[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Corrupt LDAP DB ...



On Thursday 27 October 2005 14:52, C.Lee Taylor wrote:
> Greetings ...
>
> 	It's been awhile since I have been on this list, so if things have
> changed since last, please excuse me.
>
> 	I'm running a few Fedora Core 4-64 computers which LDAP for pam, nss
> and Samba mainly, with web page access and control in the future for
> internal use.
>
> 	For quite some time, we seem to be getting corrupt LDAP DB.

1)Your slapd.conf extract has no checkpoint directive, have you got a 
DB_CONFIG file in your db directory (/home/services/ldap/za/db). You should 
add both (after reviewing the docs on the FAQ-o-MATIC), and if you stick with 
2.2.x, you need to run db_checkpoint via cron or similar.

2)I don't think the Fedora packages run db recovery automatically.

> 	LDAP just 
> stops working and we can't restarted.  Have done slap slapindex -v -c,
> but that just hangs.

Stop, slapd, and run database recovery ('slapd_db_recover 
-h /home/services/ldap/za/db' or similar), check the permissions on the db 
files, and start slapd.

>
> 	I have search the online archives and googled the net for any idea of
> what might be causing this, but I'm yet to find a reason or means to fix
> this.
>
> 	So, currently, we restart all the LDAP servers in readonly mode, dump
> the DB and restart LDAP in normal mode.  If a server falls overs, we
> rsync a readonly DB over the broke LDAP and start working again.

Well, a resync would be *much* easier with sync-repl ... trash the DB and 
restart it. But, you probably want 2.3.x for that ..

>   This has been a problem since FC3, and I have tried OpenLDAP since
> 2.2.13 on FC3 to 2.2.26 on FC4 and even compiled some custom rpm
> packages for 2.2.28 and 2.2.29 and still seem to be getting this problems.

Get a better init script if you're going to stick with 2.2.x. 2.3.x does 
recovery itself when necessary (and

>
> 	Could I ask if somebody could help me trouble shoot this problem.
>
>
> 	We currently use the slapd.conf that ships with FC and add for our DB's
> ...
>
> database        bdb
> suffix          "dc=leenx,dc=co,dc=za"
> rootdn          "cn=Manager,dc=leenx,dc=co,dc=za"
> rootpw          thiscouldbemysecret
> directory       /home/services/ldap/za/db
> #cachesize      500000
>
> lastmod         on
> schemacheck     on
>
> 	If there is any more details that I could give, please let me know.

FYI, I'm running the Mandriva 2.3.11 packages I maintain (and rebuild on 
RHEL3/RHEL4), you may want to take a look ...

http://anorien.csc.warwick.ac.uk/mirrors/buchan/openldap/

I could be convinced to get an FC3 or FC4 chroot installed (x86 or x86_64).

Regards,
Buchan

-- 
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

Attachment: pgpHYRdCUbVk8.pgp
Description: PGP signature