[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#7198) slapd coredumps when Master server unavailable
Full_Name: Andre Cardinal
Version: 2.4.24
OS: Oracle (Solaris) 10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (206.47.249.246)
Our Openldap Master server crashed with a hardware memory error and the
slave/replica, which is read only, coredumped 2 hours later, and would coredump
4 minutes after restarting slapd thereafter.
Disabling syncrepl stopped the coredumps. (i.e. commenting out all the lines in
the syncrepl portion of slapd.conf in the replica. See following.
Text in <> is sanitized for obvious reasons.
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/ces.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/openldap-run/slapd.pid
argsfile /usr/local/var/openldap-run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_hdb.la
# moduleload back_ldap.la
allow bind_v2
loglevel 256
#loglevel 4095
#logfile /var/log/ldap.log
# The next three lines allow use of TLS for encrypting connections using a
# test certificate
#TLSCACertificateFile /usr/local/etc/openldap/certs/test_with_ca.pem
#TLSCertificateFile /usr/local/etc/openldap/certs/test_with_ca.pem
#TLSCertificateKeyFile /usr/local/etc/openldap/certs/test_with_ca.pem
#ICM Certs for PROD
TLSCACertificateFile /usr/local/etc/openldap/certs/Slave-ICM.pem
TLSCertificateFile /usr/local/etc/openldap/certs/Slave-ICM.pem
TLSCertificateKeyFile /usr/local/etc/openldap/certs/Slave-ICM.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#configure timelimits and sizelimits
sizelimit unlimited
timelimit unlimited
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "<suffix>"
rootdn "<Root DN>"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}<encrypted password>
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
#directory /data/openldap
# Indices to maintain
index objectClass eq
index cesSubjectDN eq,pres
index cn eq
#
#Equality Indexing for Replication
#
index entryCSN,entryUUID eq
syncrepl rid=123
provider=ldap://<Master Server>
type=refreshAndPersist
interval=00:00:00:10
retry="30 +"
searchbase="<suffix>"
filter="(objectClass=*)"
scope=sub
attrs="*"
schemachecking=off
bindmethod=simple
binddn="cn=<bindDN>"
credentials=<password>