hello everybody,
I'm quite new to OpenLdap. Actually i've been using it for a few years, but I have no deep knowlege. The problem I'm facing is my cosumer replicas are segfaulting. My design: I have one master with several o=BranchX,dc=example,dc=com This is provider. I have several (the number is X-1) replicas, consumers. All consumers are replicating its branch o=BranchX,dc=example,dc=com and one common branch o=BranchMain,dc=example,dc=com. The picture is like this:
Provider o=BranchMain,dc=example,dc=com o=Branch1,dc=example,dc=com o=Branch2,dc=example,dc=com ..... o=BranchX,dc=example,dc=com
Consumer 1: o=BranchMain,dc=example,dc=com o=Branch1,dc=example,dc=com
Consumer 2: o=BranchMain,dc=example,dc=com o=Branch2,dc=example,dc=com
At the begining I had one consumer, which was segfaultin just randomly once or twice a day. I decided to comment out my syncrepl directives in conf file and now it is running for a day and half. I should mention, that after cosumer segfaults I cannot start slapd any more. The only solution I have is to delete ol /var/lib/ldap (all database) directory contents and then restarting slapd. If restarting slapd on the old database - segfaulti is happening.
Since this was a smaill branch and only one branch I thought to debug the problem later. Today I faced the same situation on a biger consumer. The same situation. slapd just crashed and only deleting database helped me to start it again.
My systems are Mandriva 2008.1 with slapd version: @(#) $OpenLDAP: slapd 2.4.8 (Mar 23 2008 16:49:39) $ mandrake@klodia.mandriva.com: /home/mandrake/rpm/BUILD/openldap-2.4.8/servers/slapd
I have one branch runing old slapd versions (the ones comming with Mandriva 2007.0), but they seem to work except that I can have replicated only one branch (one rid). Seems old slapd doesn't support several rids.
Can anybody help me to debug this situation? This configuration is rather new but I was thinking to build all infrastructure on such a configuration, so segfaulting is very big issue. Provider (master) configuration is:
include /usr/share/openldap/schema/core.schema include /usr/share/openldap/schema/cosine.schema include /usr/share/openldap/schema/corba.schema include /usr/share/openldap/schema/inetorgperson.schema include /usr/share/openldap/schema/nis.schema include /usr/share/openldap/schema/openldap.schema include /usr/share/openldap/schema/samba.schema include /usr/share/openldap/schema/qmail.schema include /etc/openldap/schema/local.schema include /etc/openldap/slapd.access.conf access to dn.subtree="dc=example,dc=com" by group="cn=Replicator,ou=Group,dc=example,dc=com" by users read by anonymous read pidfile /var/run/ldap/slapd.pid argsfile /var/run/ldap/slapd.args modulepath /usr/lib64/openldap moduleload syncprov.la TLSRandFile /dev/random TLSCipherSuite HIGH:MEDIUM:+SSLv2+SSLv3 TLSCertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem TLSCACertificatePath /etc/pki/tls/certs/ TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSVerifyClient never # ([never]|allow|try|demand) database bdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw secret directory /var/lib/ldap checkpoint 256 5 index mailAlternateAddress eq,sub index accountStatus,mailHost,deliveryMode eq index default sub index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq index entryCSN,entryUUID eq limits group="cn=Replicator,dc=infosaitas,dc=lt" size=unlimited time=unlimited
access to * by group="cn=Replicator,dc=infosaitas,dc=lt" write by * read overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 10
Consumers configuration (all the same): include /usr/share/openldap/schema/core.schema include /usr/share/openldap/schema/cosine.schema include /usr/share/openldap/schema/corba.schema include /usr/share/openldap/schema/inetorgperson.schema include /usr/share/openldap/schema/nis.schema include /usr/share/openldap/schema/openldap.schema include /usr/share/openldap/schema/samba.schema include /usr/share/openldap/schema/qmail.schema include /etc/openldap/schema/local.schema include /etc/openldap/slapd.access.conf include /etc/openldap/slapd.access.ldapauth.conf access to dn.subtree="dc=example,dc=com" by group="cn=Replicator,ou=Group,dc=example,dc=com" by users read by anonymous read pidfile /var/run/ldap/slapd.pid argsfile /var/run/ldap/slapd.args modulepath /usr/lib64/openldap moduleload back_ldap.la TLSCertificateFile /etc/ssl/openldap/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem TLSCACertificateFile /etc/ssl/openldap/ldap.pem overlay chain chain-uri "ldap://master.server" chain-idassert-bind bindmethod="simple" binddn="cn=Manager,dc=example,dc=com" credentials=secret mode="none" chain-tls start chain-return-error TRUE database bdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw secret directory /var/lib/ldap checkpoint 256 5 index objectClass eq index mailAlternateAddress eq,sub index accountStatus,mailHost,deliveryMode eq index default sub index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index sambaSID,sambaDomainName,displayName eq limits group="cn=Replicator,ou=Group,dc=example,dc=com" size=unlimited time=unlimited
syncrepl rid=1 provider=ldap://master.server:389 type=refreshAndPersist retry="60 +" searchbase="o=BranchMain,dc=example,dc=com" filter="(objectClass=*)" scope=sub attrs=* schemachecking=off bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret starttls=yes syncrepl rid=2 provider=ldap://master.server:389 type=refreshAndPersist retry="60 +" searchbase="o=Branch1,dc=example,dc=com" filter="(objectClass=*)" scope=sub attrs=* schemachecking=off bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret starttls=yes updateref ldap://master.server
Thanks for any hints on this Liutauras