this is a rare case).
Thanks for an explanation - it's now more clear to me how these rules
are processed.
--
Tomasz Chmielewski
http://wpkg.org
uid=Operator,ou=Users,dc=example,dc=com" write
by * read
by self write
by dn="uid=replica,ou=Users,dc=example,dc=com" write
by anonymous auth
by * none
access to *
by dn="uid=replica,ou=Users,dc=example,dc=com" write
by * read
And I think I should comment out "by anonymous auth" from the two
entries I added...
--
Tomasz Chmielewski
http://wpkg.org
dc=com"
by dn="uid=Operator,ou=Users,dc=example,dc=com" write
access to *
by dn="uid=replica,ou=Users,dc=example,dc=com" write
by * read
However, with this entry, the system is not able to list the users in
LDAP...
--
Tomasz Chmielewski
http://wpkg.org
c=com" write
by dn="uid=Operator,ou=Users,dc=example,dc=com" read
I also tried to use:
access to dn.subtree="ou=Users,dc=example,dc=com"
...
But then I'm not even able to connect.
--
Tomasz Chmielewski
http://wpkg.org
in.
That's what I did, everything works now properly.
PS. does this list lag only for me (a couple of hours), or is it more
fundamental? I noticed such lagging a couple of months ago as well.
--
Tomasz Chmielewski
http://wpkg.org
Howard Chu wrote:
This is ITS#4708, fixed in 2.3.28.
All right.
I upgraded to 2.3.30 in the meantime, and added retry="60 +" to slapd.conf.
--
Tomasz Chmielewski
http://wpkg.org
Tomasz Chmielewski wrote:
I waited for about 12 hours, and it didn't happen.
Restarting slave helped, and all pending changes were transferred from
the master.
Am I missing a setting or something?
The slave is running slapd from OpenLDAP 2.3.37, and here is its
slapd.conf part conce
omain"
bindmethod=simple
binddn="cn=replicationuser,dc=some,dc=domain"
credentials=secret
schemachecking=off
--
Tomasz Chmielewski
http://wpkg.org
Quanah Gibson-Mount wrote:
--On Thursday, July 20, 2006 9:58 PM +0200 Tomasz Chmielewski
<[EMAIL PROTECTED]> wrote:
Matthew Hardin wrote:
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-openldap-
[EMAIL PROTECTED] On Behalf Of Daniel Maher
Sent: Thursday, July 20,
Matthew Hardin wrote:
Tomasz Chmielewski wrote:
(...)
[...]
I digged a bit in the mailing list, and found that OpenLDAP with bdb
backend needs a special startup script to recover from such situations.
Too bad it isn't mentioned, even short and briefly, in OpenLDAP Admin
Guide.
It&
recover is needed after an unclean
shutdown.
Did you mean a recent 2.3 version (2.3.24 or so)?
--
Tomasz Chmielewski
http://wpkg.org
FRLinux wrote:
On 7/20/06, Tomasz Chmielewski <[EMAIL PROTECTED]> wrote:
It's hard to do so when you have multiple servers, and don't know which
one had a power outage...
If you don't mind me saying, i thought it was what notification
utilities were for (nagios springs
And as mentionned in a previous post, beware of the version of bdb
OpenLDAP was compiled against.
No, I rather meant an example init.d script to deal with such cases.
--
Tomasz Chmielewski
http://wpkg.org
FRLinux wrote:
On 7/20/06, Tomasz Chmielewski <[EMAIL PROTECTED]> wrote:
Will an upgrade to 2.3.24 solve my problems with bdb, or shall I revert
back to ldbm?
We've been using 2.3.21 for a bit and recently upgraded to 2.3.24 and
all servers are really happy. Worth mentionning that
have more serious issues than
whether to use ldbm or bdb.
No, I just prefer to be safe than sorry, and do the things "right".
--
Tomasz Chmielewski
http://wpkg.org
ad a power outage...
Aren't there anywhere such startup scripts for 2.3.x, which would
provide us greater reliability?
--
Tomasz Chmielewski
http://wpkg.org
t.d script could be located in OpenLDAP source package
- this way, distributors (Debian, RedHat, Mandriva etc.) would pay
greater attention to that fact.
--
Tomasz Chmielewski
http://wpkg.org
Tomasz Chmielewski wrote:
(...)
Performance is not an issue here, databases are relatively small.
What is important is the ability to survive unexpected system
crash/poweroff.
I digged a bit in the mailing list, and found that OpenLDAP with bdb
backend needs a special startup script to
dbm is more reliable
and crash-resistant?
Will an upgrade to 2.3.24 solve my problems with bdb, or shall I revert
back to ldbm?
Performance is not an issue here, databases are relatively small.
What is important is the ability to survive unexpected system
crash/poweroff.
--
Tomasz Chmielewski
http://wpkg.org
ot;up and running", I can write some more info on the subject.
I'm having hard time with it, since Samba doesn't cross-compile for
Linux/mipsel/uclibc so nice as OpenLDAP does :)
--
Tomasz Chmielewski
http://wpkg.org
/ and the servers/slurpd/ directories
with the binaries they contain (ldap* tools, slapd and slurpd
respectively).
The target host has no "make" etc. binaries; it just won't run without a
lot of effort.
--
Tomasz Chmielewski
http://wpkg.org
ou mean slapadd failed or slapadd succeeded but subsequent operations
failed?
slapadd failed (compaining about dn2id.dbb).
Does "cd tests ; make ldbm" lead to any errors? If it doesn't,
then back-ldbm built just fine. If there are any errors, please report
about them.
It's cross compiling, I can't do any tests.
(...)
--
Tomasz Chmielewski
http://wpkg.org
=no
--sysconfdir=/etc --localstatedir=/var/run/ldap --enable-overlays=no
--libexecdir=/usr/sbin --enable-bdb=no --enable-ldbm=no --enable-hdb=no
--enable-monitor=no --enable-relay=no --enable-ldap=yes
Now I use "ldif" database, I added data with slapadd and the server is
runnin
I'm trying to build an OpenLDAP (2.3.18) server and to make it run on an
"embedded" mipsel/uclibc device running Linux.
After some initial hardships, I was able to build slapd + libs + utils
etc. successfully.
However, when I run it (slapd -d 5), I can see a warning:
WARNING: No dynamic con
adam schrieb:
> Hi all,
>
> Is there a good log analyzer for OpenLDAP logfiles that you could
> recommend?
I use mcedit, you could also use vi, but you probably know them already :)
--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba
Dave Horsfall schrieb:
On Tue, 18 Oct 2005, matthew sporleder wrote:
I keep an unused local replica on my master server to help create new
servers. This way, I don't ever have to shutdown the master to copy
all of the files.
With SyncRepl it's even easier; just configure the slave to suck
What is the best and fastest way to create a slave OpenLDAP server?
I mean, what should one do if he/she has a master OpenLDAP and several
slaves, and want to create another slave?
So far I was doing it more or less like this:
1) stopping OpenLDAP on the master,
2) tarring/bzipping /var/lib/l
I have a program that reads data from ou=something,dc=example,dc=com,
and then creates config files out of it.
It currently runs from cron, but as the changes are made rather seldom
(but should be made almost immediately), I feel that this constant
pulling of OpenLDAP server, creating config f
Tarjei Huse schrieb:
On Tue, 2005-09-06 at 21:17 +0200, Tomasz Chmielewski wrote:
Michał Kasperczyk schrieb:
I create huge LDAP structure with about 140 000 objects.
After this operation 'du -sh /var/openldap/database' is ~1GB.
What I can do with the log files? Can I delete them or
Michał Kasperczyk schrieb:
I create huge LDAP structure with about 140 000 objects.
After this operation 'du -sh /var/openldap/database' is ~1GB.
What I can do with the log files? Can I delete them or can slapd do it
automatically?
normally, logrotate takes care of log rotating.
in your case,
Pierangelo Masarati schrieb:
Tomasz Chmielewski wrote:
Is it possible to set up OpenLDAP in a way:
1) a client connects to a slave, and wants to write something,
2) slave connects to the master,
3) slave writes the change on behalf of the client, and gets the
changes back
4) client is
Is it possible to set up OpenLDAP in a way:
1) a client connects to a slave, and wants to write something,
2) slave connects to the master,
3) slave writes the change on behalf of the client, and gets the changes
back
4) client is notified, that the change was done
I have an application in ma
Or perhaps it's possible to configure OpenLDAP in a way, that we can
"temporarily" edit slave database when the connection to the master is
broken, and when the connection is back, changes are sent to the master,
which in turn decides on what to do with it?
I am very interested in a solutio
(...)
On the other hand, there seems to be
much overhead concerned with additional data that goes around to keep
this multimaster state in sync.
And here is where the argument really falls down - all else is Not
equal, their replication protocol requires a huge amount of metadata to
main
Howard Chu schrieb:
Quanah Gibson-Mount wrote:
--On Wednesday, July 13, 2005 2:49 PM +0200 Tomasz Chmielewski
<[EMAIL PROTECTED]> wrote:
> Recently, when planning to deploy a directory server, I was
> confronted with someone claiming that OpenLDAP performs poorly,
> when com
Recently, when planning to deploy a directory server, I was confronted
with someone claiming that OpenLDAP performs poorly, when compared to
Active Directory, and thus, we should choose AD.
I tried looking through the web, found some benchmarks, but didn't find
a definite answer to that problem.
36 matches
Mail list logo