hing new!
Is there a way of utilizing these sorts of controls via ldeapsearch?
Thanks for any advice you may have...
--
Brian Reichert
55 Crystal Ave. #286
Derry NH 03038-1725 USA BSD admin/developer at large
.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
--
Brian Reichert
55 Crystal Ave. #2
files that had UTF8
characters and/or weird EOL characters, that many editors will
helpfully hide from you.
> Philip
--
Brian Reichert
BSD admin/developer at large
On Thu, Jan 02, 2014 at 01:01:22PM -0800, Philip Guenther wrote:
> On Thu, 2 Jan 2014, Brian Reichert wrote:
> > Unrelated to OP's problem, I've seen LDIF files that had UTF8 characters
> > and/or weird EOL characters, that many editors will helpfully hide from
> >
list, possibly incorporating IP
addresses as well.
> John D. Borresen (Dave)
> Linux/Unix Systems Administrator
> MIT Lincoln Laboratory
> Surveillance Systems Group
> 244 Wood St
> Lexington, MA 02420
> Email: john.borre...@ll.mit.edu<mailto:john.borre...@ll.mit.edu&
names for your cluster will always be
expressible as a wildcard? If not, consider a SAN list.
--
Brian Reichert
BSD admin/developer at large
OrgID" -b
orgid=MyOrgID dn | grep ^dn: | wc -l
3600071
real2m55.482s
user0m25.459s
sys 0m23.948s
Both 64-bit hosts show no swapping, and minimal CPU load. Can
anyone point out what I've missed?
--
Brian Reichert
BSD admin/developer at large
On Tue, Aug 12, 2014 at 11:12:51AM -0700, Howard Chu wrote:
> Brian Reichert wrote:
> >But, the same search looks worse here.
> >
> > ltb# time ldapsearch -x -w X -D "cn=manager,orgid=MyOrgID" -b
> > orgid=MyOrgID dn | grep ^dn: | wc -l
> >
On Tue, Aug 12, 2014 at 02:04:20PM -0400, Brian Reichert wrote:
> On Tue, Aug 12, 2014 at 11:12:51AM -0700, Howard Chu wrote:
> > While that search is running you should see slapd at 100% CPU. If not, then
> > something in your system is throttling your connection.
>
>
On Tue, Aug 12, 2014 at 03:47:10PM -0400, Christopher Wood wrote:
> On Tue, Aug 12, 2014 at 03:22:57PM -0400, Brian Reichert wrote:
> > 'top' still shows slapd only using %50, so I hazard that it keeps
> > to one CPU. Is that a valid assumption?
>
> Try pressing
e a
> non-OpenLDAP ldapsearch installed on that machine? The FedoraDS/389DS/RHDS
> tools are certainly slower, so that could make a difference.
Good call; I'll review; I was using the ldapsearch from CentOS's
RPM, not the one provided by the LTB project's RPM
ratzer
> Web: http://www.cksoft.de/
--
Brian Reichert
BSD admin/developer at large
On Wed, Aug 13, 2014 at 11:34:46AM -0400, Brian Reichert wrote:
> On Tue, Aug 12, 2014 at 06:59:52PM -0700, Howard Chu wrote:
> > If ldapsearch is already running at 100% CPU then it's the limiting factor
> > here so no, you're not going to get any faster. I still f
On Thu, Aug 14, 2014 at 11:15:32AM -0700, Quanah Gibson-Mount wrote:
> --On Thursday, August 14, 2014 10:41 AM -0400 Brian Reichert
> wrote:
>
> >Ok, just to report:
> >
> >Using LTB's ldapsearch didn't improve things.
>
> For kicks, you can try a s
4a571evgca.E0hLnYNCdfq//zw9YyQN33QtztI10
and tried to embed this rootpw in my config file;
rootpw
{CRYPT}$6$random_salt$BnOQxEG8Gk2rzFYwoWXjr59zLVYzwshvca5oV0PtU8fAfT4a571evgca.E0hLnYNCdfq//zw9YyQN33QtztI10
I would get bind errors.
Have I misunderstood how to use {CRYPT} for
age it up as an RPM, as in my
environment, it's part of our deployment process...
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Server Architect
> Zimbra, Inc.
> ----
> Zimbra :: the leader in open source messaging and collaboration
--
Brian Reichert
BSD admin/developer at large
be a random string
> containing up to 16 characters drawn from the set [a-zA-Z0-9./]. I'm
> using something like this to generate the salt (and hope for the
> best):
I'll give this a shot, and report back; thanks for the feedback!
> Works quite well with our LDAP boxes.
>
On Fri, Aug 15, 2014 at 03:13:06PM +0100, Miroslaw Baran wrote:
> Ah: underscore. Underscore doesn't, I'm afraid. [Yep; tested in a sandbox.]
Curses! You've caught me out! :)
> -- m.
--
Brian Reichert
BSD admin/developer at large
does not.
Why are they different?
> Best regards,
> ??? Miroslaw Baran
--
Brian Reichert
BSD admin/developer at large
My hope was to, given awareness of either the data in an LDIF
extract, or data about the legacy bdb database itself, we could
make a more conservative guess as to a reasonable size for the mdb
backend.
Has anyone written up some strategies on these topics, or in the
position to provide any recommendation?
--
Brian Reichert
BSD admin/developer at large
me it takes to compress/uncompress a backup.
- the network bandwidth cost of transmitting a file that's larger than
it needs to be.
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
--
Brian Reichert
BSD admin/developer at large
Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Server Architect
> Zimbra, Inc.
>
> Zimbra :: the leader in open source messaging and collaboration
--
Brian Reichert
BSD admin/developer at large
On Thu, Aug 21, 2014 at 07:14:54PM -0700, Howard Chu wrote:
> Brian Reichert wrote:
> >What, this: http://symas.com/mdb/doc/ ?
> >
> >A search for 'maxsize' or 'mapsize' yeilds no hits.
>
> Seriously?
> http://symas.com/mdb/doc/group__mdb.html#
On Fri, Aug 22, 2014 at 12:11:51AM -0700, Quanah Gibson-Mount wrote:
> --On Thursday, August 21, 2014 10:53 PM -0400 Brian Reichert
> >You've suggested writemap in response to other questions I've asked
> >on this list; I think I shall take the hint. :)
>
> Is yo
ls-1st.co.uk/+44 1628 782565 |
> ---
>
--
Brian Reichert
BSD admin/developer at large
ressee, you
> must not use, copy, disclose, or take any action based on this message or any
> information herein. If you have received this message in error, please advise
> the sender immediately by reply e-mail and delete this message. Thank you for
> your cooperation."
>
>
>
>
--
Brian Reichert
BSD admin/developer at large
or centos 6.6 that
> you are aware off ?
I've been using the RPMs provided by the LTB project for CentOS 6.x 64-bit:
http://ltb-project.org/wiki/documentation/openldap-rpm
>
> Fran?ois Desfoss?s, Cloud operations administrator
>
--
Brian Reichert
BSD admin/developer at large
nds (instead of instant), and the slapd process appear to occupy
> 100% of a single CPU core.
What does your config file look like?
In particular, what does this setting look like for you:
# Threads - four per CPU
threads 8
--
Brian Reichert
BSD admin/developer at large
On Tue, Apr 21, 2015 at 08:23:31AM -0700, Quanah Gibson-Mount wrote:
> --On Tuesday, April 21, 2015 11:54 AM -0400 Brian Reichert
> wrote:
> >What does your config file look like?
> >
> >In particular, what does this setting look like for you:
> >
> > # T
slapd[4049]: 148r
> > Jun 1 09:40:27 slapd[4049]: 196r
> > Jun 1 09:40:27 slapd[4049]: 86r
> > Jun 1 09:40:27 slapd[4049]: 201r
> > Jun 1 09:40:27 slapd[4049]: 241r
> > Jun 1 09:40:27 slapd[4049]: 316r
> > Jun 1 09:40:27 slapd[4049]: 143r
> > Jun 1 09:40:27 slapd[4049]: 320r
> >
> >
> >
--
Brian Reichert
BSD admin/developer at large
Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
--
Brian Reichert
BSD admin/developer at large
Class: organization
> o: Raven
> dc: my-domain
>
> # Manager, my-domain.com
> dn: cn=Manager,dc=my-domain,dc=com
> objectClass: organizationalRole
> cn: Manager
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
> Thank you!
>
--
Brian Reichert
BSD admin/developer at large
you're not running a public server, but one
within your company's LAN, then the set of hostnames won't be as
numerous, nor as fluid, so I suspect descent resolver could cope.
I agree that such a feature on a public server would not fare well.
> Ciao, Michael.
--
Brian Reichert
anged any one of the node automatically .
Does that node run any of the db_checkpoint utilities as a user
other than your openldap UID?
I shot myself in the foot with a backup script that ran as root,
and it would sometimes mess with the ownership of the transaction
logs.
> Br/P
hat node run any of the db_checkpoint utilities as a user
> > other than your openldap UID?
--
Brian Reichert
BSD admin/developer at large
On Thu, Mar 31, 2016 at 04:31:42PM +0200, Prashanth P.Nair wrote:
> On Thu, Mar 31, 2016 at 4:10 PM, Brian Reichert
> wrote:
>
> > On Wed, Mar 30, 2016 at 05:48:56PM +0200, Prashanth P.Nair wrote:
> > > Thanks Brian
> > >
> > > Yes.i have back up script
l we cleaned up the Java code, our workaround was to introduce
settings like this in our slapd.conf file:
idletimeout 30
writetimeout60
--
Brian Reichert
BSD admin/developer at large
ding to find out the name of the group, but I got nothing.
Did the DN in your first search have a 'groupofnames' objectclass?
>
> Thanks
> Jun
--
Brian Reichert
BSD admin/developer at large
On Thu, Jun 15, 2017 at 01:35:45PM +0200, Jelle de Jong wrote:
> Hello everybody,
>
> # my /etc/ldap/slapd.conf
> http://paste.debian.net/plainh/076816e3
Do slapd's logs have any clues? Service restarting, resource issues?
--
Brian Reichert
BSD a
lgies.
Not pretty; good luck...
> Any comments/input would be much appreciated.
>
> Thanks.
>
> Daisy
>
--
Brian Reichert
BSD admin/developer at large
asible? Recommended?
--
Brian Reichert
BSD admin/developer at large
On Wed, Feb 08, 2012 at 12:55:34PM +0200, Buchan Milne wrote:
> On Tuesday, 7 February 2012 23:53:52 Brian Reichert wrote:
> > I'm curious if the tactics described in this thread are currently
> > sufficient:
> >
> > http://www.openldap.org/lists/openldap-soft
pycat.com/docs/ref/transapp/recovery.html
http://www.sleepycat.com/docs/ref/transapp/logfile.html
http://www.sleepycat.com/docs/ref/transapp/hotfail.html
>
> Regards,
> Buchan
--
Brian Reichert
BSD admin/developer at large
On Tue, Feb 07, 2012 at 04:53:52PM -0500, Brian Reichert wrote:
> I'm curious if the tactics described in this thread are currently
> sufficient:
>
> http://www.openldap.org/lists/openldap-software/200608/msg00152.html
Let me try asking a slightly different question.
This p
Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
--
Brian Reichert
BSD admin/developer at large
estabish if read-only mode is close enough to _stopping_
slapd, to allow that bdb-specific processing to safely commence...
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
>
&g
ence...
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
>
> Zimbra :: the leader in open source messaging and collaboration
--
Brian Reichert
BSD admin/developer at large
On Fri, Feb 10, 2012 at 09:35:12AM +0200, Buchan Milne wrote:
> On Wed, Feb 08, 2012 at 12:55:34PM +0200, Buchan Milne wrote:
> > On Thursday, 9 February 2012 21:00:36 Brian Reichert wrote:
> > FWIW: these scripts call out a bunch of reference URLs, that Oracle
> > has now br
end's directory any easier?
> Philip Guenther
>
--
Brian Reichert
BSD admin/developer at large
Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
>
> Zimbra :: the leader in open source messaging and collaboration
--
Brian Reichert
BSD admin/developer at large
[...]
> For those trying to script this, you can get the LSN of the most recent
> checkpoint with
> db_stat -t | awk '$2 ~ /^File\/offset/{print $1; exit}'
>
>
> Philip Guenther
>
--
Brian Reichert
BSD admin/developer at large
DN?
>
> Could anyone take a look and tell me why? Thanks a lot!
>
> -- Tianyin
--
Brian Reichert
BSD admin/developer at large
anager,dc=example,dc=com" -x -w secret
> ldap_bind: Invalid DN syntax (34)
> additional info: invalid DN
The DN you with to bind with needs to be specified with '-D', just
as your correct invocation does.
> Thanks a lot!
> T
--
Brian Reichert
BSD admin/developer at large
eed more info.
Is your LDAP server remaining 'up'? I.e., it's not restarting
sproadically?
Do you have some multiheaded LDAP server? (cluster, round-robin
DNS, whatever) some environment where you may not be hitting the
same LDAP server?
What _actual error_ is your PHP applicat
ct: (unknown error code).
> >>ldap_err2string
> >>ldap_start_tls: Connect error (-11)
> >>additional info: (unknown error code)
> >>Any idea?
Well, your error does say 'untrusted or revoked'. Have you taken steps to
have your client trust the certifcate?
--
Brian Reichert
BSD admin/developer at large
porte Libre Cia. Ltda.
>
> D: Hernandez de Giron Oe4-175 y Vasco de Contreras
> T: +593 (2) 331-9027
> F: +593 (2) 243-1103
> @: jorge.arm...@soportelibre.com
> www.soportelibre.com
>
--
Brian Reichert
BSD admin/developer at large
chitecture of your project is, but you'd
be better off asking on one of the perl lists to work this stuff out.
--
Brian Reichert
BSD admin/developer at large
On Wed, May 15, 2013 at 09:57:29AM -0700, Quanah Gibson-Mount wrote:
> --On Wednesday, May 15, 2013 12:14 PM -0400 Brian Reichert
> >This has nothing to to with OpenLDAP.
>
> Sadly, wrong. They are using and talking about the back-perl backend to
> OpenLDAP, not how to set
this is me leveraging OpenSSL's vocabulary. There are
other SSL providers that may be in play.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Lead Engineer
> Zimbra Software, LLC
>
> Zimbra :: the leader in open source messaging and collaboration
>
--
Brian Reichert
BSD admin/developer at large
On Thu, Sep 26, 2013 at 10:54:00AM -0700, Quanah Gibson-Mount wrote:
> --On Thursday, September 26, 2013 1:33 PM -0400 Brian Reichert
> wrote:
>
>
> >You can use an IP address, if that IP address is in the SAN (Subject
> >Alternate Name) list of the certificate.
>
60 matches
Mail list logo
