[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldapsearch on accesslog hangs in OpenLDAP 2.4.40 on RHEL 6.9 ( works ok w/ slapcat -b "cn=accesslog")

To: Quanah Gibson-Mount <quanah@symas.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: RE: ldapsearch on accesslog hangs in OpenLDAP 2.4.40 on RHEL 6.9 ( works ok w/ slapcat -b "cn=accesslog")
From: Ron Lamarche <Ron.Lamarche@innovapost.com>
Date: Sun, 25 Jun 2017 03:35:09 +0000
Accept-language: en-US
Content-language: en-US
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=800onemail.com; s=efw; h=MIME-Version:Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Message-ID:Date:Subject:To:From; bh=Rmdxyn3Oaseelfp3xE3ayKepU1n3d8KgN9tMjMIxDiQ=; b=3sSead9leunJAKWqpmF2sfDn++Y7827E/G6gcCfpnJixS8r8LZ0Snsu2LKQDzgjILG5vTuOL4zwU3W1JH3vT2algV+HBYu9HBDM6P1mpFW2Ive3m9KsnuEJpwz+0iodX5AqDyaU4mRXa6yVLvNgyG2GXSBopeq2EanC55q2hF08=;
In-reply-to: <BDE168088539302F8F8831EC@[192.168.1.30]>
References: <e56a8ccbba104d72b6c921501ed4037e@CEDMBXP12.EUC.cpggpc.ca> <WM!e5eb717cc9af5a20294e5ab118b920f818cf46e87a5fea0c9a49657e9fb172c0ebe202428914502ca8f420118cb08071!@mailstronghold-2.zmailclo ud.com> <BDE168088539302F8F8831EC@[192.168.1.30]>
Thread-index: AQHS7GZZpjHTyOb5h0uWMhno91IJH6I07FzQ
Thread-topic: ldapsearch on accesslog hangs in OpenLDAP 2.4.40 on RHEL 6.9 ( works ok w/ slapcat -b "cn=accesslog")

HI Quanah .

Thanks for the enlightenment. I was starting to think I had missed something and kept re-installing and re-configuring and getting same issues.

Also to add more fuel to the fire it seemed that whenever I accessed the suffixvia an  ldapsearch and then did an "ls"  on the /var/lib/ldap/accesslog directory the db files never changed in size. As well slapcat would not see any new accesslog entries ( nor would ldapsearch ) unless I restarted slapd services. Then I would see new entries from the previous ldapsearch of the suffix with slapcat but the db files would still be the same size. The read date/time stamp would only change when the slapd service was restarted.

At any rate I will download the new 2.4.45 as you suggested and move away from the OpenLDAP 2.4.40 fron rhel .

Regards

Ron L.

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@symas.com] 
Sent: June-23-17 5:19 PM
To: Ron Lamarche <Ron.Lamarche@innovapost.com>; openldap-technical@openldap.org
Subject: Re: ldapsearch on accesslog hangs in OpenLDAP 2.4.40 on RHEL 6.9 ( works ok w/ slapcat -b "cn=accesslog")

--On Thursday, June 22, 2017 9:19 PM +0000 Ron Lamarche <Ron.Lamarche@innovapost.com> wrote:

> I've installed the RHEL 6.9 OpenLDAP bundled product and have a 
> working suffix based on cn=config vs. slapd.conf  model but cannot get 
> the accesslog overlays/DB's to work  properly (ldapsearch returns 
> accesslog records but never completes and instead hangs showing 
> "ldap_int_select" . Need to ctl –c to exit )

Hi Ron,

The OpenLDAP build distributed by RedHat is known to have severe issues. 
It is strongly recommended to avoid their OpenLDAP builds because of this and their advanced age.  If you are not able to build OpenLDAP yourself, the LTB project provides standard OpenLDAP builds for free: 
<http://ltb-project.org/wiki/download#openldap>

If you require support, Symas (my employer) has such an offering.  Our OpenLDAP builds also include features not yet available from the OpenLDAP project.

You may be well facing any of a number of bugs that have been fixed in the
2.5 years since 2.4.40 was released, in particular:

        Fixed slapd cn=config when updating olcAttributeTypes (ITS#8199)
        Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS#8423)

Finally, I would also note that the back-bdb backend has been deprecated since OpenLDAP 2.3, and as of OpenLDAP 2.4, back-hdb is also deprecated. 
The recommended backend is back-mdb, which is built on top of LMDB (<http://www.symas.com/lmdb/>,
<https://en.wikipedia.org/wiki/Lightning_Memory-Mapped_Database>)

In general, issues with RedHat's build will not be explored unless you can reproduce the same problem with a current build of OpenLDAP.

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- ldapsearch on accesslog hangs in OpenLDAP 2.4.40 on RHEL 6.9 ( works ok w/ slapcat -b "cn=accesslog")
  - From: Ron Lamarche <Ron.Lamarche@innovapost.com>
- Re: ldapsearch on accesslog hangs in OpenLDAP 2.4.40 on RHEL 6.9 ( works ok w/ slapcat -b "cn=accesslog")
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: RE: Using TLS
Next by Date: RE: syncrepl fails after upgrade to openldap 2.4.45
Index(es):
- Chronological
- Thread