[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: deferring operation ?



Hello,

I upgraded my openldap server to 2.2.27 last week. In my log, i still see some deferring operation messages and i still have some freezes and delays in my slapd connexions (ex : my nagios send me some notifications : slapd server didn't respond in 10 seconds)...

I just don't what to do next...

Here is the output of the log :
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=0 BIND dn="" method=128
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=0 RESULT tag=97 err=0 text=
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=1 SRCH base="dc=insa-rennes,dc=fr" scope=2 deref=0 filter="(uid=lgarcon)"
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=2 BIND dn="uid=lgarcon,ou=people,dc=insa-rennes,dc=fr" method=128
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=2 BIND dn="uid=lgarcon,ou=people,dc=insa-rennes,dc=fr" mech=SIMPLE ssf=0
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=2 RESULT tag=97 err=0 text=
Jul 11 09:29:44 annuaire slapd[13859]: connection_input: conn=4748 deferring operation: binding
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=3 BIND anonymous mech=implicit ssf=0
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=3 BIND dn="" method=128
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=3 RESULT tag=97 err=0 text=
Jul 11 09:29:44 annuaire slapd[13859]: connection_input: conn=4748 deferring operation: binding
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 op=4 UNBIND
Jul 11 09:29:44 annuaire slapd[13859]: conn=4748 fd=22 closed


Here is my slapd.conf :
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/autofs.schema
include         /usr/local/etc/openldap/schema/misc.schema
include         /usr/local/etc/openldap/schema/openldap.schema
# les schemas Supann
include         /usr/local/etc/openldap/schema/internet2.schema
include         /usr/local/etc/openldap/schema/supann.schema
# le schema INSA
include         /usr/local/etc/openldap/schema/insa.schema
# les schemas pour Solaris
include         /usr/local/etc/openldap/schema/solaris.schema
include         /usr/local/etc/openldap/schema/DUAConfig.schema

idletimeout 30
timelimit 30

pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args

loglevel 256
sizelimit 10000
access to attr=userPassword
       by self write
       by anonymous auth
       by dn="cn=managr,dc=insa-rennes,dc=fr" write
       by dn="cn=oracle,ou=admin,dc=insa-rennes,dc=fr" write
       by dn="cn=pw,ou=admin,dc=insa-rennes,dc=fr" write
       by dn="cn=replicator,ou=admin,dc=insar-rennes,dc=fr" write
       by * none

access to dn.subtree="ou=people,dc=insa-rennes,dc=fr"
       attrs=entry,uid,mail,cn,InsaCompteEns,objectClass,displayName
       by self read
       by anonymous read
       by dn="cn=managr,dc=insa-rennes,dc=fr" write
       by dn="cn=oracle,ou=admin,dc=insa-rennes,dc=fr" write
       by dn="cn=replicator,ou=admin,dc=insa-rennes,dc=fr" write
       by dn="cn=web,ou=admin,dc=insa-rennes,dc=fr" read

access to *
       by dn="cn=managr,dc=insa-rennes,dc=fr" write
       by dn="cn=oracle,ou=admin,dc=insa-rennes,dc=fr" write
       by dn="cn=replicator,ou=admin,dc=insa-rennes,dc=fr" write
       by self read
       by dn="cn=web,ou=admin,dc=insa-rennes,dc=fr" read

# la base de donnees
database        bdb
suffix          "dc=insa-rennes,dc=fr"
rootdn          "cn=managr,dc=insa-rennes,dc=fr"

# Replica
replica uri=ldap://anubis.insa-rennes.fr:389
binddn="cn=replicator,ou=admin,dc=insa-rennes,dc=fr"
bindmethod=simple credentials=xxxx
replogfile /var/log/replogfile

# Les paraetres SSL
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/certificats/cachain.txt
TLSCertificateFile /etc/certificats/annuaire.insa-rennes.fr.crt
TLSCertificateKeyFile /etc/certificats/key/annuaire.insa-rennes.fr.key

TLSVerifyClient never

# mot de passe admin
rootpw          {MD5}XXX

# Localisation des fichiers de la base de donnees
# Mode 700 recommended.
directory       /usr/local/var/openldap-data

index objectClass,uid,insaClassePers,insaClasseEtu,oracleID,InsaCompteEns,InsaComptePers,mail eq

Thanks for your help....
Rodérick

Howard Chu wrote:

Roderick Petetin wrote:

:-S Did you ever experiment a slapd upgrade ?


Many, many times.

 Do you know some documentation about that ? stop slapd, slapcat -
 install 2.2.27 and import the ldif file ? Could it be that simple ?


In this case, since you're only moving within the same minor version, you can just replace the old slapd with the new slapd. Assuming that you keep everything else the same, of course (mainly, keep the same BerkeleyDB version).

Thanks for your help, Roderick.


> Try upgrading to 2.2.27.


>>> Here is the full log message for a request :
>
>>> *Jul  4 13:50:03 annuaire slapd[19523]: conn=7554 fd=12 ACCEPT
>>> from IP=10.5.1.4:35305 (IP=0.0.0.0:389) Jul  4 13:50:03
>>> annuaire slapd[19523]: conn=7552 fd=18 closed Jul  4 13:50:03
>>> annuaire slapd[19523]: connection_read(18): no connection!




--
Rodérick PETETIN

Centre de Ressources Informatiques - INSA de RENNES
20 av des Buttes de Coësmes
CS14315
35043 Rennes Cedex

Mél : Roderick.Petetin@insa-rennes.fr
Tél : 02 23 23 84 43