Hi Jonathan,
no, all my 4 systems are configured equally, same configuration file (except for little specifications of every single instance) on all of them. The only difference is OL version which is 2.4.23 on this one, and 2.4.22 on others.
Could it be due to the order of directives in my configuration file? This is the order of inclusion of my overlay directives:
- overlay_password_policy - overlay_syncprov - overlay_auditlog - overlay_accesslog - overlay_sssvlv - overlay_memberof
Thanks again Marco
On Tue, Sep 21, 2010 at 8:18 PM, Jonathan CLARKE < jonathan.clarke@normation.com> wrote:
Hi Marco,
Le 16/09/2010 13:07, Marco Pizzoli a écrit :
I came to this evidence in investigating an anomaly that I'm having with
my accesslog database. Symptom I was having was continuous high cpu spot. I suspected it was due to my accesslog database.
- I made a slapcat of my entire log database.
- I erased my log database
- I tried a slapadd of my log database
I had this problem:
...
90.2 k/s str2entry: invalid value for attributeType reqControls #0
(syntax 1.3.6.1.4.1.4203.666.11.5.3.1)
...
I went to that line and found this entry:
dn: reqStart=20100913065628.000008Z,cn=log,dc=mycorp.it <http://mycorp.it
...
reqControls: {0}{1.3.6.1.4.1.4203.1.9.1.1 controlValue "30440K0103043M7269643N
3030332M7369643N3030342M63736O3N32303130303931333036353130362O3932343735355K2 330303030303023303033233030303030300001PP"} reqControls: {1}{2.16.840.1.113730.3.4.2 criticality TRUE}
...
Can someone tell me why this entry result not accepted to my openldap system? I'm using OL 2.4.23 with password policy overlay defined. The entry I posted is related to an access made by a specific syncrepl-user. Replica configured in mirror-mode.
Other OL systems are 2.4.22.
Deleting this entry and re-slapadding I had another similar problem.
...
542.3 k/s str2entry: invalid value for attributeType reqRespControls #0
(syntax 1.3.6.1.4.1.4203.666.11.5.3.1)
...
The entry affected is this one: dn: reqStart=20100913093021.000000Z,cn=log,dc=mycorp.it <http://mycorp.it
...
reqRespControls: {0}{1.3.6.1.4.1.42.2.27.8.5.1 controlValue "3000"}
Both errors seem to indicate that slapd doesn't recognize a LDAP control OID - in the first case the LDAP Content Sync control (syncrepl) (1.3.6.1.4.1.4203.1.9.1.1) and in the second the password policy (1.3.6.1.4.1.42.2.27.8.5.1).
Could it be that the system you encounter this on does not have the syncprov and ppolicy overlays enabled, whereas your others do?
Hope this helps, Jonathan
--
Jonathan CLARKE
Normation 44 rue Cauchy, 94110 Arcueil, France
Telephone: +33 (0)1 83 62 26 96
Web: http://www.normation.com/