Hello
I've got a wierd problem with my ldap server which reoccurs every few months. In past I could fix it with completely deleting the ldap database, but somehow this doesn't satisfy me (lot of work to set it up again).
I run every night a little script which deletes all users based on a list, this usually works fine. Afterwards it imports all users again with their maybe changed attributes.
This looks like: ldapdelete -x -D "cn=admin,ou=admin,dc=domain,dc=ch" -w password -h localhost -c -f /opt/active-directory-to-ldap/ldap-dn-delete-list.ldif
ldapadd -f /opt/active-directory-to-ldap/ldap-import.ldif -h localhost -D "cn=admin, ou=admin,dc=domain,dc=ch" -w password -a -c -x
The content of the ldap-dn-delete-list.ldif file: CN=user1,DC=domain,DC=ch CN=user2,DC=domain,DC=ch CN=user3,DC=doamin,DC=ch ....
The content of the ldap-import.ldif file:
dn: CN=user1,DC=domain,DC=ch objectClass: ... objectClass: ... cn: user1 sn: Surname givenName: Givenname mail: user1@domain.ch
(objectclass info removed)
Now since yesterday is this producing me the following errors. While deleting: Delete Result: No such object (32) Matched DN: dc=domain,dc=ch Delete Result: No such object (32) Matched DN: dc=domain,dc=ch Delete Result: No such object (32) Matched DN: dc=domain,dc=ch
Afterwards adding:
adding new entry "CN=user1,DC=domain,DC=ch" ldap_add: Already exists (68)
adding new entry "CN=user2,DC=domain,DC=ch" ldap_add: Already exists (68)
adding new entry "CN=user3,DC=domain,DC=ch" ldap_add: Already exists (68)
If I check the database in Jxplorer then I can see that it's empty besides the admin OU.
I also tried ldapmodify, this produces: modifying entry "CN=user1,DC=domain,DC=ch" ldap_modify: No such object (32) matched DN: dc=domain,dc=ch ...
Any ideas what this could be?
This is a default debian installation which ldapd version: slapd -V @(#) $OpenLDAP: slapd 2.2.23 (May 30 2005 08:52:42) $
@pulsar:/home/torsten/packages/openldap/openldap2.2-2.2.23/debian/build/ servers/slapd
Thanks, Patrick
--On Thursday, January 04, 2007 10:01 AM +0100 poberli@hsr.ch wrote:
Any ideas what this could be?
This is a default debian installation which ldapd version: slapd -V @(#) $OpenLDAP: slapd 2.2.23 (May 30 2005 08:52:42) $
Yes, you need to upgrade to a later release. Preferably, 2.3, which has auto recovery. It sounds like your database is not being shut down cleanly, and you are not running db_recover when that happens. There were many issues with the 2.2.23 release, IIRC. 2.2.30 was the last release in the 2.2 series, and 2.3 is now up to 2.3.32. 2.3 adds many nice new features in addition to significant performance increases.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
On Thursday 04 January 2007 19:06, Quanah Gibson-Mount wrote:
--On Thursday, January 04, 2007 10:01 AM +0100 poberli@hsr.ch wrote:
Any ideas what this could be?
This is a default debian installation which ldapd version: slapd -V @(#) $OpenLDAP: slapd 2.2.23 (May 30 2005 08:52:42) $
Yes, you need to upgrade to a later release. Preferably, 2.3, which has auto recovery. It sounds like your database is not being shut down cleanly, and you are not running db_recover when that happens. There were many issues with the 2.2.23 release, IIRC. 2.2.30 was the last release in the 2.2 series, and 2.3 is now up to 2.3.32.
2.3.31 is the latest (by tarballs available, and tags) that I can see ... and here I was just about to build new packages with patches for the most recent 3 post-2.3.31 ITSs ...
2.3 adds many nice new features in addition to significant performance increases.
Of course, there could be other reasons for the problems the user is having.
E.g., this could be ldbm data integrity problems (just switching to bdb should fix that). Upgrading to 2.3.x with ldbm may not have any benefit ...
Patrick, it may be best giving some details of your database backend, and any configuration you have for it (e.g. checkpoint and use or not of a DB_CONFIG file in the case of bdb). If you're not sure, the relevant bits of your slapd.conf would be useful.
Regards, Buchan
Hello Buchan and hello Quanah
Thank you for your mails. I was now able to fix it, but first some more details.
The server crashed the day before, so it wasn't shutdown cleanly. After the server was rebooted and slapd started again, did it overwrite one of the log.0000xxx files (the one where it was restarted the last time correctly). I tried to fix it then with a db4.2_recover, but because one of the logfiles was missing (overwritten by a new one) was that not anymore able. I was only able to fix it by deleting the whole database and re-importing everything again :(
I do now a daily restart of the database, so at least this issue should be fixed.
I don't yet upgrade the version, because I want to keep the debian (3.1) package so that I'm able to use apt-get to update my system. If debian decides to update to 2.3 then fine :) but I guess they won't in this version.
Anyway thanks for your help, I learned once again a lot about LDAP!
Cheers, Patrick
-----Original Message----- From: openldap-software-bounces+poberli=hsr.ch@OpenLDAP.org [mailto:openldap-software-bounces+poberli=hsr.ch@OpenLDAP.org] On Behalf Of Buchan Milne Sent: Donnerstag, 4. Januar 2007 18:42 To: openldap-software@openldap.org Cc: Oberli Patrick (poberli@hsr.ch) Subject: Re: Problem with my ldap server and users
On Thursday 04 January 2007 19:06, Quanah Gibson-Mount wrote:
--On Thursday, January 04, 2007 10:01 AM +0100 poberli@hsr.ch wrote:
Any ideas what this could be?
This is a default debian installation which ldapd version: slapd -V @(#) $OpenLDAP: slapd 2.2.23 (May 30 2005 08:52:42) $
Yes, you need to upgrade to a later release. Preferably,
2.3, which
has auto recovery. It sounds like your database is not being shut down cleanly, and you are not running db_recover when that
happens. There were
many issues with the 2.2.23 release, IIRC. 2.2.30 was the
last release in
the 2.2 series, and 2.3 is now up to 2.3.32.
2.3.31 is the latest (by tarballs available, and tags) that I can see ... and here I was just about to build new packages with patches for the most recent 3 post-2.3.31 ITSs ...
2.3 adds many nice new features in addition to significant performance increases.
Of course, there could be other reasons for the problems the user is having.
E.g., this could be ldbm data integrity problems (just switching to bdb should fix that). Upgrading to 2.3.x with ldbm may not have any benefit ...
Patrick, it may be best giving some details of your database backend, and any configuration you have for it (e.g. checkpoint and use or not of a DB_CONFIG file in the case of bdb). If you're not sure, the relevant bits of your slapd.conf would be useful.
Regards, Buchan
-- Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
openldap-software@openldap.org
-
Buchan Milne -
poberli@hsr.ch -
Quanah Gibson-Mount