Hi,
I've been reading the slapd.access back and forth a few times in search
for a way to make an ACL, which defines read (and only read) access to a
whole subtree in the DIT based on the value of an attribute of the
subtree root node.
I've found out how to do it for a named user by defining
Hi,
I have a large database with several million entries, which for a few
specific entries takes very long (several minutes) to search.
Looking at the debug output the search suddenly goes into a mode where
it tests a lot of completely irrelevant entries and outputs a lot of
bdb_search:
On 2011-12-09 20:40, Quanah Gibson-Mount wrote:
4.8.26 was pulled by Oracle. The only version available for download is
4.8.30. I would advise updating BDB as a first step.
I have actually reproduced what I suspect is the same problem (it's the
same entries affected anyway) with an
Hi,
I'm trying to make sense of the use of binary in misc client API's.
Some API's (like perl Net::LDAPapi) seem to offer a b option do
add/modify operations which controls whether the ;binary
AttributeOption is set on an attribute.
For Net::LDAPapi this translates (from what I see in the
Hi,
I have a database with close to 11 million entries and lately deletes
have started to get painfully slow.
I've set up a new server with a lot of improvements, but if anyone have
an idea about what the deciding factor for the performance difference
is, then I would be grateful.
On the
Quanah Gibson-Mount wrote:
It could be a bug in back-monitor...
I assume that delete operations are writes.
If so, you may be right.
I've just tried doing an ldapdelete -r on a subtree with several
thousands entries and just before it finished the connection monitor
entry was this:
#
Hi,
I have a large database which I've migrated from slapd 2.3 (bdb) to
slapd 2.4.20 (hdb) with:
overlay refint
refint_attributes member
Unfortunately, after the migration I've experienced at least twice where
a Group object had members referring to non-existent objects.
The migration was
Hi,
I notice that when I run db4.8tat -t the Active Transaction list does
not change very often. I would have expected it to not be the same
twice. So I guess I have a lot of stuck transactions?
I use back_hdb and slapd is under some load.
Could this be related to the messages in the log:
Hi,
I tried to increase the number of simultaneous TCP connection to my
slapd (to around 800) and was a little surprised to see the result.
While slapd still answers very fast in ldapi:/// , TCP connections now
takes a while to connect() and after that even longer to answer the
query. I can
Peter Mogensen wrote:
Another thing bothering me is that a few threads on server1 are using
99.9% CPU.
Actually... it's not the same thread. There's a constant re-spawning of
threads and many of them seem to end up user 99.9% CPU.
Can that be releated to the log-messages?:
Dec 10 12:12:11
Quanah Gibson-Mount wrote:
--On Friday, December 04, 2009 1:12 PM +0100 Peter Mogensen
a...@mutex.dk wrote:
In general it seems server-2 won't find changes to server-1 made while
server-2 is down... which kinda defeats the purpose of mirrormode.
What openldap release are you using
Hallvard B Furuseth wrote:
Peter Mogensen writes:
I'm trying to understand why changes made to SID 1 in my mirror set
while SID 2 is down does not get propagated to SID 2 when it comes up.
Maybe your mirror is configured with refreshAndPersist mode and you have
not specified a retry interval
Hi,
I was trying to manual change and HDB LDIF config to BDB and failed to
guess the correct ObjectClass (instead of olcHdbConfig).
Looking at the example in section 5.3:
http://www.openldap.org/doc/admin24/slapdconf2.html#Configuration%20Example
...It seem the objectclass is olcBdbConfig,
Previously I described problems when using this procedure to bootstrap a
mirrormode pair with a large LDIF. I've reproduced it with a much
smaller subset of the database, and there must be something wrong with
the procedure or a bug.
What I do is:
1) Took an slapcat generated LDIF from a
Peter Mogensen wrote:
What I do is:
1) Took an slapcat generated LDIF from a 2.3.x setup
2) Removed all entryCSN and contextCSN lines.
3) Ran slapadd -S 1 -q -w -l ~/load_noCSN.ldif on server-1
4) Did a slapcat toserver2.ldif on server-1
5) Started server-1 and let applications create
Hi,
It seems weird results are popping up faster than I can assemble
test-setups to reproduce.
I ran a test in mirrormode were I:
1) Took an slapcat generated LDIF from a 2.3.x setup
2) Removed all entryCSN and contextCSN lines.
3) Ran slapadd -S 1 -q -w -l ~/load_noCSN.ldif on server-1
4)
Quanah Gibson-Mount wrote:
--On November 18, 2009 1:35:42 PM +0100 Peter Mogensen a...@mutex.dk
wrote:
I know this is probably a don't do that, but I was somewhat surprised
by the outcome.
Don't do that. :) Remember, for example, that slapadd -q is doing a
very minimal protected BDB
17 matches
Mail list logo