[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: thread problem OpenLDAP 2.1.8 + Solaris 9

--On Friday, November 08, 2002 4:37 PM -0800 "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

Other things to look at:
        - ACLs... avoid unnecesary regex'ing
        - REGEX... make sure you are using a good REGEX library
                (some Solaris versions suck)
        - Logging (disable synchronous logging, only log minimal stuff)

For indexing, we have:

# Indices to maintain
index   default         pres,eq
index   objectClass     eq
index   cn              pres,eq,sub
index   sn              pres,eq,sub
index   suSunetID       pres,eq,sub
index   uid             pres,eq,sub
index   dc
index   displayName
index   suDisplayNameLF
index   givenName
index   krb5PrincipalName
index   labeledURI
index   mail
index   mobile
index   o
index   ou
index   pager
index   suRegisteredName
index   suRegisteredNameLF
index   suKrb5name
index   suMaildrop
index   suRegID
index   suPrivilegeGroup
index   suSeasSunetID
index   suUniqueIdentifier
index   suUriRouteTo
index   telephoneNumber
index   title

Our ACL's themselves look in the form of:

access to dn=".*,cn=Accounts,dc=stanford,dc=edu" attr=suSeasSunetID
by dn="cn=replicator,cn=Applications,dc=stanford,dc=edu" write
by group="cn=Supervisor,cn=Applications,dc=stanford,dc=edu" read
by group="cn=ldapAdmin,cn=Applications,dc=stanford,dc=edu" read
by dn="cn=StanfordMailRouter,cn=Applications,dc=stanford,dc=edu" read

We are running Solaris 8, and I'm not sure on the capabilities of its regex libraris. If they are a known problem, any suggestions on a better one?

As for logging, reference my reply to Howard. ;)


Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html