I noticed this in my logs when replication failed. Besides increasing the
number of locks, is there something larger that is going on that might be
causing a problem?
Dec 12 15:06:01 ldap4 slapd[14212]: bdb(dc=stanford,dc=edu): Lock table is
out of available locks
Dec 12 15:06:01 ldap4 slapd[
Maybe this is more of a BDB question instead of an OpenLDAP question,
but perhaps OpenLDAP is doing some error handling so I thought I'd ask.
I know if my bdb complains about memory allocation errors, I can bet
that the changes it was making during that time are gone forever. But
what about the f
ount wrote:
>
> --On Wednesday, November 09, 2005 9:32 AM -0600 Digant C Kasundra
> <[EMAIL PROTECTED]> wrote:
>
> > I do. Attached is a laard graph. The last time the problem occurred
> > this Monday at 1am. As you can see, there is still plenty of memory in
> > th
12:06 -0800, Quanah Gibson-Mount wrote:
>
> --On Tuesday, November 08, 2005 9:58 AM -0600 Digant C Kasundra
> <[EMAIL PROTECTED]> wrote:
>
> > Hello everyone,
> >
> > This may be more of a problem with my BDB setup but I thought I'd check
> > here
Hello everyone,
This may be more of a problem with my BDB setup but I thought I'd check
here first since the application that's suffering is OpenLDAP. Here is
my setup:
RHEL 3 AS (2.4.21-37.ELsmp)
OpenLDAP 2.2.29
BerkeleyDB 4.2.52 + patches
Cyrus-SASL-2.1.21
Heimdal 0.7.1
OpenSSL-0.9.7g
System
-0700, Kurt D. Zeilenga wrote:
> At 09:28 AM 9/27/2005, Digant C Kasundra wrote:
> >BIND dn="uid=digant,cn=accounts,dc=uta,dc=edu" mech=SIMPLE ssf=0
>
> This reports the SSF of security layers provided by the
> authentication mechanism. In this case, none. The
> SSF
Hello everyone,
I'm almost embarrassed to ask this question as I thought I had a clear
understanding of the logs but I'm puzzled. I did three connections (did
a simple bind): (a) over port 389, no TLS; (b) over port 389 with TLS;
(c) over port 636. But each time, the logs indicate the following:
Hello everyone,
I just read an article that spoke of OpenLDAP not implementing all of
the LDAPv3 spec. I spoke with the author of the article and he referred
me to an FAQ and I wonder if it might do OpenLDAP more justice if it was
updated to represent more of 2.3, as well as more specifics on wha
That seems to work. Except since I was doing a "none" for the
individual attribute, it only works when I specify it first as such:
access to attrs=cn
by dn.exact="cn=someone" none
access to [EMAIL PROTECTED]
by dn.exact="cn=someone" read
On Thu, 2005-09-01 at 18:09 +0200, Pierangelo
Hello everyone,
In the access controls, you can specify all attributes allowed in an
objectclass by using the @ notation. Is there a way to do something
like "@inetOrgPerson, -cn" so indicate all the attributes allowed in
inetOrgPerson but not the cn attribute? (this is obviously just an
example
ere has to be a way to get this done using the
existing or perhaps a modified overlay. Any thoughts?
-- DK
On Mon, 2005-08-01 at 12:10, Quanah Gibson-Mount wrote:
> --On Monday, August 01, 2005 9:15 AM -0500 Digant C Kasundra
> <[EMAIL PROTECTED]> wrote:
>
> > Hello every
th, I think
what the programmers are doing is a complete misuse of LDAP)).
-- DK
--
Digant C Kasundra
Enterprise Operations and Systems
Office of Information Technology
University of Texas at Arlington
Ph: 817-272-2208
GnuPG Public Key: http://omega.uta.edu/~digant/digant.gpg.asc
To request techn
o find the
optimal numbers. I'll have to dig up that link.
-- DK
--
Digant C Kasundra
Enterprise Operations and Systems
Office of Information Technology
University of Texas at Arlington
Ph: 817-272-2208
GnuPG Public Key: http://omega.uta.edu/~digant/digant.gpg.asc
To request technical support,
t;
> Then you could tell Your Favorite Commercial Software basedn="ou=Cooked"
> while telling OpenLDAP software that basedn="ou=Uncooked." I know you
> mentioned 2.2. You probably could use back-ldap or back-meta to accomplish
> similar; it won't be quite as el
portunity of
> having a layer __before__ decoding and __after__encoding. This would
> allow, for instance, to implement the non-standard, protocol-violating
> extension of ITS#3193 (ranges) without hacking the baseline code.
>
> p.
>
>
> SysNet - via Dossi,8 27100 Pav
FAQ-o-matic entry
> might be in order, because I don't think this is the first time this
> question has come up. I also want to insert some boilerplate here to the
> effect of "this sort of stuff is a slippery slope to violating standard
> schema/RFCs, be careful or at least
can see attr=displayName but call it cn when you show it to him?
-- DK
--
Digant C Kasundra
Enterprise Operations and Systems
Office of Information Technology
University of Texas at Arlington
Ph: 817-272-2208
GnuPG Public Key: http://omega.uta.edu/~digant/digant.gpg.asc
To request technical
2.6.11-1.1369_FC4 GNU/Linux
> 09:20:46 up 1:13, 3 users, load average: 0.40, 0.47, 0.43
--
Digant C Kasundra
Enterprise Operations and Systems
Office of Information Technology
University of Texas at Arlington
Ph: 817-272-2208
GnuPG Public Key: http://omega.uta.edu/~digant/digant.gpg.asc
T
lousness aside (LDAP
standards?), does anyone out there have experience with working with
OpenLDAP and PeopleSoft?
-- DK
--
Digant C Kasundra
Enterprise Operations and Systems
Office of Information Technology
University of Texas at Arlington
Ph: 817-272-2208
GnuPG Public Key: http://omega.uta.edu/~d
> Also, I want to note that AD is not a directory service, per se. It is an
> authentication and authorization service, and does not follow the LDAP
> RFC's very closely in a number of key areas. This can (and does) lead to
> problems down the road if what you are truly looking for is a direc
uite sure what
> happens.
>
> --Quanah
>
>
> --
> Quanah Gibson-Mount
> Principal Software Developer
> ITSS/Shared Services
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--
Digant C Kasundra
Enterprise Operations and Systems
ing in-sync in real-time, which neither
> slurpd nor syncrepl can guarantee.
>
> On 6/24/05, Digant C Kasundra <[EMAIL PROTECTED]> wrote:
> > Simply moving an virtual IP is insufficient. An app that needs to talk
> > to the master will also likely want to make queries agai
l just move the whole app to a different server on failure.
>
> If you want protection against data-inconsistancy/corruption on an
> active-active multi-master setup, then I would be interested to see
> how other LDAP's implement ACID-ity. :)
>
> On 6/23/05, Digant C Kasun
e M1 was active.
If M1 goes down, M2 would rewrite its config to replicate to M1 and the
slaves and would take over as the master server.
Anyone given thought to this sort of setup? I've never had my master
server fail but I need to appease the naysayers. :)
-- DK
--
Digant C Kasundra
Enter
24 matches
Mail list logo
