Ldif import issue
by Jean Félix DESIR
Hi,
I'am facing this import issue:
I can't add this attribut to a object on my 389 DS:
dn:
cn=template,ou=services,ou=profiles,ou=Authent,dc=region,dc=enterprise,dc=net
rbClientDnsPri: XXXXXXX
*rbForwardPolicy: MYVALUE*
rbContextName: PPP
objectClass: top
objectClass: radiusaccount
objectClass: costemplate
cn: template
framedRouting: None
framedProtocol: PPP
framedIpNetmask: 255.255.255.255
framedCompression: Van-Jacobson-TCP-IP
ldapadd -x -D "cn=Directory manager" -f ouservices.ldif -W
Enter LDAP Password:
adding new entry
"cn=template,ou=services,ou=profiles,ou=Authent,dc=region,dc=enterprise,dc=net"
ldap_add: Invalid syntax (21)
additional info:* rbForwardPolicy*: value #0 invalid per syntax
MY Schema definition
objectClasses: ( RadAccount-oid NAME 'RadAccount' SUP top STRUCTURAL MAY(
checkTunnelType $ filterID $ framedCompression $ framedIpAddress $
framedIpNetmask $ framedMtu $ framedProtocol $ framedRoute $ framedRouting
$ msvBwProfile $ ServiceProfile $ rbAgentCircuitId $ rbClientDnsPri $
rbClientDnsSec $ rbContextName $ rbDhcpMaxLeases $* rbForwardPolicy *$
rbHttpRedirectProfileName $ rbIpAddressPoolName $ rbIpInterface $
rbNatPolicyName $ rbQosMeteringProfileName $ rbQosPolicingProfileName $
rbQosPq $ rbQosQueueingProfileName $ rbQosRateOutbound $ rbSessionTimeout $
rbShapingProfileName $ rbSubscriberProfileName $ TunnelAssignmentID $
tunnelClientEndpoint $ tunnelID $ tunnelMediumType $ tunnelServerEndpoint $
tunnelType ) X-ORIGIN 'user defined' )
objectClasses: ( RadiusAccount-oid NAME 'RadiusAccount' SUP top STRUCTURAL
MUST cn MAY ( checkTunnelType $ filterID $ framedCompression $
framedIpAddress $ framedIpNetmask $ framedMtu $ framedProtocol $
framedRoute $ framedRouting $ msvBwProfile $ msvServiceProfile $
rbAgentCircuitId $ rbClientDnsPri $ rbClientDnsSec $ rbContextName $
rbDhcpMaxLeases $ *rbForwardPolicy *$ rbHttpRedirectProfileName $
rbIpAddressPoolName $ rbIpInterface $ rbNatPolicyName $
rbQosMeteringProfileName $ rbQosPolicingProfileName $ rbQosPq $
rbQosQueueingProfileName $ rbQosRateOutbound $ rbSessionTimeout $
rbShapingProfileName $ rbSubscriberProfileName $ TunnelAssignmentID $
tunnelClientEndpoint $ tunnelID $ tunnelMediumType $ tunnelServerEndpoint $
tunnelType $ uid $ userPassword ) X-ORIGIN 'user defined' )
attributeTypes: ( rbForwardPolicy-oid NAME *'rbForwardPolicy*' DESC
'Redback RADIUS RB-Forward-Policy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE X-ORIGIN 'user defined' )
What am i doing wrong?
Best regards
9 years, 3 months
repl5_inc_waitfor_async_results
by shardulsk
Hi,
Running 389-ds 1.1.2 on Centos 5.
We have suddenly seen repl5_inc_waitfor_async_results errors crop up in
our error log during peak traffic hours.
The Master loses sight of Hubs and replication stalls. Most of the times it
comes right back up after a couple of mins. However we have been restarting
Hubs to make the process quicker.
tail -f errors
[08/Jan/2015:02:42:08 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub1"
(hub1:2390): Simple bind resumed
[08/Jan/2015:09:04:38 -0800] - repl5_inc_waitfor_async_results timed out
waiting for responses: 0 34222
[08/Jan/2015:09:05:18 -0800] - repl5_inc_waitfor_async_results timed out
waiting for responses: 0 33499
[08/Jan/2015:09:05:37 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub2"
(hub1:2390): Warning: unable to receive endReplication extended operation
response (Can't contact LDAP server)
[08/Jan/2015:09:05:37 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub2"
(hub1:2390): Simple bind failed, LDAP sdk error 91 (Can't connect to the
LDAP server), Netscape Portable Runtime error -5961 (TCP connection reset
by peer.)
[08/Jan/2015:09:05:59 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub2"
(hub1:2390): Simple bind resumed
[08/Jan/2015:09:07:43 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub1"
(hub1:2390): Warning: unable to receive endReplication extended operation
response (Can't contact LDAP server)
[08/Jan/2015:09:07:43 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub1"
(hub1:2390): Simple bind failed, LDAP sdk error 91 (Can't connect to the
LDAP server), Netscape Portable Runtime error -5961 (TCP connection reset
by peer.)
[08/Jan/2015:09:08:05 -0800] NSMMReplicationPlugin - agmt="cn=add -> hub1"
(hub1:2390): Simple bind resumed
Any idea what is causing this? I checked ADD/DEL operations during the
outage and none of them stand out. No MOD errors and all MODs completed
within a second.
~Shardul
9 years, 3 months
Recreating replica agreements
by carne_de_passaro
Hello guys,
I am planning to recreate my replica agreements, which today uses SSL on
port 636, to use startTLS on port 389.
My question is: Do I have to reinitialize the databases of the agreements
that I recreate?
I'm using the 389-ds-base-1.2.11.15-34.el6_5.x86_64.
Thanks in advance.
Danilo
9 years, 3 months
Unable to start dirsrv-admin after securing ldap
by Charlie Mordant
Hi contact experts!
I’m trying to make a future OSS contribution making an OPSCode Chef
recipe to install a secure LDAP.
I (barely) migrate and use the
https://github.com/richm/scripts/blob/master/setupssl2.sh#L238 shell to
secure a provisionned LDAP, but while executed, restarting dirsrv-admin
led me to an error:
[code]
[Sat Jan 03 18:19:36.940462 2015] [:info] [pid 8266:tid 140486247127104]
Server: Apache/2.4.6, Interface: mod_nss/2.4.6, Library: NSS/3.15.2 Basic
ECC
[Sat Jan 03 18:19:36.940490 2015] [:debug] [pid 8266:tid 140486247127104]
mod_admserv/mod_admserv.c(2467): Entering mod_admserv_post_config - pid is
[8266] init count is [0]
[Sat Jan 03 18:19:36.940495 2015] [:debug] [pid 8266:tid 140486247127104]
mod_admserv/mod_admserv.c(2295): Entering do_admserv_post_config - pid is
[8266]
[Sat Jan 03 18:19:36.940498 2015] [:debug] [pid 8266:tid 140486247127104]
mod_admserv/mod_admserv.c(2303): Entering do_admserv_post_config - init
count is [1]
[Sat Jan 03 18:19:36.940506 2015] [:debug] [pid 8266:tid 140486247127104]
mod_admserv/mod_admserv.c(2327): [8266] Cache expiration set to 600 seconds
[Sat Jan 03 18:19:36.943993 2015] [:debug] [pid 8266:tid 140486247127104]
mod_admserv/mod_admserv.c(2431): Added StartConfigDs task entry
[cn=startconfigds,cn=operation,cn=tasks,cn=admin-serv-contacts,cn=389
administration server,cn=server
group,cn=contacts.osgiliath.is-a-chef.net,ou=osgiliath.is-a-chef.net,o=nets
caperoot:start_config_ds:] for user [LocalSuper]
[Sat Jan 03 18:19:36.945579 2015] [:info] [pid 8266:tid 140486247127104]
host_ip_init(): problem creating secure AdmldapInfo (error code = 4)
[Sat Jan 03 18:19:36.945670 2015] [:crit] [pid 8266:tid 140486247127104]
host_ip_init(): PSET failure: Failed to create PSET handle (pset error = )
AH00016: Configuration Failed
[Sat Jan 03 18:19:36.956655 2015] [:info] [pid 8266:tid 140486247127104]
Shutting down SSL Session ID Cache
[/code]
Using certutil to list certificates looks good, restarting the (main) ldap
is OK.
Have you got any clue to debug/find the source of the error?
Best regards,
Charlie
--
Charlie Mordant
Full OsgiEE like stack:
https://github.com/OsgiliathEnterprise/net.osgiliath.parent
9 years, 3 months
Crash 389ds
by Ivanov Andrey (M.)
We've just had a crash of one of 3 multi-master replicated 389ds (v1.3.2 latest patch from GIT). The only interesting message is in the error log:
[07/Jan/2015:15:33:42 +0100] - entry2str_internal_ext: array boundary wrote: bufsize=17001 wrote=17226
audit log and access log show nothing particular at the same moment.
last record in audit log before the crash:
time: 20150107153340
dn: uid=some_login,ou=Etudiants,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu
changetype: modify
replace: lastLoginTime
lastLoginTime: 20150107143336Z
-
replace: entryusn
entryusn: 457510
-
in access log nothing special either:
[07/Jan/2015:15:33:33 +0100] conn=75663 op=10512 SRCH base="ou=utilisateurs,dc=id,dc=polytechnique,dc=edu" scope=2 filter="(&(uid=...)(objectClass=inetOrgPerson)(objectClass=X-Misc))" attrs="X-Vlan-WiFi X-Vlan-WiFi"
[07/Jan/2015:15:33:33 +0100] conn=75663 op=10512 RESULT err=0 tag=101 nentries=1 etime=0.001000
[07/Jan/2015:15:33:33 +0100] conn=86232 fd=275 slot=275 connection from 129.104.69.16 to 129.104.247.8
[07/Jan/2015:15:33:33 +0100] conn=86232 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[07/Jan/2015:15:33:33 +0100] conn=86232 op=0 RESULT err=0 tag=120 nentries=0 etime=0.000000
[07/Jan/2015:15:33:33 +0100] conn=86232 SSL 128-bit AES
[07/Jan/2015:15:33:33 +0100] conn=86232 op=1 BIND dn="uid=...,ou=Etudiants,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu" method=128 version=3
[07/Jan/2015:15:33:33 +0100] conn=86232 op=1 RESULT err=0 tag=97 nentries=0 etime=0.027000 dn="uid=...,ou=Etudiants,ou=Utilisateurs,dc=id,dc=polytechnique,dc=edu"
[07/Jan/2015:15:33:33 +0100] conn=86232 op=2 UNBIND
[07/Jan/2015:15:33:33 +0100] conn=86232 op=2 fd=275 closed - U1
Nothing unusual in the logs of the other two replicas either. No special charge, nothing unusual...
I am unable to reproduce the crash. It looks like the bug https://fedorahosted.org/389/ticket/47360 . However, this bug was fixed an anyway no attributes were deleted at this moment.on any replica (audit.log is active everywhere)
Any ideas?
Thanks!
9 years, 3 months