[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd 2.0.7 hangs

To: openldap-software@OpenLDAP.org
Subject: slapd 2.0.7 hangs
From: Christoph Lukas <christoph.lukas@gmx.net>
Date: Thu, 10 Jan 2002 13:13:51 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.7) Gecko/20011221

Hi,

we are using openldap 2.0.7 on a debian (2.2) linux system as central ldap server for one of our customers. It is used for doing unix authentication via nss_ldap and pam_ldap and for win2k user authentication via samba-tng.

We are facing the following problem: About once every 4 weeks slapd stops working. The slapd process seems to hang. It accepts new connections from clients but does not respond to any client's 'search' operation.

The process keeps running accepting connections for several hours (about
7) till it runs out of open files. After this point no new connections
are accepted.

Restarting slapd gets things working again, but always one ldap object seems to be corrupted. In our case it always seems to be an 'sambaAccount' object which is corrupted. (Used to store NT Mashine accounts for Samba-TNG).

This corrupted object is still visible using an ldapbrowser but an
ldapsearch with 'uid=the_objects_uid' yields an empty result. Using an
ldapbrowser the uid attribute shows up the correct value.

After changing the uid attribute to a different value and changing it
back to it's original value it seems to be fully restored and the same
ldapsearch yields the correct sambaAccount object.

As the uid attribute seems to contain the correct value might it be
possible that the index gets corrupted when the slapd process hangs?

Does anybody know if this is a known problem with openldap 2.0.7 or does anybody have any other hints to avoid this? This situation is especially annoying as a hanging slapd also stops accessing the machine via ssh or console login. :-( At the moment we are using a 'every 5 minutes' cronjob to check the ldapserver and to restart it, if it hangs.

Thanks in advance,
Christoph

Our slapd.conf

# This is the main ldapd configuration file.

# Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/sambatng.schema-v3 include /etc/ldap/schema/abookperson.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/pingworks.schema

# Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on

# Where clients are refered to if no # match is found locally #referral ldap://ldap.four11.com

# Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd.pid

# List of arguments that were passed to the server argsfile /var/run/slapd.args

# Read slapd.conf(5) for possible values loglevel 0 #loglevel 256

# idletimeout idletimeout 10800

#######################################################################
# ldbm database definitions
#######################################################################

# The backend type, ldbm, is the default standard database ldbm

# The base of your directory suffix "dc=dimensional,dc=de" rootdn "uid=root,ou=People,dc=dimensional,dc=de" rootpw "secret"

# Where the database file are physically stored directory "/var/lib/ldap"

# index definitions 2001-10-19
index default pres,eq
index cn,uid,uidNumber,gidNumber,ntUid,rid,groupRid
index memberUid,sambaMember pres,eq,sub
index objectclass eq

# Save the time that the entry gets modified
lastmod on

# For Netscape Roaming support, each user gets a roaming # profile for which they have write access to #access to dn=".*,ou=Roaming,dc=dimensional,dc=de" # by dnattr=owner write

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
	by dn="uid=root,ou=People,dc=dimensional,dc=de" write
	by anonymous auth
	by self write
	by * none

# The admin dn has full write access
access to dn="ou=Contacts,dc=dimensional,dc=de"
	by dn="uid=abook,ou=People,dc=dimensional,dc=de" write
	by group="cn=ldapadmin,ou=Group,dc=dimensional,dc=de" write
	by * read

access to *
	by group="cn=ldapadmin,ou=Group,dc=dimensional,dc=de" write
	by * read

# End of ldapd configuration file

Follow-Ups:
- Re: slapd 2.0.7 hangs
  - From: Adrian Phillips <adrianp@powertech.no>

Prev by Date: Re: portingofopenldaptowin32+ldapsearch
Next by Date: Re: problems with ldapadd
Index(es):
- Chronological
- Thread