[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd still allows bind but returns no data

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: slapd still allows bind but returns no data
From: "Josh M. Hurd" <JoshH@revenuescience.com>
Date: Fri, 12 Oct 2007 12:12:17 -0700
Cc: openldap-software@openldap.org
In-reply-to: <761DADA71EEC37C1C1E0F797@[192.168.1.3]>
References: <0AC8F6AE-C155-48B8-B8DE-9E51399485D1@RevenueScience.com> <761DADA71EEC37C1C1E0F797@[192.168.1.3]>

slapd.conf:

# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/ inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/openldap.schema include /usr/local/openldap/etc/openldap/schema/nis.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /usr/local/openldap/var/run/slapd.pid
argsfile        /usr/local/openldap/var/run/slapd.args

# Load dynamic backend modules:
modulepath      /usr/local/openldap/libexec/openldap
# moduleload    back_bdb.la
moduleload      back_ldap.la
moduleload      back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# restrict userPassword for authentication only, allowing changes by user access to attrs=userPassword by self write by * auth

# allow the world read access
access to * by * read

TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/cacerts/replica.pem
TLSCertificateKeyFile /etc/openldap/cacerts/replica.pem

#######################################################################
# BDB database definitions
#######################################################################

database        bdb
suffix         "dc=domain,dc=net"
rootdn         "cn=admin,dc=domain,dc=net"
rootpw         secret
# Mode 700 recommended.
directory       /usr/local/openldap/var/openldap-data
# Indices to maintain
index objectClass,uid,uidNumber,gidNumber,memberUid eq

#######################################################################

As for logging, when I added the -s 1 it seemed to be dumping the same type of info to syslog that it dumps to console when started with -d 1. Is this different?


On Oct 11, 2007, at 2:21 PM, Quanah Gibson-Mount wrote:

--On Thursday, October 11, 2007 11:45 AM -0700 "Josh M. Hurd" <JoshH@revenuescience.com> wrote:

I have been fighting with this issue for a couple months now and I really need a solution.

I have 2 openldap servers recently upgraded to 2.3.38 with a brand new rebuilt bdb from an LDIF dump. The 2 servers sit behind a load balancer (read-only) and provide basic authentication for about 300 linux servers. There's not much traffic on them but those who need access need access.
Can you share your slapd.conf, minus passwords?
Is it slapd that stops responding to queries, or the load balancer? I.e., are you testing queries via the LB, or directly to slapd, when this happens?
Also, debug logging would be -d -1.  -s is syslog level to use.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- slapd still allows bind but returns no data
  - From: "Josh M. Hurd" <JoshH@revenuescience.com>
- Re: slapd still allows bind but returns no data
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: lCould not parse line... slapadd
Next by Date: Re: slapd still allows bind but returns no data
Index(es):
- Chronological
- Thread