[Date Prev][Date Next] [Chronological] [Thread] [Top]

Entries in LDAP dir seem to sporadically become unreadable

To: openldap-software@OpenLDAP.org
Subject: Entries in LDAP dir seem to sporadically become unreadable
From: David Harrison <david.harrison@sensorynetworks.com>
Date: Thu, 28 Apr 2005 21:35:59 +1000
Organization: Sensory Networks
User-agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317)

Hi all,

I'm using OpenLDAP ver 2.2.23-1 on Debian Linux as a means for providing PAM authentication across multiple machines, as well as providing a central repository of email addresses, aliases and mail lists for postfix.

This machine has been upgraded from our previously unproblematic version of OpenLDAP, version 2.0.23-6.3.

What I'm finding is that sporadically our MTA (postfix) will not be able to find a given entry in the directory, or that NS on one of the servers will not be able to correctly resolve group or user id's. There doesn't seem to be any rhyme or reason to the pattern of the occurence (and it's not overly frequent, once a week or so at the moment), it just seems to happen. No errors in the logs, no strange updates in the logs either.

The machines that access the directory range in configuration from 2.4 kernels to 2.6 kernels, some are sync'd against the latest sarge packages, others are a few months old (all display the same lookup behaviour once an entry goes bad).

When it happens, I'm able to use ldapsearch to view the entry in this way :

ldapsearch -x groupEMail=foo

but if I do this :

ldapsearch -x -b "ou=GroupEMail,dc=my,dc=domain,dc=com" "(&(objectclass=MailGroup)(groupEMail=foo))

I get no valid matches.

I can also correctly see the entry and all its details using a tool such as GQ.

If I rename the existing entry to something else, create a new entry and give it all the same details as the renamed entry and save it, everything goes back to working again - so it doesn't seem like a configuration issue to me.

Even stranger is that once I have two entries that are identical but for name (ie the old one and the new one) I see the following behaviour :

This (to search for the new entry) :

ldapsearch -x -b "ou=GroupEMail,dc=my,dc=domain,dc=com" "(&(objectclass=MailGroup)(groupEMail=foo))

gets me a successful match, but the same query for the old entry (except of course to change foo to foo-old) gets no successful matches.

The infrastructure that surrounds the LDAP directory has not changed at all, so I am only left to consider that something has changed with the OpenLDAP daemon. It sort of seems like a possible data corruption, but the ability to query it successfully under some circumstances makes it seem unlikely.

Any advice that can be offered on the problem, or how I might be able to chase it down is VERY appreciated ;-)

Cheers
Dave

Follow-Ups:
- Re: Entries in LDAP dir seem to sporadically become unreadable
  - From: "Kirk A. Turner-Rustin" <ktrustin@owu.edu>

Prev by Date: (64) naming attribute 'dc' is not present in entry
Next by Date: SSL problem with self-compiled client
Index(es):
- Chronological
- Thread