| |
| |
| |
|
Comments:
<0> hi
<1> hi.. does anyone know if it's possible somehow to determine whether an ACK has been received after issuing a non-blocking send() of a ldap search request?
<1> that is, being able to set up an own timeout for non-blocking sends, instead of going for the OS's (long) TCP/IP timeouts
<2> is alarm thread safe?
<1> reiffert: not sure.. I've heard warnings about combining signals and threads though :)
<2> You might use select or alarm as timeout functions then.
<1> but I don't know what to trigger them on..?
<1> the send() goes well
<1> I just don't know if it has reached the other host or not :-P
<3> alarm usually uses SIGALRM, no, not thread-safe.
<3> what is the point of setting your own timeout?
<1> hyc: to handle cases of broken network cables faster than the OS timeout, for example
<1> to specific hosts
<3> sounds like you're trying to second-guess TCP itself.
<3> in which case, you need to reimplement TCP yourself.
<3> not a good use of time.
<1> ouch.. so it's impossible to do with sockets api ?
<1> determine if a send() has gotten an ACK ?
<2> one should look it up wether send() actually returns without ack.
<1> from my understanding, send() only puts some data on the "network out-buffer"
<2> My wild guess is it does not. hi hyc, broom broom.
<2> where is my stevens?
<3> hey reiffert
<1> well, non-blocking send() should return without caring about ack atleast
<3> right
<3> you should look at tuning the TCP keepalive timing
<1> ..and blocking send() too I think. The difference, I think, is that blocking waits if the out-buffer is already full
<1> hyc, yes I've experimented some with that.. however, that affects all networking timeouts.. right?
<3> yes
<1> I find it somewhat strange not being able to check for send() timeouts.. since it works with connect() :-/
<1> well maybe not that strange, they're kinda different :)
<1> but it would be nice if it was possible..
<1> (..self decided timeouts, that is)
<3> it's redundant.
<3> what is going to happen after the other side receives your message?
<3> they should reply.
<3> so, all you need is to time the subsequent recv.
<1> well, I'd like to be able to detect network errors fast
<1> the search could still take long time, thats ok
<1> so the ldap entries/reply are ok to be delayed for a long time
<3> use two sockets
<3> issue a fast query on the first one
<3> issue the real query on the second one
<1> hm, yes I started thinking in those directions too
<1> or, maybe do a connect() on the first one.. that can be timed out :)
<1> regularly check the host with connect() calls maybe
<3> hm, you can use setsockopt to change the keepalive parameters on a per-socket basis
<3> that's still probably the easiest
<3> but it will generate excess traffic
<3> another option may be to check the SIOCOUTQ
<1> hmm, okay
<1> oh, that's the size of the send buffer?
<3> number of unsent bytes
<3> may not be appropriate
<1> ah
<1> that keepalive sounds interesting though
<1> hm, the man page for solaris indicates that it can only be turned on/off though.. for setsockopt() :(
<1> dang
<1> not change the intervals, that is
<1> oh, TCP_KEEPALIVE_ABORT_THRESHOLD ..
<1> hm. sorry for spamming the channel. hehe
<1> well, thanks for the help - I'm off to bed :)
<4> anyone have any experience with autofs-ldap, specifically how to set it up on the ldap side?
<5> autofs with what? My autmounts for my OSX clients work like a charme. :)
<4> katerX: with ldap, so that I don't need to keep the auto.master and auto.* files but instead get the necessary info from ldap
<6> Bac9: nice, so that it works from any system
<5> I never used automount with linux clients, but I ***ume there are many goog howtos.
<5> Bac9: maybe this helps? http://www.openldap.org/lists/openldap-software/200106/msg00355.html
<4> katerX: yes I've read that, but automount and automountMap are not defined in any of the schemas that come with slapd
<5> Then you must extend your schema with the automount stuff.
<5> Grep this file http://www.grotan.com/ldap/automount.schema
<4> katerX: just include it in the config of slapd?
<5> yes and restart
<4> katerX: thank you
<7> when open ldap is downloaded compiled and installed where is the standard configuration file stored?
<7> slapd.conf that is
<6> dmarkey: /etc/openldap/ or /usr/local/etc/openldap/ i would guess. maybe /usr/etc/openldap/ if your system is all nuts
<8> In using LDAP authentication on a Linux/UNIX system, how do you restrict access to which hosts a user can log in to? Seems with the standard implementation, everyone can log in everywhere (which is not what I want).
<9> hello :)
<10> morning bougie
<11> hello
<11> I've just installed openldap-2.4.3A for testing
<11> .. configured the slapd.conf file according to the quick start chapter
<11> and slapd seems to be working fine
<12> ok , thanks for coming
<11> according to the "configuring slapd" chapter I suppose to have a configuration DB that holds the configuration slapd.conf has ..
<11> right ?
<11> how can I access the ldap configuration DB ?
<13> oberonc: The config DB is under cn=config, and unless it has changed since I looked at it you access it via its rootdn and rootpw. (But check the doc for this, e.g. 'man slapd-config').
<13> oberonc: It is written to disk from slapd.conf if you give slapd both an -f and an -F argument, see the doc of slapd's -F arg.
<11> thanks for the help
<12> why does slapd stores its configuration settings in the LDAP database?
<14> it's cool
<14> dont have to restart slapd all the time
<13> To expand a bit on that: You can change the configuration over the protocol instead of editing slapd.conf.
<12> but it wont be sync with the slapd.conf file
<13> That's right. So you throw away slapd.conf, don't need it anymore. Except it's easier to edit it if you wish to start over.
<12> everytime i restart slapd the config database is trashed?
<12> and rebuilt from slapd.conf ?
<13> No, just the opposite - if you use the config database at all. Create it once from slapd.conf, and after that you only use the config database, not slapd.conf.
<12> how do i do that
<13> See my answer to oberonc above:-) And read the admin guide for latest openldap.
<11> after I converted the configuration to a DB, how do I access it using ldapsearch ?
<11> "ldapsearch -x -b "cn=config"" doesnt do the trick
<15> ?
<15> what error do you get
<15> what "configuration" did you convert ?
<13> I think you need to bind with -D <rootdn of config database> -W
<10> ldapsearch -x -b "cn=config" -D "cn=config" -W
<10> set yourself a rootpw under a "database config"
<10> section in your slapd.conf before you convert it
<11> I did set the rootdn p***word in the slapd.conf file
<11> and afterward I converted the slapd.conf file in to a DB using the -f combined with -F
<13> Both rootdn and rootpw, below "database config"? Also, I don't remember if this is true anymore but the rootdn may need to end with the database suffix (i.e. end with cn=config).
<11> the root dn for the configuration should be cn=config (what else CAN it be?)
<11> it's not the main DB you setup in the slapd.conf
<11> the p***word you set in the conf file is also only used in the main DB
<11> not in the configuration DB
<13> It could be e.g. cn=admin,cn=config. Are you confusing with the suffix DN? That is cn=config and does not need to be set.
<10> you can't chancge cn=config
<10> rootdn
<10> it's hardcoded
<10> brb
<11> I know
<13> Oh. it's been a while since I looked at it.
<10> oberonc: good ;-)
<13> That's not what the manpage says. The root of the database is hardcoded to cn=config, but that is the _suffix_ dn. The rootdn is configurable as in other databases, according to man slapd-config.
<10> maybe I'm mixing with back-monitor
<13> Nope, manpage says back-monitor also honors "rootdn". You are mixing up rootdn with suffix. The suffix specifies the root of the database, e.g. cn=config and cn=monitor. The rootdn specifies the admin user to log in as with the rootpw p***word.
<13> Anyway, add e.g. "rootdn cn=config" and try again. Or edit the cn=config ldif and add attribute olcRootDN: cn=config
<13> (Edit it while slapd is down, that is. Since you do not change it over the protocol.)
<11> what are you saying ?
<11> that I should use a query like this ? :
<11> "ldpasearch -x -b "cn=config" -D "dn=example,dn=com" -W" ?
<11> (it doesnt work)
<13> Add the rootdn to the config database. If you use rootdn cn=admin,cn=config, search with ldapsearch -x -b cn=config -D cn=admin,cn=config -W.
<13> And you can just use rootdn cn=config if you like. But not rootdn cn=example,c=com, which does not end with cn=config. Nor a rootdn "dn=....", since "dn" is not a supported attribute name.
<11> how do I add the rootdn to the config DN ?!
<11> configuration DB that is
<13> A section in slapd.conf: database config / rootdn cn=config (or whatever) / rootpw your-p***word (where "/" is newline). Should possibly be the first database in slapd.conf.
<13> It's been quite a while since I did this though, so things may have changed since then. Anyway, bye for now. Good luck.
<11> ok, thanks
<16> I'm considering setting up a Kolab server.
<11> what's that ?
Return to
#ldap
or
Go to some related
logs:
PL_dowarn 5.8.8 undefined symbol
p4m800 overclock*
kismet i915
debian motd no mail
#math
--no-check-certificate emerge
zcat fopen php
#php
#perl
#perl
|
|