[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Corrupt LDAP DB ...

On 11/5/05, Jose Ildefonso Camargo Tolosa <ildefonso.camargo@gmail.com> wrote:
> Hi!


> I think it is.  OpenLDAP almost depends on Berkley DB, so it should
> give some info in the "general" documentation (there is info, in the
> FAQ-o-matic), or at least warn about how fragile BDB is.

Recent versions (2.3.x) warn (to syslog) if you don't have a DB_CONFIG
file for any bdb or hdb database.

> If you install PostgreSQL, you will get a robust database with almost
> no extra configuration, it is not the same with berkley, you need to
> configure the "DB enviroment", wich is in part done by OpenLDAP the
> first time it opens the DB enviroment, and the DB_CONFIG is
> database-specific, there is not a "global DB_CONFIG", you have to
> create a DB_CONFIG for each database you create, and it will depend on
> the use of the DB.  I think that OpenLDAP should ship with an example
> DB_CONFIG, and describe for wich "directory size" is that suited.

Recent versions do.

> > And the major point here, is that your problems stem from two things:
> >
> > 1) Using RedHat's distribution of OpenLDAP which is *known* to have
> > problems, and that is the fault of the distributor, not OpenLDAP
> I don't use RedHat, and I don't recoment it's use.

There's nothing wrong with RedHat as a distribution. Just don't use
their packages (at least RHEL2.1, RHEL3, RHEL4 and any Fedora up to
FC3 at least).

I use Red Hat, but I use the Mandriva packages (which I maintain)
rebuilt on Red Hat (RHEL3 and RHEL4, our RHEL2.1 boxen still have
packages based on the RH 2.0.27 packages from RHEL3 but heavily
modified). My 2.3.11 packages for RHEL are available ...

> I'm using Debian
> and Gentoo.  From these, only Debian (sarge) have a stable
> OpenLDAP2.2/BDB4.2

Read on ...

> > and
> >
> > 2) A lack of basic sys admin skills on your part
> BDB administration is not that basic.  But I agree with you, one need
> to read a lot before implementing something, but, by the time I
> started using OpenLDAP, there was a lack of documentation on what
> respect to the "fragility" of BDB, and the need to config a DB
> enviroment (come on, you *need* to configure the DB enviroment, and
> that's not in the quick start guide, nor in the admin guide).
> >
> > Now you can attribute that to 'lack of documentation' and other stuff all
> > you want.  The fact is, your problems do not stem from the OpenLDAP
> > project, or a lack of documentation.  And yes, you emailed the list to get
> > help, which was provided to you, and which for quite some time you decided
> > to ignore.  And at this point, I'm through with this discussion.
> I agree on this, I have got help on this list, and I have listen to
> them, and implemented their advices (wich have solved most of my
> problems) but I think that one should be worring about other things
> than the "directory DB"....... I would like to be able to configure
> OpenLDAP with BDB backend to be as stable as PostgreSQL.

I think your issue may be something else ...

>  I have
> configured PostgreSQL databases wich have run without human
> intervention for over two years, but with berkley

I assume that by "berkley" you actually mean OpenLDAP on bdb ...

> , I have had
> databases that crash without being updated, just power up, and
> shutdown (cleanly), I have a quite stable Debian system now, but It
> took some time to get there, my gentoo box keeps trashing the BDB
> (with the same DB_CONFIG and data).

This sounds very much like your slapd is being stopped badly, and not
having database recovery run for its databases.

Note that 2.3.x recovers databases at startup, but for 2.1.x and 2.2.x
manual db_recover is needed if it is likely that slapd could not
cleanly close all its databases. Debian's init script does this (I
think you may have to configure it to do so in /etc/default/slapd),
Mandriva's init script does this by default for 2.2.x (can't remember
for old 2.1.x packages).