[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Rép. : Re: problem to download datas in database berkeley 4.4
Hi,
I have solved my problem. I have reinstalled Berkeley DB and then
openLdap2.3.17 like the first time , but now it's work, sorry for this
post.
I have noted that openLdap2.3.17 is more slower than openLdap2.3.13
(last version I have tested):
I have a subtree that containt 10 000 entries, with openLdap2.3.13 the
list is posted in few second, but with openLdap2.3.17 it's need 1min.
my slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/openLdap2.3.17/etc/openldap/schema/core.schema
include /usr/local/openLdap2.3.17/etc/openldap/schema/cosine.schema
include
/usr/local/openLdap2.3.17/etc/openldap/schema/inetorgperson.schema
include /usr/local/openLdap2.3.17/etc/openldap/schema/myperson.schema
include /usr/local/openLdap2.3.17/etc/openldap/schema/dyngroup.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
# referral ldaps://IP:636/
pidfile /usr/local/openLdap2.3.17/var/run/slapd.pid
argsfile /usr/local/openLdap2.3.17/var/run/slapd.args
# Journalisation
loglevel 256
# Threads
threads 16
# Timelimit
timelimit unlimited
# Load dynamic backend modules:
modulepath /usr/local/openLdap2.3.17/
moduleload unique.la
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (preavent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
##########################
#ACL
#########################
#include /usr/local/openLdap2.3.17/etc/openldap/acl.conf
###########################
#SSL
###########################
TLSCipherSuite HIGH:MEDIUM
TLSCertificateFile
/usr/local/openLdap2.3.17/certificats/annuaire.monAnnuaire.fr.pem
TLSCertificateKeyFile
/usr/local/openLdap2.3.17/certificats/annuaire.monAnnuaire.fr.key.pem
TLSCACertificateFile
/usr/local/openLdap2.3.17/certificats/monAnnuaireCAcert.pem
# Use the following if client authentication is required
#TLSVerifyClient demand
# ... or not desired at all
TLSVerifyClient never
###################################
# uses the chain overlay as global
# no chain-URI is configured, so the URI is parsed out of the referral
###################################
overlay chain
chain-uri ldaps://IP:636
chain-idassert-bind bindmethod=simple
binddn="cn=ldapappli1,ou=applis,o=monAnnuaire"
credentials=inet2048
mode=self
#######################################################################
# BDB database definitions
#######################################################################
###################
#database Meta
database meta
suffix "dc=metamonAnnuaire,dc=fr"
rebind-as-user true
uri
"ldaps://IP:1636/o=openldap,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr"
suffixmassage "o=openldap,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr"
"dc=monAnnuaire,dc=fr"
pseudorootdn "cn=Manager,o=Managers,dc=monAnnuaire,dc=fr"
pseudorootpw secret
uri
"ldaps://IP:636/o=NDS,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr"
suffixmassage "o=NDS,o=autreAnnuaire,dc=metamonAnnuaire,dc=fr" "o=Hec"
pseudorootdn "cn=ldapappli1,o=applis,o=Hec"
pseudorootpw inet2048
uri "ldaps://IP.217:636/dc=metamonAnnuaire,dc=fr"
suffixmassage "dc=metamonAnnuaire,dc=fr" "dc=monAnnuaire,dc=fr"
pseudorootdn "cn=Manager,dc=monAnnuaire,dc=fr"
pseudorootpw secret
lastmod off
####################
#Principale database
database bdb
suffix "dc=monAnnuaire,dc=fr"
rootdn "cn=Manager,dc=monAnnuaire,dc=fr"
#rootpw {SSHA}wlKQDA9Leh27hh9Q9Nnn+ZaJhYC95RJH
rootpw secret
# Controle
# schemacheck on
#overlays
overlay unique
unique_base "o=individus,dc=monAnnuaire,dc=fr"
unique_attributes uid
# database specific fragment
# Set the entry cache size to 5000.
cachesize 10000
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/openLdap2.3.17/var/openldap-data
# Return in memory data that may not have
# been written to disc
dirtyread
# Indices to maintain
index uid eq
index cn,sn,mail pres,eq,approx,sub
index objectClass eq
# Depth of the stack used for search
# filter evaluation
searchstack 20
# Set transactional checkpoint.
checkpoint 512 15
---------------------------------------------------------
and my DB_CONFIG
# DB_CONFIG FILE
# The Berkeley Database backend retrieves most of its configuration
and
tuning options from the DB_CONFIG file.
# This file should be placed in the same directory as specified by the
directory configuration option in the slapd.conf file.
# Lockdetect directive
set_lk_detect DB_LOCK_DEFAULT
# Set database flags.
# specify that the database does not need to be updated
# immediately with any in-memory recard
# set_flags DB_TXN_NOSYNC
# Set log values.
set_lg_max 5242880
set_lg_dir /usr/local/openLdap2.3.17/log
# Set temporary file creation directory.
set_tmp_dir /tmp
# Set the database in memory cache size.
# number of entry that the ldap backend will maintain im memory
set_cachesize 0 5242880 1
# Defines the time between checkpoint operation in BDB
# txn_checkpoint 128 15 0
is there something in my slapd.conf or DB_CONFIG can explain why
openldap2.3.17 is more slower ?
I have tested without unique overlay, chain overlay and Meta Backend,
but it was the same .
thx
>>> Pierangelo Masarati <ando@sys-net.it> 01/13 6:10 >>>
On Fri, 2006-01-13 at 17:40 +0100, Eudes LEDUCQ wrote:
> Hi,
>
> I have just installed berkeley 4.4 and openLdap 2.3.17, So i have a
> ldif file that contains datas, and I try to put them in my datas
bases
> like this:
>
> /usr/local/openLdap2.3.17/sbin/slapadd -l
> /usr/local/openLdap2.3.17/filesLdif/data2.3.11.ldif
>
> I have the following error:
> slapadd: database doesn't support necessary operations.
>
> is some one have an idee ?
I have an idea: why don't you let us know more about how you
configured
OpenLDAP and what type of messages did it log, apart from that very
informative message?
p.
Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------