I am using the CentOS Yum repository and am running slapd version 2.3.27 on a CentOS 5.2 box.
I've been trying to understand OpenLDAP's use of the DB_CONFIG file as well as other database-related directives that appear in slapd.conf. For example, I tried to set DB_LOG_AUTOREMOVE in DB_CONFIG but that seemed to do nothing. I have been having to run "slapd_db_archive -d" to remove old log files. If I don't do this, I often wind up with dozens of log files (at 10GB each) pretty quickly.
There also seems to be some ambiguity as far as which options should be specified in slapd.conf versus placed in a DB_CONFIG.
So my questions are:
1. Where should I be putting my Berkeley DB configuration options, especially related to automated checkpoints and automatic log removal? slapd.conf or DB_CONFIG?
2. Is there some other option I have to use to have slapd actually remove old log files once they're not needed for a transaction anymore?
By the way, this is mostly a problem for my slapo-accesslog database, which has significantly more data in it (by a factor of almost 100) than my actual database. The insanity of all this is that I really just need to grab the last successful bind and last unsuccessful bind date for each user account, and I can't seem to find a better way to do it than with slapo-accesslog. Is there some other much more obvious flag or something I could set on my LDAP server that would just record the last bind attempt timestamps for each user account?
Tim Gustafson BSOE Webmaster UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354
--On Monday, February 02, 2009 1:48 PM -0800 Tim Gustafson tjg@soe.ucsc.edu wrote:
So my questions are:
- Where should I be putting my Berkeley DB configuration options,
especially related to automated checkpoints and automatic log removal? slapd.conf or DB_CONFIG?
Whichever you prefer. All doing it in slapd.conf does is make it create a DB_CONFIG file with those options. I will note that the "checkpoint" directive in slapd.conf is not a DB_CONFIG file option.
- Is there some other option I have to use to have slapd actually remove
old log files once they're not needed for a transaction anymore?
The option to remove old log files is a DB_CONFIG option that you can put into slapd.conf. See the DB_CONFIG documentation. You must also have check points defined.
By the way, this is mostly a problem for my slapo-accesslog database, which has significantly more data in it (by a factor of almost 100) than my actual database. The insanity of all this is that I really just need to grab the last successful bind and last unsuccessful bind date for each user account, and I can't seem to find a better way to do it than with slapo-accesslog. Is there some other much more obvious flag or something I could set on my LDAP server that would just record the last bind attempt timestamps for each user account?
Use ppolicy maybe? I think that has last login tracking info.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
Quanah Gibson-Mount -
Tim Gustafson