[Date Prev][Date Next]
Re: Entries in LDAP dir seem to sporadically become unreadable
Kirk A. Turner-Rustin wrote:
On Thu, 28 Apr 2005, David Harrison wrote:
I'm using OpenLDAP ver 2.2.23-1 on Debian Linux as a means for
providing PAM authentication across multiple machines, as well as
providing a central repository of email addresses, aliases and mail
lists for postfix.
This machine has been upgraded from our previously unproblematic
version of OpenLDAP, version 2.0.23-6.3.
What I'm finding is that sporadically our MTA (postfix) will not be
able to find a given entry in the directory, or that NS on one of the
servers will not be able to correctly resolve group or user id's.
There doesn't seem to be any rhyme or reason to the pattern of the
occurence (and it's not overly frequent, once a week or so at the
moment), it just seems to happen. No errors in the logs, no strange
updates in the logs either.
If I rename the existing entry to something else, create a new entry
and give it all the same details as the renamed entry and save it,
everything goes back to working again - so it doesn't seem like a
configuration issue to me.
Even stranger is that once I have two entries that are identical but
for name (ie the old one and the new one) I see the following behaviour :
This (to search for the new entry) :
ldapsearch -x -b "ou=GroupEMail,dc=my,dc=domain,dc=com"
gets me a successful match, but the same query for the old entry
(except of course to change foo to foo-old) gets no successful matches.
Don't know if this will help, but the symptom described sounds
like what I've seen occur when an index is added to a working
directory's configuration without running slapindex (or better:
slapcat, stop slapd, slapadd) afterward. Have you tried dumping
and reloading the directory?
Reindexing the seems to have sorted out the problem (well, for now ;-)
). So the next question becomes, why is this happening ?