On Wed, Nov 12, 2014 at 01:02:36AM +0200, Igor Shmukler wrote:
Interestingly, lsof does have the following entry: slapd 13310 openldap mem REG 202,1 26872 409681 /usr/lib/ldap/sssvlv-2.4.so.2.8.3
Hence, it seems that sssvlv is loaded. At the same time, ldapsearch is telling me "VLV control requires server side sort control"
It would appear that the sssvlv *module* has loaded, but you still have to apply the overlay to the database that you want it to work on.
Does this mean like Quanah said that my OpenLDAP from Ubuntu server is broken?
Not necessarily. Many people on this list dislike the way that some of the major Linux distros build OpenLDAP and the old versions of OpenLDAP that they use, so the default setup tends to get described as 'broken'. Quanah was also referring to the fact that you had hand-edited a file under /etc/ldap/slapd.d/cn=config - that is a very risky thing to do and you may have caused problems that way.
In this case I think it more likely that you just need to add the overlay to the database.
On Wed, Nov 12, 2014 at 08:38:14AM +0000, Chris Card wrote:
Date: Wed, 12 Nov 2014 08:38:14 +0000 From: Chris Card ctcard@hotmail.com
dn: olcOverlay=sssvlv,olcDatabase={1}bdb,cn=config objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5
something like
ldapadd -x -w <password> -D cn=config -f <ldif file>
As Chris says, ldapadd (or slapadd if the server is down) is the right way to modify a config of this type. The exact LDIF required will depend on your database setup: Chris has assumed that you want the overlay on the first non-config database and that it is a bdb. If your setup is different then the DN will have to change.
Note also that bdb is deprecated. If you continue to use the binaries shipped with Ubuntu then you should at least consider swapping to hdb. Ideally you should build the latest OpenLDAP from source and use mdb. Changing to a different database type requires dumping all data to LDIF text files and re-loading it in the new database, so this is not something to be undertaken until you are more familiar with OpenLDAP.
Andrew