > >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt > >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key > >> > tls_cacert=/etc/ldap/ssl/IWU.crt > >> > tls_reqcert=try > >> > interval=00:00:00:30 > >> > retry="15 +" > >> > timeout=1 > >> > timelimit=unlimited > >> > sizelimit=unlimited > >> > > >> > mirrormode on > >> > > >> > ############################### > >> > database monitor > >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited > >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited > >> > > >> > access to dn.exact="cn=Monitor" > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > >> > by * none > >> > > >> > access to dn.subtree="cn=Monitor" > >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read > >> > by * none > >> > > >> > > >> >> > >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > >> >> > Here is the quick and dirty what I am trying to do: > >> >> > > >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time > >> >> > synced > >> >> > to pool.ntp.org and each other (if they drift I would rather they > >> >> > sorta > >> >> > drift together, but pool should be keeping that in check). > >> >> > > >> >> > Right now I am just beating them up to see how 2.4.13 performs. (So > >> >> > far > >> >> > VERY well, minus this little problem) > >> >> > > >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm > >> >> > starting small). Debug gives me > >> >> > > >> >> > ber_scanf fmt (m}) ber: > >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62 > >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 > >> >> > 30 .<rid=001,sid=00 > >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37 > >> >> > 2,csn=2008122217 > >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30 > >> >> > 4721.855904Z#000 > >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30 > >> >> > 000#001#000000 > >> >> > do_syncrep2: > >> >> > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000 > >> >> > do_syncrep2: rid=001 CSN too old, ignoring > >> >> > 20081222174721.855904Z#000000#001#000000 > >> >> > ldap_msgfree > >> >> > > >> >> > I am not exactly sure how it gotten to be "too old." The ldif I am > >> >> > importing is not the result of a slapcat or anything that would > >> >> > preserve > >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am > >> >> > loading > >> >> > one single file with ldapadd which, in my understanding, sets up the > >> >> > CSN > >> >> > and wouldn't let me import one anyway. > >> >> > > >> >> > Each server has no entries until I load the one, so there shouldn't > >> >> > be > >> >> > any weird stale CSNs causing this. They are "sync'ed" almost > >> >> > instantly > >> >> > after the one system is loaded - I just don't have everything. > >> >> > > >> >> > After a sync: > >> >> > ldap1 - slapcat |grep dn: |wc -l = 41 > >> >> > ldap2 - slapcat |grep dn: |wc -l = 18 > >> >> > > >> >> > Right now I can get them in sync with a slapcat/slapadd, but when the > >> >> > go > >> >> > into production I wont be able to say for certain which one is > >> >> > authoritative. That is the purpose of multi-master.... > >> >> > > >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux 32 > >> >> > bit > >> >> > > >> >> > Any ideas as to what I can do to stop this from happening? > >> >> > > >> >> > Pat > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > >> > > >> > > >> > > > > > -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/

1 0

Re: CSN too old, ignoring - and therefore not syncing
by Gavin Henry 23 Dec '08

23 Dec '08

Ok, thanks. On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: > On Tue, 2008-12-23 at 18:28 +0000, Gavin Henry wrote: >> Where did you read that those were needed anyway? If it was the admin >> guide then I need to fix it ;-) >> >> Gavin. > > I have no idea where I found those at... I know it wasn't the (recent) > admin guide. It may have been from around the 2.4.8 release, but that > is long gone... > > Pat > >> >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: >> > On Tue, 2008-12-23 at 15:55 +0000, Gavin Henry wrote: >> >> Try dropping nopresent and reloadhint relating to ITS5669. You only >> >> need these two syncprov settings on an accesslog db. >> >> >> >> Gavin. >> > >> > Thanks, that did the job! >> > >> > Pat >> > >> >> >> >> On 23/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: >> >> > On Tue, 2008-12-23 at 11:45 +0000, Gavin Henry wrote: >> >> >> Can you post your config somewhere? >> >> > >> >> > >> >> > allow bind_v2 >> >> > >> >> > include /etc/ldap/schema/core.schema >> >> > include /etc/ldap/schema/cosine.schema >> >> > include /etc/ldap/schema/nis.schema >> >> > include /etc/ldap/schema/inetorgperson.schema >> >> > include /etc/ldap/schema/samba.schema >> >> > include /etc/ldap/schema/eduperson-200412.schema >> >> > include /etc/ldap/schema/hdb.schema >> >> > include /etc/ldap/schema/IWU.schema >> >> > >> >> > pidfile /var/run/slapd/slapd.pid >> >> > argsfile /var/run/slapd/slapd.args >> >> > >> >> > modulepath /usr/lib/ldap >> >> > moduleload back_hdb >> >> > moduleload back_monitor >> >> > moduleload memberof >> >> > moduleload syncprov >> >> > moduleload smbk5pwd >> >> > >> >> > tool-threads 2 >> >> > sizelimit 500 >> >> > idletimeout 7200 >> >> > >> >> > TLSCACertificateFile /etc/ldap/ssl/IWU.crt >> >> > TLSCertificateFile /etc/ldap/ssl/ldap.iwu.edu.crt >> >> > TLSCertificateKeyFile /etc/ldap/ssl/ldap.iwu.edu.key >> >> > TLSVerifyClient allow >> >> > >> >> > localSSF 160 >> >> > security ssf=1 update_ssf=128 simple_bind=112 >> >> > sasl-secprops noanonymous >> >> > >> >> > access to dn.base="" by * read >> >> > access to dn.base="cn=Subschema" by * read >> >> > >> >> > backend hdb >> >> > database hdb >> >> > >> >> > overlay memberof >> >> > overlay smbk5pwd >> >> > overlay syncprov >> >> > >> >> > smbk5pwd-enable samba >> >> > smbk5pwd-enable krb5 >> >> > smbk5pwd-must-change 0 >> >> > >> >> > syncprov-checkpoint 100 10 >> >> > syncprov-sessionlog 200 >> >> > syncprov-nopresent TRUE >> >> > syncprov-reloadhint TRUE >> >> > >> >> > suffix "dc=iwu,dc=edu" >> >> > >> >> > rootdn "cn=admin,dc=iwu,dc=edu" >> >> > rootpw {redacted} >> >> > >> >> > authz-regexp "uidNumber=0\\\ >> >> > +gidNumber=.*,cn=peercred,cn=external,cn=auth" >> >> > "cn=ldapi,dc=iwu,dc=edu" >> >> > authz-regexp "gidNumber=.*\\\ >> >> > +uidNumber=0,cn=peercred,cn=external,cn=auth" >> >> > "cn=ldapi,dc=iwu,dc=edu" >> >> > >> >> > authz-regexp "uid=(.+),cn=.+,cn=auth" >> >> > "uid=$1,ou=People,dc=iwu,dc=edu" >> >> > >> >> > directory "/var/lib/ldap/" >> >> > >> >> > dbconfig set_cachesize 0 62914560 0 >> >> > dbconfig set_lk_max_objects 1500 >> >> > dbconfig set_lk_max_locks 1500 >> >> > dbconfig set_lk_max_lockers 1500 >> >> > >> >> > # Make sure to do a nightly slapcat >> >> > dbconfig set_flags DB_LOG_AUTOREMOVE >> >> > >> >> > index objectClass eq,pres >> >> > index default eq,sub,pres >> >> > index mail eq,sub,pres >> >> > index sn eq,sub,pres >> >> > index cn eq,sub,pres >> >> > index displayName eq,sub,pres >> >> > index gecos eq,sub,pres >> >> > index uid eq,sub,pres >> >> > index memberUid eq,sub,pres >> >> > index uidNumber eq,pres >> >> > index gidNumber eq,pres >> >> > index entryCSN eq,pres >> >> > index entryUUID eq,pres >> >> > index uniqueMember eq,pres >> >> > index userPassword eq,pres >> >> > index krb5PrincipalName eq,pres >> >> > index krb5PrincipalRealm eq,pres >> >> > index sambaDomainName eq,pres >> >> > index sambaSID eq,pres >> >> > index sambaPrimaryGroupSID eq,pres >> >> > index sambaSIDList eq,pres >> >> > >> >> > lastmod on >> >> > >> >> > checkpoint 256 15 >> >> > >> >> > password-hash {SSHA} >> >> > >> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > limits dn.exact="cn=ldapi,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > limits dn.exact="cn=sambaadmin,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > limits dn.exact="cn=mirror,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > limits dn.exact="cn=freeradius,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > by dn.exact="cn=ldapi,dc=iwu,dc=edu" write >> >> > by dn.exact="cn=sambaadmin,dc=iwu,dc=edu" write >> >> > by dn.exact="cn=mirror,dc=iwu,dc=edu" read >> >> > by dn.exact="cn=freeradius,dc=iwu,dc=edu" read >> >> > by * break >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,krb5Key >> >> > by anonymous auth >> >> > by self write >> >> > by dn.exact="cn=passwordmanager,dc=iwu,dc=edu" write >> >> > by users auth >> >> > by * break >> >> > >> >> > access to dn.exact="cn=ldapi,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=sambaadmin,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=mirror,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=freeradius,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=passwordmanager,dc=iwu,dc=edu" by * none >> >> > access to dn.exact="cn=admin,dc=iwu,dc=edu" by * none >> >> > >> >> > access to dn.regex="uid=.*\$,ou=People,dc=iwu,dc=edu" by self read by >> >> > * >> >> > none >> >> > access to dn.sub="ou=Computers,dc=iwu,dc=edu" by self read by * none >> >> > access to dn.sub="ou=Idmap,dc=iwu,dc=edu" by self read by * none >> >> > access to dn.exact="sambaDomainName=IWU.EDU,dc=iwu,dc=edu" by self >> >> > read >> >> > by * none >> >> > access to dn.exact="uid=Administrator,ou=People,dc=iwu,dc=edu" by >> >> > self >> >> > read by * none >> >> > access to dn.exact="uid=root,ou=People,dc=iwu,dc=edu" by self read by >> >> > * >> >> > none >> >> > >> >> > access to >> >> > dn.regex="krb5PrincipalName=.*(a)IWU.EDU,ou=People,dc=iwu,dc=edu" by >> >> > self >> >> > read by * none >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=telephoneNumber,mobileTelephoneNumber,homePostalAddress,streetAddress,physicalDeliveryOfficeName,roomNumber,preferredLanguage,localityName,postOfficeBox,postalCode,stateOrProvinceName >> >> > by self write >> >> > by users read >> >> > by anonymous none >> >> > by * break >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=krb5PrincipalName,krb5MaxLife,krb5MaxRenew,krb5KDCFlags,krb5KeyVersionNumber >> >> > by self read >> >> > by anonymous none >> >> > by * break >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=sambaPrimaryGroupSID,sambaSID,sambaAlgorithmicRidBase,sambaNextRid >> >> > by * none >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" >> >> > attrs=sambaPwdCanChange,sambaLogonTime,sambaLogoffTime,sambaAcctFlags,sambaPasswordHistory,sambaPwdLastSet,sambaGroupType,sambaPwdMustChange,sambaKickoffTime,sambaLockoutThreshold,sambaForceLogoff,sambaRefuseMachinePwdChange,sambaLockoutObservationWindow,sambaLockoutDuration,sambaMinPwdAge,sambaMaxPwdAge,sambaLogonToChgPwd,sambaPwdHistoryLength,sambaMinPwdLength >> >> > by self read >> >> > by anonymous none >> >> > by * break >> >> > >> >> > access to dn.sub="dc=iwu,dc=edu" by * read >> >> > >> >> > serverID 1 >> >> > >> >> > syncrepl rid=2 >> >> > provider=ldap://ldap2.iwu.edu/ >> >> > schemachecking=off >> >> > searchbase="dc=iwu,dc=edu" >> >> > scope=sub >> >> > type=refreshAndPersist >> >> > binddn="cn=mirror,dc=iwu,dc=edu" >> >> > credentials={redacted} >> >> > bindmethod=simple >> >> > starttls=yes >> >> > tls_cert=/etc/ldap/ssl/ldap.iwu.edu.crt >> >> > tls_key=/etc/ldap/ssl/ldap.iwu.edu.key >> >> > tls_cacert=/etc/ldap/ssl/IWU.crt >> >> > tls_reqcert=try >> >> > interval=00:00:00:30 >> >> > retry="15 +" >> >> > timeout=1 >> >> > timelimit=unlimited >> >> > sizelimit=unlimited >> >> > >> >> > mirrormode on >> >> > >> >> > ############################### >> >> > database monitor >> >> > limits dn.exact="cn=admin,dc=iwu,dc=edu" size.hard=unlimited >> >> > time.hard=unlimited size.soft=unlimited time.soft=unlimited >> >> > >> >> > access to dn.exact="cn=Monitor" >> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read >> >> > by * none >> >> > >> >> > access to dn.subtree="cn=Monitor" >> >> > by dn.exact="cn=admin,dc=iwu,dc=edu" read >> >> > by * none >> >> > >> >> > >> >> >> >> >> >> On 22/12/2008, Pat Riehecky <prieheck(a)iwu.edu> wrote: >> >> >> > Here is the quick and dirty what I am trying to do: >> >> >> > >> >> >> > ldap1 and ldap2 are supposed to be in MultiMaster. They are time >> >> >> > synced >> >> >> > to pool.ntp.org and each other (if they drift I would rather they >> >> >> > sorta >> >> >> > drift together, but pool should be keeping that in check). >> >> >> > >> >> >> > Right now I am just beating them up to see how 2.4.13 performs. >> >> >> > (So >> >> >> > far >> >> >> > VERY well, minus this little problem) >> >> >> > >> >> >> > I have a rather small ldif (41 entries) that just wont sync (I'm >> >> >> > starting small). Debug gives me >> >> >> > >> >> >> > ber_scanf fmt (m}) ber: >> >> >> > ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62 >> >> >> > 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 >> >> >> > 30 .<rid=001,sid=00 >> >> >> > 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37 >> >> >> > 2,csn=2008122217 >> >> >> > 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30 >> >> >> > 4721.855904Z#000 >> >> >> > 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30 >> >> >> > 000#001#000000 >> >> >> > do_syncrep2: >> >> >> > cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000 >> >> >> > do_syncrep2: rid=001 CSN too old, ignoring >> >> >> > 20081222174721.855904Z#000000#001#000000 >> >> >> > ldap_msgfree >> >> >> > >> >> >> > I am not exactly sure how it gotten to be "too old." The ldif I >> >> >> > am >> >> >> > importing is not the result of a slapcat or anything that would >> >> >> > preserve >> >> >> > the CSN or UUID attributes (not that syncrepl uses UUID). I am >> >> >> > loading >> >> >> > one single file with ldapadd which, in my understanding, sets up >> >> >> > the >> >> >> > CSN >> >> >> > and wouldn't let me import one anyway. >> >> >> > >> >> >> > Each server has no entries until I load the one, so there >> >> >> > shouldn't >> >> >> > be >> >> >> > any weird stale CSNs causing this. They are "sync'ed" almost >> >> >> > instantly >> >> >> > after the one system is loaded - I just don't have everything. >> >> >> > >> >> >> > After a sync: >> >> >> > ldap1 - slapcat |grep dn: |wc -l = 41 >> >> >> > ldap2 - slapcat |grep dn: |wc -l = 18 >> >> >> > >> >> >> > Right now I can get them in sync with a slapcat/slapadd, but when >> >> >> > the >> >> >> > go >> >> >> > into production I wont be able to say for certain which one is >> >> >> > authoritative. That is the purpose of multi-master.... >> >> >> > >> >> >> > OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux 32 >> >> >> > bit >> >> >> > >> >> >> > Any ideas as to what I can do to stop this from happening? >> >> >> > >> >> >> > Pat >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> >> >> > >> >> > >> >> >> > >> > >> > > -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/

1 0

CSN too old, ignoring - and therefore not syncing
by Pat Riehecky 23 Dec '08

23 Dec '08

Here is the quick and dirty what I am trying to do: ldap1 and ldap2 are supposed to be in MultiMaster. They are time synced to pool.ntp.org and each other (if they drift I would rather they sorta drift together, but pool should be keeping that in check). Right now I am just beating them up to see how 2.4.13 performs. (So far VERY well, minus this little problem) I have a rather small ldif (41 entries) that just wont sync (I'm starting small). Debug gives me ber_scanf fmt (m}) ber: ber_dump: buf=0xb806f120 ptr=0xb806f137 end=0xb806f175 len=62 0000: 00 3c 72 69 64 3d 30 30 31 2c 73 69 64 3d 30 30 .<rid=001,sid=00 0010: 32 2c 63 73 6e 3d 32 30 30 38 31 32 32 32 31 37 2,csn=2008122217 0020: 34 37 32 31 2e 38 35 35 39 30 34 5a 23 30 30 30 4721.855904Z#000 0030: 30 30 30 23 30 30 31 23 30 30 30 30 30 30 000#001#000000 do_syncrep2: cookie=rid=001,sid=002,csn=20081222174721.855904Z#000000#001#000000 do_syncrep2: rid=001 CSN too old, ignoring 20081222174721.855904Z#000000#001#000000 ldap_msgfree I am not exactly sure how it gotten to be "too old." The ldif I am importing is not the result of a slapcat or anything that would preserve the CSN or UUID attributes (not that syncrepl uses UUID). I am loading one single file with ldapadd which, in my understanding, sets up the CSN and wouldn't let me import one anyway. Each server has no entries until I load the one, so there shouldn't be any weird stale CSNs causing this. They are "sync'ed" almost instantly after the one system is loaded - I just don't have everything. After a sync: ldap1 - slapcat |grep dn: |wc -l = 41 ldap2 - slapcat |grep dn: |wc -l = 18 Right now I can get them in sync with a slapcat/slapadd, but when the go into production I wont be able to say for certain which one is authoritative. That is the purpose of multi-master.... OpenLDAP 2.4.13, built by me (passed all tests) on Ubuntu Linux 32 bit Any ideas as to what I can do to stop this from happening? Pat

4 11

restricting ldap unix groups to groups of hosts.
by Martin Suehowicz 22 Dec '08

22 Dec '08

I am new to openldap. I am trying to restrict groups of users to groups hosts on centos machines. Netgroups or pam_access seem to get me part of the way there. However I do not want to touch the clients very much and would like them to have a uniform configuration. I would like ldap to hold the host groups, user groups and acl's for them. Is there a way do this? Thank You for any help you can provide. Martin

1 0

N-Way Multi-Master replication - delete problem
by Adrien Futschik 22 Dec '08

22 Dec '08

OK, But then what did I do wrong ? delete an entry shouldn't be a problem with N-Way Multi-Master replication ? should it ? Here is how I have setup-ed my masters : m1 -config : dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW:< file://$CONFIGPWF m2 - config : dn: cn=config objectClass: olcGlobal cn: config olcServerID: 2 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW:< file://$CONFIGPWF m1 - syncprov : dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 - add: olcMirrorMode olcMirrorMode: TRUE m2 - syncrepl : dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=3 - add: olcMirrorMode olcMirrorMode: TRUE m1 - schema : include: file://$ABS_SCHEMADIR/core.ldif include: file://$ABS_SCHEMADIR/cosine.ldif include: file://$ABS_SCHEMADIR/inetorgperson.ldif include: file://$ABS_SCHEMADIR/openldap.ldif include: file://$ABS_SCHEMADIR/nis.ldif m1 - backend : dn: olcDatabase={1}$BACKEND,cn=config objectClass: olcDatabaseConfig objectClass: olc${BACKEND}Config olcDatabase: {1}$BACKEND olcSuffix: $BASEDN olcDbDirectory: ./openldap-data olcRootDN: $MANAGERDN olcRootPW: $PASSWD olcSyncRepl: rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly interval=$INTERVAL retry="5 5 300 5" timeout=3 olcSyncRepl: rid=005 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly interval=$INTERVAL retry="5 5 300 5" timeout=3 olcMirrorMode: TRUE dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov Did I miss something ? Has anyone tested N-way Multi-master replication & encountered the same problem as me ? Adrien ======================================== Message date : Dec 19 2008, 07:11 PM From : "Quanah Gibson-Mount" <quanah(a)zimbra.com> To : adrien.futschik(a)atosorigin.com, openldap-technical(a)openldap.org Copy to : "Miguel Jinez" <miguel.jinez(a)gmail.com> Subject : Re: Re: N-Way Multi-Master replication - delete problem --On December 19, 2008 9:28:41 AM +0100 Adrien Futschik <adrien.futschik(a)atosorigin.com> wrote: > Hy everyone, > > I have just tested the same procedure with OpenLDAP 2.4.13. The problem > remains the same. > > Did I miss something ? Is this supposed to be like this ? > > I'm joining the modified script I'm using to setup both masters and the > LDIF files I'm using to add and remove an entry (+ attributes). > > I did not use access-log, is this supposed to work with N-Way > Multi-Master replication ? I thought it was only used in case of Delta > Synchronization/Replication. Correct, delta-syncrepl and MMR are not currently supported together (that may change in the future). --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration Adrien Futschik

1 0

remove the /var/lib/ldap directory mistake !!!
by franck dufau 21 Dec '08

21 Dec '08

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hye all, i have remove the /var/lib/ldap directory by mistake ! darkness.... how rebuild the ldap database ? i can not find information about this ! i do not have backup....arfff.. tks by advance... Franck -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklOfFoACgkQrKIazktK/hJ8SACfR2+IFx6HwaB77zrryWbaoEby T9YAoJ4YzJTsZdCiwXFWVAUL+I6CMDHH =ih79 -----END PGP SIGNATURE-----

1 0

Versioning entries in the DIT
by Lorenzo Pastrana 21 Dec '08

21 Dec '08

Hi, List I'm planning to store some 'versioned' data into an ldap directory, and trying not to reinvent the wheel ... if anybody has any good resource to share on the subject I'll be glad to hear. Thanks in advance, LP Lorenzo Pastrana - Happy End Vision -------------------------- Design web Conception multimédia Communication visuelle et édition -------------------------- Tél. : 01 42 47 83 09 Fax : 01 47 70 70 19 E-mail : lorenzo.pastrana(a)happyend.fr

3 6

handling forward-only links, DN+Binary and DN+String
by Andrew Bartlett 20 Dec '08

20 Dec '08

Having thought I got to the bottom of extended DN behaviour, I've come across more challenges, that I would like thoughts on. Handling renames of one-way links: OpenLDAP already does this, but Samba needs some help here (as we try to infer the rename from the presence of backlinks, but for one-way links, how should we know we are being linked to?) Handling of DN+Binary and DN+String one-way links. For example, wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,DC=samba,DC=org This is a 'DN+Binary' syntax attribute (for resolving well known GUIDs into a DN), and must therefore follow when the well known target renames. MS-ADTS 3.1.1.1.6 specifies the behaviour. The challenge I see here is that I really do need an additional syntax in OpenLDAP. If I map this to just a binary string (as I do now), then the rename will not follow though. If I map it to a DN (as I had tried in the past), then the syntax is invalid. Is it entirely unreasonable to add an additional syntax? This is a bit of a 'hit and run' question, as I won't be able to carry on the discussion during Christmas/New Year, but any thoughts would be most welcome. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.

1 0

In memory cache or bdb performance degradation when upgrading from openldap v2.3.27 to v2.4.11 ?
by Chiles, Michael 19 Dec '08

19 Dec '08

Openldap Technical folk, We have inherited an openldap farm that was deployed using openldap v2.3.27. We have been testing a newly compiled v2.4.11 with same compile flags as a possible replacement due to some replication errors we have seen, but have discovered other bigger problems with the new instance. We believe the issue may be related to in memory cache not working as expected, or that 2.4.11 does not use the hdb backend as efficiently as before. Can anyone confirm a negative performance difference between these versions, or an issue with cache? We are seeing major significant differences in the db_stat output with orders of magnitude difference in the number of attempted reads against the backend cache. I assume these are unsual and that in memory entry cache would normally prevent this traffic from reach the bdb cache. I assume we simply have something wrong in configuration, but I don't see an obvious explanation. If anyone has a moment to review, we would appreciate your feedback. Here is the process we followed, with supporting config info: We have a SLAMD benchmark test based on a real world use case where 400 clients make a "near" simultaneous connection to the directory and execute a search like the following: ldapsearch -h server1 -x - b "ou=myou,dc=mydc,dc=com" "objectclass=*" There are nearly 70,000 objects in this ou with 5 attributes each ( 3 of which are objectclass ), and nearly 210,000 objects in the entire directory. We have an objectclass index. 2.4.11 tests were performed on instances compiled on SLES9.3 64bit, 4 way dual core procs, 16GB RAM, using hoard memory manager, bdb 4.6, and cyrus-sasl-2.1.22 . 2.3.27 tests were performaned on SLES9.3 64bit, 2 way single core proc, 8GB RAM, using standard memory manager, and standard bdb ( 4.2 ). On the v2.3.27 instances, we see all 400 clients get a connection, and get their results. On the new v2.4.11 instance, we see around 150-175 clients get a connection, and the rest get a failure that they cannot reach the server. After more benchmarking, tcpdump, and loglevel -1 we know that the client traffic is getting to the box, but the openldap listener thread does not pick up the connection. We also see high numbers of processes waiting in the CPU run queue. Reducing the number of objects in the directory to 100 results in successful connections to all 400 clients, which lead us to believe the issue might be due to differences in read performance between the instances. The same DB_CONFIG was used in both cases, and the slapd.conf was the same, with some minor tweaks due to slightly different cache configuration options between the versions. Please see the DB_CONFIG and the hdb backend stanza from the slapd.conf file included below. We then did some basic single query tests of both instances and looked at the logs with loglevel -1 and the db_stat output. What we saw was a major difference between both instances on the db_stat results. As mentioned in the summary above, we don't have a good explanation for the difference, although it is significant, and reliable across multiple iterations of test. Please see the db_stat differences shown below. Also seems very unusual that the initial db cache stats would be so high on the new version. slapd.conf: 2.4.11 hdb stanza ( also tested these with the same cache numbers as below 2.3.27 instance with no difference. We reduced these to reasonable levels as old version config seemed overkill ): database hdb directory /local/mnt/ldap.2.4.11/cache-data threads 32 suffix "dc=mydc,dc=com" rootdn <<snip>> rootpw <<snip>> cachesize 500000 dncachesize 1000000 idlcachesize 30000000 sizelimit 10000000 loglevel stats sync dirtyread include /opt/ldap/indexes/my.indexes 2.3.27 hdb stanza database hdb directory /local/mnt/ldap/cache-data threads 32 suffix " dc=mydc,dc=com " rootdn <<snip>> rootpw <<snip>> cachesize 20971520 dbcachesize 20971520 ( not a typo - this one is "dBcachesize. The other is dNcachesize ) idlcachesize 20971520 sizelimit 10000000 loglevel stats sync dirtyread include /opt/ldap/indexes/my.indexes DB_config ( Same for both instances ): set_cachesize 1 1048576000 12 set_flags DB_LOG_AUTOREMOVE set_lg_bsize 2097512 set_lg_dir /local/mnt/ldap/cache-data ( this value points to correct directory in both instances ) set_flags DB_TXN_NOSYNC set_lg_regionmax 500000 set_lk_max_locks 30000 set_lk_max_lockers 30000 set_lk_max_objects 30000 set_tmp_dir /dev/shm After startup with no client test ( previous database instance was completely deleted and recreated using slapadd ), here are the db_stat -m output. I excluded some of the index db info for brevity: Version 2.4.11 1GB 1000MB Total cache size 12 Number of caches 12 Maximum number of caches 168MB 688KB Pool individual cache size 0 Maximum memory-mapped file size 0 Maximum open file descriptors 0 Maximum sequential buffer writes 0 Sleep after writing maximum sequential buffers 0 Requested pages mapped into the process' address space 15M Requested pages found in the cache (99%) 24 Requested pages not found in the cache 9225 Pages created in the cache 24 Pages read into the cache 9244 Pages written from the cache to the backing file 0 Clean pages forced from the cache 0 Dirty pages forced from the cache 0 Dirty pages written by trickle-sync thread 9247 Current total page count 9247 Current clean page count 0 Current dirty page count 393252 Number of hash buckets used for page location 14M Total number of times hash chains searched for a page (14773760) 9 The longest hash chain searched for a page 14M Total number of hash chain entries checked for page (14764487) 0 The number of hash bucket locks that required waiting (0%) 0 The maximum number of times any hash bucket lock was waited for (0%) 0 The number of region locks that required waiting (0%) 0 The number of buffers frozen 0 The number of buffers thawed 0 The number of frozen buffers freed 9309 The number of page allocations 0 The number of hash buckets examined during allocations 0 The maximum number of hash buckets examined for an allocation 0 The number of pages examined during allocations 0 The max number of pages examined for an allocation 0 Threads waited on page I/O Pool File: dn2id.bdb 4096 Page size 0 Requested pages mapped into the process' address space 1005002 Requested pages found in the cache (99%) 2 Requested pages not found in the cache 3062 Pages created in the cache 2 Pages read into the cache 3064 Pages written from the cache to the backing file Pool File: id2entry.bdb 16384 Page size 0 Requested pages mapped into the process' address space 419925 Requested pages found in the cache (99%) 2 Requested pages not found in the cache 2967 Pages created in the cache 2 Pages read into the cache 2969 Pages written from the cache to the backing file Version 2.3.27 1GB 1000MB Total cache size. 12 Number of caches. 168MB 688KB Pool individual cache size. 0 Requested pages mapped into the process' address space. 22738 Requested pages found in the cache (99%). 285 Requested pages not found in the cache. 0 Pages created in the cache. 285 Pages read into the cache. 0 Pages written from the cache to the backing file. 0 Clean pages forced from the cache. 0 Dirty pages forced from the cache. 0 Dirty pages written by trickle-sync thread. 285 Current total page count. 285 Current clean page count. 0 Current dirty page count. 393252 Number of hash buckets used for page location. 23308 Total number of times hash chains searched for a page. 12 The longest hash chain searched for a page. 22738 Total number of hash buckets examined for page location. 46616 The number of hash bucket locks granted without waiting. 0 The number of hash bucket locks granted after waiting. 0 The maximum number of times any hash bucket lock was waited for. 641 The number of region locks granted without waiting. 0 The number of region locks granted after waiting. 297 The number of page allocations. 0 The number of hash buckets examined during allocations 0 The max number of hash buckets examined for an allocation 0 The number of pages examined during allocations 0 The max number of pages examined for an allocation Pool File: dn2id.bdb 4096 Page size. 0 Requested pages mapped into the process' address space. 13076 Requested pages found in the cache (99%). 132 Requested pages not found in the cache. 0 Pages created in the cache. 132 Pages read into the cache. 0 Pages written from the cache to the backing file. Pool File: id2entry.bdb 16384 Page size. 0 Requested pages mapped into the process' address space. 9659 Requested pages found in the cache (99%). 138 Requested pages not found in the cache. 0 Pages created in the cache. 138 Pages read into the cache. 0 Pages written from the cache to the backing file. After 1 client query: Version 2.4.11 1GB 1000MB Total cache size 12 Number of caches 12 Maximum number of caches 168MB 688KB Pool individual cache size 0 Maximum memory-mapped file size 0 Maximum open file descriptors 0 Maximum sequential buffer writes 0 Sleep after writing maximum sequential buffers 0 Requested pages mapped into the process' address space 15M Requested pages found in the cache (99%) 24 Requested pages not found in the cache 9244 Pages created in the cache 24 Pages read into the cache 9263 Pages written from the cache to the backing file 0 Clean pages forced from the cache 0 Dirty pages forced from the cache 0 Dirty pages written by trickle-sync thread 9266 Current total page count 9266 Current clean page count 0 Current dirty page count 393252 Number of hash buckets used for page location 14M Total number of times hash chains searched for a page (14753673) 9 The longest hash chain searched for a page 14M Total number of hash chain entries checked for page (14744381) 0 The number of hash bucket locks that required waiting (0%) 0 The maximum number of times any hash bucket lock was waited for (0%) 0 The number of region locks that required waiting (0%) 0 The number of buffers frozen 0 The number of buffers thawed 0 The number of frozen buffers freed 9328 The number of page allocations 0 The number of hash buckets examined during allocations 0 The maximum number of hash buckets examined for an allocation 0 The number of pages examined during allocations 0 The max number of pages examined for an allocation 0 Threads waited on page I/O Pool File: dn2id.bdb 4096 Page size 0 Requested pages mapped into the process' address space 997746 Requested pages found in the cache (99%) 2 Requested pages not found in the cache 3062 Pages created in the cache 2 Pages read into the cache 3064 Pages written from the cache to the backing file Pool File: id2entry.bdb 16384 Page size 0 Requested pages mapped into the process' address space 410855 Requested pages found in the cache (99%) 2 Requested pages not found in the cache 2967 Pages created in the cache 2 Pages read into the cache 2969 Pages written from the cache to the backing file Version 2.3.27 1GB 1000MB Total cache size. 12 Number of caches. 168MB 688KB Pool individual cache size. 0 Requested pages mapped into the process' address space. 299222 Requested pages found in the cache (98%). 7144 Requested pages not found in the cache. 0 Pages created in the cache. 7144 Pages read into the cache. 0 Pages written from the cache to the backing file. 0 Clean pages forced from the cache. 0 Dirty pages forced from the cache. 0 Dirty pages written by trickle-sync thread. 7144 Current total page count. 7144 Current clean page count. 0 Current dirty page count. 393252 Number of hash buckets used for page location. 313510 Total number of times hash chains searched for a page. 23 The longest hash chain searched for a page. 300752 Total number of hash buckets examined for page location. 627020 The number of hash bucket locks granted without waiting. 0 The number of hash bucket locks granted after waiting. 0 The maximum number of times any hash bucket lock was waited for. 14400 The number of region locks granted without waiting. 0 The number of region locks granted after waiting. 7164 The number of page allocations. 0 The number of hash buckets examined during allocations 0 The max number of hash buckets examined for an allocation 0 The number of pages examined during allocations 0 The max number of pages examined for an allocation Pool File: dn2id.bdb 4096 Page size. 0 Requested pages mapped into the process' address space. 173225 Requested pages found in the cache (98%). 3233 Requested pages not found in the cache. 0 Pages created in the cache. 3233 Pages read into the cache. 0 Pages written from the cache to the backing file. Pool File: id2entry.bdb 16384 Page size. 0 Requested pages mapped into the process' address space. 125990 Requested pages found in the cache (97%). 3888 Requested pages not found in the cache. 0 Pages created in the cache. 3888 Pages read into the cache. 0 Pages written from the cache to the backing file. ########################## Thanks! -Michael

1 0

how to solve invalid structural object class chain
by owen nirvana 19 Dec '08

19 Dec '08

I try to a entry like this: cn = .. ,dc=..,dc=..,dc=..,dc=.. cn = .. objectClass: person objectClass: inetOrgPerson objectClass: organizatinoalRole objectClass: device objectClass: pkiUser roleOccupant: ... employeeNumber : .. userCertificate;binary :: BASE64 Encode icSerilNumber: .. tel: ... fax: ... telex: .. log reports " invalid structural object class chain in organizatinoalRole/Person or organizatinoalRole/inetOrgPerson etc" I try many combination about the order of person ,inetOrgPerson and organizatinoalRole, and the same error was reported. thanks for help gtalk:freeespeech@gmail.com

3 2

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical