Bonjour,
voici comment migrer le format de fichier indexé vers BDB:
# Arrêt du service ldap
nstop ldap
# Export au format ldif de la base de donnée
slapd -T cat -f /var/ldap/slapd.conf > /log/export.ldif
# Copie de backup de la base ldap
mv /data/Main/Ldapbase /log/Ldapbase.old
# Crration du dossier pour la base
mkdir /data/Main/Ldapbase
# Tunning de la configuration, afin d'utiliser le nouveau format
setconf ~/ConfigFiles/ldap Server DBBackend bdb
# Creation du fichier DB_CONFIG spécifique au nouveau format
echo "set_lg_max 1000000" >/data/Main/Ldapbase/DB_CONFIG
echo "set_flags DB_LOG_AUTOREMOVE" >>/data/Main/Ldapbase/DB_CONFIG
# Import Complet des données
slapd -T add -f /var/ldap/slapd.conf -l /log/export.ldif
# Démarrage du service
nstart ldap
Et voici les étapes de vérifications:
# Listing du dossier LdapBase afin de valider le nouveau format:
ls /data/Main/Ldapbase
DB_CONFIG __db.002 __db.004 dn2id.bdb log.0000000001 uid.bdb
__db.001 __db.003 __db.005 id2entry.bdb objectClass.bdb
# Verification du service ldap
dstat |grep ldap
ldap : /var/supervise/ldap: up (pid 33177) 347 seconds
# Validation du service ldap
nsrpc admin@127.0.0.1
user list
101 code=00f01100 msg="User List:"
cn=philippe,ou=users,o=jnprlabs,dc=stagira.net
100 code=00a00100 msg="Ok"
Tuesday, September 11, 2012
NETASQ: LDAP migrer vers le format bdb
Tuesday, September 4, 2012
NETASQ: Using External tools inside the FW
Hi folks,
so i need some tools on my unix FW, netasq comes with some, but lacks a lot of others. Great example is : wget.
So you need to figure it out which freebsd version you're netasq is running on:
Normaly for a V9, it is a Freebsd 7.3:
# uname -a
NS-BSD VUXXXA1GXXXXXX 9.0.3- NS-BSD 9.0.3- #0: Mon Apr 2 21:15:37 CEST 2012 build@buildmajclipp.netasq.com:/usr/home/build/fw-9.0.3/sys-7.3/work/sys/i386/compile/NETASQ.XL.FULLVIRT.RELEASE i386
For a v8, it is a 6.3:
# uname -a
NS-BSD V50XXA0A0000001 8.1.0- NS-BSD 8.1.0- #0: Wed Mar 31 13:14:10 CEST 2010 build@81maj.netasq.com:/usr/home/build/fw-8.1.0/sys-6.3/work/sys/i386/compile/NETASQ.M.FULLVIRT.RELEASE i386
In the following command:
root@linux$ Is the Prompt of the Linux Host ( yes, sure ! :- )
VUXXXXXX0000000>Is the Prompt of the Netasq FW ( huh ?? )
Download the packages from a Distribution server, for wget you will need:
Wget : http://ftp.stu.edu.tw/FreeBSD/ports/i386/packages-7.3-release/All/wget-1.12.tbz
gettext: http://ftp.stu.edu.tw/FreeBSD/ports/i386/packages-7.3-release/All/gettext-0.17_1.tbz
libiconv : http://ftp.stu.edu.tw/FreeBSD/ports/i386/packages-7.3-release/All/libiconv-1.13.1_1.tbz
unpack the files in a directory:
root@linux$ tar -jxvf wget-1.12.tbz
root@linux$ tar -jxvf gettext-0.17_1.tbz
root@linux$ tar -jxvf libiconv-1.13.1_1.tbz
So you have the tool, somes libs that will be used later on, now, transfer the wget binary from bin/wget to a netasq fw, in /log/wget-bsd73 for example:
VUXXXXXX0000000> mkdir /log/wget-bsd73
root@linux$ scp bin/wget mynetasqfw:/log/wget-bsd73
We'll test if all the shared libs are available
VUXXXXXX0000000>ldd wget
wget:
libssl.so.5 => not found (0x0)
libcrypto.so.5 => not found (0x0)
libiconv.so.3 => not found (0x0)
libintl.so.8 => not found (0x0)
libc.so.7 => /lib/libc.so.7 (0x280cc000)
Well.... we miis a lot ? In fact no, we just miss 2 libs: libiconv.so and libintl.so.
Transfer the 2 libs:
root@linux$ scp lib/libiconv.so.3 mynetasqfw:/log/wget-bsd73
root@linux$ scp lib/libintl.so.8 mynetasqfw:/log/wget-bsd73
For the rest we just need to create symlinks:
ln -s /usr/lib/libcrypto.so /usr/lib/libcrypto.so.5
ln -s /usr/lib/libssl.so /usr/lib/libssl.so.5
ln -s $PWD/libiconv.so.3 /usr/lib/libiconv.so.3
ln -s $PWD/libintl.so.8 /usr/lib/libintl.so.8
So, check again the shared libs:
VUXXXXXX0000000>ldd wget
wget:
libssl.so.5 => /usr/lib/libssl.so.5 (0x280cc000)
libcrypto.so.5 => /usr/lib/libcrypto.so.5 (0x2811d000)
libiconv.so.3 => /usr/lib/libiconv.so.3 (0x28288000)
libintl.so.8 => /usr/lib/libintl.so.8 (0x2837e000)
libc.so.7 => /lib/libc.so.7 (0x28387000)
Everything is here !
To end this proc, just copy the wget binary to the /usr/Firewall/sbin/ directory:
VUXXXXXX0000000>cp wget /usr/Firewall/sbin/wget
Now we can test the wget:
VUXXXXXX0000000>wget http://94.23.230.70/package/na_pack_updates_kasperskyStandard.md5
--2011-09-04 10:14:42-- http://94.23.230.70/package/na_pack_updates_kasperskyStandard.md5
Connecting to 94.23.230.70:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 72 [application/octet-stream]
Saving to: `na_pack_updates_kasperskyStandard.md5'
100%[===========================================================================>] 72 --.-K/s in 0s
2011-09-04 10:14:43 (1.05 MB/s) - `na_pack_updates_kasperskyStandard.md5' saved [72/72]
That's all Folks !
Monday, September 3, 2012
NETASQ: ldap export / import without external tools (ie: Ldap Browser)
Hi Folks,
so, everytime you need to manipulate the ldap db you'll find a kb, a mail, a tips saying:
Hey you need and ldap browser tool .
Wrong !
The netasq have everything inside to do this!
lets see how:
where is the conf file:
/var/ldap/slapd.conf
Stop the ldap server:
nstop ldap
Export the db in an ldif format:
slapd -4 -T cat -f /var/ldap/slapd.conf > /tmp/export.ldif
Modify it:
vi /tmp/export.ldif
Move the old db:
cd /data/Main/
mv Ldapbase Ldapbase.old
mkdir Ldapbase
Recreate the DB:
slapd -T add -f /var/ldap/slapd.conf -l /tmp/export.ldif
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
=> bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996)
=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
slapadd: could not add entry dn="o=jnprlabs,dc=cons165.magirus.com" (line=1): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
_## 11.06% eta none elapsed none spd 368.9 k/s
Closing DB...
Start the ldap server:
nstart ldap
Lets see if the modif is here:
slapd -4 -T cat -f /var/ldap/slapd.conf
Taht's all !!!