Hello,
Does it make any sens to enable indexing of any attribute on read-only
slave syncrepl replica? I mean, isn't it just waste of resources, or,
actually, is not a waste a resources at all, since replica is read-only
and does not write anything anyway? This, I think, apply to any version of
Hello,
Is it possible with openldap, any version, to tune DB_CONFIG attributes
for selected context via cn=config ?
Regards,
DT
>
> Hello,
> Using openldap 2.4.17.
>
> I've read this:
>
> http://www.openldap.org/doc/admin24/replication.html#N-Way Multi-Master
>
> Is there a way to setup N-Way multimaster via slapd.conf , not by
> cn=config?
>
> After I configure it with cn=config, will it be stored after slapd
> re
Hello,
Using openldap 2.4.17.
I've read this:
http://www.openldap.org/doc/admin24/replication.html#N-Way Multi-Master
Is there a way to setup N-Way multimaster via slapd.conf , not by
cn=config?
After I configure it with cn=config, will it be stored after slapd
restart - where and how?
Re
On Sun, 8 Nov 2009, Ed Greenberg wrote:
> I have a setup with a master and four slaves, all of which have a number of
> files in the format /var/lib/ldap/log.000*
>
> The replication is syncrepl.
>
> Are all these files needed? How are they pruned/maintained? I am running out
> of disk space :
Eh, you're probably missing bind dn (username) to log on
-D "cn=adminUser,ou=people,...,dc=company" -w secretpassword
regards,
P.
On Wed, 5 Aug 2009, Subbarao Karanam wrote:
> hello,
> When I did a ldapsearch always gives me "Invalid credentials Error". Really
> fed up about this as I'm not
I have two independent servers, with both
variations, both work.
moduleload back_bdb
moduleload back_monitor
backend bdb
databasebdb
suffix "dc=xyz"
directory "/var/lib/ldap"
rootdn "cn=Directory Manager,dc=xyz"
database monitor
rootdn "cn=
> The log files are transaction logs, the information in this log files
> is required for database recovery.
Let's say I don't care about database recovery, I have a system with a lot
of RAM, and I keep whole database, including transaction logs (300-500mb
total) on ramdisk, I do slapcat with
ion, but there's no clear information
how to control this.
Additionally - when I have a "DB_CONFIG" file in /etc/ldap, and
a DB_CONFIG file in database storage dir, e.g. /var/lib/ldap, which
one is actually used? My guess'd be /var/lib/ldap/DB_CONFIG, but
I'd like to know for sure :-)
Regards,
Piotr Wadas
Hello,
Regarding http://www.openldap.org/its/index.cgi?findid=5541
Link to indexes file and full schema, including custom schema
is mailed to Howard Chu, as I'd like to avoid spreading it.
It says there's no variable "ava" nor "mr", as below
I keep gdb on detached screen, so I additional variabl
I added -ggdb to CFLAGS (-g previously), I checked Makefiles
and added STRIP='' when needed here's next backtrace.
similar to "moreinfo" post. I'll try to build with another
berkeleydb version, and see if it helps.
Regards,
PW
---
[EMAIL PROTECTED]:~# file /usr/sbin/slapd
/usr/sbin/slapd: ELF 32-
I added -ggdb and made sure symbols are not stripped during build process.
Anyway backtrace still looks like the one I've already posted, do I miss
something ?
Hello,
I used gdb with "backtrace" command, and here's the output.
glibc version is 2.7, and the kernel is 2.6.18 with bigmem.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaa5c1b90 (LWP 17164)]
0xb7bde42c in free () from /usr/lib/i486-linux-gnu/i686/cmov/libc.so.6
(
Hello,
I build openldap 2.4.7 a few weeks ago, and 2.4.9 yesterday,
with 2.4.7 and 2.4.9, without any my patches, just a clean build.
After adding my custom schema, uploading my data from production version,
and indexing, I still have it crash with some specific search -
I was hoping 2.4.9 have
Hello,
Using openldap 2.3.38 on 2.6.24 with bdb/hdb backend.
I got about 12-13 000 entries in my directory.
Slapcat takes seconds, while slapadd takes 15 minutes or more.
Is there any way to speed it up, which I've missed?
to slapadd I do:
/etc/init.d/slapd stop &&
cd /var/lib/ldap && ls |gre
> > The ones that are really problematic are the lack of:
>
> > - RFC 2891 (server side sorting)
>
> Why is this problematic? Server side sorting is a horrible waste of server
> CPU that's better served by the client doing sorting how it wants.
>
Well, You're probably right ;) Anyway -
1.
On Tue, 30 Oct 2007, Quanah Gibson-Mount wrote:
> --On Tuesday, October 30, 2007 4:05 PM -0500 Hang Zhang <[EMAIL PROTECTED]>
> wrote:
>
> > C:\OpenLDAP>slappasswd -h {CRYPT}
> > New password: Re-enter new password: Password generation failed for
> > scheme {CRYPT}: scheme not recognized
>
>
On Tue, 30 Oct 2007, Naufal Sheikh wrote:
> Hi Piotr,
>
> Here is my ldif file.
>
> dn: cn=nsadmin
> changetype: modify
> userpassword: {SHA}R0f182La8UTJewHKUWIr2ltHPXc=
> and the command I used is:
>
> [EMAIL PROTECTED] bin]# ./ldapmodify -x -v -f /main/backup/nsadmin.ldif
> ldap_initialize
> The passowrd is hashed in the ldif file which I am importing from the
> production system, as below:
>
> # id=0003
> dn: uid=nsadmin,o=trac
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: SuiteSpot Administrator
> sn: Administ
>
>
> The ldiff I have genrated using slapcat on my new server in order to keep it
> as backup has the hashed entry of password in the entry of the
> administrator. ldap browser has the plain text password in the uid of the
> administrator.
If You use slapcat-based ldif, you should probably remo
>
> ldapmodify -v -x -f /path-to-ldif -w -D "cn=nsadmin,o=trac"
When you try to modify ldap entry, using ldif file,
how do you add "userPassword" field ?
In ldif file usually hashed password value, e.g.
if you have password "foobar", hashed {CRYPT} string
will be $1$J/E/qSv7$SQtxGHJ2UTwkQ40qX8
On Mon, 22 Oct 2007, Hallvard B Furuseth wrote:
> Quanah Gibson-Mount writes:
> >--On Sunday, October 21, 2007 1:55 PM +0200 Piotr Wadas
> ><[EMAIL PROTECTED]> wrote:
> >> Can I set "loglevel" option only for particular database, or
> >> all d
Hello,
Can I set "loglevel" option only for particular database, or
all databases of particular backend (any slapd version) ?
man slapd- does not mention about it, and the loglevel
option is marked global in slapd manpage, however
"GLOBAL CONFIGURATION OPTIONS
Options described in this section a
On Sun, 24 Jun 2007, Pierangelo Masarati wrote:
> Piotr Wadas wrote:
> > Hello,
> > using openldap 2.3.35.
> >
> >
> > - is it possible to have "cn" returned, but only these values,
> > which actually matched the filter ?
>
> $ ldapse
Hello,
using openldap 2.3.35.
When I do a search for some attribute like "cn=foobar", and in set of
attributes which are to be returned per-entry is "cn" attribute, all its
values are returned.
however, when I search with "cn=foo*", and entry has multiple
"cn" values, like
"cn=foo",
"cn=joe"
Hello,
I've read something about slapd unix socket connection.
I noticed about x-mod and permissions, about url-encoding, etc.
However, how do I use ldapi with LDAP C SDK?
To be exact, how do I use unix socket with ldap_init ? What's about bind
operation? Does ldap_init supports it? I've read
On Tue, 19 Jun 2007, Piotr Wadas wrote:
>
> Hello,
> Using openldap 2.3.35.
>
> I have some simpleString like "aaaBBBcccDDDeeeFFF", and I want
> to find entries, in which a specified attribute "mySearchAttr"
> has values like
>
> e
Hello,
Using openldap 2.3.35.
I have some simpleString like "aaaBBBcccDDDeeeFFF", and I want
to find entries, in which a specified attribute "mySearchAttr"
has values like
entry 1:
mySearchAttr=aaaBBBcccDD
entry 2:
mySearchAttr=aa
entry 3:
mySearchAttr=aaaBBBc
entry 4:
mySearchAttr=aaaBBBcccD
Hello,
from ldap_init(3)
"ldap_open() opens a connection to an LDAP server and allocates an LDAP
structure
[...]
typedef struct ldap {
/* ... other stuff you should not mess with ... */
char ld_lberoptions;
int ld_deref;
[...]"
Ehmm, what i
> --enable-backends=mod
> --enable-overlays=mod
> --enable-bdb=mod
> --enable-dnssrv=mod
> --enable-hdb=mod
> --enable-ldap=mod
> --enable-ldbm=mod
> --enable-meta=mod
> --enable-monitor=mod
> --enable-null=mod
> --enable-passwd=mod
> --enable-perl=mod
> --enable-relay=mod
> --enable-shell=mod
>
-
[EMAIL PROTECTED]:/home/pwadas# slapd -4 -d3872 -h ldap://192.168.0.221/
ldapi:///
@(#) $OpenLDAP: slapd 2.3.35 (May 12 2007 16:57:50) $
[EMAIL PROTECTED]:/home/pwadas/SRC/SLAPD-NEW/openldap-2.3.35/servers/slapd
Error Can't load '/usr/lib/perl/5.8/auto/POSIX/POSIX.so' for m
Hello,
I'm experimenting with various backends.
Is it possible to have different backends under the same
suffix?
e.g I have database with bdb backend, and suffix
dc=foo
now, I want
dc=bar,dc=foo to be in another database, probably
with other backend /ldap, bdb, shell../
In other words - I
>
> IMHO, the most appealing feature of ACIs is the fact that in principle access
> rules get replicated along with data. However, the lack of a standard defeats
> this purpose when getting to cross-implementation replication, migration and
> so. Moreover, one might want to have different access
[...]
> OpenLDAPaci: 0#entry#grant;r,s,c;objectClass#public#
> OpenLDAPaci: 1#entry#grant;r,s,c;userReference#public#
> OpenLDAPaci: 2#entry#grant;r,s,c;[entry]#public#
> OpenLDAPaci: 3#entry#grant;r,s,c;useControls#users#
> OpenLDAPaci: 4#entry#grant;r,s,c;useEzmlm#users#
[...]
> openldapaci:
>
Regarding "broken ACI concept" - does any rfc
speaks something about concept of dynamically assigned priviledges
to ldap directory entries? Or does it recommend avoiding
such policies?
Regards,
Piotr
> I think this is the very important part here -- deprecated and discouraged.
> I'd argue that long term, ACI support should be removed entirely (perhaps for
> 2.5?). The entire concept of ACI's is broken.
>
Is it really so bad? I mean, I actually don't now, you're probably
right if you say so,
36 matches
Mail list logo
