slapd.conf:
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/ inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/openldap.schema include /usr/local/openldap/etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules: modulepath /usr/local/openldap/libexec/openldap # moduleload back_bdb.la moduleload back_ldap.la moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la
# restrict userPassword for authentication only, allowing changes by user access to attrs=userPassword by self write by * auth
# allow the world read access access to * by * read
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem TLSCertificateFile /etc/openldap/cacerts/replica.pem TLSCertificateKeyFile /etc/openldap/cacerts/replica.pem
####################################################################### # BDB database definitions #######################################################################
database bdb suffix "dc=domain,dc=net" rootdn "cn=admin,dc=domain,dc=net" rootpw secret # Mode 700 recommended. directory /usr/local/openldap/var/openldap-data # Indices to maintain index objectClass,uid,uidNumber,gidNumber,memberUid eq
#######################################################################
As for logging, when I added the -s 1 it seemed to be dumping the same type of info to syslog that it dumps to console when started with -d 1. Is this different?
On Oct 11, 2007, at 2:21 PM, Quanah Gibson-Mount wrote:
--On Thursday, October 11, 2007 11:45 AM -0700 "Josh M. Hurd" JoshH@revenuescience.com wrote:
I have been fighting with this issue for a couple months now and I really need a solution.
I have 2 openldap servers recently upgraded to 2.3.38 with a brand new rebuilt bdb from an LDIF dump. The 2 servers sit behind a load balancer (read-only) and provide basic authentication for about 300 linux servers. There's not much traffic on them but those who need access need access.
Can you share your slapd.conf, minus passwords?
Is it slapd that stops responding to queries, or the load balancer? I.e., are you testing queries via the LB, or directly to slapd, when this happens?
Also, debug logging would be -d -1. -s is syslog level to use.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration