| |
| |
| |
|
Page: 1 2
<Gagatan> it ****s when they can't do it in one way, and you have to code past those bits
<podzap> namingContext is not part of ldapv3 standard, it is "namingContexts" with an S at the end.
<Gagatan> sorry, typo
<Gagatan> its a bit late.. I've been out sailing today.. too much fresh air
<podzap> if novell and oracle don't support that, then they are simply not ldapv3 compatible
<podzap> compliant, whatever, like howard said.
<podzap> gnite!
<caschtn> well... night!
<nuck> has anyone here used phpldapadmin? i got it installed but how do i run it? i find there is no user manual in its website and in the package i dowloaded
<Zombie> nuck, Web Browser, its a Web application.
<nuck> Zombie thanks but so when i open mozzila and how do i invoke phpldapadmin from the browser?
<Gagatan> hahahahahahahahahahahahahahahahahahahahahahaha
<Zombie> Do you have a Stanza for it in Apache?
<nuck> fine laugh at me :-( im trying to learn
<Gagatan> nuck: I told you.. first get the webserver up, then be shure php is supported (make a file test.php with "<?php phpinfo(); ?>" in it.. call it with your browser.. how difficult is it? if its too difficult, ask on #apache and #php
<Gagatan> nuck: do you even know what a webserver is, and how it works - and the difference between a web-server and a web-browser?
<nuck> i got it running it's apache
<Gagatan> ok.. does it run test.php as described above?
<nuck> i ps -aux | grep apache and its there in memory so the webserver should be taken cared of right
<nuck> when i point my browser to the test.php as above, i only get a dialog box saying if i want to save the file test.php to my disk
<Gagatan> ok.. then php is not setup properly
<nuck> what is the expected outcome of loading the php?
<Gagatan> one down, plenty to go
<nuck> man i really need your or anyones help from here otherwise im in trouble
<Gagatan> nuck: it should show you a page with plenty information about php, version which modules are supported etc
<nuck> i try to ask help from apache but no one replies there
<hyc> nuck, you are in trouble.
<nuck> hyc yes but i refuse to give up
<hyc> yes, you also refuse to actually learn.
<nuck> why? ive been reading and asking and trying things out?
<hyc> if you were actually reading, you wouldn't have any problem.
<Gagatan> reading is not always equivalent with understanding ;)
<hyc> I've installed apache from source, it took maybe 20 seconds to add php to it in working order.
<nuck> so ive installed apache how do i add php to it?
<hyc> but if you don't pay attention to what you read, then forget it.
<nuck> i pay attention to what im reading i retain most but some just slip because theres too much info
<apeiron> nuck: http://httpd.apache.org/docs-project/
<nuck> i try to absorb as much as i can
<hyc> yes, there's a lot to absorb. expecting to be able to do everything all at once is foolish.
<Gagatan> nuck: don't try too much at once.. it'll bite your head off
<nuck> so guys tell me do i really need all of this... all i really want to do is to be able to browse the contents of my ldap server from a GUI based app
<nuck> Gagatan there's no other way i have a deadline on tuesday
<Gagatan> nuck: well, if you didn't get to install luma, then try gq on for size
<nuck> i got sick and im doing by myself whats supposed to be a groiup project
<Gagatan> nuck: or you can buy me a ticket, fly me in and pay up some decent money ;)
<nuck> Gagatan the problem i had with luma is its got a dependency which is an older version of what i have
<nuck> and when i install that dependency i get an error confliciting package
<Gagatan> nuck: nevermind luma if you can't get it to work.. worry about that later.. install gq instead
<apeiron> Well, then, maybe you should rethink your Unix vendor's capability of satisfying your needs...
<hyc> jxplorer is pretty nice
<apeiron> Or *gasp* use source packages.
<nuck> gq? i suppose its in gq.com gc.net
<Gagatan> nuck: "aptitude install gq"
<apeiron> (this is exactly why I ditched Debian, by the by)
<nuck> guys you ve been very nice thanks i dont mind the occ***ional sarcasm :-)
<apeiron> ...
<apeiron> Where's sarcasm?
<apeiron> I'm being absolutely serious.
<Gagatan> nuck: spear the comments, and let us try helping you, you're not very helpful ... write "aptitude install gq" and then run "gq" from the shell
<nuck> i am running it now
<nuck> im just rtying to inject some personal conversation cuz i feel like im using people here :-(
<Gagatan> apeiron: hehe
<Gagatan> nuck: no, no people here.. only artificial droids
<hyc> these are not the droids you're looking for
<nuck> so ive installed gq i run it as "gq"?
<nuck> i just did
<nuck> worked fine
<HAL3000> nuck: shockingly, yes
<nuck> ok ill leave you guys for now and try to experiment
<nuck> THANKS!
<nuck> hey Gagatan that's awesome worked like a charm gq was what i had in mind all along
<HAL> nuck: seriously.. SimonRaven told you about gq 15 hours and 15 minutes ago..
<Gagatan> 08:34 < SimonRaven> there's several. pick one or 3 and have at it. try them all. luma (python), gq (unmaintained, gtk2), openldap tools (c), ...
<hyc> howdy rich
<richm> hello
<hyc> what's new?
<richm> Not much, just neck deep in code.
<hyc> I found way to lock up my 2.6 Linux system, pummeling slapd with connections.
<hyc> 2.6 SMP, uniprocessor seems to have no troubles...
<hyc> neck deep in code, sounds familiar. just came up for air myself.
<richm> hyc: What distro?
<hyc> well, originally Suse 9.2, but this is a freshly compiled 2.6.14 tarball
<richm> malloc related?
<hyc> I haven't a clue. once the system locks up I can't do anything but hit the reset button.
<richm> You might try turning on some sort of malloc debugging, but that or a trace would probably change the timing just enough to mask the problem.
<hyc> it only locks up when I'm running slapd on the console, with debug and syslog enabled. if running from a remote login, it doesn't happen.
<hyc> so I'm guessing the overhead from sshd is enough to displace it.
<converter> hyc: have you tried running slapd with non-default resource limits set?
<richm> Odd. We haven't seen that on RHEL3 or RHEL4, with latest updates.
<hyc> converter: no, but that shouldn't affect the kernel locking up.
<converter> ok, so you're sure it's a real lockup then?
<hyc> process size isn't the problem, it may be more related with the rate that TCP resources are consumed.
<hyc> oh yes, quite sure. I have SysRq and other kernel debug features enabled, nothing works.
<converter> yikes
<hyc> On a related note, with a client that just does Bind / WhoAmi / Unbind repeatedly, running on the same box, the client eventually aborts because it is unable to open any new TCP sockets.
<richm> How many connections does it take?
<hyc> netstat shows ~60000 connections in TIME_WAIT
<richm> The hard fd limit is 65535?
<hyc> but that's both endpoints. so only about 30000 is enough to do it.
<hyc> no... port numbers are only 16 bits.
<hyc> the fd limit wouldn't apply since the fd's are closed at Unbind time. It's just that port numbers don't cycle fast enough since TCP must stay in TIME_WAIT state for 2MSL
<hyc> I tried setting sockopt ADDRREUSE but that doesn't make any difference.
<hyc> REUSEADDR...
<richm> I remember seeing this problem on Solaris years ago.
<hyc> any resolution to that?
<richm> I don't remember. I think Solaris just finally got it right.
<hyc> I guess that just puts an upper bound on the number of connections a server can answer in a given time. ~65535 per 4 minutes, barring any other TCP users on the machine. ~32767 per 4 minutes if the client is local to the server. Using aliased / alternate interfaces can help.
<richm> i.e. the server listening to more than one interface? multi-homed machine?
<hyc> right
<richm> Is the 2MSL a hard and fast limit for TCP?
<hyc> yes, mandated by spec
<hyc> RFC 793.
<richm> Ok.
<hyc> Apparently it is legal to accept a new connection on a port that's still in TIME_WAIT
<hyc> so if the clients are all remote, this may not be a problem.
<richm> I think that's probably the typical deployment model in cases like this. You probably don't have a deployment of a machine + slapd that is capable of handling a load like that, then also pummel it from the local machine.
<hyc> good point.
<richm> i.e. if you want slapd to perform maximally, you probably don't want to run a large number of clients on that machine at the same time.
<hyc> yes, this was a bit of a special circumstance. We have an ITS report saying that pummeling slapd with Bind requests can turn up an EBADF error sometimes, I was trying to duplicate that problem.
<hyc> and found a new problem instead. ;)
<hyc> it occurs to me now that I could have tried this using ldapi:// and avoided the port number issue.
<mnemoc> hi, does 'access' know when it's define for global or for a namingContext ?
<hyc> ~3400 binds/sec over unix domain sockets. much better than the ~136/sec on local TCP.
<richm> That's very fast.
<hyc> actually I don't know the TCP connection rate. 136/sec is the maximum rate to avoid running out of local ports.
<hyc> http://www.openldap.org/its/index.cgi/Incoming?id=3855 this is the bug report from the Apple folks, with a perl script for binding.
<hyc> I adapted it into C code, the perl script only generated about 20 binds/sec.
<hyc> http://www.openldap.org/devel/cvsweb.cgi/tests/progs/
<richm> Net::LDAP?
<hyc> no, he's just spawning command line tools
<hyc> the only part that needed perl was building an array of user DNs for randomly binding.
<richm> Ah, yes. I see it.
<Zombie> I don't suppose any of you have experience with Samba+LDAP+Kerberos Integration?
<mnemoc> hi, how can i set access to some attribute but just on certain namingContext ?
<Zombie> Anyone awake in here?
<biv> hi
<biv> Im trying to form a boolean search filter on an attribute value which holds a dn
<biv> e.g. 'member=cn=foouser,ou=somewhere,dc=nothere'
<biv> basically, openldap wont understand it if I use a wildcard search
<biv> so 'member=cn=foouser,*' returns nothing
<hyc> there is no substring matching rule for values with DN syntax, so you can't do substring search filters.
<biv> does anyone know of why this is happening, wilcard search filters on regular attribute values work well
<biv> ah ok
<biv> is there a way around this?
<biv> can I find a matching rule and install it in the server somehow?
<hyc> extended matching rules...
<biv> k.. googling
<biv> thanks for your help
Return to ldap
or
Go to some related
logs:
java
chatzone
linuxhelp
|
|