Re: [EXTERNAL] removed syncrepl getting Server is unwilling to perform (53)

2023-08-29 Thread Bradley T Gill
OlcReadOnly=FALSE ? Sent from my iPad On Aug 29, 2023, at 3:25 PM, Marc wrote:  I removed the synrepl from a ldap server. Now I am getting errors when deleting entries ldap_modify: Server is unwilling to perform (53) additional info: shadow context; no update referral I also tried adding

RE: [EXTERNAL] Re: setup two DNs on one single Openldap server running on Red Hat Enterprise Linux release 8.8 (Ootpa)

2023-10-02 Thread Bradley T Gill
It sounds to me like you want a relay database. From: Kaushal Shriyan Sent: Monday, October 2, 2023 6:41 AM To: Ulf Volmer Cc: openldap-technical@openldap.org Subject: [EXTERNAL] Re: setup two DNs on one single Openldap server running on Red Hat Enterprise Linux release 8.8 (Ootpa) On Mon,

RE: [EXTERNAL] Antw: [EXT] OpenLDAP 2.6 is holding connections open

2022-07-28 Thread Bradley T Gill
-Original Message- From: Ulrich Windl Sent: Thursday, July 28, 2022 5:35 AM To: Bradley T Gill ; openldap-technical@openldap.org Subject: [EXTERNAL] Antw: [EXT] OpenLDAP 2.6 is holding connections open This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious

OpenLDAP 2.6 is holding connections open

2022-07-27 Thread Bradley T Gill
All, I have been struggling with upgrading OpenLDAP from 2.4 to 2.5/2.6 for some time. We have finally found that we needed to rebuild the schema from scratch and re-add our customizations. The database is now running much better with one lingering problem. Our Established

RE: Antw: RE: [EXTERNAL] Antw: [EXT] OpenLDAP 2.6 is holding connections open

2022-08-02 Thread Bradley T Gill
to incide...@aep.com from a mobile device. >>> Bradley T Gill schrieb am 28.07.2022 um 14:17 in >>> Nachricht <6777136244004f3ba0fd72253ee0e...@aep.com>: > Ulrich, > Thanks for the response. I have been considering that setting, but > it is > unchanged from t

RE: [EXTERNAL] Unable to connect to 636 secure port using LDAP library

2022-08-15 Thread Bradley T Gill
Bandani, Is the host name your connecting with in the Certificate? Also, you can try an ldapseach with –ZZ to get some more connection information. Thanks, Bradley Gill From: BANDANI MAHARANA Sent: Saturday, August 13, 2022 6:11 AM To: Bradley T Gill Cc

RE: [EXTERNAL] Unable to connect to 636 secure port using LDAP library

2022-08-12 Thread Bradley T Gill
Have you configured your certificate TrustStore to trust the Chain that signed the Certificate on LDAPS? The trust should be defined the ldap.conf using TLS_CACERT Bradley Gill From: BANDANI MAHARANA Sent: Thursday, August 11, 2022 2:50 PM To: openldap-technical@openldap.org Subject:

Severe Performance Problems with dynlist on OpenLDAP 2.5+

2022-08-02 Thread Bradley T Gill
We have been struggling with an upgrade of OpenLDAP 2.4.x to any version after 2.5. Our upgrade process was installing the binaries, removing our ppolicy schema and doing a slapcat of the old database and a slapadd to the new version. After doing so, response time shows a noticeable delay

RE: [EXTERNAL] Overlays accesslog and dynlist

2022-12-12 Thread Bradley T Gill
I can tell you that we had to remove dynlist altogether starting with 2.5.x as just the creation of the object without even defining any attributes would cause our slapd to become unresponsive within an hour of normal traffic. -Original Message- From: Carsten Jäckel Sent: Monday,

Syncrepl has stopped 24 hours ago

2022-11-29 Thread Bradley T Gill
a rolling restart of our servers to see if that could spark them to sync, with no positive results. Thanks, [cid:image001.png@01D903D9.98037410]<http://www.aep.com/> BRADLEY T GILL | INFRASTRUCTURE ENGINEER STAFF bg...@aep.com<mailto:bg...@aep.com> | A:8.200.3054 1 RIVERSIDE PLAZA,

RE: [EXTERNAL] Re: Syncrepl has stopped 24 hours ago

2022-11-29 Thread Bradley T Gill
Thanks for the reply Quanah, We are using OpenLDAP 2.4.59 We are using delta-sync We are logging Sync and Stats I don't see any mapsize errors in the logs. Thanks, BRADLEY T GILL | INFRASTRUCTURE ENGINEER STAFF bg...@aep.com | A:8.200.3054 1 RIVERSIDE PLAZA

RE: [EXTERNAL] Re: Syncrepl has stopped 24 hours ago

2022-12-01 Thread Bradley T Gill
2.4GB is the maxsize, it was at 2.1GB. I checked the logs any maxsize errors. We combed through the logs looking for errors and didn't find anything unusual. -Original Message- From: Quanah Gibson-Mount Sent: Thursday, December 1, 2022 10:53 AM To: Bradley T Gill ; openldap-technical

RE: [EXTERNAL] Re: Slow Search?

2023-04-12 Thread Bradley T Gill
Quanah, Thanks for the response! I added ObjectClass eq and changed Attr to Attr eq (removed pres) and my search time is 1 faster! Etime is now 0.00066 Thanks! Bradley Gill From: Quanah Gibson-Mount Sent: Tuesday, April 11, 2023 5:05 PM To: Bradley T Gill ; openldap

RE: idea for possible RFE: universally unique connection IDs

2023-04-29 Thread Bradley T Gill
I don't know how much overhead a uuid would be. But something simple like a 1 or 2 digit rolling restart count to preface it could be useful without creating a ton of overhead. 10.1000 10.1001 Restart 11.1000 [cid:image001.png@01D97A74.B5E3F1F0]<http://www.aep.com/> BRADLEY

Slow Search?

2023-04-11 Thread Bradley T Gill
I have an ou with 3.2M users. Doing a simple search of 1 attribute with a scope of 1 and a base of that flat ou is taking 6.2 Seconds. In a replica database, I have attempted to remove all other indexes but the attribute I am searching for and it still is taking over 6 seconds. Is that to

RE: Slow Search?

2023-04-11 Thread Bradley T Gill
that. That isn’t usable. I am hoping I am missing a tuning parameter somewhere. Brad From: Christopher Paul mailto:chris.p...@rexconsulting.net>> Sent: Tuesday, April 11, 2023 3:51 PM To: openldap-technical@openldap.org<mailto:openldap-technical@openldap.org>; Bradley T Gill mailto:b

RE: Slow Search?

2023-04-11 Thread Bradley T Gill
: Christopher Paul Sent: Tuesday, April 11, 2023 3:51 PM To: openldap-technical@openldap.org; Bradley T Gill Subject: [EXTERNAL] RE: Slow Search? > of 1 attribute with a scope of 1 and a base of that flat ou is taking 6. 2 > seconds. Is that to be expected? Hey Brad, I have found that the re

RE: [EXTERNAL] How to check the version of openldap running

2024-01-22 Thread Bradley T Gill
Install location/bin/ldapsearch -VV From: kalybox2...@gmail.com Sent: Monday, January 22, 2024 12:54 PM To: openldap-technical@openldap.org Subject: [EXTERNAL] How to check the version of openldap running How to check the current openldap version software running? I am told its 2. 4. But is

RE: [EXTERNAL] Re: Upgrade Openldap software from 2.4 to 2.6

2024-01-24 Thread Bradley T Gill
Most import change will be ppolicy definition is included by default. So if you have definitions in your slapd.d you will need to remove it and rebuild your slapd.d before you attempt to start it. From: Quanah Gibson-Mount Sent: Wednesday, January 24, 2024 10:56 AM To: kalybox2...@gmail.com;

RE: [EXTERNAL] Re: Openldap 2.4 -> Openldap 2.6.3 replication hurdles

2024-01-24 Thread Bradley T Gill
We stay in the 2.5 LTS branch. 2.6 is more of a Dev Branch if I understand it correctly. From: Quanah Gibson-Mount Sent: Wednesday, January 24, 2024 11:39 AM To: Viktor Keremedchiev ; openldap-technical@openldap.org Subject: [EXTERNAL] Re: Openldap 2.4 -> Openldap 2.6.3 replication hurdles

Re: [EXTERNAL] TLS init: ca md too weak

2024-04-17 Thread Bradley T Gill
You should be able to regenerate the certificates with a secure signing algorithm. This thread has some other alternatives, like recompilining. OpenSSL with an insecure flag. [apple-touch-i...@2.png]

RE: [EXTERNAL] Re: How to properly monitor MDB usage

2024-05-08 Thread Bradley T Gill
If you want a monitor, Nagios XI is a pretty affordable and effective way. MDB monitoring is part of it. From: Quanah Gibson-Mount Sent: Tuesday, May 7, 2024 11:56 AM To: Benjamin Renard ; openldap-technical@openldap.org Subject: [EXTERNAL] Re: How to properly monitor MDB usage --On Tuesday,

olcDbURI

2024-03-15 Thread Bradley T Gill
Good Morning Group. I am struggling to find any documentation on this. Is there a limit to the amount of olcDbURI that can be defined for SASL? While I'm here, I might as well ask if there is a way to make it more resilient? Our servers get quarantined during pathing of AD and eventually

RE: [EXTERNAL] how to migrate an openldap server to a new linux server

2024-03-25 Thread Bradley T Gill
Why is it not accessible? It sounds like that is the 1st problem you need to solve. You can add an ldapi to the startup. From: xpzhang1...@gmail.com Sent: Saturday, March 23, 2024 3:34 PM To: openldap-technical@openldap.org Subject: RE: [EXTERNAL] how to migrate an openldap server to a new

RE: [EXTERNAL] how to migrate an openldap server to a new linux server

2024-03-25 Thread Bradley T Gill
This is sounding pretty shady. It sounds like it isn’t your data. From: xpzhang1...@gmail.com Sent: Monday, March 25, 2024 11:51 AM To: openldap-technical@openldap.org Subject: RE: [EXTERNAL] how to migrate an openldap server to a new linux server Because port 22 is not open, I can't ssh or

RE: [EXTERNAL] how to migrate an openldap server to a new linux server

2024-03-23 Thread Bradley T Gill
I would backup the database from the old server and restore it to the new one. Old Server {PATH}openldap/sbin/slapcat -n 0 – {PATH}/openldap/etc/openldap/slapd.d -l {PATH}/slapd.d.ldif {PATH}openldap/sbin/slapcat -b {BASE DN} -F {PATH}/openldap/etc/openldap/slapd.d -l {PATH}/config.ldif Copy