[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap search problem



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Karolis Dautartas wrote:
|
| BM> Karolis Dautartas wrote:
| BM> | hi,
| BM> |
| BM> | I am running an email server with it's user DB stored in LDAP.
| BM> | I am writing to this list because I believe my problem is related to
| BM> | LDAP, not the email software.
| BM> |
| BM> | The problem in general is very simple. Sometimes LDAP searches
return
| BM> | 0 results, although they should definately return exactly 1 result.
| BM> | When this happens, a POP3 user auth would fail and he would be asked
| BM> | for a new password.
| BM> |
| BM> | I have noticed, that these search failures are related to other
| BM> | activity on the server. Say if I am running a "make all" command in
| BM> | PHP directory, LDAP would not be able to perform searches. The
server
| BM> | load isn't at all high at these moments - around 0.7 or so.
| BM> |
| BM> | Has anyone experienced anything like this, and what are possible
| BM> | solutions?
| BM> |
| BM> | I am using Fedora and openldap-2.1.29-1 RPM version.
|
| BM> We can't give any advice (besides "don't compile software on
production
| BM> servers") without more detail. Your slapd.conf would be a start (of
| BM> course, remove the rootpw from it if necessary).
|
| the problem appears not only when I compile things. "make" was just
| one example. slapd.conf follows:
|
| --- start slapd.conf ---
|
| ###
| ### Global options
| ###
|
| include         /etc/openldap/schema/core.schema
| include         /etc/openldap/schema/cosine.schema
| include         /etc/openldap/schema/inetorgperson.schema
| include         /etc/openldap/schema/nis.schema
| include         /etc/openldap/schema/redhat/autofs.schema
| include         /etc/openldap/schema/qmail.schema
| include         /etc/openldap/schema/clmu.schema
| include         /etc/openldap/schema/pubuser.schema
| include         /etc/openldap/schema/horde.schema
|
|
| loglevel 288
| pidfile /var/run/slapd.pid
|
| allow bind_v2
|
| ###
| ### Backend options
| ###
|
| backend         bdb
|
| ###
| ### Database options
| ###
|
| database        bdb
| suffix          "ou=mail"
| rootdn          "cn=root,ou=mail"
| rootpw          *********************************
| directory       /var/lib/ldap
|


No indexes, not BDB tuning, of course you will have performance problems (especially IO-related), slapd has to read the whole database to find one entry in your database.

Please, read the slapd-bdb man page (see the coverage of the index
directive) as well as the documentation in the FAQ-o-matic regarding
performance tuning and your chosen database backend:

http://www.openldap.org/faq/data/cache/190.html

You most likely don't have a DB_CONFIG file in your database directory
either, see:
http://www.openldap.org/faq/data/cache/1072.html
http://www.openldap.org/faq/data/cache/893.html

P.S. Please reply to the list unless you want an invoice ...

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBuDNlrJK6UGDSBKcRApmDAJ43iuspQHAdjzSIqt1oW45N/JN+0ACeLxzD
eHj0UfWk8RxDWcyQvNcAnX8=
=21gO
-----END PGP SIGNATURE-----