Slow server etime?
by Gerrard Geldenhuis
Hi
>From the logconv.pl script:
----- Top 20 Longest etimes -----
etime=6 5
etime=4 16
etime=3 95
etime=2 1
etime=1 4908
etime=0 70796
What is that suppose to tell me?
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
12 years, 4 months
Please Help Test 389 Directory Server 1.2.7
by Rich Megginson
389-ds-base-1.2.7 is now in Testing. This release adds some new
features and fixes many bugs. Please help us test. The sooner we can
get this release tested, the sooner we can push it to Stable and make it
generally available.
Installation
yum install 389-ds --enablerepo=updates-testing
# or for EPEL
yum install 389-ds --enablerepo=epel-testing
setup-ds-admin.pl
Upgrade
yum upgrade --enablerepo=updates-testing 389-ds-base 389-admin
# or for EPEL
yum upgrade --enablerepo=epel-testing 389-ds-base 389-admin
setup-ds-admin.pl -u
How to Give Feedback
The best way to provide feedback is via the Fedora Update system. Each
update is broken down by package and platform. For example, if you are
using Fedora 12, and you have successfully installed or upgraded all of
the packages, and the console and etc. works, then go to the links below
for Fedora 12 and provide feedback.
* 389-ds-base-1.2.7
** EL-5 - https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.el5
** Fedora 12 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.fc12
** Fedora 13 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.fc13
** Fedora 14 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.fc14
scroll down to the bottom of the page, and click on the Add a comment >>
link
* select one of the Works for me or Does not work radio buttons, add
text, and click on the Add Comment button
If you are using a build on another platform, just send us an email to
389-users(a)lists.fedoraproject.org
Reporting Bugs
If you find a bug, or would like to see a new feature, you can enter it
here - https://bugzilla.redhat.com/enter_bug.cgi?product=389
More Information
* Release Notes - http://port389.org/wiki/Release_Notes
* Install_Guide - http://port389.org/wiki/Install_Guide
* Download - http://port389.org/wiki/Download
12 years, 4 months
Re: [389-users] SSl connection to 389 DS server
by Laurent Roudier
The PHP message I got is :
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in
/var/www/html/php.php on line 27
I'm not sure if php is using /etc/openldap/ldap.conf, I didn't found the way or
the log to know were the php ldap module get the path to this file. I try to put
it directly on etc, but I got the same error
On 11/21/2010 09:41 AM, Laurent Roudier wrote:
> Hi everybody,
> I try to setup a 389 DS server and made it work with a web server. My current
> configuration is :
> fedora 14 (2.6.35.6-48.fc14.i686)
> 389-admin-1.1.11-1.fc14.i686
> 389-ds-console-doc-1.2.3-1.fc14.noarch
> 389-adminutil-1.1.10-2.fc14.i686
> 389-ds-console-1.2.3-1.fc14.noarch
> 389-ds-base-1.2.6.1-2.fc14.i686
> 389-console-1.1.4-1.fc14.noarch
> 389-ds-1.2.1-1.fc14.noarch
> 389-admin-console-1.1.5-1.fc14.noarch
> 389-admin-console-doc-1.1.5-1.fc14.noarch
> 389-dsgw-1.1.5-2.fc14.i686
>
> I setup 389 without any probleme
> I add certificate and secure connection with the used of setupssl2.sh script.
> So if I use this php script, it work without any problem
> <?php
> $ldaprdn = DN
> $ldappass = password
> $ldapconn = ldap_connect("ldap://localhost");
> if ($ldapconn) {
> if ($ldapbind) {
> echo "<P>bind LDAP OK</P>";
> } else {
> echo "<P>bind LDAP KO</P>";
> }
> }
> else
> {
> echo "<P>fail</P>";
> }
> ?>
>
> if a change "ldap://localhost" by "ldaps://localhost", it fail and the log of
> 389 is
>
> [21/Nov/2010:16:53:54 +0100] conn=1 fd=64 slot=64 SSL connection from
>::1
> to ::1
> [21/Nov/2010:16:53:54 +0100] conn=1 op=-1 fd=64 closed - Encountered
end
> of file.
Where do you specify the CA certificate and other security options, if any?
Can you turn up php logging?
> if a change "ldap://localhost" by "localhost",636, it hang, I must restart
> dirsvr and the log of 389 is
>
> [21/Nov/2010:15:43:38 +0100] conn=3 fd=65 slot=65 connection from
::1
> to ::1
> [21/Nov/2010:15:43:38 +0100] conn=3 op=0 EXT
> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> [21/Nov/2010:15:43:38 +0100] conn=3 op=0 RESULT err=0 tag=120
> nentries=0 etime=0
> [21/Nov/2010:15:43:38 +0100] conn=3 op=-1 fd=65 closed - Encountered
> end of file.
>
>
> I try several thinks, changing the certificate,
How do you change the certificate?
> the file /etc/openldap/ldap.conf
> but nothing is working.
Does php use /etc/openldap/ldap.conf?
> Please help me
>
> Laurent
>
>
12 years, 4 months
perldap: perl-mozldap-1.5.3 bug+patch for 1.5.3 (latest stable)
by Roberto Polli
Hi Leif,
I found a little bug in the latest (this summer 2010) relase of perl-mozldap
downloaded from
ftp://ftp.mozilla.org/pub/mozilla.org/directory/perldap/releases/1.5.3/sr...
mozldap-1.5.3.tar.gz
It prevents building the debian package.
--- perl-mozldap-1.5.3-rpolli/API.xs 2010-11-23 22:37:07.560507964 +0100
+++ perl-mozldap-1.5.3/API.xs 2010-11-23 22:35:35.000000000 +0100
@@ -673,7 +673,7 @@
bail:
ldap_set_option(ld, LDAP_OPT_RESULT_CODE, &ret);
#else
- ret = ldap_parse_entrychange_control(ld, ctrls, chgtypep, prevdnp
+ ret = ldap_parse_entrychange_control(ld, ctrls, chgtypep, prevdnp,
chgnumpresentp, chgnump);
#endif
Let me know+Peace,
R.
--
Roberto Polli
Project Manager
Babel S.r.l. - http://www.babel.it
T: +39.06.91801075 M: +39.340.6522736 F: +39.06.91612446
P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma)
CONFIDENZIALE: Questo messaggio ed i suoi allegati sono di carattere
confidenziale per i destinatari in indirizzo.
E' vietato l'inoltro non autorizzato a destinatari diversi da quelli indicati
nel messaggio originale.
Se ricevuto per errore, l'uso del contenuto e' proibito; si prega di
comunicarlo al mittente e cancellarlo immediatamente.
12 years, 4 months
Fwd: [389-announce] Please Help Test 389 Directory Server 1.2.7
by Ivanov Andrey (M.)
Hi Rich,
I have two issues with this new version (that i have compiled from the
git sources)
here is the first issue :
there were some changes to the memberfo plugin (Bug 620927) that added
a more rigorous verification of memberofgroupattr parameter of
MemberOf plugin. We use the uniqueMember/memberOf attribute pair to
manage our groups and backlinks. This configuration does not work with
the 1.2.7 server :
[23/Nov/2010:17:32:51 +0100] memberof-plugin - Error 53: The
uniqueMember configuration attribute must be set to an attribute
defined to use the Distinguished Name syntax. (illegal value:
memberOfGroupAttr)
[23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
(DSA is unwilling to perform)
[23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
MemberOf Plugin
[23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
plugin instance can be used
[23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
(Bad parameter to an ldap routine)
[23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
MemberOf Plugin
[23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
plugin instance can be used
[23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
(Bad parameter to an ldap routine)
[23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
MemberOf Plugin
[23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
plugin instance can be used
[23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
(Bad parameter to an ldap routine)
[23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
MemberOf Plugin
[23/Nov/2010:17:32:51 +0100] - Error: Failed to resolve plugin dependencies
[23/Nov/2010:17:32:51 +0100] - Error: postoperation plugin MemberOf
Plugin is not started
The thing is that uniquemember does not have the DN syntax, it has
"Name and Optional UID syntax" :
attributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34
X-ORIGIN 'RFC 4519' )
Our memberOf configuration:
dn: cn=MemberOf Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: MemberOf Plugin
nsslapd-pluginPath: libmemberof-plugin
nsslapd-pluginInitfunc: memberof_postop_init
nsslapd-pluginType: postoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
memberofgroupattr: uniqueMember
memberofattr: memberOf
nsslapd-pluginId: memberof
nsslapd-pluginVersion: 1.2.7
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: memberof plugin
The second issue : when using sutup-ds-admin there is a LD_PRELOAD
libldap60.so error. I used the sources mod_nss-1.0.8.tar.gz,
389-admin-1.1.12.a2.tar.bz2 and 389-adminutil-1.1.13.tar.bz2 to
compile teh admin server.
Creating directory server . . .
Your new DS instance 'dmz' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: ERROR: ld.so: object '/libldap60.so' from LD_PRELOAD cannot be
preloaded: ignored.
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is '/tmp/setupXxX7a5.log'
2010/11/22 Rich Megginson <rmeggins(a)redhat.com>:
> 389-ds-base-1.2.7 is now in Testing. This release adds some new
> features and fixes many bugs. Please help us test. The sooner we can
> get this release tested, the sooner we can push it to Stable and make it
> generally available.
12 years, 4 months
get base dn from ldapsearch
by Angel Bosch Mora
hi,
not specifically 389 related but:
is there a way to guess default base dn for clients (the one configured in /etc/openldap/ldap.conf) with ldapsearch?
i've tried with -v, -n and -d but i only get the server, not the base.
regards,
abosch
12 years, 4 months
slapd not responding
by Reinhard Nappert
Hi,
I have a 389 DS 1.1.2 server in Multi-Master mode. It happens that the server stops responding in some circumstances. When the server was in that state, I did a kill -11 on the pid in order to generate a coredump.
I got the following out of the core, by using gdb.
Any idea, what is going on on the server side. BTW, the server does not log anything during this time in either access nor errors.
Thanks,
-Reinhard
12 years, 4 months
Sensitivity to changes in /etc/resolv.conf or lack there of
by Gerrard Geldenhuis
Hi
I believe this is down to system libraries but is there any way to make 389-ds aware of changes in /etc/resolv.conf? In my test environment I have had to restart the dirsrv to get get changes in resolv.conf take effect.
Specifically I can't initiate a new host using replication if the resolv.conf entries is wrong... changing them requires a restart.
Apart from the whole debate about whether I should be changing /etc/resolv.conf at all or during "production" ... any comments would be welcome.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
12 years, 4 months
SSl connection to 389 DS server
by Laurent Roudier
Hi everybody,
I try to setup a 389 DS server and made it work with a web server. My current
configuration is :
fedora 14 (2.6.35.6-48.fc14.i686)
389-admin-1.1.11-1.fc14.i686
389-ds-console-doc-1.2.3-1.fc14.noarch
389-adminutil-1.1.10-2.fc14.i686
389-ds-console-1.2.3-1.fc14.noarch
389-ds-base-1.2.6.1-2.fc14.i686
389-console-1.1.4-1.fc14.noarch
389-ds-1.2.1-1.fc14.noarch
389-admin-console-1.1.5-1.fc14.noarch
389-admin-console-doc-1.1.5-1.fc14.noarch
389-dsgw-1.1.5-2.fc14.i686
I setup 389 without any probleme
I add certificate and secure connection with the used of setupssl2.sh script.
So if I use this php script, it work without any problem
<?php
$ldaprdn = DN
$ldappass = password
$ldapconn = ldap_connect("ldap://localhost");
if ($ldapconn) {
if ($ldapbind) {
echo "<P>bind LDAP OK</P>";
} else {
echo "<P>bind LDAP KO</P>";
}
}
else
{
echo "<P>fail</P>";
}
?>
if a change "ldap://localhost" by "ldaps://localhost", it fail and the log of
389 is
[21/Nov/2010:16:53:54 +0100] conn=1 fd=64 slot=64 SSL connection from ::1
to ::1
[21/Nov/2010:16:53:54 +0100] conn=1 op=-1 fd=64 closed - Encountered end
of file.
if a change "ldap://localhost" by "localhost",636, it hang, I must restart
dirsvr and the log of 389 is
[21/Nov/2010:15:43:38 +0100] conn=3 fd=65 slot=65 connection from ::1
to ::1
[21/Nov/2010:15:43:38 +0100] conn=3 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[21/Nov/2010:15:43:38 +0100] conn=3 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[21/Nov/2010:15:43:38 +0100] conn=3 op=-1 fd=65 closed - Encountered
end of file.
I try several thinks, changing the certificate, the file /etc/openldap/ldap.conf
but nothing is working.
Please help me
Laurent
12 years, 4 months
