Open LDAP performance tuning

Hi Everyone, I have a master LDAP that replicats to three slave ldaps. I'm looking to enhance the performance of my LDAP system. Basically i have an application that access my ldap system. Lots of users are going to access it. Can anyone tell me what entries can i add to by slapd.conf file to

Re: OL 2.3.7 and password policy

On Mon, 2005-09-12 at 17:10 -0700, Howard Chu wrote: > Samuel Tran wrote: > > Hi All, > > > > I am testing OL 2.3.7 on a Debian Sarge box. > > I would like to implement the password policy overlay. > > > > When I try to create a dn that would hold the password policy: > > > > [EMAIL PROTECTED]:~$ l

run command when change to ou=something,dc=example,dc=com was made?

I have a program that reads data from ou=something,dc=example,dc=com, and then creates config files out of it. It currently runs from cron, but as the changes are made rather seldom (but should be made almost immediately), I feel that this constant pulling of OpenLDAP server, creating config f

Re: SyncRepl stops after a few entr ies [auf Viren überprüft]

Quanah Gibson-Mount schrieb am 12.09.2005 18:00: You need to update to OpenLDAP 2.3.7, and then apply the attached patch. Thank you, I'll try! Will the patch be included in 2.3.8? Hans

Problem with replication

Hi, I had 2 machines with a working OpenLDAP master/slave setup. But due to harddisk crash I wanted to move this to 2 new machines. To do this I copied the both slapd.conf and edited the "replica" section with the new hostnames. I also shut down the old LDAP master and dumped it to an LDIF file w

Re: requesting clarification of use of config backend

On Mon, Sep 12, 2005 at 03:47:12PM -0700, Howard Chu wrote: > For docs, see http://www.openldap.org/doc/admin23/slapdconf2.html > > It is redundant to list the rootdn in any ACL clause; the rootdn always > has full privileges and ignores all ACLs. Listing the rootdn merely > makes ACL evaluation

using "ldapsearch" client utility

Hi Friends, I am new to this group. Recently I started using open LDAP software. I have installed open LDAP software on my machine (clients only). My plan is to connect to a public LDAP server by using openLDAP client utilites. I am planning to connect to the public LDAP server for which URL is

slapd crashing with Mac OS X clients

Hello :-) We have been happily authenticating various clients against our openldap install, including various Linux, Solaris & IRIX machines. Recently, a department has been experimenting with authenticating Mac OS X clients against our openldap servers, which has been causing slapd to fall ov

Re: Open LDAP performance tuning

One of the first things I'd do is to find out what type of searches (slapd -d32) are being done and start creating indices as needed. Robert Moe wrote: Hi Everyone, I have a master LDAP that replicats to three slave ldaps. I'm looking to enhance the performance of my LDAP system. Basicall

Re: SyncRepl stops after a few entries [auf Viren übe rprüft]

--On Tuesday, September 13, 2005 9:13 AM +0200 Hans Moser <[EMAIL PROTECTED]> wrote: Quanah Gibson-Mount schrieb am 12.09.2005 18:00: You need to update to OpenLDAP 2.3.7, and then apply the attached patch. Thank you, I'll try! Will the patch be included in 2.3.8? It should be. --Quana

Re: using "ldapsearch" client utility

Venkata Rao Muvva writes: > I am planning to connect to the public LDAP server for which URL is > "http://www.emailman.com/ldap/public.html";. That's not the URL of an LDAP server. That's a web page which lists LDAP servers. Some of them quite old, apparently. If you look at e.g. University of

Re: using "ldapsearch" client utility

Venkata Rao Muvva wrote: My plan is to connect to a public LDAP server by using openLDAP client utilites. I am planning to connect to the public LDAP server for which URL is "http://www.emailman.com/ldap/public.html";. I tried to execute the ldapsearch command and I am not successful. Examp

Re: Open LDAP performance tuning

On Tue, 2005-09-13 at 07:22 -0700, Moe wrote: > Hi Everyone, > > I have a master LDAP that replicats to three slave ldaps. I'm looking to > enhance the performance of my LDAP system. Basically i have an application > that access my ldap system. Lots of users are going to access it. Can anyone

Re: Open LDAP performance tuning

All the searches are based on uid attribute. What should i set the indexes to. pres, eq, sub?. I actually haven't found description of these and i don't know what they mean. Moe __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam

Re: slapd crashing with Mac OS X clients

--On Tuesday, September 13, 2005 4:28 PM +0100 David Barker <[EMAIL PROTECTED]> wrote: Hello :-) We have been happily authenticating various clients against our openldap install, including various Linux, Solaris & IRIX machines. Recently, a department has been experimenting with authenticat

Re: Open LDAP performance tuning

--On Tuesday, September 13, 2005 9:51 AM -0700 Moe <[EMAIL PROTECTED]> wrote: All the searches are based on uid attribute. What should i set the indexes to. pres, eq, sub?. I actually haven't found description of these and i don't know what they mean. Moe

Re: Problem with replication

--On Monday, September 12, 2005 11:55 PM -0700 Johan A <[EMAIL PROTECTED]> wrote: Hi, I had 2 machines with a working OpenLDAP master/slave setup. But due to harddisk crash I wanted to move this to 2 new machines. To do this I copied the both slapd.conf and edited the "replica" section with

Re: Open LDAP performance tuning

--On Tuesday, September 13, 2005 7:22 AM -0700 Moe <[EMAIL PROTECTED]> wrote: Hi Everyone, I have a master LDAP that replicats to three slave ldaps. I'm looking to enhance the performance of my LDAP system. Basically i have an application that access my ldap system. Lots of users are going

RE: Open LDAP performance tuning

Stanford has many valuable pieces of information about configuring OpenLDAP. Look at the description of indices on http://www.stanford.edu/services/directory/openldap/configuration/slapd-conf-replica.html. Also, you can use db_stat to explore various performance statistics of your database whi

Re: run command when change to ou=something,dc=example,dc=com was made?

Tomasz Chmielewski wrote: I have a program that reads data from ou=something,dc=example,dc=com, and then creates config files out of it. It currently runs from cron, but as the changes are made rather seldom (but should be made almost immediately), I feel that this constant pulling of OpenLDA

Re: Open LDAP performance tuning

On Tue, 2005-09-13 at 11:22 -0700, Moe wrote: > DB_CONFIG does not exist, i guess i need to create one. Can anyone > provide me with an example of a DB_CONFiG?. > I know i need to start running db_stat to adjust my settings > When running db_stat, should i use -h parameter and set my db_home >

Re: Open LDAP performance tuning

I'd use all three: index uid eq,pres,sub eq: allows the creation of an index with attributes that need to be exactly matched pres: if an indexed attribute doesn't have a value it is omitted from the entry sub: allows the creation of an index so that you can perform s

Re: Open LDAP performance tuning

DB_CONFIG does not exist, i guess i need to create one. Can anyone provide me with an example of a DB_CONFiG?. I know i need to start running db_stat to adjust my settings When running db_stat, should i use -h parameter and set my db_home to Berkeley directory? Moe Samuel Tran <[EMAIL

Re: Open LDAP performance tuning

For using db_stat, Should the DB_HOME environment variable be pointing to db-4.3.28.NC or to /usr/local/var/openldap-data/ ?. Should i use DB_ENV to open a Berkeley DB environment before using db_stat? I'm in production and i would like to know if there is a risk in playing with this. I have op

Re: Open LDAP performance tuning

--On Tuesday, September 13, 2005 12:13 PM -0700 Moe <[EMAIL PROTECTED]> wrote: For using db_stat, Should the DB_HOME environment variable be pointing to db-4.3.28.NC or to /usr/local/var/openldap-data/ ?. Should i use DB_ENV to open a Berkeley DB environment before using db_stat? I'm in prod

Re: syncrepl w/ 2.3 and bdb 4.3 working great

The problems I had with BDB 4.3 (21 & 27) were related to data loading via slapadd (and the use of IN-MEMORY logs). The "-q" function in 2.3 removes the necessity of the IN-MEMORY logs. The other issues seen in 21 & 27 were reported by other people, and may well have been resolved in 4.3.28.

Re: Syncrepl does not copy operational attributes?

Dave Horsfall wrote: OpenLDAP 2.2.26 on FreeBSD 4.10-STABLE, compiled from package. I've just noticed that when an entry is duplicated via SyncRepl, some operational attributes are not copied. Specifically, they are: createTimestamp creatorsName modifiersName modifyTimestamp Is this deliber

case sensitivity in DN component attribute

Running OpenLDAP 2.2.28... I recently noticed some interesting, and initially confusing, case related behavior related to attributes that are components of an LDAP entry's DN. In a local schema file an attribute was defined, let's call the attribute 'ABFoo'. LDAP entries are then created with DN

Re: Problem with replication

Thanks, I wasn't aware that slapadd did indexing. The error in .rej seems always to be ERROR: Insufficient access which I can't see makes much sense. The Replicator can add new entries to the slave and hence seem to be able to write to it. And this setup is using the same access controls as the fi

Re: slapd crashing with Mac OS X clients

Well, good old intuition go me there in the end It turns out it's a sasl issue somewhere. Re-compiling without cyrus sasl has done the trick. > > > --On Tuesday, September 13, 2005 4:28 PM +0100 David Barker > <[EMAIL PROTECTED]> wrote: > >> Hello :-) >> >> We have been happily authenticating

Re: Syncrepl does not copy operational attributes?

--On Wednesday, September 14, 2005 9:49 AM +1000 Dave Horsfall <[EMAIL PROTECTED]> wrote: OpenLDAP 2.2.26 on FreeBSD 4.10-STABLE, compiled from package. I've just noticed that when an entry is duplicated via SyncRepl, some operational attributes are not copied. Specifically, they are: cre

Re: Syncrepl does not copy operational attributes?

> So "attrs=*" replicates the operational attributes structuralObjectClass, > entryCSN and entryUUID, but not the above? That would be...odd... I would be curious what happens if you left out the "attrs=*". (It should default to all.) Can you test that? That's what I use in syncrepl (with 2.3),

Re: Syncrepl does not copy operational attributes?

Dave Horsfall wrote: On Tue, 13 Sep 2005, Howard Chu wrote: createTimestamp creatorsName modifiersName modifyTimestamp [...] Depends on your syncrepl consumer configuration, since you explicitly specify which attributes to replicate there. So "attrs=*" replicates the opera

Re: syncrepl w/ 2.3 and bdb 4.3 working great

--On Tuesday, September 13, 2005 5:29 PM -0400 Dusty Doris <[EMAIL PROTECTED]> wrote: For now, I have elected to use bdb as the backend as its working great with my testing. BTW - with bdb as the backend instead of hdb, I the same test as I was before for using syncrepl and compared the two

Re: syncrepl w/ 2.3 and bdb 4.3 working great

Dusty Doris wrote: The problems I had with BDB 4.3 (21 & 27) were related to data loading via slapadd (and the use of IN-MEMORY logs). The "-q" function in 2.3 removes the necessity of the IN-MEMORY logs. The other issues seen in 21 & 27 were reported by other people, and may well have bee

Re: Open LDAP performance tuning

Is using db_config essential or can i just due the performance tuning through slapd.conf? Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote: --On Tuesday, September 13, 2005 12:13 PM -0700 Moe wrote: > For using db_stat, Should the DB_HOME environment variable be pointing to > db-4.3.28.NC or

Re: OL 2.3.7 and password policy

> On Mon, 2005-09-12 at 17:10 -0700, Howard Chu wrote: >> Samuel Tran wrote: >> > Hi All, >> > >> > I am testing OL 2.3.7 on a Debian Sarge box. >> > I would like to implement the password policy overlay. >> > >> > When I try to create a dn that would hold the password policy: >> > >> > [EMAIL PROT

Re: Open LDAP performance tuning

Moe wrote: Is using db_config essential or can i just due the performance tuning through slapd.conf? From http://www.openldap.org/faq/data/cache/893.html A number of important items must be configured in the BDB DB_CONFIG file and not in slapd.conf. Notice the word "must". Of course i

Re: case sensitivity in DN component attribute

Ben Poliakoff wrote: Assuming I've described the symptoms clearly enough (and I likely haven't), is this behavior a "bug" or is it just a demonstration of the kind of trouble that can occur with "casual" schema file modification? One should never "casually" modify schema definitions. back-bdb now