slapcat error
by Adam Williams
My OpenLDAP installation seems to be running ok, running on Fedora 8 X64
w/ openldap 2.3.43., users and groups are operating fine from LDAP.
however, i'm trying to make a copy of all of the data for backup
purposes, and for some reason, I can't run slapcat.
[root@roark ldap]# slapcat -v -l /root/backup.ldif -b
"dc=mdah,dc=state,dc=ms,dc=us"
bdb_db_open: Warning - No DB_CONFIG file found in directory
/var/lib/ldap: (2)
Expect poor performance for suffix dc=mdah,dc=state,dc=ms,dc=us.
bdb_db_open: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or
directory (2)
bdb(dc=mdah,dc=state,dc=ms,dc=us): Unknown locker ID: 0
backend_startup_one: bi_db_open failed! (2)
slap_startup failed
so /root/backup.ldif wasn't created. I look in /var/lib/ldap and it
contains:
[root@roark ldap]# ls -l /var/lib/ldap/
total 772
-rw-r--r-- 1 root root 2048 2009-01-07 12:02 alock
-rw------- 1 root root 24576 2009-01-06 16:59 __db.001
-rw------- 1 root root 368640 2009-01-06 16:59 __db.002
-rw------- 1 root root 270336 2009-01-06 16:59 __db.003
-rw------- 1 root root 98304 2009-01-06 16:59 __db.004
-rw------- 1 root root 557056 2009-01-06 16:59 __db.005
-rw------- 1 root root 24576 2009-01-06 16:59 __db.006
-rw------- 1 root root 10485760 2009-01-06 16:59 log.0000000001
Where are all the missing files!?!?!?!??!?! I'm scared to even restart
slapd because it probably wouldn't start properly. On my server at home
with a similar configuration, it has more files in /var/lib/ldap such as
cn.dbd, id2entry.bdb, displayName.dbd, dn2id.bdb, gidNumber.bdb,
memberUid.bdb, objectClass.bdb, sambaDomainName.bdb,
sambaPrimaryGroupSID.bdb, sambaSID.bdb, sn.bdb, uid.bdb, and
uidNumber.bdb.
So what can I do to get id2entry.bdb and such back on roark so that I
can do a slapcat?
14 years, 11 months
Many nonpresent_callback lines in log for every replication
by Mathieu MILLET
Hi everyone,
Just to know, still in the multimaster replication (using openldap 2.4.13),
when doing a replication of a single element, I get a line that look like
that on the other server :
-----
nonpresent_callback: rid=201 present UUID
549ca77a-5fce-102d-8bd8-39f2ef728e07, dn
cn=isis,ou=protocols,ou=etc,dc=local
------
for _every_ object in the directory, between the lines (for example) :
do_syncrep2: rid=201 LDAP_RES_INTERMEDIATE - SYNC_ID_SET
do_syncrep2: rid=201 LDAP_RES_INTERMEDIATE - SYNC_ID_SET
do_syncrep2: rid=201 LDAP_RES_SEARCH_RESULT
do_syncrep2:
cookie=rid=201,sid=002,csn=20090106170623.060202Z#000000#002#000000;20090106171235.738693Z#000000#001#000000
and
slap_queue_csn: queing 0xa1def938 20090106171235.738693Z#000000#001#000000
slap_graduate_commit_csn: removing 0xa03049a8
20090106171235.738693Z#000000#001#000000
My loglevel is set to : Config, Packets, Parse, Stats, Stats2, Sync
Are these lines normal ?
Thanks in advance for any answer.
Sincerely yours, Mathieu.
--
Mathieu MILLET
mailto:ldap@htam.net
----
14 years, 11 months
modifying replicated slave
by Graham Seaman
Hi,
I have a busy master directory and need to replicate this to a quieter
slave. The slave will have one client, which occasionally needs to make
modifications to the directory. As I understand the documentation, in
this situation the old slurpd would happily reroute the modification
request to the master, and the change would eventually feed back to the
slave. But I can't find anything about what happens in this situation
with syncrepl. Does it just quietly accept modifications and allow
itself to get out of sync with the master?
Thanks
Graham
14 years, 11 months
Re: Excess log.* Files
by Quanah Gibson-Mount
--On Monday, January 05, 2009 10:13 AM -0800 Tim Gustafson
<tjg(a)soe.ucsc.edu> wrote:
>> Next question -- What version of OpenLDAP are you running?
>
> slapd 2.3.19
>
> I know it's an older version. This box will be replaced with a newer
> version (slapd 2.3.27) in a few months, but it's slow going to move over
> a network like ours to a new LDAP infrastructure.
Please keep replies on the list.
I would note that OpenLDAP 2.3.27 is *also* an ancient release. It appears
you are making the common mistake of using vendor supplied builds (I.e.,
RHEL or CentOS). Don't do this, it's sure suicide.
See: <http://www.openldap.org/faq/data/cache/1456.html>
What version of BDB your OpenLDAP is linked to would also be useful. In
any case, checkpointing certainly works for me with later OpenLDAP 2.3
releases, but I know it was broken in OL 2.2, and it may have been in the
early 2.3 releases.
If you can't build and maintain OpenLDAP yourself, I highly advise either
contracting with Symas for their builds that come with support
(http://www.symas.com), or using the builds from Buchan Milne
(<http://staff.telkomsa.net/packages/>).
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
14 years, 11 months
Re: OpenLdap 2.4 - Push replication slave/consumer behind firewall
by Aaron Richton
Please keep replies on the list.
From your source directory (and note that if you're using syncrepl, this
really should be the latest 2.4, not 2.4.11), cd into tests, then "./run
test048". The test will occur in the "testrun" directory -- you can find
slapd.1.conf and slapd.2.conf there.
On Mon, 5 Jan 2009, Jose G. Torres wrote:
> Aaron,
> A few questions.
>
>
> First, do I assume to look at the source distribution under tests/scripts directory for these examples?� I am look at the 2.4.11 version.
>
>
> Look at test048 (the really good parts are in the slapd.1.conf).
> When you mean to look at test048, do you mean tests/scripts/test048-syncrepl-multiproxy?
>
> Basically, drop the port 9013 configuration, and tune the 9012 one to your
> reality. In particular, you'll want to remove the slapd.2.conf chain
> directives (consider adding an updateref if appropriate) since the slave
> won't be able to make the necessary connection.
> I am trying to find the slapd.1.conf and slapd.2.conf files.�� Are these files called tests/data/slapd-syncrepl-*.conf or something like that?
>
>
> Thanks!
>
> Jose
>
14 years, 11 months
OpenLdap 2.4 - Push replication slave/consumer behind firewall
by Jose G. Torres
Hello,
I hope I am asking this question the correct group .
I have a master/provider ldap server that can see the slave/consumer but not the other way around because my slave/consumer is behind a firewall and do not allow outbound connections. I would like to replicate my directories but as far as I understand replication can only happen if slave/consumer issue the replication.
I just need to have a read only copy on the slave/consumer end. Could I do some like push an ldif copy my directory to the slave/consumer? Thanks!!!!
Jose
14 years, 11 months
Excess log.* Files
by Tim Gustafson
Hi,
I've noticed that adding users to LDAP groups seems to generate lots of log.* files. Adding about 10 users to various LDAP groups (as 10 individual ldap_mod_add transactions from a PHP script) generates a 10MB log.* file, and in half an hour of running the script, I wind up with a dozen or more log.* files.
In my slapd.conf, I have:
checkpoint 100 10
and in DB_CONFIG, I have:
set_flags DB_LOG_AUTOREMOVE
But the log files stick around until I execute:
/usr/sbin/slapd_db_checkpoint -1
/usr/sbin/slapd_db_archive -d
Am I missing something here? I'm thinking that based on my configuration, I should wind up with one or two log.* files at any given time, but it seems that the options are perhaps being ignored?
Tim Gustafson
SOE Webmaster
UC Santa Cruz
tjg(a)soe.ucsc.edu
831-459-5354
14 years, 11 months
Re: OpenLDAP and DNS SRV records
by Gavin Henry
----- "Matt Kowske" <jmkowske(a)gmail.com> wrote:
> Hello,
>
> I have been searching google trying to find an answer to this, but
> have only things dated 2001 and prior. Question: Does openldap
> (client) support the use of SRV records to determine the availability
> of an ldap server? In this particular case, the openldap libraries are
> compiled into another unix executable and 1 of 8 AD servers is
> contacted via round robin DNS aliasing. Is it possible for openldap to
> reference the SRV record in DNS rather than the A record?
2.4 does, 2.3 doesn't.
--
Kind Regards,
Gavin Henry.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry(a)suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.
Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html
14 years, 11 months
