[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap died, can't recover _URGENT, please help

On 09/11/05, George Farris <farrisg@mala.bc.ca> wrote:
> On Wed, 2005-09-11 at 19:44 +0000, Julian Pilfold-Bagwell wrote:
> > Hi all,
> >
> > I have an OpenLDAP box running as a PDC on an 800 user network. So far, so
> > good, it's been up and running for a couple of months and has worked fine but
> > I now find that the /var/lib/ldap directory is full of log.0000000xxx files
> > and LDAP has hung. How do I cure this? Is it OK to delete some of the log
> > files and restart LDAP or do I have to clean up with a tool.
> >
> > I need this up tomorrow (it's a school) and I don't want to end up installing
> > server 2003 with my tail between my legs.
> I'm not an expert but have you tried running db_recover?  Actually on my
> Ubuntu Breezy box it's db4.2_recover and it is run automatically every
> time the ldap server is stared, just before it runs.

Before you start messing with contents of /var/lib/ldap then copy it
to a different location, so that you have a backup.

Try to use db_recover.

As soon as you finish with that and you make your directory running again:
- see if your OpenLDAP version is not a *buggy* one (upgrade if
necessary - don't forget about client applications - they should
always be linked with the libraries that correspond to your OpenLDAP
- go to FAQ-o-Matic and setup DB_CONFIG in your /var/lib/ldap.
Consider also some changes in your slapd.conf. In DB_CONFIG you can
also setup some magic connected with transaction logfiles (blaba.log)
- checkpointing (REALLY IMPORTANT); AFAIR for 2.2.x (and older) you
must run a cronjob that will then run db_checkpoint (pay attention to
uid/gid of files in your db)
- consider making a kind of backup using slapcat (and again,
AFAIR/AFAIK for 2.2.x - or at least below 2.2.27 - slapcat should be
run with the same uid as openldap; it might happen, that slapcat will
do some disk writing... and then *ZONK* - db files are owned by root
for example - bye bye ldap).

I slapcat and bzip my openldap every hour (but I also need these kind
of backups for other things) - so that if db_recover fails and nothing
else can help me... then I go for my favourite beverage and run

If you don't have a replica - consider running one. It really
increases availablity and in such cases can save your life.

There was a long thread about BDB and its 'moody behaviour'. It's a
really fragile piece of software that NEEDS to be configured in order
to work. The only problem is, that there is no general config - you
always have to tune it yourself.

By using google you can find a lot information about DB_CONFIG etc.
Some time ago there was also a thread about DB_CONFIG - take a look on

PS Do not delete transaction logfiles manually - use Berkeley DB tools
to manage them.
PS2 Unfortunately, BDB requires some reading - and in fact - a lot of
reading (the further you are the closer you see you are ;) But it is
worth the effort - sooner or later it will pay off.


> --
> George Farris   farrisg@mala.bc.ca
> Malaspina University-College