Re: Accesslog purge doesn't work in Openldap 2.4.21 - Ubuntu Lucid

[Miguel Montero Rodríguez <migmonte@gmail.com>]

Hi everyone,

I've found how to know the version of the Berkeley database that "apt-get install slapd" installs in Ubuntu Server 10.04 LTS (not 10.10, that's desktop, sorry).



I'm sure you know, but I'm going to write it here if someone needs that information.

# od
-j12 -N8 -tx4 accesslog/log.0000000001

0000014 00040988 0000000e

0000024

5
  (0x00000005) > v 4.0
7
  (0x00000007) > v 4.1
8
  (0x00000008) > v 4.2
10
  (0x0000000a) > v 4.3
11
  (0x0000000b) > v 4.4
12
  (0x0000000c) > v 4.5
13
  (0x0000000d) > v 4.6
14
  (0x0000000e) > v 4.7

So, in Ubuntu I needed to install 4.7.
# apt-get install db4.7-util

For using db_archive, db_checkpoint and so on you need to type:



# db4.7_archive
# db4.7_checkpoint



...

The output of "db4.7_archive -a" is:

/var/lib/ldap/log.0000000001



...
/var/lib/ldap/log.0000000022



The directory in which I have a big amount of files is:
"/var/lib/ldap/accesslog/" not "/var/lib/ldap/"



# ls -1 /var/lib/ldap/log.* | wc -l
23

# ls -1 /var/lib/ldap/accesslog/log.* | wc -l



2404

I was really worried about this because I didn't have so much space in disk.
root@server:/var/lib/ldap/accesslog# du -h



24G     .

The flag DB_LOG_AUTOREMOVE hasn't worked but I've executed "db4.7_archive -d" and the space is free now:
# db4.7_archive -d


root@server:/var/lib/ldap/accesslog# du -h
280M    .

# ls -1 /var/lib/ldap/log.* | wc -l


23
# ls -1 /var/lib/ldap/accesslog/log.* | wc -l


1

Do you recommend me to create a cron job to remove this logs as a workaround?

With this information i hope that someone can help me :)

Best regards and thank you in advance.

On Thu, Jul 5, 2012 at 7:01 PM, Miguel Montero Rodríguez <migmonte@gmail.com> wrote:

Hi,

To be honest, I'm not a guru in Openldap, I didn't know that BerkeleyDB could be running with OpenLDAP. So, thank you very much, you have opened my mind.

I set the flag DB_LOG_AUTOREMOVE in DB_CONFIG file, first I've stopped ldap (/etc/init.d/slapd stop), then I've changed the file DB_CONFIG, and then I've restarted slapd again. After doing this I've restarted even the server but the log.* files are still there :(

I've been searching what package should I install in the server in order to have the db_archive, db_checkpoint... utilities and I find that I could install the BerkeleyDB but not an isolated package for Ubuntu Server 10.10 LTS...

Seriously, thank you VERY much.

On Wed, Jul 4, 2012 at 5:27 PM, Brandon Hume <hume-ol@bofh.ca> wrote:

 On 07/ 4/12 07:05 AM, Miguel Montero Rodríguez wrote:

I've just seen that /var/lib/ldap/accesslog is growing so I've realized that olcAccessLogPurge is not working properly (for example, I have log.0000000001 file from 2011-09-10).

I believe you're confusing the accesslog purge with BerkeleyDB's internal bookkeeping.  olcAccessLogPurge will configure slapd cleaning out old LDAP entries which are used as the accesslog.  But remember that OpenLDAP runs on *top* of BerkeleyDB, if you're using the BDB and/or the HDB backends.  The log.* files in your data directory are there as part of BerkeleyDB, and OpenLDAP doesn't know about them.

You'll want to investigate the db_checkpoint and db_archive (specifically db_archive -a) commands, which will tell you which of those log.* files are old and unused and can be removed.  You might also be interested in the DB_LOG_AUTOREMOVE flag in DB_CONFIG.

If you're running a modern release (and, really, if you participate in this list that's not optional...) you can also investigate using mdb as the backend, which does away with those files altogether.