[Date Prev][Date Next]
Re: Entries in LDAP dir seem to sporadically become unreadable
On Thu, 28 Apr 2005, David Harrison wrote:
I'm using OpenLDAP ver 2.2.23-1 on Debian Linux as a means for providing PAM
authentication across multiple machines, as well as providing a central
repository of email addresses, aliases and mail lists for postfix.
This machine has been upgraded from our previously unproblematic version of
OpenLDAP, version 2.0.23-6.3.
What I'm finding is that sporadically our MTA (postfix) will not be able to
find a given entry in the directory, or that NS on one of the servers will
not be able to correctly resolve group or user id's. There doesn't seem to
be any rhyme or reason to the pattern of the occurence (and it's not overly
frequent, once a week or so at the moment), it just seems to happen. No
errors in the logs, no strange updates in the logs either.
If I rename the existing entry to something else, create a new entry and give
it all the same details as the renamed entry and save it, everything goes
back to working again - so it doesn't seem like a configuration issue to me.
Even stranger is that once I have two entries that are identical but for name
(ie the old one and the new one) I see the following behaviour :
This (to search for the new entry) :
ldapsearch -x -b "ou=GroupEMail,dc=my,dc=domain,dc=com"
gets me a successful match, but the same query for the old entry (except of
course to change foo to foo-old) gets no successful matches.
Don't know if this will help, but the symptom described sounds
like what I've seen occur when an index is added to a working
directory's configuration without running slapindex (or better:
slapcat, stop slapd, slapadd) afterward. Have you tried dumping
and reloading the directory?
Kirk Turner-Rustin | Programmer/Analyst
Ohio Wesleyan University | Libraries and Information Services
http://www.owu.edu | http://lis.owu.edu