[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Adding OU with PSQL backend

To: Marcel Berteler <marcel.berteler@bdsolutions.co.za>
Subject: Re: Adding OU with PSQL backend
From: Pierangelo Masarati <ando@sys-net.it>
Date: Wed, 22 Apr 2009 13:10:30 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <49EC7BE4.2030205@bdsolutions.co.za>
References: <49EC7BE4.2030205@bdsolutions.co.za>
User-agent: Thunderbird 2.0.0.19 (X11/20090107)

Marcel Berteler wrote:

For a project that requires a large user authentication database, we arecurrently using OpenLDAP with a BDB backend. We have about 150K users inthe tree and all works well. Authentication and new user creation isfast and we are happy.
But, when we try and get statistical data from the tree, we run into thelimitations of LDAP: trying to find all user that have registered lastmonth, using a filter with 2 dates, is just too slow. It takes minutesto come back with a result.
To get around this limitation, we want to experiment with a PSQL backendso we can do some comparative testing.
(If any of you have a way of allowing us to interrogate our BDB backendwith SQL like queries that are relatively fast, than please let me know.)
Our test environment:

openldap 2.4.16 with Postgres backend
I have loaded CORE in slapd.conf as well as our custom schema for our users

The only ACL in the conf is ACCESS TO * BY * WRITE
Our tree looks like this and I have loaded the data tables and meta-datatables:
dc=example,dc=come
   ou=people,dc=example,dc=com
      cn=user1,dc=example,dc=com

The setup is working about 60%.

with openLdapAdmin, I can see the tree and I can add users.

What I can not do, is add an OU. It gives me:

LDAP said:    Server is unwilling to perform
Error number:    0x35 (LDAP_UNWILLING_TO_PERFORM)
Description:    The LDAP server refused to perform the operation.
If I get this on our custom schema, I can explain this by not having theright meta-data and procedures loaded. But as this is part of the COREschema, am I right in only adding the meta-data for OU inldap_attr_mappings without add or delete procedures?

No you're not. There is no core schema mapping in back-sql, everythingneeds to be mapped by you, including core schema items. In fact,back-sql's logic has no notion of attributes per se, but only ofattributes in some relationship with (structural) objectClassesaccording to the mappings you define.

If you mapped, say, "cn" for "person", don't expect to be able to use"cn" in, say, "inetOrgPerson" or "device". You need a separate "cn"mapping for each objectClass that needs to use it.

I have looked at the log files and outputs but I can not figure out whatis going wrong and why it is not accepting any new OU


Maybe if you let others look at your logs, others can figure it out for you.

Let me anticipate that since you're using OpenLDAP 2.2.6, there is nochance any issue can get fixed.


p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

Follow-Ups:
- Re: Adding OU with PSQL backend
  - From: Marcel Berteler <marcel.berteler@bdsolutions.co.za>

References:
- Adding OU with PSQL backend
  - From: Marcel Berteler <marcel.berteler@bdsolutions.co.za>

Prev by Date: Re: ldap SQL backend and syncrepl
Next by Date: Re: just curious
Index(es):
- Chronological
- Thread