Re: Backup and restore
On 07/02/2020 15:38, Davies, Matt wrote: Thanks Emmanuel This is a one off process, so as long as there's no harm in taking the entire default folder, the instance, I'll do that. Can you think of anything that could go wrong with taking the entire folder? As soon as the server have been stopped before, not so much. Check your firewall (if any) and anything that could block your ports - like a running LDAP server using the same ports). In any case, just do the test and come back to us if you are facing any issue ! - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Closed] (DIRKRB-739) getDelegCred does not seem to work with SimpleKdcServer
[ https://issues.apache.org/jira/browse/DIRKRB-739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dain Sundstrom closed DIRKRB-739. - Resolution: Information Provided > getDelegCred does not seem to work with SimpleKdcServer > --- > > Key: DIRKRB-739 > URL: https://issues.apache.org/jira/browse/DIRKRB-739 > Project: Directory Kerberos > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Dain Sundstrom >Priority: Major > > I'm using SimpleKdcServer for test standard Java GSS client/server > authentication. This all works, but when I set > `gssContext.requestCredDeleg(true)`on the client, the server side throws > from `gssContext.getDelegCred()`: > GSSException: No valid credentials provided > at sun.security.jgss.krb5.Krb5Context.getDelegCred(Krb5Context.java:527) > at sun.security.jgss.GSSContextImpl.getDelegCred(GSSContextImpl.java:614) > at > sun.security.jgss.spnego.SpNegoContext.getDelegCred(SpNegoContext.java:1095) > at sun.security.jgss.GSSContextImpl.getDelegCred(GSSContextImpl.java:614) > > Are delegated credentials supposed to work with Kerby? If so is there is > there a working test case? > If they are supposed to work, I can write a reproduction, but wanted to check > before doing the work. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRKRB-739) getDelegCred does not seem to work with SimpleKdcServer
[ https://issues.apache.org/jira/browse/DIRKRB-739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17032410#comment-17032410 ] Dain Sundstrom commented on DIRKRB-739: --- I dug in a bit more. It doesn't work. > getDelegCred does not seem to work with SimpleKdcServer > --- > > Key: DIRKRB-739 > URL: https://issues.apache.org/jira/browse/DIRKRB-739 > Project: Directory Kerberos > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Dain Sundstrom >Priority: Major > > I'm using SimpleKdcServer for test standard Java GSS client/server > authentication. This all works, but when I set > `gssContext.requestCredDeleg(true)`on the client, the server side throws > from `gssContext.getDelegCred()`: > GSSException: No valid credentials provided > at sun.security.jgss.krb5.Krb5Context.getDelegCred(Krb5Context.java:527) > at sun.security.jgss.GSSContextImpl.getDelegCred(GSSContextImpl.java:614) > at > sun.security.jgss.spnego.SpNegoContext.getDelegCred(SpNegoContext.java:1095) > at sun.security.jgss.GSSContextImpl.getDelegCred(GSSContextImpl.java:614) > > Are delegated credentials supposed to work with Kerby? If so is there is > there a working test case? > If they are supposed to work, I can write a reproduction, but wanted to check > before doing the work. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: Backup and restore
Thanks Emmanuel This is a one off process, so as long as there's no harm in taking the entire default folder, the instance, I'll do that. Can you think of anything that could go wrong with taking the entire folder? Matt On 07/02/2020, 14:32, "Emmanuel Lécharny" wrote: Hi, On 07/02/2020 14:14, Davies, Matt wrote: > Hi there > > We've got apacheds M24 running on one machine, with some configuration and data inside it. > > I now need to back up all the server, config, data, the lot, and move it to another machine. > > Is it possible to stop the server on the machine to be backed up, then transfer the entire default directory over to another server running the software, then start that server up? > > If it is possible, is it only this folder I need to move across? > > /var/lib/apacheds-2.0.0_M24/default/ You should be able to move the whole 'partitions' directory (that will contain the data) but also the 'conf' directory which contains the configuration. All that assuming you aren't changing the layout from one machine to the other. > > Thanks > > Matt > > > > - > To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org > For additional commands, e-mail: dev-h...@directory.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: Backup and restore
Hi, On 07/02/2020 14:14, Davies, Matt wrote: Hi there We've got apacheds M24 running on one machine, with some configuration and data inside it. I now need to back up all the server, config, data, the lot, and move it to another machine. Is it possible to stop the server on the machine to be backed up, then transfer the entire default directory over to another server running the software, then start that server up? If it is possible, is it only this folder I need to move across? /var/lib/apacheds-2.0.0_M24/default/ You should be able to move the whole 'partitions' directory (that will contain the data) but also the 'conf' directory which contains the configuration. All that assuming you aren't changing the layout from one machine to the other. Thanks Matt - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Backup and restore
Hi there We've got apacheds M24 running on one machine, with some configuration and data inside it. I now need to back up all the server, config, data, the lot, and move it to another machine. Is it possible to stop the server on the machine to be backed up, then transfer the entire default directory over to another server running the software, then start that server up? If it is possible, is it only this folder I need to move across? /var/lib/apacheds-2.0.0_M24/default/ Thanks Matt
[jira] [Commented] (DIRSERVER-2299) Missing Indexes after Restart
[ https://issues.apache.org/jira/browse/DIRSERVER-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17032293#comment-17032293 ] Rashid Mahmood commented on DIRSERVER-2299: --- Ok, please also verify that for every index an index-name.db file is really created, in our case (either from first start after installation or repair command executions) we dont see any other db files except [partition-name].db. > Missing Indexes after Restart > - > > Key: DIRSERVER-2299 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2299 > Project: Directory ApacheDS > Issue Type: Bug > Components: index, ldap >Affects Versions: 2.0.0.AM25 >Reporter: Rashid Mahmood >Priority: Major > Attachments: after-repair.png, image-2020-02-06-16-53-48-839.png, > index-config.png > > > We have decided to use ApacheDS (version 2.0.0.AM25) for Authentication in > our product. Ldap Server and Directory Service are being used in Embedded > Mode. > > During our Tests we found that after Restart, some of the Entries via Indexed > Attribute Search Filter are not comming in search result. After considering > various possibilities we found that it is Indexing problem. We used Repair > commnd and then we see those entries in search results. > > Why some of the indexes were missing even it was a gracefull shutdown? > > We want to avoid repair command after every restart unless it is really > necessary. Our product will serve in future more than 50K users, we have fear > that it would cost us a lot if we encounter those unexpected problems. > > These are two attributes used in our search filters > dn: ads-indexAttributeId=mail,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: mail > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > dn: ads-indexAttributeId=telID,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: telID > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRSERVER-2299) Missing Indexes after Restart
[ https://issues.apache.org/jira/browse/DIRSERVER-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17032286#comment-17032286 ] Emmanuel Lécharny commented on DIRSERVER-2299: -- Yes, we process every configured indexes. The way teh repair process works is the following : * we delete all the indexes, ie all the files that ends with *.db* that are not the master table, based on the configuration. We don't delete *.lg* files though, but they may be deleted when we recreate the index (to be double checked, though) * we then process with the master table, where we read every entry ** for each entry, we read its *RDN* and add it to the new *ParentidAndRdn* index ** we update the new *ObjectClass, alias, entrcyCSN, administrativeRole* and *presence* indexes ** we then iterate on all the attributes, and for each attribute being indexed, we update the associated newly created index At this point, I need to double check the implementation to see if it really does what it is supposed to do... > Missing Indexes after Restart > - > > Key: DIRSERVER-2299 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2299 > Project: Directory ApacheDS > Issue Type: Bug > Components: index, ldap >Affects Versions: 2.0.0.AM25 >Reporter: Rashid Mahmood >Priority: Major > Attachments: after-repair.png, image-2020-02-06-16-53-48-839.png, > index-config.png > > > We have decided to use ApacheDS (version 2.0.0.AM25) for Authentication in > our product. Ldap Server and Directory Service are being used in Embedded > Mode. > > During our Tests we found that after Restart, some of the Entries via Indexed > Attribute Search Filter are not comming in search result. After considering > various possibilities we found that it is Indexing problem. We used Repair > commnd and then we see those entries in search results. > > Why some of the indexes were missing even it was a gracefull shutdown? > > We want to avoid repair command after every restart unless it is really > necessary. Our product will serve in future more than 50K users, we have fear > that it would cost us a lot if we encounter those unexpected problems. > > These are two attributes used in our search filters > dn: ads-indexAttributeId=mail,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: mail > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > dn: ads-indexAttributeId=telID,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: telID > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRSERVER-2299) Missing Indexes after Restart
[ https://issues.apache.org/jira/browse/DIRSERVER-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17032239#comment-17032239 ] Rashid Mahmood commented on DIRSERVER-2299: --- !after-repair.png! !index-config.png! Thanks [~elecharny] Based on the server configuration means under following path \ou=config\ads-directoryserviceid=default\ou=partitions\ads-partitionid=tsi\ou=indexes ? In my file system i can see those two index config files ads-indexattributeid=mail.ldif and ads-indexattributeid=telematikid.ldif but i never saw any automatically generated files in partitions directory. Is some special setting missing? These two attributes and respective indexes are part of our custom schema which was imported during installation. After installation we didnt saw any import error and two index config files were generated under above mentioned path. DB via DN lookup works, can we still conclude DB is corrupted? > Missing Indexes after Restart > - > > Key: DIRSERVER-2299 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2299 > Project: Directory ApacheDS > Issue Type: Bug > Components: index, ldap >Affects Versions: 2.0.0.AM25 >Reporter: Rashid Mahmood >Priority: Major > Attachments: after-repair.png, image-2020-02-06-16-53-48-839.png, > index-config.png > > > We have decided to use ApacheDS (version 2.0.0.AM25) for Authentication in > our product. Ldap Server and Directory Service are being used in Embedded > Mode. > > During our Tests we found that after Restart, some of the Entries via Indexed > Attribute Search Filter are not comming in search result. After considering > various possibilities we found that it is Indexing problem. We used Repair > commnd and then we see those entries in search results. > > Why some of the indexes were missing even it was a gracefull shutdown? > > We want to avoid repair command after every restart unless it is really > necessary. Our product will serve in future more than 50K users, we have fear > that it would cost us a lot if we encounter those unexpected problems. > > These are two attributes used in our search filters > dn: ads-indexAttributeId=mail,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: mail > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > dn: ads-indexAttributeId=telID,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: telID > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Updated] (DIRSERVER-2299) Missing Indexes after Restart
[ https://issues.apache.org/jira/browse/DIRSERVER-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rashid Mahmood updated DIRSERVER-2299: -- Attachment: index-config.png > Missing Indexes after Restart > - > > Key: DIRSERVER-2299 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2299 > Project: Directory ApacheDS > Issue Type: Bug > Components: index, ldap >Affects Versions: 2.0.0.AM25 >Reporter: Rashid Mahmood >Priority: Major > Attachments: after-repair.png, image-2020-02-06-16-53-48-839.png, > index-config.png > > > We have decided to use ApacheDS (version 2.0.0.AM25) for Authentication in > our product. Ldap Server and Directory Service are being used in Embedded > Mode. > > During our Tests we found that after Restart, some of the Entries via Indexed > Attribute Search Filter are not comming in search result. After considering > various possibilities we found that it is Indexing problem. We used Repair > commnd and then we see those entries in search results. > > Why some of the indexes were missing even it was a gracefull shutdown? > > We want to avoid repair command after every restart unless it is really > necessary. Our product will serve in future more than 50K users, we have fear > that it would cost us a lot if we encounter those unexpected problems. > > These are two attributes used in our search filters > dn: ads-indexAttributeId=mail,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: mail > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > dn: ads-indexAttributeId=telID,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: telID > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Updated] (DIRSERVER-2299) Missing Indexes after Restart
[ https://issues.apache.org/jira/browse/DIRSERVER-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rashid Mahmood updated DIRSERVER-2299: -- Attachment: after-repair.png > Missing Indexes after Restart > - > > Key: DIRSERVER-2299 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2299 > Project: Directory ApacheDS > Issue Type: Bug > Components: index, ldap >Affects Versions: 2.0.0.AM25 >Reporter: Rashid Mahmood >Priority: Major > Attachments: after-repair.png, image-2020-02-06-16-53-48-839.png > > > We have decided to use ApacheDS (version 2.0.0.AM25) for Authentication in > our product. Ldap Server and Directory Service are being used in Embedded > Mode. > > During our Tests we found that after Restart, some of the Entries via Indexed > Attribute Search Filter are not comming in search result. After considering > various possibilities we found that it is Indexing problem. We used Repair > commnd and then we see those entries in search results. > > Why some of the indexes were missing even it was a gracefull shutdown? > > We want to avoid repair command after every restart unless it is really > necessary. Our product will serve in future more than 50K users, we have fear > that it would cost us a lot if we encounter those unexpected problems. > > These are two attributes used in our search filters > dn: ads-indexAttributeId=mail,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: mail > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > dn: ads-indexAttributeId=telID,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: telID > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRSERVER-2299) Missing Indexes after Restart
[ https://issues.apache.org/jira/browse/DIRSERVER-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=1703#comment-1703 ] Emmanuel Lécharny commented on DIRSERVER-2299: -- Hi Rashid, yes, this is a known problem, and we are working on fixing it, but it takes time we barely have... The 'repair' command has been added in an attempt to mitigate the issue, if the database is not too corrupted. It basically reads the master table, and based on the server's configuration, recreate the indexes. The associated files are automatically generated. I will try to squeeze some time this week-end to see what's going on on shutdown, because the data are supposed to be properly flushed on disk. > Missing Indexes after Restart > - > > Key: DIRSERVER-2299 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2299 > Project: Directory ApacheDS > Issue Type: Bug > Components: index, ldap >Affects Versions: 2.0.0.AM25 >Reporter: Rashid Mahmood >Priority: Major > Attachments: image-2020-02-06-16-53-48-839.png > > > We have decided to use ApacheDS (version 2.0.0.AM25) for Authentication in > our product. Ldap Server and Directory Service are being used in Embedded > Mode. > > During our Tests we found that after Restart, some of the Entries via Indexed > Attribute Search Filter are not comming in search result. After considering > various possibilities we found that it is Indexing problem. We used Repair > commnd and then we see those entries in search results. > > Why some of the indexes were missing even it was a gracefull shutdown? > > We want to avoid repair command after every restart unless it is really > necessary. Our product will serve in future more than 50K users, we have fear > that it would cost us a lot if we encounter those unexpected problems. > > These are two attributes used in our search filters > dn: ads-indexAttributeId=mail,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: mail > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > dn: ads-indexAttributeId=telID,ou=indexes,ads-partitionId=tsi,ou=part > itions,ads-directoryServiceId=default,ou=config > ads-indexattributeid: telID > ads-indexHasReverse: FALSE > ads-indexcachesize: 1000 > objectclass: ads-index > objectclass: ads-jdbmIndex > objectclass: ads-base > objectclass: top > ads-enabled: TRUE > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
