Re: bdb panics with openldap

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Tuesday 03 June 2008 18:06:46 Govind c wrote:
> We have openldap

What version ?

> using the bdb has its database.For 
> some reason the bdb had crashed complaining permission
> issue.

[...]

> May 13 16:04:40 ccc slapd[30372]: conn=12430 op=1 MOD
> noner=lastlogints lastaccessts authcookie
>
> May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
> /var/lib/ldap/log.0000000002: log file open failed:
> Permission denied
>
> May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
> PANIC: Permission denied
>
> May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
> DB_ENV->log_put: 2: DB_RUNRECOVERY: Fatal error, run
> database recovery
>
> May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
> /var/lib/ldap/log.0000000002: log file open failed:
> Permission denied

[...]

> -rw-------  1 ldap ldap 10485710 Apr 30 14:40
> log.0000000001
>
> -rw-------  1 root root  1827874 May 13 16:00
> log.0000000002
>
> -rw-------  1 ldap ldap     8192 Mar 20 11:50 mail.bdb

[...]

> The ldap is being run as user ldap
>

> Why should a modify cause a panic and not a search?

Transactions usually only occur when an entry is changed (added, deleted, 
modified).

> Why 
> did the rotated log had root as owner instead of
> ldap?

Since slapd is not running as root, it is impossible that slapd created the 
transaction log.

> Is there a fix for this issue? 

I think in some versions of OpenLDAP (2.1 to 2.2?) slapcat could incorrectly 
incur a transaction. So, if slapcat was run as root on 13 May at 16:00, that 
would be the cause. The fix would be to either upgrade, or to run your 
slapcat as the ldap user.

If slapcat wasn't run on 13 May at 16:00, some other administration (slapadd?) 
was run as root, and the permissions were not corrected before slapd was 
started.

Regards,
Buchan