[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Rép. : Re: openLdap 2.3.17 goes less quickly than 2.3.11 or 2.3.13
Hi,
yes of course if you want:
-----------------------------------------------
my slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/openLdap2.3.17/etc/openldap/schema/core.schema
include /usr/local/openLdap2.3.17/etc/openldap/schema/cosine.schema
include
/usr/local/openLdap2.3.17/etc/openldap/schema/inetorgperson.schema
include /usr/local/openLdap2.3.17/etc/openldap/schema/myperson.schema
include /usr/local/openLdap2.3.17/etc/openldap/schema/dyngroup.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
# referral ldaps://IP:636/
pidfile /usr/local/openLdap2.3.17/var/run/slapd.pid
argsfile /usr/local/openLdap2.3.17/var/run/slapd.args
# Journalisation
loglevel 256
# Threads
threads 16
# Timelimit
timelimit unlimited
# Load dynamic backend modules:
modulepath /usr/local/openLdap2.3.17/
moduleload unique.la
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (preavent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
##########################
#ACL
#########################
#include /usr/local/openLdap2.3.17/etc/openldap/acl.conf
###########################
#SSL
###########################
TLSCipherSuite HIGH:MEDIUM
TLSCertificateFile
/usr/local/openLdap2.3.17/certificats/annuaire.monAnnuaire.fr.pem
TLSCertificateKeyFile
/usr/local/openLdap2.3.17/certificats/annuaire.monAnnuaire.fr.key.pem
TLSCACertificateFile
/usr/local/openLdap2.3.17/certificats/monAnnuaireCAcert.pem
# Use the following if client authentication is required
#TLSVerifyClient demand
# ... or not desired at all
TLSVerifyClient never
###################################
# uses the chain overlay as global
# no chain-URI is configured, so the URI is parsed out of the referral
###################################
overlay chain
chain-uri ldaps://IP:636
chain-idassert-bind bindmethod=simple
binddn="cn=ldapappli1,ou=applis,o=monAnnuaire"
credentials=inet2048
mode=self
#######################################################################
# BDB database definitions
#######################################################################
###################
#database Meta
database meta
suffix "dc=metamonAnnuaire,dc=fr"
rebind-as-user true
uri
"ldaps://IP:1636/o=openldap,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr"
suffixmassage "o=openldap,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr"
"dc=monAnnuaire,dc=fr"
pseudorootdn "cn=Manager,o=Managers,dc=monAnnuaire,dc=fr"
pseudorootpw secret
uri
"ldaps://IP:636/o=NDS,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr"
suffixmassage "o=NDS,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr" "o=Hec"
pseudorootdn "cn=ldapappli1,o=applis,o=Hec"
pseudorootpw inet2048
uri "ldaps://IP.217:636/dc=metamonAnnuaire,dc=fr"
suffixmassage "dc=metamonAnnuaire,dc=fr" "dc=monAnnuaire,dc=fr"
pseudorootdn "cn=Manager,dc=monAnnuaire,dc=fr"
pseudorootpw secret
lastmod off
####################
#Principale database
database bdb
suffix "dc=monAnnuaire,dc=fr"
rootdn "cn=Manager,dc=monAnnuaire,dc=fr"
#rootpw {SSHA}wlKQDA9Leh27hh9Q9Nnn+ZaJhYC95RJH
rootpw secret
# Controle
# schemacheck on
#overlays
overlay unique
unique_base "o=individus,dc=monAnnuaire,dc=fr"
unique_attributes uid
# database specific fragment
# Set the entry cache size to 5000.
cachesize 10000
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/openLdap2.3.17/var/openldap-data
# Return in memory data that may not have
# been written to disc
dirtyread
# Indices to maintain
index uid eq
index cn,sn,mail pres,eq,approx,sub
index objectClass eq
# Depth of the stack used for search
# filter evaluation
searchstack 20
# Set transactional checkpoint.
checkpoint 512 15
---------------------------------------------------------
and my DB_CONFIG
# DB_CONFIG FILE
# The Berkeley Database backend retrieves most of its configuration and
tuning options from the DB_CONFIG file.
# This file should be placed in the same directory as specified by the
directory configuration option in the slapd.conf file.
# Lockdetect directive
set_lk_detect DB_LOCK_DEFAULT
# Set database flags.
# specify that the database does not need to be updated
# immediately with any in-memory recard
# set_flags DB_TXN_NOSYNC
# Set log values.
set_lg_max 5242880
set_lg_dir /usr/local/openLdap2.3.17/log
# Set temporary file creation directory.
set_tmp_dir /tmp
# Set the database in memory cache size.
# number of entry that the ldap backend will maintain im memory
set_cachesize 0 5242880 1
# Defines the time between checkpoint operation in BDB
# txn_checkpoint 128 15 0
thx
>>> Pavlos Parissis <p_pavlos@freemail.gr> 01/13 5:52 >>>
On Fri, 13 Jan 2006 14:10:19 +0100
"Eudes LEDUCQ" <LEDUCQ@hec.fr> wrote:
> Hi,
>
> I have installed openLdap 2.3.17, I have the same config than my
> preceding directory (openLdap2.3.11), the same database. And the
> directory openLdap2.3.17 goes less quickly than openLdap2.3.11 and
> openLdap2.3.13is it normal ?
I think that, if you give more informations then you will have more
changes to get a reply.
Regards,
Pavlos