Tx! We'plan to upgrade the system, so we'll use openldap2.4.x. We have more than 1500 server and about 50% of them are linux, we must use rhel rpms (due to our datacenter roles, all the servers should be identical). The worst thing was that testing with the same db without the index files, all the results of the query are almost immediate. I'm unable to reproduce the problem in test environment. Regards Michele MAsè
On Tue, May 15, 2012 at 6:24 PM, Quanah Gibson-Mount quanah@zimbra.comwrote:
--On Tuesday, May 15, 2012 2:55 PM +0200 Michele Mase' < michele.mase@gmail.com> wrote:
Anyone???????
OpenLDAP 2.3 has not been supported for several years. Since it stopped development, there have been hundreds, if not over a thousand, bug fixes and improvements. Furthermore, I'm going to guess that you are running RH's build of OpenLDAP 2.3, which was even further behind than the last release of OpenLDAP 2.3. Given the information you provided, I would guess that there is some bug in the version of BDB that OpenLDAP was linked to that caused the error. I would note that at one point RH was linking OpenLDAP against BDB version 4.3, despite the fact OpenLDAP's configure script explicitly disabled such linking because BDB 4.3 was known to have serious issues. If your 2.3 OpenLDAP is linked to BDB 4.3 that could well be the cause of your issue.
Beyond that, trying to investigate any further is a waste of everyone's time. Upgrade to a modern supported version of OpenLDAP, and build your own packages, don't rely on distribution packages.
<http://www.openldap.org/faq/**data/cache/1456.htmlhttp://www.openldap.org/faq/data/cache/1456.html
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
On Wednesday, 16 May 2012 15:12:15 Michele Mase' wrote:
Tx! We'plan to upgrade the system, so we'll use openldap2.4.x. We have more than 1500 server and about 50% of them are linux, we must use rhel rpms (due to our datacenter roles, all the servers should be identical).
Unless you have other rules which you haven't documented, there is no reason why you should not be able to deploy *additional* RPMs. Surely you deploy other non-RHEL software? I would hope it is also deployed by RPM ... unless you're stuck with 'Enterprise software' (e.g. a Java dependency-deficient mess).
Regards, Buchan
We have to maintain 500+ custom apps and the skill is not so high, so it's better if we don't touch system related packages. Michele Masè
On Wed, May 16, 2012 at 5:00 PM, Buchan Milne bgmilne@staff.telkomsa.netwrote:
**
On Wednesday, 16 May 2012 15:12:15 Michele Mase' wrote:
Tx! We'plan to upgrade the system, so we'll use openldap2.4.x. We have
more
than 1500 server and about 50% of them are linux, we must use rhel rpms
(due to our datacenter roles, all the servers should be identical).
Unless you have other rules which you haven't documented, there is no reason why you should not be able to deploy *additional* RPMs. Surely you deploy other non-RHEL software? I would hope it is also deployed by RPM ... unless you're stuck with 'Enterprise software' (e.g. a Java dependency-deficient mess).
Regards,
Buchan
On 16/5/2012 11:48 μμ, Michele Mase' wrote:
We have to maintain 500+ custom apps and the skill is not so high, so it's better if we don't touch system related packages.
It would not be really feasible to advise anything without *good* knowledge of your environment, but I guess that you have an internal repo that feeds your servers and a mechanism to submit mass commands (e.g. by mass-uploading cron jobs to all servers). (As a side note, it would be interesting to know some basic details on your workflow.)
RHEL/CentOS 5 OS has, AFAIK, tight integration with the standard 2.3 package so the base package, in all cases I know, is never replaced/upgraded. Rather, a new package is installed and used using non default system paths. This is the approach followed by Buchan's, Symas' and LTB RPMs for CentOS / RHEL 5. (We are using the LTB packages on all - a small number, compared to yours - our servers, now with v2.4.31.)
So, if you want to use OpenLDAP 2.4.x, plan the change well and take care that your system path uses the new ldap* client executables (for LTB you can see: http://tools.ltb-project.org/issues/408), and there is no problem with leaving system files alone (there is no conflict in having installed even all of the above packages at the same time; it's your decision to decide what will be running/used at any one time!).
Yet, despite the effort to migrate, I can assure you that you are going to see enormous OpenLDAP stability improvement moving from 2.3 to 2.4
I am not a real expert, but I am trying to help based on my experiences. Just 2c.
Good luck, Nick
Tx for the suggestion! We plan to migrate where possible to rhel6, that has included the 2.4.x openldap (and the possibility of hot adding ram and cpu in VM env). We have already tested a multi-master conf. that works fine. Tx Michele Masè
On Fri, May 18, 2012 at 12:48 PM, Nick Milas nick@eurobjects.com wrote:
On 16/5/2012 11:48 μμ, Michele Mase' wrote:
We have to maintain 500+ custom apps and the skill is not so high, so
it's better if we don't touch system related packages.
It would not be really feasible to advise anything without *good* knowledge of your environment, but I guess that you have an internal repo that feeds your servers and a mechanism to submit mass commands (e.g. by mass-uploading cron jobs to all servers). (As a side note, it would be interesting to know some basic details on your workflow.)
RHEL/CentOS 5 OS has, AFAIK, tight integration with the standard 2.3 package so the base package, in all cases I know, is never replaced/upgraded. Rather, a new package is installed and used using non default system paths. This is the approach followed by Buchan's, Symas' and LTB RPMs for CentOS / RHEL 5. (We are using the LTB packages on all - a small number, compared to yours - our servers, now with v2.4.31.)
So, if you want to use OpenLDAP 2.4.x, plan the change well and take care that your system path uses the new ldap* client executables (for LTB you can see: http://tools.ltb-project.org/**issues/408http://tools.ltb-project.org/issues/408), and there is no problem with leaving system files alone (there is no conflict in having installed even all of the above packages at the same time; it's your decision to decide what will be running/used at any one time!).
Yet, despite the effort to migrate, I can assure you that you are going to see enormous OpenLDAP stability improvement moving from 2.3 to 2.4
I am not a real expert, but I am trying to help based on my experiences. Just 2c.
Good luck, Nick
--On Sunday, May 20, 2012 2:13 PM +0200 Michele Mase' michele.mase@gmail.com wrote:
Tx for the suggestion! We plan to migrate where possible to rhel6, that has included the 2.4.x openldap (and the possibility of hot adding ram and cpu in VM env). We have already tested a multi-master conf. that works fine.
Using the OpenLDAP included with RHEL6 is a terrible idea. If you want to use OpenLDAP as a server, then build it yourself, or use packages from any of the numerous other sites that will build it out for you, so that you can stay current. Distro packages are in general only for using the client libraries.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Buchan Milne -
Michele Mase' -
Nick Milas -
Quanah Gibson-Mount