I found the problem. Stupid problem, this took us several days!
Since it has been so many days, I quote the full original question for
your reference, see the bottom for the last jigsaw of the puzzle
Zhang Weiwu wrote:
> We have a development server 'emerson' with roughly one
Zhang Weiwu wrote:
> I do not know how to test time needed to establish tcp/ip socket
> connection but a manual 'telnet localhost ldap' does not feel slow.
I thinnk I can test it, but it is not seems the cause of the problem:
$ time for (( i=0; i<100; i++ )); do echo 1 | nc
Hi. Thanks for sharing your ideas and experience!
On Mon, 12 Oct 2009, Emmanuel Lecharny wrote:
Two ideas :
1) Check the code that send requests to the prod server. It might receive
many more requests than expected
Why? I don't know how to check the code and already asked the web dev to
do
We have a development server 'emerson' with roughly one third of the
performance of our productional server 'bossdog', it runs ldap query 10
times faster than the productional server. I checked everything I can to
find out the difference, it seems both are equally configured.
Test method:
emerson
Buchan Milne wrote:
On Thursday 07 May 2009 05:46:44 Zhang Weiwu wrote:
First there is a record with value that fits (businessCategory=C16.1*),
verified in STEP 1, second, searching with '(businessCategory=C16.1*)'
couldn't find it, demonstrated in STEP2.
Did y
problem. Should I also attach full slapd.conf?
Thanks for any input in advance. I am totally clueless now, even after
running the installation for 3 years it's the first time see such
frastrating situation. Thanks.
Best regards
Zhang Weiwu
Gavin Henry wrote:
> Zhang Weiwu wrote:
>> P. S. I know people are not generally as stupid as I am but for those
>> really stupid would it be nice to have this checklist also in the F.A.Q?
>> I know it's not really frequent, but it's easier to find it the
Michael Ströder wrote:
> Indeed I can think from non-western oriented view. But having
> implemented web2ldap I know that producing UTF-8 would only suitable
> for strings of Unicode characters. web2ldap is schema-aware,
> OpenLDAP's command-line tools are not.
>
You are right that I overlooked the
Michael Ströder wrote:
> Zhang Weiwu wrote:
>>
>> Since I have been working on a Chinese language based directory the
>> ldapsearch tool was difficult for me to use, the result is always not
>> readable.
>>
>> This is because if an attribute value contain C
Hello.
Since I have been working on a Chinese language based directory the
ldapsearch tool was difficult for me to use, the result is always not
readable.
This is because if an attribute value contain Chinese, it's
automatically displayed using base64. I had to copy & paste the result
to 'base64
Dieter Kluenter wrote:
> I presume that you changed userpassword as rootdn, bear in mind that
> rootdn bypasses all restrictions.
>
Thank you very much! You are right!
I guess I put this more complete checklist for "when pwdCheckQuality
doesn't work" here for anyone who also stuck and finds thi
My checklist:
1. RTFM slapo-ppolicy: done, 3 times;
2. check openldap version: 2.4, newly installed on Gentoo Linux;
3. check ppolicy overlay successfully loaded and being used: must be,
because operational attribute like pwdFailureTime was maintained;
4. pwdAttribute setting: co
Pierangelo Masarati wrote:
> I vaguely recall receiving a similar requirement from a customer. The
> suggested solution (not implemented, AFAIR, because the requirement
> was dropped) was to implement a "time" dynacl module that simply
> allowed/denied access based on some rule on the current time
Hello.
I've been looking for a solution to define time-based ACL. e.g. a user
can access certain entries only since now on until after 3 months. Is it
possible?
Of course I can also set up a cron-job or simply mark on my calendar, to
remove access of this entry after a period of time, e.g. 3 mont
Zhang Weiwu wrote:
> I am setting up a business directory of contact persons and companies. I
> have this structure in mind:
>
> ou=companies,dc=demo
>
> cn=company1, ou=companies,dc=demo
> o: Company Name 1
> ...
>
> cn=company2, ou=companies,d
Hello.
I wonder is it possible to write dynlist that automatically harvest
email address from all its sub-entries.
I know this works:
dn: ou=People,dc=example,dc=com
childrenMail: ldap:///ou=People,dc=example,dc=com?mail?sub?(objectClass=
person)
But is it possible to write URI in the way that
I am setting up a business directory of contact persons and companies. I
have this structure in mind:
ou=companies,dc=demo
cn=company1, ou=companies,dc=demo
o: Company Name 1
...
cn=company2, ou=companies,dc=demo
o: Company Name 2
...
ou=persons,dc=demo
uid=user1,ou
Hello.
I am setting up a business directory of contact persons and companies. I
have this structure in mind:
ou=companies,dc=demo
o=company name 1, ou=companies,dc=demo
o=company name 2, ou=companies,dc=demo
...
ou=persons,dc=demo
uid=user1,ou=persons,dc=demo
cn: John
ld he deletes pwdAccountLockedTime for the locked user?
Thanks in advance! My version is OL 2.3.30
Best regards
Zhang Weiwu
--
Real Softservice
Huateng Tower, Unit 1788
Jia 302 3rd area of Jinsong, Chao Yang
Tel: +86 (10) 8773 0650 ext 603
Mobile: 135 9950 2413
http://www.realss.com
ocked" error code.
My questions:
Is my setting working? How can I tell? The web application needs to tell
if an account is locked, this to improve user usability;
Thanks a lot in advance!
Best regards
Zhang Weiwu
--
Real Softservice
Huateng Tower, Unit 1788
Jia 302 3rd area of Jinsong,
Zhang Weiwu wrote:
> Quanah Gibson-Mount wrote:
>
>> --On Wednesday, November 07, 2007 10:37 PM +0800 Zhang Weiwu
>> <[EMAIL PROTECTED]> wrote:
>>
>>
>>> My question is: The 4 minute search time is not reasonable (Excel can do
>>
Quanah Gibson-Mount wrote:
> --On Wednesday, November 07, 2007 10:37 PM +0800 Zhang Weiwu
> <[EMAIL PROTECTED]> wrote:
>
>> My question is: The 4 minute search time is not reasonable (Excel can do
>> much faster with same number of records), and not acceptable for o
On Wed, 7 Nov 2007, Quanah Gibson-Mount wrote:
--On Wednesday, November 07, 2007 10:37 PM +0800 Zhang Weiwu
<[EMAIL PROTECTED]> wrote:
My question is: The 4 minute search time is not reasonable (Excel can do
much faster with same number of records), and not acceptable for our use
(b
Dear all
I've configured accesslog overlay on our directory project because all
modification history is very (very) important for us. The most frequent
query (and currently the only query) to the accesslog database is to
look for modification to a certain record. Typically like this:
(reqDN=uid=p
Dear list
Is it possible (or already some openldap extension to) do
sort-without-articles?
Example is: "The Ritz-Carlton" should be listed before "TAVRIDA ELECTRIC
AG" but actually the current sorted search result gives "TAVRIDA
ELECTRIC AG" first. Usually "The" should be removed in ordering.
Ha
Dear everyone
I am planing to migrate an Intranet info system to authenticate with
OpenLDAP, so more of our business can be done with the same login. The
old system uses their own SQL table to store user information, no
problem, I can write a script to convert to LDIF format. But md5 was
used to e
On Mon, 2007-08-20 at 08:21 +0200, Pierangelo Masarati wrote:
> Yes it would. I suggest you file an ITS for this "feature request"
> (actually, right now it sounds more like a bug fix for users of
> slapd-hdb(5) and slapo-refint(5)).
Thanks. ITS#5097 is filed.
Dear all
As in manual:
Integrity is maintained by updating database records which contain the
named attributes to match the results of a modrdn or delete operation.
Is it feasible and possible the future version also maintain referential
integrity by "updating database records whi
Thank you very much for this suggestion and actually, until today I dig
into documents for some hours that I finally discovered I am
experimenting with configuration data. I am not smart as a lot geeks to
be able to understand (or google out) the Internet Draft is using
configuration data as exampl
lcDatabase={1}bdb,dc=my-domain,dc=com"
ldap_add: Invalid syntax (21)
additional info: olcSuffix: value #0 invalid per syntax
I hope I can find something useful in administration guide which I am doing now.
在 2007-08-16四的 11:51 +0800,Zhang Weiwu写道:
> Hello.
>
> In order to f
Hello.
In order to find a pure and clean test environment to let me experiment
x-ordered extension, this what I did:
I. on SuSE 10.2, install openldap2-2.3.27-25 (official suse
package)
II. start the service by running /etc/init.d/ldap start
III. run slapadd to add the test en
在 2007-08-15三的 01:58 -0700,Howard Chu写道:
> Zhang Weiwu wrote:
> > 在 2007-08-14二的 10:30 -0700,Howard Chu写道:
> >> Zhang Weiwu wrote:
> >>> One dump question, the draft you composed expires at end of 2006, does
> >>> that mean this draft wil
在 2007-08-14二的 10:30 -0700,Howard Chu写道:
> Zhang Weiwu wrote:
> > One dump question, the draft you composed expires at end of 2006, does
> > that mean this draft will no longer become RFC and (thus?) have no
> > implementation yet?
>
> The draft is intended to
,...
companyRepresentative: 2 cn=Paul,...
I am not sure if I can re-format string representation of DN (likely
not) so I'd try Chu's solution first to see if it works.
在 2007-08-14二的 08:53 -0700,Quanah Gibson-Mount写道:
> --On Tuesday, August 14, 2007 5:23 PM +0800 Zhang Weiwu
> &
在 2007-08-14二的 10:30 -0700,Howard Chu写道:
> Zhang Weiwu wrote:
> > One dump question, the draft you composed expires at end of 2006, does
> > that mean this draft will no longer become RFC and (thus?) have no
> > implementation yet?
>
> The draft is intended to
Thanks for this short but clear information which is as long as needed!
The difference here between relational database and LDAP is we cannot
design LDAP so we begin to expect more from LDAP, e.g. in case of
favorite drink order, a table can be designed more complex to preserve
order, but LDAP stru
写道:
> Zhang Weiwu wrote:
> > Hello.
> >
> > I deployed an LDAP system and a set of applications around it that is
> > highly sensitive to the order of values, e.g first telephoneNumber must
> > be the main contact method, first value of companyRepresentative must
在 2007-08-14二的 02:01 -0700,Howard Chu写道:
> Zhang Weiwu wrote:
> > Hello.
> >
> > I deployed an LDAP system and a set of applications around it that is
> > highly sensitive to the order of values, e.g first telephoneNumber must
> > be the main contact method, fir
Hello.
I deployed an LDAP system and a set of applications around it that is
highly sensitive to the order of values, e.g first telephoneNumber must
be the main contact method, first value of companyRepresentative must be
the DN of the main contact person. The value of the data is almost rely
on t
Dear everyone
I use accesslog and is pretty fond of it. Recently I need to look up
several deleted entries, who deleted them and when, who modified these
entries before deletion. And I found it not easy.
All the clue I have is the deleted entries, before they are deleted, are
in certain subtree.
es: 5
# numEntries: 4
I don't know what further information I should provide (e.g. which
section of the slapd.conf should I provide), the OS is Debian Etch and
we use openldap 2.3.27. we used accesslog overlay and refint overlay,
backend is hdb. Please let me know what I should provide. Thanks
0 etc is very good but wouldn't
work for my case (maybe by then I already left the project that needs
this).
--
Zhang Weiwu
Real Softservice
http://www.realss.com
+86 592 2091112
On Sun, 2007-07-15 at 21:01 -0400, matthew sporleder wrote:
> On 7/14/07, Zhang Weiwu <[EMAIL PROTECTED]> wrote:
> > Dear list
> >
> > I am not sure if this is the right place to ask for this, but can
> > someone help me by writing me a patch to openldap that a
r only look for the default language version. There can be
better ways to invent search filter format for my purpose without
breaking other standards too much.
Thank you very much and best regards
Zhang Weiwu
On Sun, 2007-07-01 at 09:18 +0200, Dieter Kluenter wrote:
> See man slapo-refint(5), this ..options.. should appear after the
> overlay directive. That is in your case
>
> index ...
> acl
> overlay refint
> refint_attributes ...
Thank you very much for providing this correction and for your t
On Sat, 2007-06-30 at 12:06 +0800, Zhang Weiwu wrote:
> On Wed, 2007-06-27 at 09:08 -0600, TechnoSophos wrote:
>
> > Can you post the relevant portion of slapd.conf?
>
> I posted the whole slapd.conf 3 days ago but didn't see it appear on the
> list (a test installati
On Sat, 2007-06-30 at 15:35 +0200, Pierangelo Masarati wrote:
> Zhang Weiwu wrote:
> > On Sun, 2007-06-24 at 15:54 +0200, Pierangelo Masarati wrote:
> >> Piotr Wadas wrote:
> >>> Hello,
> >>> using openldap 2.3.35.
> >>>
> >>> Whe
On Sun, 2007-06-24 at 15:54 +0200, Pierangelo Masarati wrote:
> Piotr Wadas wrote:
> > Hello,
> > using openldap 2.3.35.
> >
> > When I do a search for some attribute like "cn=foobar", and in set of
> > attributes which are to be returned per-entry is "cn" attribute, all its
> > values are retur
On Wed, 2007-06-27 at 09:08 -0600, TechnoSophos wrote:
> Can you post the relevant portion of slapd.conf?
I posted the whole slapd.conf 3 days ago but didn't see it appear on the
list (a test installation, should be safe to post its slapd.conf)
Also I have tested refint on different backend (te
einer Schtid, Drr, contacts, china, ahk.de
dn: cn=Reiner Schtid,uid=Drr,ou=contacts,ou=china,dc=ahk,dc=de
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
--
Zhang Weiwu
Real Softservice
http://www.realss.com
+86 592 2091112
but I did came across it and read its manual. I
am not sure if it addresses my problem, so far it seems to be
used for sorting values between multiple values of a single attribute
while in my case I am sorting entries based on certain (actually one,
modifyTimeStampe) attribute.
>
>
> Zha
于 Wed, 13 Jun 2007 12:28:06 -0700
Howard Chu <[EMAIL PROTECTED]> 写道:
> Zhang Weiwu wrote:
> > Dear list
> >
> > As the project I am working on requires, all ldap search results
> > should return latest-modified entry first. This requirement have
> > ma
e if experts knows this possibility already.
And, I wouldn't be surprised if BDB cannot be configured the way I like,
but, it's stupid not to ask the list just in case if it's possible
Thanks a lot in advance!
--
Zhang Weiwu
Real Softservice
http://www.realss.com
+86 592 2091112
by using
$ slapindex -b cn=accesslog
Is this 30 second search time normal and how can I improve search speed?
Thanks a lot in advance!
The total amount of accesslog entry is about 658147
--
Zhang Weiwu
Real Softservice
http://www.realss.com
+86 592 2091112
reply this message so that my colleague on the 'cc' can be enlightened
too?
--
Zhang Weiwu
Real Softservice
http://www.realss.com
+86 592 2091112
On Wed, 2007-05-16 at 16:09 +0200, Hallvard B Furuseth wrote:
> Pierangelo Masarati writes:
> >Zhang Weiwu wrote:
> >> I don't understand why 'c' do have the superior 'NAME'. (...)
> >
> > (...) With respect to 'c' being defined t
On Wed, 2007-05-16 at 00:09 +0200, Michael Ströder wrote:
> In web2ldap I had exactly the same problem. Therefore I have implemented
> a local schema registry which can override server-side schema. I took
> this route since there are so many LDAP servers with completely broken
> subschema subentri
On Tue, 2007-05-15 at 17:08 +0200, Hallvard B Furuseth wrote:
> Zhang Weiwu writes:
> > Is it possible to define ACL that every user who successfully bind-ed
> > (logged in) that this user can modify their own entry as well as the sub
> > entries of them?
> >
>
On Wed, 2007-05-16 at 00:58 +0200, Pierangelo Masarati wrote:
> Michael Ströder wrote:
>
> >> our web application is designed to understand LDAP schema and provider
> >> proper user interface for each syntax. Our web application can
> >> understand syntax 1.3.6.1.4.1.1466.115.121.1.11 which is "Co
r web application to treat 'c' specially, but it's much
easier to just modify syntax definition of 'c' in core.schema. Can I do
that? Am I going to get more trouble from doing so?
--
Zhang Weiwu
Real Softservice
http://www.realss.com
+86 592 2091112
it possible to define ACL that every user who successfully bind-ed
(logged in) that this user can modify their own entry as well as the sub
entries of them?
e.g.
dn: ou=support,xxx
if one connection is bind to this dn, it can modify these entries:
dn: cn=Wang Penghui,ou=support,xxx
dn: cn=Zhang Wei
On Thu, 2007-05-10 at 00:29 +0930, Shane wrote:
> Hopefully someone will correct me if I'm wrong but as far as I'm aware
> you cannot log in as an ou object.
>
> I'd has setup and admin user for dn: ou=Support,o=Real Softservice eg:
>
> cn=admin,ou=Support,o=Real Softservice
>
> then create an A
ghui,ou=Suport,o=Real Softservice
dn: cn=Zhang Weiwu,ou=Suport,o=Real Softservice
dn: cn=Wolfgang Scheuing,ou=Suport,o=Real Softservice
Looks like a simple requirement. Anyway I dug into ACL manual for days
without a clue (maybe also because of my bad English). Can anyone
provide a hint and simplified exa
rsion 2.1.30
--
Zhang Weiwu Real Softservice
International business: http://www.realss.com
International sales:0086 10 84606011
Inland business:http://www.realss.cn
Inland sales call: 0086 592 2099987
Sent from Pine: http://www.washington.edu/pine/
64 matches
Mail list logo
