I have a problem trying to recover ldap database, error are as follow:
slapd_db_recover -h /var/lib/ldap/ -c -v
Finding last valid log LSN: file: 1 offset 729642
Recovery starting from 
db_recover: Improper file close at 1/623901
db_recover: Recovery function for LSN 1 623901 failed on forward pass
db_recover: PANIC: Invalid argument
db_recover: PANIC: fatal region error detected; run recovery
db_recover: DB_ENV->open: DB_RUNRECOVERY: Fatal error, run database recovery
How can I recover it?
Thanks in advance!
Sergio Belkin -
When I add the strcast_func "text" to my slapd.conf file, running slapd -d1 gives me an error when the SELECT DISTINCT sql statement is executed. Do I need to have a strcast_func for MySQL backend? If so, what function should I use instead of "text" ?
Hi list. I have a question about an ldap-base that I maintain
The base contains about 500,000 records with attribute uid (single value
and unique) and code(multi value; typically between 10 and 200 values,
5-50 bytes or more each, not unique). The code attribute is indexed on
eq and sub for historical reasons, but the index is no longer needed (if
it ever was). The uid attribute is, and will stay, indexed on eq.
Tests reveal that updating records can be time consuming when they
contain a large number of long codes, sometimes about 1.25 seconds pr.
record(!). In contrast to this, when I update without the index, I get
around 75 recs/second. Searching is still fast, as I never search for
code without uid.
So I'm going to drop that index, no doubt about it. The reliable method
would be to slapcat-reconfigure-slapadd of course, but that will cost
lots of planning and timing (the base is replicated on 3 servers, and is
constantly updated, 2 servers must be available at all the time). It is
feasible, but it *will* be a pain.
So: Can't i simply drop the index from the config file, restart, and
thats it? That is, remove the line:
index code eq,sub
And perhaps the code.dbb file from the database directory? Perhaps
Further tests indicate that it works, lookups, updates and everything
seem OK. But there is a worrying warning in the logfile:
2007-09-11 12:09:53.742266500 <= bdb_equality_candidates: (code)
index_param failed (18)
The warning persists after slapindex, but is not there when I search for
attributes that was "born" without an index.
So will it break eventually? Or do I need to tell the backend something?
Background (as much as I can dig up, perhaps too much):
OpenLDAP: slapd 2.3.25
Backend: back_bdb, vers 4.2 (Berkeley DB, Btree, version 9)
Linux: Debian 2.6.18
Sears filter (always): "(&(uid=...)(code=...))" (experimentally shown to
work fine without index on "code")
And the same question for:
OpenLDAP: slapd 2.2.26
Backend: ldbm (Berkeley DB, Btree, version 8)
Linux: Mandrake Linux 9.0 3.2-1mdk
Sears filter (always): "(&(uid=...)(code=...))"
Thanks for reading this far :-) and for any answers.
- Ole Thomsen
Hi all, I use a ldapbrowser (its open source java ldapbrowser) to view all my openldap entries.
Im able to read all the attribute values when i view through the ldapbrowser.
But when i do slapcat and generate a ldif file i see some attribute like this
but when i view the same entry in ldapbrowser its fine.
Any one know why entry looks encrypted using slapcat.
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
Is there a way to create aliases for dn's?
For example, right now I point my client to:
Now, I want to create an alias so that the examples below point to those
In other words, any reference in my client to: dc=my,dc=alias,dc=com
would resolve in the ldap database to: dc=my,dc=example,dc=com
Is there a way to do this? If so, where can I locate these instructions?
Software Creations http://www.scbbs.com
Self-Administration Web Site http://saw.scbbs.com
SDSS Subscription Mgmt Service http://sdss.scbbs.com
Central Ave Dance Ensemble http://www.centralavedance.com
R & B Salsa http://www.randbsalsa.com
I am testing 2.4.5beta syncrepl on 2 identical SuSE-10.2 vmware
slices. On both engines sizelimit is set to unlimited.
While on the provider side no sizelimit restrictions are announced,
that is, all entries above "cn=test0394,ou=benchmark,o=avci,c=de" are
allowed to read, on the consumer side I get a Size limit
exceeded after cn=test0394,ou=benchmark,o=avci,c=de, but further
search requests of the consumer are performed.
Are there any syncrepl consumer size limits, which I am not aware of?
,----[ sync provider log ]
| magenta slapd: => acl_mask: access to entry "cn=test0395,ou=benchmark,o=avci,c=de", attr "objectClass" requested
| magenta slapd: => acl_mask: to all values by "cn=replicator,o=avci,c=de", (=0)
| magenta slapd: <= check a_dn_pat: cn=benchmark,o=avci,c=de
| magenta slapd: <= check a_dn_pat: users
| magenta slapd: <= acl_mask:  applying read(=rscxd) (stop)
| magenta slapd: <= acl_mask:  mask: read(=rscxd)
| magenta slapd: => slap_access_allowed: search access granted by read(=rscxd)
| magenta slapd: => access_allowed: search access granted by read(=rscxd)
,----[ sync consumer log ]
| vmware slapd: syncrepl_entry: rid=2 cn=test0394,ou=benchmark,o=avci,c=de
| vmware slapd: syncrepl_entry: rid=2 entry unchanged, ignored (cn=test0394,ou=benchmark,o=avci,c=de)
| vmware slapd: do_syncrep2: rid=2 LDAP_RES_SEARCH_RESULT
| vmware slapd: do_syncrep2: rid=2 (4) Size limit exceeded
| vmware slapd: do_syncrepl: rid 002 retrying (4 retries left)
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6
We have a openldap 2.3.27 database with 42 GB of total data size . The
server is running with 32 bit processor and it crashes once in 2-3
days.. As a work around for now , we are restarting the slapd process
using cron job. But the restart takes 45 min to 1 hour time and
sometimes more than that. Is there any way to bring up the server fast
? It is taking time to cache data before it start ?
I see, now...
Thanks a lot!
De: Pierangelo Masarati [mailto:firstname.lastname@example.org]
Enviada em: segunda-feira, 10 de setembro de 2007 17:48
Para: Luís Fernando C. Talora
Cc: OpenLDAP Software List
Assunto: Re: RES: ldapsearch and accented names
Please reply on the list
Luis Fernando C. Talora wrote:
> Thank you, Mr. Pierangelo! I new that it would be a way to make that "readble", but I had no idea how to do it.
> I´m using it on a script. Do you know a way to find out when the string returned is encoded in base64 or not?
When the attribute is base64 encoded, the value is separated from the name by "::", as clearly indicated in RFC 2849.
Ing. Pierangelo Masarati
OpenLDAP Core Team
via Dossi, 8 - 27100 Pavia - ITALIA
Office: +39 02 23998309
Mobile: +39 333 4963172
Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo.
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.