[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Searched Attr=1.1

Hi Jonathan,

no, all my 4 systems are configured equally, same configuration file (except for little specifications of every single instance) on all of them. The only difference is OL version which is 2.4.23 on this one, and 2.4.22 on others.

Could it be due to the order of directives in my configuration file?
This is the order of inclusion of my overlay directives:

- overlay_password_policy
- overlay_syncprov
- overlay_auditlog
- overlay_accesslog
- overlay_sssvlv
- overlay_memberof

Thanks again

On Tue, Sep 21, 2010 at 8:18 PM, Jonathan CLARKE <jonathan.clarke@normation.com> wrote:
Hi Marco,

Le 16/09/2010 13:07, Marco Pizzoli a écrit :

I came to this evidence in investigating an anomaly that I'm having with
my accesslog database.
Symptom I was having was continuous high cpu spot. I suspected it was
due to my accesslog database.

- I made a slapcat of my entire log database.
- I erased my log database
- I tried a slapadd of my log database

I had this problem:


90.2 k/s str2entry: invalid value for attributeType reqControls #0

I went to that line and found this entry:

dn: reqStart=20100913065628.000008Z,cn=log,dc=mycorp.it <http://mycorp.it>
reqControls: {0}{ controlValue
reqControls: {1}{2.16.840.1.113730.3.4.2 criticality TRUE}

Can someone tell me why this entry result not accepted to my openldap
I'm using OL 2.4.23 with password policy overlay defined.
The entry I posted is related to an access made by a specific
syncrepl-user. Replica configured in mirror-mode.

Other OL systems are 2.4.22.

Deleting this entry and re-slapadding I had another similar problem.

542.3 k/s str2entry: invalid value for attributeType reqRespControls #0

The entry affected is this one:
dn: reqStart=20100913093021.000000Z,cn=log,dc=mycorp.it <http://mycorp.it>

reqRespControls: {0}{ controlValue "3000"}

Both errors seem to indicate that slapd doesn't recognize a LDAP control OID - in the first case the LDAP Content Sync control (syncrepl) ( and in the second the password policy (

Could it be that the system you encounter this on does not have the syncprov and ppolicy overlays enabled, whereas your others do?

Hope this helps,
Jonathan CLARKE
44 rue Cauchy, 94110 Arcueil, France
Telephone:  +33 (0)1 83 62 26 96
Web:        http://www.normation.com/

Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
                    Jim Morrison