Re: bdb_index_read: failed
Arwin wrote: Hi all, We are running 1 master server and a couple of slaves, all openldap-2.4 on Ubuntu 8.04 lts, syncrepl and cn=config configuration. The last couple of days we are getting a few of the following errors in the slapd logs: Apr 29 11:03:41 ldapsrvr-1 slapd[6112]: bdb_idl_fetch_key: [b49d1940] Apr 29 11:03:41 ldapsrvr-1 slapd[6112]:= bdb_index_read: failed (-30990) Apr 29 11:03:41 ldapsrvr-1 slapd[6112]:= bdb_equality_candidates: id=0, first=0, last=0 Apr 29 11:03:41 ldapsrvr-1 slapd[6112]: = bdb_equality_candidates (objectClass) Tried solving it by re-adding the index and running slapindex but the errors still remain. Everything seems to work ok though, replication works, we can add/edit entries and user authentication of accounts in the dit work just fine. Can anybody tell me if this (bdb_index_read: failed (-30990)) is something that needs to be fixed and if so, how? No. It's normal, it just means it was looking for the index of a value that doesn't exist in your DB. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Re: LDAP/PAM First time
--On Tuesday, May 04, 2010 11:01 AM +0100 Rus Foster vas...@gmail.com wrote: However trying to pull out anything via ldapsearch gives r...@host-95-154-194-53 tmp]# ldapsearch -x What have I missed? Use the correct -b option to ldapsearch. In your case, likely ldapsearch -x -b dc=damnvps,dc=com --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration
Re: OpenLDAP bespoke schema to use 'ismemberof' to restrict user access to hosts
Sticking to 2.3.x is entirely RH/CentOS created issue. It's a shame that 2.4.x hasn't been introduced in RH/CentOS even two years after being released. We rolled our own 2.4.x RPM for RH/CentOS using RH openldap spec files and upgraded. YMMV. - Siddhartha On 5/4/10 9:36 AM, Quanah Gibson-Mount wrote: --On Tuesday, May 04, 2010 1:05 PM + Stuart Cherrington stuart_cherring...@hotmail.co.uk wrote: We're now migrating to OpenLDAP and I need the same functionality. I found the 'ismemberof' attribute does not appear to be part of the default schemas that come with Redhat 5.3 RPM's, Openldap is V 2.3.43. OpenLDAP 2.3.43 is deprecated and no longer supported. I would advise you use a supported release of OpenLDAP. 2.4.21 is the current stable release. 2.4.22 is the current release. I found an interesting article at http://forums.devshed.com/ldap-progr...te-191444.html on how to create your own schema's. So I created a file called /etc/openldap/schema/memberof.schema and put in the following text: I would advise looking at the slapo-memberof overlay that ships with openldap. You may also wish to read up on slapo-dynlist for dynamic groups as well. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration -- Thanks, - Siddhartha