[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6915) memberof+accesslog duplicate reqStart
--bcaec520e733d305e204a4aefc06
Content-Type: text/plain; charset=ISO-8859-1
Do you think this could be related to:
http://www.openldap.org/its/index.cgi?findid=6864
I've been having similar issues with MemberOf and Accesslog overlays used
together.
In your fix, is the memberof overlay enabled on your consumer nodes?
-Yuri
On Wed, Jun 1, 2011 at 1:00 PM, <subbarao@computer.org> wrote:
> This is a multi-part message in MIME format.
> --------------050703040907090602090901
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
>
> I figured I would share a workaround that I'm currently using for this
> issue which may be of help to others. I've disabled the memberOf overlay
> in slapd, and use an external script to populate memberOf on the master
> server, which then replicates to the consumer servers. I currently run
> this every 5 minutes from cron as follows:
>
> memberof.pl --ldap
>
> Regards,
>
> -Kartik
>
> --------------050703040907090602090901
> Content-Type: application/x-perl;
> name="memberof.pl"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: attachment;
> filename="memberof.pl"
>
> #! /usr/bin/perl
>
> # Implements memberOf reverse mapping attributes -- workaround for when
> # memberOf overlay isn't available
>
> use Net::LDAP;
> use Net::LDAP::LDIF;
> use Authen::SASL;
> use Fcntl qw(LOCK_EX LOCK_NB);
> use Getopt::Long;
>
> use strict;
>
> my $basedn = "dc=example,dc=com";
>
> my @attrs = qw(member manager);
> # Note -- this filter properly excludes dynamic groupOfURLs groups
> my $attrfilter = '(|' . join("", map { "($_=*)" } @attrs) . ')';
> my %revattrs = (member => 'memberOf', manager => 'directReports');
> my %fwattrs = reverse %revattrs;
> my $revattrfilter = '(|' . join("", map { "($_=*)" } values %revattrs) .
> ')';
> my (%entries, %reventries);
>
> # Prevent multiple instances from running at the same time
> open(LOCKFH, $0); flock(LOCKFH, LOCK_EX|LOCK_NB) or exit 1;
>
> my ($generate_ldif, $update_ldap);
> GetOptions('ldif' => \$generate_ldif, 'ldap' => \$update_ldap);
>
> my $ldifout = Net::LDAP::LDIF->new('-', 'w');
> $ldifout->{change} = 1;
> my $ldap = Net::LDAP->new('ldapi://') or die "ldapi: $@\n";
> my $sasl = Authen::SASL->new(mechanism => 'EXTERNAL');
> my $sasl_client = $sasl->client_new('ldap', 'localhost');
> $ldap->bind(undef, sasl => $sasl_client);
>
> # Build %entries and %reventries maps
> my $mesg = $ldap->search(base => $basedn,
> filter => $attrfilter,
> attrs => \@attrs);
> $mesg->code && die($mesg->error . "\n");
> foreach my $entry ($mesg->all_entries) {$entries{lc $entry->dn} = $entry }
>
> $mesg = $ldap->search(base => $basedn,
> filter => $revattrfilter,
> attrs => [values
> %revattrs]);
> $mesg->code && die($mesg->error . "\n");
> foreach my $entry ($mesg->all_entries) { $reventries{lc $entry->dn} =
> $entry }
>
> # Go through and generate updates for the reverse mapping attributes
> my ($dn, $entry);
> while (($dn, $entry) = each %entries) {
> foreach my $attr (@attrs) {
> my $revattr = $revattrs{$attr};
> foreach my $val ($entry->get_value($attr)) {
> $val = lc $val;
> if (!$reventries{$val}) {
> $reventries{$val} = Net::LDAP::Entry->new;
> $reventries{$val}->dn($val);
> $reventries{$val}->changetype('modify');
> }
> $reventries{$val}->add($revattr => $entry->dn)
> unless grep({ lc $_ eq $dn }
>
> $reventries{$val}->get_value($revattr));
> }
> }
> }
> while (($dn, $entry) = each %reventries) {
> foreach my $revattr (values %revattrs) {
> foreach my $val ($entry->get_value($revattr)) {
> $val = lc $val;
> $reventries{$dn}->delete($revattr => $val)
> if !exists($entries{$val})
> || !grep({ lc $_ eq $dn }
>
> $entries{$val}->get_value($fwattrs{$revattr}));
>
> }
> }
> if ($entry->changes) {
> $ldifout->write_entry($entry) if $generate_ldif;
> if ($update_ldap) {
> my $modmesg = $entry->update($ldap);
> $modmesg->code && die("LDAP: " .$modmesg->error .
> "\n");
> }
> }
> }
>
> --------------050703040907090602090901--
>
>
>
--bcaec520e733d305e204a4aefc06
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Do you think this could be related to: <a href=3D"http://www.openldap.org/i=
ts/index.cgi?findid=3D6864">http://www.openldap.org/its/index.cgi?findid=3D=
6864</a>=A0 <br><br>I've been having similar issues with MemberOf and A=
ccesslog overlays used together.<br>
<br><br>In your fix, is the memberof overlay enabled on your consumer nodes=
?<br><br>-Yuri<br><br><div class=3D"gmail_quote">On Wed, Jun 1, 2011 at 1:0=
0 PM, <span dir=3D"ltr"><<a href=3D"mailto:subbarao@computer.org";>subba=
rao@computer.org</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;">This is a multi-part message in MIME format=
.<br>
--------------050703040907090602090901<br>
Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed<br>
Content-Transfer-Encoding: 7bit<br>
<br>
I figured I would share a workaround that I'm currently using for this<=
br>
issue which may be of help to others. I've disabled the memberOf overla=
y<br>
in slapd, and use an external script to populate memberOf on the master<br>
server, which then replicates to the consumer servers. I currently run<br>
this every 5 minutes from cron as follows:<br>
<br>
<a href=3D"http://memberof.pl"; target=3D"_blank">memberof.pl</a> --ldap<br>
<br>
Regards,<br>
<br>
=A0 =A0 =A0 =A0-Kartik<br>
<br>
--------------050703040907090602090901<br>
Content-Type: application/x-perl;<br>
=A0name=3D"<a href=3D"http://memberof.pl"; target=3D"_blank">memberof.p=
l</a>"<br>
Content-Transfer-Encoding: 7bit<br>
Content-Disposition: attachment;<br>
=A0filename=3D"<a href=3D"http://memberof.pl"; target=3D"_blank">member=
of.pl</a>"<br>
<br>
#! /usr/bin/perl<br>
<br>
# Implements memberOf reverse mapping attributes -- workaround for when<br>
# memberOf overlay isn't available<br>
<br>
use Net::LDAP;<br>
use Net::LDAP::LDIF;<br>
use Authen::SASL;<br>
use Fcntl qw(LOCK_EX LOCK_NB);<br>
use Getopt::Long;<br>
<br>
use strict;<br>
<br>
my $basedn =3D "dc=3Dexample,dc=3Dcom";<br>
<br>
my @attrs =3D qw(member manager);<br>
# Note -- this filter properly excludes dynamic groupOfURLs groups<br>
my $attrfilter =3D '(|' . join("", map { "($_=3D*)&q=
uot; } @attrs) . ')';<br>
my %revattrs =3D (member =3D> 'memberOf', manager =3D> 'd=
irectReports');<br>
my %fwattrs =3D reverse %revattrs;<br>
my $revattrfilter =3D '(|' . join("", map { "($_=3D*=
)" } values %revattrs) . ')';<br>
my (%entries, %reventries);<br>
<br>
# Prevent multiple instances from running at the same time<br>
open(LOCKFH, $0); flock(LOCKFH, LOCK_EX|LOCK_NB) or exit 1;<br>
<br>
my ($generate_ldif, $update_ldap);<br>
GetOptions('ldif' =3D> \$generate_ldif, 'ldap' =3D> \=
$update_ldap);<br>
<br>
my $ldifout =3D Net::LDAP::LDIF->new('-', 'w');<br>
$ldifout->{change} =3D 1;<br>
my $ldap =3D Net::LDAP->new('ldapi://') or die "ldapi: $@\n=
";<br>
my $sasl =3D Authen::SASL->new(mechanism =3D> 'EXTERNAL');<br=
>
my $sasl_client =3D $sasl->client_new('ldap', 'localhost'=
;);<br>
$ldap->bind(undef, sasl =3D> $sasl_client);<br>
<br>
# Build %entries and %reventries maps<br>
my $mesg =3D $ldap->search(base =3D> $basedn,<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 filter =3D> $attrfilter,<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 attrs =3D> \@attrs);<br>
$mesg->code && die($mesg->error . "\n");<br>
foreach my $entry ($mesg->all_entries) {$entries{lc $entry->dn} =3D $=
entry }<br>
<br>
$mesg =3D $ldap->search(base =3D> $basedn,<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 filter =3D> $revattrfilter,<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 attrs =3D> [values %revattrs]);<br>
$mesg->code && die($mesg->error . "\n");<br>
foreach my $entry ($mesg->all_entries) { $reventries{lc $entry->dn} =
=3D $entry }<br>
<br>
# Go through and generate updates for the reverse mapping attributes<br>
my ($dn, $entry);<br>
while (($dn, $entry) =3D each %entries) {<br>
=A0 =A0 =A0 =A0foreach my $attr (@attrs) {<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0my $revattr =3D $revattrs{$attr};<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0foreach my $val ($entry->get_value($attr=
)) {<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$val =3D lc $val;<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if (!$reventries{$val}) {<b=
r>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries=
{$val} =3D Net::LDAP::Entry->new;<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries=
{$val}->dn($val);<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries=
{$val}->changetype('modify');<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries{$val}->add($=
revattr =3D> $entry->dn)<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0unless grep=
({ lc $_ eq $dn }<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries{$val}->get_value($rev=
attr));<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}<br>
=A0 =A0 =A0 =A0}<br>
}<br>
while (($dn, $entry) =3D each %reventries) {<br>
=A0 =A0 =A0 =A0foreach my $revattr (values %revattrs) {<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0foreach my $val ($entry->get_value($reva=
ttr)) {<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$val =3D lc $val;<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$reventries{$dn}->delete=
($revattr =3D> $val)<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if !exists(=
$entries{$val})<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0|| !grep({ =
lc $_ eq $dn }<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 $entries{$val}->get_value($fwattrs{$revattr}));<=
br>
<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}<br>
=A0 =A0 =A0 =A0}<br>
=A0 =A0 =A0 =A0if ($entry->changes) {<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$ldifout->write_entry($entry) if $genera=
te_ldif;<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if ($update_ldap) {<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0my $modmesg =3D $entry->=
update($ldap);<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0$modmesg->code &&=
; die("LDAP: " .$modmesg->error . =A0"\n");<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0}<br>
=A0 =A0 =A0 =A0}<br>
}<br>
<br>
--------------050703040907090602090901--<br>
<br>
<br>
</blockquote></div><br>
--bcaec520e733d305e204a4aefc06--