tamarin p
2009-Apr-22 14:00 UTC
[Fedora-directory-users] ConfigFile directives in .inf-files
I''m (still :) trying to fully automate ldap installation for our specific deployment with setup-ds.pl in silent mode.. I have an inf which uses ConfigFile directives to try to define indexes, cache sizes and other settings for the directory server. My problem is, only a small part of those ConfigFiles are applied when I check dse.ldif after, but no errors anywhere. I tried using --debug but the only output I could see of relevance was: "+Processing config.ldif ..." "+Processing indexes.ldif ..." NONE of the settings in the ConfigFile make it to dse.ldif except "nsslapd-dbcachesize" and "nsslapd-cachememsize".. These are both set properly, or I would doubt if the files had been processed at all. But the the replication manager isn''t created and size/timelimits are not set and so on, and the same with indexes. I can see nothing in the output log from the script and there''s nothing in the logs for the newly created server. If I instead add the ConfigFiles with ldapmodify, things work fine. My guess is I''m trying to modify attributes that don''t exist yet? The Red Hat documentation at http://www.redhat.com/docs/manuals/dir-server/install/8.0/Installation_Guide-Advanced_Configuration-Silent.htmlseems to indicate that I should be able to create a replication manager, but the difference I can tell from the docs is that their RM is made in the directory itself while I''m trying to use the cn=config database. Here''s a snippet from my config.ldif: # doesnt get created dn: cn=replication manager,cn=config changetype: add objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: password passwordExpirationTime: 20380119031407Z # is set properly dn: cn=config,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-dbcachesize nsslapd-dbcachesize: 512000000 # is not set dn: cn=default instance config,cn=chaining database,cn=plugins,cn=config changetype: modify replace: nsslapd-sizelimit nsslapd-sizelimit: 20000 - replace: nsslapd-timelimit nsslapd-timelimit: 120 # is set dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config changetype: modify replace: nsslapd-cachememsize nsslapd-cachememsize: 512000000
Rich Megginson
2009-Apr-22 14:39 UTC
Re: [Fedora-directory-users] ConfigFile directives in .inf-files
tamarin p wrote:> I''m (still :) trying to fully automate ldap installation for our > specific deployment with setup-ds.pl in silent mode.. I have an inf > which uses ConfigFile directives to try to define indexes, cache sizes > and other settings for the directory server. My problem is, only a > small part of those ConfigFiles are applied when I check dse.ldif > after, but no errors anywhere. I tried using --debug but the only > output I could see of relevance was: > "+Processing config.ldif ..." > "+Processing indexes.ldif ..." > > NONE of the settings in the ConfigFile make it to dse.ldif except > "nsslapd-dbcachesize" and "nsslapd-cachememsize".. These are both set > properly, or I would doubt if the files had been processed at all. But > the the replication manager isn''t created and size/timelimits are not > set and so on, and the same with indexes. I can see nothing in the > output log from the script and there''s nothing in the logs for the > newly created server. > > If I instead add the ConfigFiles with ldapmodify, things work fine. > > My guess is I''m trying to modify attributes that don''t exist yet? The > Red Hat documentation at > http://www.redhat.com/docs/manuals/dir-server/install/8.0/Installation_Guide-Advanced_Configuration-Silent.html > seems to indicate that I should be able to create a replication > manager, but the difference I can tell from the docs is that their RM > is made in the directory itself while I''m trying to use the cn=config > database.Unfortunately, the LDIF modify parser does not work correctly - it does not support the full LDIF modify statement syntax (due to a bug in Mozilla::LDAP). So there are a few limitations, all of which you seem to have run into:> > Here''s a snippet from my config.ldif: > > # doesnt get created > dn: cn=replication manager,cn=config > changetype: add > objectClass: inetorgperson > objectClass: person > objectClass: top > cn: replication manager > sn: RM > userPassword: password > passwordExpirationTime: 20380119031407ZDon''t use changetype: add - if there is no changetype, the parser assumes you want to add the entry.> > # is set properly > dn: cn=config,cn=ldbm database,cn=plugins,cn=config > changetype: modify > replace: nsslapd-dbcachesize > nsslapd-dbcachesize: 512000000 > > # is not set > dn: cn=default instance config,cn=chaining database,cn=plugins,cn=config > changetype: modify > replace: nsslapd-sizelimit > nsslapd-sizelimit: 20000 > - > replace: nsslapd-timelimit > nsslapd-timelimit: 120The parser doesn''t understand the ''-''. So instead, do this: changetype: modify replace: nsslapd-sizelimit replace: nsslapd-timelimit nsslapd-sizelimit: 20000 nsslapd-timelimit: 120 That is, group all of the command statements together, then the attributes and values, without using any ''-''.> > # is set > dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config > changetype: modify > replace: nsslapd-cachememsize > nsslapd-cachememsize: 512000000 > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
tamarin p
2009-Apr-23 11:49 UTC
Re: [Fedora-directory-users] ConfigFile directives in .inf-files
2009/4/22 Rich Megginson <rmeggins@redhat.com>> Don''t use changetype: add - if there is no changetype, the parser assumes > you want to add the entry. >That did the trick for the replication manager, it gets added now. The parser doesn''t understand the ''-''. So instead, do this:> changetype: modify > replace: nsslapd-sizelimit > replace: nsslapd-timelimit > nsslapd-sizelimit: 20000 > nsslapd-timelimit: 120 > > That is, group all of the command statements together, then the attributes > and values, without using any ''-''.This doesn''t appear to work. nsslapd-sizelimit and nsslapd-timelimit under cn=default instance config,cn=chaining database,cn=plugins,cn=config are still not updated with this change. I also tried splitting them up into two entirely separate changetype: modify blocks but they aren''t set then either. It works either way with ldapmodify though.
Rich Megginson
2009-Apr-23 13:28 UTC
Re: [Fedora-directory-users] ConfigFile directives in .inf-files
tamarin p wrote:> > 2009/4/22 Rich Megginson <rmeggins@redhat.com > <mailto:rmeggins@redhat.com>> > > Don''t use changetype: add - if there is no changetype, the parser > assumes you want to add the entry. > > > That did the trick for the replication manager, it gets added now. > > The parser doesn''t understand the ''-''. So instead, do this: > > changetype: modify > replace: nsslapd-sizelimit > replace: nsslapd-timelimit > nsslapd-sizelimit: 20000 > nsslapd-timelimit: 120 > > That is, group all of the command statements together, then the > attributes and values, without using any ''-''. > > > This doesn''t appear to work. nsslapd-sizelimit and nsslapd-timelimit > under cn=default instance config,cn=chaining > database,cn=plugins,cn=config are still not updated with this change. > I also tried splitting them up into two entirely separate changetype: > modify blocks but they aren''t set then either. It works either way > with ldapmodify though.But other changetype: modify replace: foo work with your ConfigFile setting, correct? So is it just this one for the chaining default instance config that does not work?> > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
tamarin p
2009-Apr-23 15:24 UTC
Re: [Fedora-directory-users] ConfigFile directives in .inf-files
2009/4/23 Rich Megginson <rmeggins@redhat.com>> But other changetype: modify replace: foo work with your ConfigFile > setting, correct? So is it just this one for the chaining default instance > config that does not work? > >>That is correct. Your calling the dn "chaining default instance" just now has made me realize I''m trying to set the wrong attributes however. I shouldve looked at the dn more closely rather than just search for the attribute name to set. I''m not using chaining at all and have skipped the whole chapter of the admin guide. I was searching dse.ldif to find where the values found under "Performance" in the console could be set "programmatically". On a fresh instance with defaults, it turns out that these values arent found in dse.ldif yet. Not until you change them from their default, when they show up under cn=config. That sidesteps my original problem. Thanks for clearing it up and sorry about the confusion.