[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapdb freezes slapd (ITS#3276)



Howard Chu <openldap-its@OpenLDAP.org> writes:

> Please provide your OpenLDAP slapd.conf and your SASL config file that uses
> ldapdb. There is far too little information here to identify the problem. 
>

,----[ sasl smtpd.conf ]
| pwcheck_method: auxprop
| auxprop_plugin: ldapdb
| #ldapdb_uri: ldap://orange.l4b.de:9009
| ldapdb_uri: ldapi://%2Fvar%2Frun%2Fldapi
| ldapdb_id: admanager
| ldapdb_pw: xxxxxxx
| ldapdb_mech: DIGEST-MD5
| # ldapdb_starttls: try
`----

,----[ slapd.conf ]
| include         /etc/openldap/schema/core.schema
| include         /etc/openldap/schema/misc.schema
| include         /etc/openldap/schema/cosine.schema
| include         /etc/openldap/schema/inetorgperson.schema
| include         /etc/openldap/schema/nis.schema
| include         /etc/openldap/schema/combiCalendar.schema
| include         /etc/openldap/schema/MailingListen.schema
| 
| loglevel 261
| pidfile         /var/run/slapd/slapd.pid
| argsfile        /var/run/slapd/slapd.args
| 
| modulepath      /usr/libexec/openldap
| moduleload      back_monitor.la
| 
| TLSCertificateFile      /etc/openldap/cert/marincert.pem
| TLSCertificateKeyFile   /etc/openldap/cert/marinkey.pem
| TLSCACertificateFile    /etc/openldap/cert/cacert.pem
| TLSCipherSuite  HIGH:MEDIUM:+SSLv2
| TLSVerifyClient try
| 
| access to dn.base="" by * read
| access to dn.base="cn=Subschema" by * read
| 
| database        bdb
| suffix          "o=avci,c=de"
| rootdn  
| rootpw
| cachesize       2000
| checkpoint 512  30
| directory       /var/openldap-data/
| 
| index cn,sn,uid 
| index   objectClass     eq
| index   memberUid        eq
| 
| access  to attrs=userPassword
|         by self write
|         by anonymous auth
| access  to dn.regex="^cn=Mailinglisten,cn=([^,]+),ou=Partner,o=avci,c=de$"
|                 attrs=children
|         by dn.exact,expand="cn=$1,ou=Partner,o=avci,c=de" write continue
|         by group.exact="cn=Administratoren,o=avci,c=de" write
|         by * none
| access  to dn.regex="^cn=([^,]+),ou=Partner,o=avci,c=de$"
|         by dn.exact,expand="cn=$1,ou=Partner,o=avci,c=de" read
|         by group.exact="cn=Administratoren,o=avci,c=de" write
|         by * auth
| access  to dn.subtree="ou=adressbuch,o=avci,c=de"
|         by dn="cn=admanager,o=avci,c=de" write
|         by * read
| access  to dn.children="o=avci,c=de"
|         by group.exact="cn=administratoren,o=avci,c=de" write
|         by users read
|         by anonymous auth
| 
| sasl-authz-policy to
| sasl-regexp
|     uid=(.*),cn=.*,cn=auth
|     ldap:///o=avci,c=de??sub?uid=$1 
| sasl-regexp
|     uid=(.*),cn=.*,cn=auth
|     uid=$1,o=avci,c=de
| sasl-regexp uidNumber=(.*)\\+gidNumber=(.*),cn=peercred,cn=external,cn=auth
|         ldap:///o=avci,c=de??sub?(&(uidNumber=$1)(gidNumber=$2))
`----

-Dieter


-- 
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de