Hi Jonathan,
no, all my 4 systems are configured equally, same
configuration file (except for little specifications of every single
instance) on all of them. The only difference is OL version which is
2.4.23 on this one, and 2.4.22 on others.
Could it be due to the order of directives in my configuration file?
This is the order of inclusion of my overlay directives:
- overlay_password_policy
- overlay_syncprov
- overlay_auditlog
- overlay_accesslog
- overlay_sssvlv
- overlay_memberof
Thanks again
Marco
Hi Marco,
Le 16/09/2010 13:07, Marco Pizzoli a écrit :...
I came to this evidence in investigating an anomaly that I'm having with
my accesslog database.
Symptom I was having was continuous high cpu spot. I suspected it was
due to my accesslog database.
- I made a slapcat of my entire log database.
- I erased my log database
- I tried a slapadd of my log database
I had this problem:
...
90.2 k/s str2entry: invalid value for attributeType reqControls #0
(syntax 1.3.6.1.4.1.4203.666.11.5.3.1)
dn: reqStart=20100913065628.000008Z,cn=log,dc=mycorp.it <http://mycorp.it>
I went to that line and found this entry:
......
reqControls: {0}{1.3.6.1.4.1.4203.1.9.1.1 controlValue
"30440K0103043M7269643N
3030332M7369643N3030342M63736O3N32303130303931333036353130362O3932343735355K2
330303030303023303033233030303030300001PP"}
reqControls: {1}{2.16.840.1.113730.3.4.2 criticality TRUE}
...
Can someone tell me why this entry result not accepted to my openldap
system?
I'm using OL 2.4.23 with password policy overlay defined.
The entry I posted is related to an access made by a specific
syncrepl-user. Replica configured in mirror-mode.
Other OL systems are 2.4.22.
Deleting this entry and re-slapadding I had another similar problem.
...
542.3 k/s str2entry: invalid value for attributeType reqRespControls #0
(syntax 1.3.6.1.4.1.4203.666.11.5.3.1)
...dn: reqStart=20100913093021.000000Z,cn=log,dc=mycorp.it <http://mycorp.it>
The entry affected is this one:
Both errors seem to indicate that slapd doesn't recognize a LDAP control OID - in the first case the LDAP Content Sync control (syncrepl) (1.3.6.1.4.1.4203.1.9.1.1) and in the second the password policy (1.3.6.1.4.1.42.2.27.8.5.1).
reqRespControls: {0}{1.3.6.1.4.1.42.2.27.8.5.1 controlValue "3000"}
Could it be that the system you encounter this on does not have the syncprov and ppolicy overlays enabled, whereas your others do?
Hope this helps,
Jonathan
--
==========================================
Jonathan CLARKE
------------------------------------------
Normation
44 rue Cauchy, 94110 Arcueil, France
------------------------------------------
Telephone: +33 (0)1 83 62 26 96
------------------------------------------
Web: http://www.normation.com/
==========================================