Re: Centralized LDAP Authentication or Kerberos+LDAP Authentication

[Rich Graves <rcgraves@brandeis.edu>]

On Mon, 23 Aug 2004, Tony Earnshaw wrote:

> > Your init script, like redhat's, stops the server with kill -9.
> 
> RedHat's init procedure does *not*, unless something's seriously wrong
> with the proggie's init procedure.
> 
> Please read RedHat's /etc/rc.d/init.d/functions yet again and look for
> the function 'killproc'.

Yes. Upon rereading, it's not as bad as I thought, but still has a 
potential problem.

It allows 5 seconds for TERM to work and then runs KILL.

"Corruption" is an exaggeration. The behavior I was seeing before changing
the "killproc" line to "killall -w -HUP slapd; killproc slapd" is that
db_recover was required and when run would rolled back the last few
transactions with each server restart.

It's possible I have something else wrong, so here is

DB_CONFIG:
set_cachesize 0 209715200 0
set_lg_regionmax        131072
set_lg_bsize            2097152
set_lg_dir              /var/lib/ldap/bdb-logs

slapd.conf:
database        bdb
directory       /var/lib/ldap
checkpoint 1024 5
cachesize 10000
idlcachesize 20000
replogfile     /var/lib/ldap/slave.replog
replica-pidfile /var/run/openldap/slurpd.pid
replica-argsfile /var/run/openldap/slurpd.args
replica uri=ldap://[snipped]