Re: duplicated naming context when using syncrepl proxy
On 2018-08-20 21:38, Michael Ströder wrote: On 2018-08-20 11:06, Jochen Keutel wrote: I've set "hidden on" for this backend but the problem remains. Ah, overlooked this. But anyway I'd examine tests/data/slapd-syncrepl-multiproxy.conf more closely. I can confirm that the same suffix DN is returned twice with OpenLDAP 2.4.46 and a small test config derived from slapd-syncrepl-multiproxy.conf: dn: namingContexts: dc=example,dc=com namingContexts: dc=example,dc=com I think it's worth to file a bug since the LDAP front-end should never return such an attribute value set (which is obviously not a set in this case). Ciao, Michael.
Re: Q: Co-existence of OpenLDAP and 389 Directory Server?
On 2018-08-20 12:54, Ulrich Windl wrote: However I wonder if it's possible to integrate a 389DS (ns-slapd, http://www.port389.org/) into an OpenLDAP multi-master configuration. Even if you get syncrepl working you will get into trouble because schema checking in 389-DS is not as strict as with OpenLDAP. Which means a client can write data to 389-DS which is rejected in OpenLDAP. IMO this lack of schema-checking is also one of the main reasons not to use 389-DS. Ciao, Michael.
Re: help to get our openldap updated and replicated
Am Tue, 21 Aug 2018 15:50:49 -0700 schrieb ad...@genome.arizona.edu: > Hi all, I am about the 4th sysadmin for our organization, and our > openldap is old, 2.4.40 system version for CentOS 6.9. Also there > might have been incorrect modifications to the slapd.d files since it > was really difficult to update things. The olcRootDN was set to > "cn=config" somehow so I had to manually update that to the Manager > account and figure out the CRC32 and everything, but at least I could > make some updates now. The cn=config rootDN is correct, if this is bound to a config database. > Anyway, I would like to get our installation updated to a current > version, as well as set up some sort of replication with our other > server, in case one goes down then our users could still login and > use our applications, or I could still add/delete users. Perhaps a > multi-master config would be best? (Also maybe update the databases > too since they are using bdb format? but maybe that is just > unnecessary extra work) I tried to setup replication by following a > guide, but was not successful and actually made things worse for our > demon, so had to undo the changes for now. I guess 2.4.40 has some > problems with replication anyway from what I've heard. A simple mirror mode schould work anyhow. > First, to get openldap updated, would it be as simple as compiling > the new version and then updating the init script /etc/init.d/slapd > to point to the new binaries? I would stop slapd and get a backup of > /etc/openldap and /var/lib/ldap. Then I could just leave our current > config in /etc/openldap and databases in /var/lib/ldap? I've already > built the new version and "make test" was successful so am ready to > proceed from there with your assistance and suggestions. 1. slapcat(8) the old database to a file, 2. install libraries and binaries 3. setup a new config database, that is: creat a slapd.conf file to your requirements, configure a slapd-mdb(5) database, load the database file by slapadd(8), slaptest(8) will create a config database. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
Re: OpenLDAP instances crashes
Dear Norman, Many thanks for your kind help & support. We'll surely try your recommendations. *Thanks & Kind Regards,* Saurabh LAHOTI. *Ideas enlighten Innovation**!!!* Please consider the environment before printing this mail..!! On Thu, 23 Aug 2018 at 11:07, Norman Gray wrote: > > Saurabh, hello. > > On 22 Aug 2018, at 19:25, Saurabh Lahoti wrote: > > > This is a custom overlay build in 2006 by our ex team mate & he did > > the > > installation on older versions. This August we did a migration from > > old > > version to 2.4.46 & lmdb backend. Is it that we skipped some steps in > > this > > movement..? > > Ah, that's _very_ relevant information. Without knowing anything more > about your setup, that custom overlay would be the very first thing you > should look at. There's very little a mailing list can help with, > concerning a custom overlay. > > Probably the best thing you can do in the immediate term is to revert to > a backup of your previous system, presuming such a thing exists, and > that the previous system is (at least) basically working. Then you need > to find someone who's able to look at the custom overlay code. It might > be worth trying to work out if you can do without the overlay. > > I notice that there's an ongoing list thread 'help to get our openldap > updated and replicated'. That thread might be worth monitoring, on > general principles. > > Best wishes (and good luck), > > Norman > > > -- > Norman Gray : https://nxg.me.uk > SUPA School of Physics and Astronomy, University of Glasgow, UK >
Re: OpenLDAP instances crashes
Saurabh, hello. On 22 Aug 2018, at 19:25, Saurabh Lahoti wrote: This is a custom overlay build in 2006 by our ex team mate & he did the installation on older versions. This August we did a migration from old version to 2.4.46 & lmdb backend. Is it that we skipped some steps in this movement..? Ah, that's _very_ relevant information. Without knowing anything more about your setup, that custom overlay would be the very first thing you should look at. There's very little a mailing list can help with, concerning a custom overlay. Probably the best thing you can do in the immediate term is to revert to a backup of your previous system, presuming such a thing exists, and that the previous system is (at least) basically working. Then you need to find someone who's able to look at the custom overlay code. It might be worth trying to work out if you can do without the overlay. I notice that there's an ongoing list thread 'help to get our openldap updated and replicated'. That thread might be worth monitoring, on general principles. Best wishes (and good luck), Norman -- Norman Gray : https://nxg.me.uk SUPA School of Physics and Astronomy, University of Glasgow, UK