[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Searched Attr=1.1

Hi Jonathan,

no, all my 4 systems are configured equally, same configuration file (except for little specifications of every single instance) on all of them. The only difference is OL version which is 2.4.23 on this one, and 2.4.22 on others.

Could it be due to the order of directives in my configuration file?
This is the order of inclusion of my overlay directives:

- overlay_password_policy
- overlay_syncprov
- overlay_auditlog
- overlay_accesslog
- overlay_sssvlv
- overlay_memberof

Thanks again
Marco

On Tue, Sep 21, 2010 at 8:18 PM, Jonathan CLARKE <jonathan.clarke@normation.com> wrote:
Hi Marco,

Le 16/09/2010 13:07, Marco Pizzoli a écrit :

I came to this evidence in investigating an anomaly that I'm having with
my accesslog database.
Symptom I was having was continuous high cpu spot. I suspected it was
due to my accesslog database.

- I made a slapcat of my entire log database.
- I erased my log database
- I tried a slapadd of my log database

I had this problem:

...

90.2 k/s str2entry: invalid value for attributeType reqControls #0
(syntax 1.3.6.1.4.1.4203.666.11.5.3.1)
...

I went to that line and found this entry:

dn: reqStart=20100913065628.000008Z,cn=log,dc=mycorp.it <http://mycorp.it>
...
reqControls: {0}{1.3.6.1.4.1.4203.1.9.1.1 controlValue
"30440K0103043M7269643N
 3030332M7369643N3030342M63736O3N32303130303931333036353130362O3932343735355K2
 330303030303023303033233030303030300001PP"}
reqControls: {1}{2.16.840.1.113730.3.4.2 criticality TRUE}
...



Can someone tell me why this entry result not accepted to my openldap
system?
I'm using OL 2.4.23 with password policy overlay defined.
The entry I posted is related to an access made by a specific
syncrepl-user. Replica configured in mirror-mode.

Other OL systems are 2.4.22.

Deleting this entry and re-slapadding I had another similar problem.
...

542.3 k/s str2entry: invalid value for attributeType reqRespControls #0
(syntax 1.3.6.1.4.1.4203.666.11.5.3.1)
...

The entry affected is this one:
dn: reqStart=20100913093021.000000Z,cn=log,dc=mycorp.it <http://mycorp.it>
...

reqRespControls: {0}{1.3.6.1.4.1.42.2.27.8.5.1 controlValue "3000"}

Both errors seem to indicate that slapd doesn't recognize a LDAP control OID - in the first case the LDAP Content Sync control (syncrepl) (1.3.6.1.4.1.4203.1.9.1.1) and in the second the password policy (1.3.6.1.4.1.42.2.27.8.5.1).

Could it be that the system you encounter this on does not have the syncprov and ppolicy overlays enabled, whereas your others do?

Hope this helps,
Jonathan
--
==========================================
Jonathan CLARKE
------------------------------------------
Normation
44 rue Cauchy, 94110 Arcueil, France
------------------------------------------
Telephone:  +33 (0)1 83 62 26 96
------------------------------------------
Web:        http://www.normation.com/
==========================================



--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
                    Jim Morrison