Re: openldap server migration issue

Gavin Henry — 2008-08-30T08:41:31

It's the same data, so of course if you are typing the wrong password, you'll get the "Invalid credentials" message. How much clearer can the message be!

Re: olcServerID

Gavin Henry — 2008-08-30T08:39:58

Yeah, sounds good. Will add.

Re: olcServerID

Pierangelo Masarati — 2008-08-30T07:48:20

I think the man page is concise and precise. The admin guide could benefit from some more detailed explanation, and some examples of the case with URI: serverID 1 ldap://host1.example.com serverID 2 ldap://host2.example.com serverID 3 ldap://host3.example.com same slapd.conf, different FQDN: host1.example.com takes ID 1 host2.example.com takes ID 2 host3.example.com takes ID 3 each DSA will generate entryCSNs like host1.example.com: 20080830094621.123456Z#000000#001#000000 host2.example.com: 20080830094621.123456Z#000000#002#000000 host3.example.com: 20080830094621.123456Z#000000#003#000000 SID ^^^ p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando< at >sys-net.it -----------------------------------

Re: OpenLDAP Date

Philip Guenther — 2008-08-29T22:24:07

... On the systems that I'm familiar with, /etc/profile is only read by interactive shells and not by shells that are running scripts. If that's the case on your system, then the slapd started from a boot-time script would not see that setting, because there's no interactive shell in its process ancestry. For Solaris, the TZ variable is set for 'init' via the /etc/TIMEZONE file and processes inherit it from init. For Linux, you normally leave TZ unset and instead make /etc/localtime a symlink to the correct file under /usr/share/zoneinfo/. If you run something chrooted then you may need to set up an /etc/localtime file inside the chroot if you care about the timezone it uses. Nope. Philip Guenther

Re: openldap server migration issue

Gavin Henry — 2008-08-29T19:49:24

Why not just slapcat the data from the old server and slapadd it to the new? What version of OpenLDAP do you have? "Invalid credentials" means exactly that.

Re: OpenLDAP Date

Gavin Henry — 2008-08-29T19:40:53

What does syslog honour?

openldap server migration issue

2008-08-29T15:40:59

Hi, Can any one please help me in the following issue: Desc: I am in the process of migrating openldap from one server to antother server. current openldap server: server1.example.com new openldap server : server2.example.com Below is the procedure i have followed to migrate it: 1. setup server2.example.com as replica server of server1.example.com 2. after syncing the DB files , made it as standalone master ldap. for testing iam using the below commands: 1. when i search for info as Manager it is giving all the information server2#ldapsearch -x -b 'dc=example,dc=com' -D "cn=Manager,dc=example,dc=com" '(objectclass=*)' -H ldaps://server2.example.com -W 2. But when i try to search as a normal user it is throwing the following error. server2# ldapsearch -x -b 'dc=example,dc=com' -D "uid=okkamagadu,ou=People,dc=example,dc=com" '(objectclass=*)' -H ldaps://server2.example.com -W Enter LDAP Password: ldap_bind: Invalid credentials (49) <<

Re: olcServerID

Gavin Henry — 2008-08-29T15:41:57

----- "Pierangelo Masarati" sys-net.it> wrote: Maybe this should be added to the replication section of the admin guide. The man page is consise: serverID [] Specify an integer ID from 0 to 4095 for this server (limited to 3 hexadecimal digits). These IDs are required when using multimaster replication and each master must have a unique ID. Note that this requirement also applies to separate masters contributing to a glued set of databases. If the URL is provided, this directive may be specified multiple times, providing a complete list of participating servers and their IDs. The fully qualified hostname of each server should be used in the supplied URLs. The IDs are used in the "replica id" field of all CSNs generated by the specified server. The default value is zero. Example: serverID 1

Re: olcServerID

Pierangelo Masarati — 2008-08-29T14:37:59

The serverID config statement (olcServerID attribute in back-config) is used to inform a specific server about its own id within a local replication pool. Without URL, only one occurrence of serverID is allowed. When the URL is specified, multiple occurrences are allowed, but only one takes effect: the one whose URL matches the listener of the server. So the URL-qualified multiple occurrences of serverID basically allow to share the same configuration within multiple servers of the same replication pool, guaranteeing that each server will pick up the correct id based on the URL. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando< at >sys-net.it -----------------------------------

Re: OpenLDAP Date

andylockran — 2008-08-29T10:11:10

TZ="Europe/London"; export TZ that's in /etc/profile, and the date shows up correctly as: Fri Aug 29 11:09:34 BST 2008 Does openldap pull its timezone data from elsewhere. Regards, Andy

Re: slapadd bulk load performance issue

tamarin p — 2008-08-29T14:31:57

2008/8/29 Skulj Blaz iskratel.si> Unless I'm mistaken you've only set aside ~20m for the bdb cache. Adding another zero might speed things up. After some tips here, I recently slapadded a directory of about 4 million entries (LDIF of 2.9GB) in much less than that, using -q. Didn't time or monitor it closely, but less than a working day for sure.

olcServerID

andylockran — 2008-08-29T08:03:58

http://blog.suretecsystems.com/archives/40-OpenLDAP-Weekly-News-Issue-5.html In the third box of code, this appears to set up the Master node with 3 serverIDs +URLS, when previously it was set up with a single serverID (which I assumed to be its identifier) is this correct? I'm running version 2.4.10 on both servers. Regards, Andy

unique id required

Arpit Jain — 2008-08-29T07:29:56

Dear List Members, OpenLDAP version 2.3.39 on RHEL5 I am using "OpenLDAP " to store information. This information is retrieved by a "client" and made available to "user" via the vfs(virtual fire system) interface in linux. The user then reads/writes/browses the information just like in a filesystem. I can store a 64-bit id of each entry as inode number in my client. A "unique id" of size 64-bits is required for each entry so that once an entry is searched by giving "dn", further searches for the entry can be done using that unique id. The unique id must be in some way auto-generated by openldap server. entryUUID has been identified to fulfills all the requirements except that it is 128-bit long. I would like to know if there is some other operational attribute which is unique for each entry and of size 64-bits? of if I can extract a 64-bit unique value from entryUUID or any other attribute? If required the operation can be shifted to some other version of OpenLDAP also. Arpit J. Center for Development

slapadd bulk load performance issue

Skulj Blaz — 2008-08-29T07:49:34

Hello, Version OpenLDAP: 2.4.11 OS: Linux Red Hat ES 4.6 Storage: Berkeley DB 4.2 (+4 patches) I'm testing performance in importing big LDIF file with 2 milions of entries (22.000.000 number of attributes). LDIF file is 600 MB big, one entry looks like this: dn: itContainerId=20000001,ou=Container,l=example,c=com objectClass: labeledURIObject objectClass: itContainerOC itContainerId: 20000001 itContainerType: 1 itContainerName: ljubljana1 itContainerStatus: 0 itParentContainerId: 3000000 itConfigurationNeeded: FALSE itSerialNumber: 04 itRegType: 1 I use slapadd tool with -q option : slapadd -q -f slapd.conf -l 2_milions_of_entry.ldif and the following configuration settings: database bdb dbcachesize 1000000 cachesize 150000 sizelimit 150000 checkpoint 10 1 set_cachesize 0 20000000 0 set_lg_regionmax 262144 set_lg_bsize 2097152 In my case, it takes about 20!!! hours to load the entire LDIF contents. Is this normal? Did anybody has experiences with loading of such amount of data? Am i perha

Re: OpenLDAP Date

Howard Chu — 2008-08-29T05:03:12

No, there's nothing in slapd that messes with the system clock. Probably you have an incorrect TZ or other environment variable when slapd starts.

OpenLDAP Date

andylockran — 2008-08-28T16:07:51

Hi, I'm in the process of upgrading a 2.3.41 directory up to the 2.4 branch. I've got a few virtual machines with which I've been testing and running syncrepl. I've successfully 'pulled' all the data out from the old server (2.3) and that's now in database 1 on my new server. However, having installed openLDAP on another new server.. the date that logs are reporting is an hour earlier than the system time. Is there a configurable run-time option in slapd, to get the date? I've currently not got monitoring setup. Regards, Andy

Re: BDB and cache settings - anything wrong? userPassword field keepsgetting corrupted.

Howard Chu — 2008-08-29T00:18:10

The default hash has always been SSHA. It sounds like the original poster just doesn't know about base64 values in LDIF...

Re: BDB and cache settings - anything wrong? userPassword field keepsgetting corrupted.

2008-08-28T22:19:59

You dont seem to have an explicit "password-hash" statement that specifies MD5 hash. Perhaps is defaulting to "password-hash {SSHA}" which is a salted hash (even if you hash the same value, you get a different string each time) unlike MD5 which usually gives you the same hash string output, where the input string is the same. Probably best to state the password hash type explicitly (assuming you care), rather than rely on the default, which might change depending on openldap version / compile options / libraries in the build environment etc., Cheers Brett

Re: openldap 2.4.9 dies adding uid of a single character (overlayunique uid)

Buchan Milne — 2008-08-28T11:28:05

The above URL just seems to be an archive of OpenLDAP's bug mailing list, the mail referenced being: Subject: (ITS#5511) SIGABRT in slapo-unique when setting uidNumber to 0 However, the OP could have found in the ITS that this appears to have been fixed in HEAD/RE24 on 15 May, and the fix should have been in 2.4.10 according to the release notes. Regards, Buchan

Re: openldap 2.4.9 dies adding uid of a single character (overlayunique uid)

Pierangelo Masarati — 2008-08-28T11:05:28

Please post replies to the list. 291168< at >telefonica.net wrote: If people would post OpenLDAP issues to OpenLDAP instead of other, unrelated lists, issues could be resolved faster. Anyway, I note that since OpenLDAP 2.4.9 there were at least two fixes related to unique overlay, if this is the case. Did you check with the latest release? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando< at >sys-net.it -----------------------------------

Re: hdb search performance

tamarin p — 2008-08-28T09:50:44

2008/8/26 Howard Chu symas.com> Wasn't aware of this parameter, and couldn't find it in the administrator guide. Tried setting it to about the same as cachesize but it doesn't seem to have a huge effect. The first time the search runs after server-start-up, it still takes minutes to complete. Interestingly enough, CPU usage is very low during this time, below 10%, and even below 5% most of the time. iostat reports about 3.4% iowait. Is there a way to verify that my indexes are working properly? As far as I can tell, they are present. There's an o.bdb and an objectclass.bdb in /var/lib/ldap. Also using loglevel 256 and not seeing any warnings in the log about unindexed attributes. I tried running slapindex again but that doesn't seem to have had any effect.

gmane.network.openldap.general

Re: openldap server migration issue

Re: olcServerID

Re: olcServerID

Re: OpenLDAP Date

Re: openldap server migration issue

Re: OpenLDAP Date

openldap server migration issue

Re: olcServerID

Re: olcServerID

Re: OpenLDAP Date

Re: slapadd bulk load performance issue

olcServerID

unique id required

slapadd bulk load performance issue

Re: OpenLDAP Date

OpenLDAP Date

Re: BDB and cache settings - anything wrong? userPassword field keepsgetting corrupted.

Re: BDB and cache settings - anything wrong? userPassword field keepsgetting corrupted.

Re: openldap 2.4.9 dies adding uid of a single character (overlayunique uid)

Re: openldap 2.4.9 dies adding uid of a single character (overlayunique uid)

Re: hdb search performance