July 2012 - 389-devel - Fedora Mailing-Lists

by Chaudhari, Rohit K.

Hello everyone, The setup is as follows. We have set up a server with 389 DS without DNS (hardcoded IP addresses in /etc/hosts) and created a CA certificate for distribution on servers and clients. The 389 client has been set up to allow users created on the server to authenticate against LDAP when logging in for the first time. However, this is failing. The server has 389 and a CA certificate. The client is given the CA certificate as certificate.asc. Then, we used authconfig-tui to configure the client to use LDAP authentication against the server using TLS/SSL. In regards to a previous thread, one had brought up that there might be issues using LDAP authentication with TLS if the server is set up without DNS and has IP addresses hard-coded in /etc/hosts. Does anyone have any suggestions as to why I am unable to log in against the server from my client machine. The user created in LDAP is given POSIX attributes so that if it's a user attempting to log in for the first time, it is able to do so (since POSIX attributes includes Group ID, UID, etc.) Thanks. ________________________________________

11 years, 3 months

2
6
0 / 0

please review ticket 413 - "Server is unwilling to perform" when running ldapmodify on nsds5ReplicaStripAttrs

by Mark Reynolds

https://fedorahosted.org/389//ticket/413/ https://fedorahosted.org/389/attachment/ticket/413/0001-Ticket-413-Server... -- Mark Reynolds Senior Software Engineer Red Hat, Inc mreynolds(a)redhat.com

11 years, 4 months

1
0
0 / 0

please review ticket 328 - make sure all internal search filters are properly escaped

by Mark Reynolds

https://fedorahosted.org/389/ticket/328 https://fedorahosted.org/389/attachment/ticket/328/0001-Ticket-328-make-s... -- Mark Reynolds Senior Software Engineer Red Hat, Inc mreynolds(a)redhat.com

11 years, 4 months

1
0
0 / 0

please review ticket 403 - CLEANALLRUV must deal with offline replicas and older replicas

by Mark Reynolds

https://fedorahosted.org/389/ticket/403 https://fedorahosted.org/389/attachment/ticket/403/0001-Ticket-403-CLEANA... --> there is a lot of code cleanup in this patch. Design Document: https://fedorahosted.org/389/attachment/ticket/403/cleanruv-proceedure Thanks, Mark -- Mark Reynolds Senior Software Engineer Red Hat, Inc mreynolds(a)redhat.com

11 years, 4 months

1
0
0 / 0

Please review: [389 Project] #409: Report during startup if nsslapd-cachememsize is too small

by Noriko Hosoi

https://fedorahosted.org/389/ticket/409 https://fedorahosted.org/389/attachment/ticket/409/0001-Trac-Ticket-409-R... Fix description: adding a code to compare the entry cache size with the main db file (id2entry.db) size. If the entry cache size is less than the db file size, it logs the warning in the error log. Please note that a related ticket has been opened: Ticket #414 <https://fedorahosted.org/389/ticket/414> - Improve entry cache auto-sizing

11 years, 4 months

1
0
0 / 0

please re-review bug id 588480

by Paul Robert Marino

I figured out how to reproduce the bug in https://bugzilla.redhat.com/show_bug.cgi?id=588480 Please re-review it it was closed as "works for me" but i found there was a vital piece of information missing to reproduce it I have just been able to reproduce it on RHEL 6.3 I've added the details on how to reproduce it to the ticket

11 years, 4 months

1
0
0 / 0

Please review & comment: [389 Project] #412: memberof performance enhancement

by Noriko Hosoi

https://fedorahosted.org/389/ticket/412 https://fedorahosted.org/389/attachment/ticket/412/0001-Trac-Ticket-412-m... Fix description: memberof.c: replaced DN strings with Slapi_DN and set the normalized info to Slapi_Value flags. It reduces the number of slaip_dn_normalize_ext call by ~25%. attr.c, slapi-plugin.h: introduced a new API slapi_attr_ value_cmp_ext which takes Slapi_Value instead of struct berval. By replacing with Slapi_Value, the value flag (e.g., normalized info) can be passed to the syntax plugin. value.c: changed slapi_value_compare to call slapi_attr_ value_cmp_ext instead of slapi_attr_value_cmp. ------------------------------------------------------------------------ Replying to nkinder <https://fedorahosted.org/389/ticket/412#comment:2>: What sort of performance increase do these changes give you in your testing? Unfortunately, there was no observable performance gain. Let me explain it with the test env next... ------------------------------------------------------------------------ As replied to the Nathan's question, I could not see any performance gain in the elapsed time, although it reduced the count of slapi_dn_normalize_ext by ~25%. But the server's behaviour observed in the test was interesting. The dominant time of the elapsed time spent in the memberof operation is likely in libdb. The time difference 14 sec vs. 27 sec between "Straight ldapmodify ...; sh memof_script.sh" and "ldapmodify ...; restart the server; [ldapsearch <all>; ]sh memof_script.sh" cannot be explained in the server level. Callgrind outputs almost the same graph except the libdb internal. And once we put all memberof operations in one transaction, the response time is extremely short. We have not enabled betxn by default yet. Can we make a plan to do so for brushing up the code especially on Fedora? ------------------------------------------------------------------------ Result: Note: With/Without? <https://fedorahosted.org/389/wiki/With/Without> the attached patch: 0001-Trac-Ticket-412-memberof-performance-enhancement.patch, there was no difference in the elapsed time. This test adds 1000 user entries first (ldapmodify...). Then memof_script.sh adds a group entry which contains the 1000 members; the script waits for all the user entries have memberof attribute value. (The test files are attached to the trac #412 with the instructions.) Straight ldapmodify ...; sh memof_script.sh: 14 seconds ldapmodify ...; restart the server; sh memof_script.sh: 27 seconds ldapmodify ...; restart the server; ldapsearch <all>; sh memof_script.sh: 27 seconds (I.e, the difference is not due to the entries in the entry cache or not) Enable betxn of the Memberof Plugin dn: cn=MemberOf? <https://fedorahosted.org/389/wiki/MemberOf> Plugin,cn=plugins,cn=config nsslapd-pluginType: betxnpostoperation Straight ldapmodify ...; sh memof_script.sh: < 1 second ldapmodify ...; restart the server; ldapsearch <all>; sh memof_script.sh: < 1 second ------------------------------------------------------------------------ Thanks, --noriko

11 years, 4 months

4
12
0 / 0

Please review: Ticket #410 - Referential integrity plug-in does not work when update interv, al is not zero

by Rich Megginson

https://fedorahosted.org/389/ticket/410 https://fedorahosted.org/389/attachment/ticket/410/0001-Ticket-410-Refere...

11 years, 4 months

1
0
0 / 0

Please review: Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness , plugin enabled

by Rich Megginson

https://fedorahosted.org/389/ticket/406 https://fedorahosted.org/389/attachment/ticket/406/0001-Ticket-406-Imposs...

11 years, 4 months

1
0
0 / 0

Please review: Trac #332 db2bak.pl Fails when secure connections are required

by Jonathan "Duke" Leto

Howdy, https://fedorahosted.org/389/ticket/332 https://fedorahosted.org/389/attachment/ticket/332/0001-Allow-an-environm... Duke -- Jonathan "Duke" Leto <jonathan(a)leto.net> Leto Labs LLC http://labs.leto.net 209.691.DUKE http://dukeleto.pl

11 years, 4 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-devel July 2012