[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: occasional user entry being deleted
>>> Al <afrunning@gmail.com> schrieb am 20.01.2015 um 15:38 in Nachricht
<CAAVuYqGpZ1JLeTsNghXCrZCAZV6+XJH1Uhj=53QwWkhfV+WpxA@mail.gmail.com>:
> Hi All -
>
> I'm having an odd issue where on a rare occasion (a couple of times a
> week), a new LDAP user entry is being deleted shortly after it is
> created. Sometimes it happens within a few minutes, sometimes it
> happens within an hour or so.
>
> I have a 4 way multi-master setup, with all writes being directed at a
> single server with a load balancer. I have the auditlog enabled (from
I suspect your MM configuration has a problem. Maybe try to circumvent the load balancer and add a user to each of the four servers to find out whether the effect occurs on every server.
Did you also check system clocks for current time?
> failed attempts at delta sync) and I see auditDelete entries in the
> auditdb, but its being executed from the internal admin user, not a
> "real" user. I do not see anything suspect in my system logs running
> at the normal loglevel.
I have experience with auditlog, but with accesslog you could see the "modifier" of a change (that is not triggered by openLDAP itself)...
>
> I'm running 2.4.39 on Redhat 6, x64 with mdb. Below is a snippet of
> my configuration from the specific database in question. Does anyone
> know why this might be occurring? Any idea on how to further
> troubleshoot this issue?
>
> Thanks in advance -
>
> Al
>
> dn: olcDatabase={1}mdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcMdbConfig
> olcDatabase: {1}mdb
> olcDbDirectory: /PATH/TO/OPENLDAP/var/openldap-data
> olcSuffix: dc=company,dc=com
> olcAddContentAcl: FALSE
> olcLastMod: TRUE
> olcLimits: {0}dn.base="XXXXXXX" size.soft=unlimited
> size.hard=unlimited time.soft=unlimited time.hard=unlimited
> olcMaxDerefDepth: 15
> olcReadOnly: FALSE
> olcRootDN: cn=Manager,dc=company,dc=com
> olcRootPW:: XXXXXXXXX
> olcSyncUseSubentry: FALSE
> olcMirrorMode: TRUE
> olcMonitoring: TRUE
> olcDbCheckpoint: 512 5
> olcDbNoSync: TRUE
> olcDbIndex: objectClass eq
> olcDbIndex: entryUUID eq
> olcDbIndex: entryCSN eq
> olcDbIndex: cn pres,eq,sub
> olcDbIndex: uid eq
> olcDbIndex: uidNumber eq
> olcDbIndex: gidNumber eq
> olcDbIndex: uniqueMember eq
> olcDbIndex: nisNetgroupTriple eq
> olcDbIndex: sudoUser eq,sub
> olcDbIndex: mail eq
> olcDbIndex: pwmToken eq,sub
> olcDbIndex: memberOf eq
> olcDbMaxSize: 25000000000
> olcDbMode: 0600
> structuralObjectClass: olcMdbConfig
> entryUUID: xxxx-xxxx-xxxxx-xxxxx
> creatorsName: cn=config
> createTimestamp: 20111014131247Z
> olcSyncrepl: {0}rid=011 provider=ldap://server1:21389/ bind
> method=simple timeout=0 network-timeout=0 binddn="XXXXXXX"
> credentials="XXXX" keepalive=0:0:0 startt
> ls=critical filter="(objectclass=*)" searchbase="dc=company,dc=com"
> scope=sub schemachecking=off type=refreshOnly retry="30 +"
> interval=00:00:00:30
> olcSyncrepl: {1}rid=012 provider=ldap://server2:21389/ bind
> method=simple timeout=0 network-timeout=0 binddn="XXXXXXX"
> credentials="XXXX" keepalive=0:0:0 startt
> ls=critical filter="(objectclass=*)" searchbase="dc=company,dc=com"
> scope=sub schemachecking=off type=refreshOnly retry="30 +"
> interval=00:00:00:30
> olcSyncrepl: {2}rid=013 provider=ldap://server3:21389/ bind
> method=simple timeout=0 network-timeout=0 binddn="XXXXXXX"
> credentials="XXXX" keepalive=0:0:0 startt
> ls=critical filter="(objectclass=*)" searchbase="dc=company,dc=com"
> scope=sub schemachecking=off type=refreshOnly retry="30 +"
> interval=00:00:00:30
> olcSyncrepl: {3}rid=014 provider=ldap://server4:21389/ bind
> method=simple timeout=0 network-timeout=0 binddn="XXXXXXX"
> credentials="XXXX" keepalive=0:0:0 startt
> ls=critical filter="(objectclass=*)" searchbase="dc=company,dc=com"
> scope=sub schemachecking=off type=refreshOnly retry="30 +"
> interval=00:00:00:30
> entryCSN: 20140924095732.634049Z#000000#001#000000
> modifiersName: cn=Manager,cn=config
> modifyTimestamp: 20140924095732Z