RE: monitor mirror mode
by François Mehault
Thanks for your response. ContextCSN seems perfect but, I try on my two OpenLDAP:
<10:13>[labobe2:~]# ldapsearch -x -LLL -H ldap://openldapID1:389 -s base -b 'dc=netplus,dc=fr' contextCSN dn: dc=netplus,dc=fr
dn: dc=netplus,dc=fr
contextCSN: 20090629115508.383110Z#000000#002#000000
contextCSN: 20090702080926.118569Z#000000#001#000000
<10:07>[labobe1:~]# ldapsearch -x -LLL -H ldap:// openldapID2:389 -s base -b 'dc=netplus,dc=fr' contextCSN dn: dc=netplus,dc=fr
dn: dc=netplus,dc=fr
contextCSN: 20090629115508.383110Z#000000#002#000000
contextCSN: 20090702080926.118569Z#000000#001#000000
As you can see I have two results by request. And I have effectively the same result on each server. Can I conclude just with this results that the replication works well ? I though I would have one contextCSN for each request instead of two.
Thanks for your help.
Regards,
François
De : Gavin Henry [mailto:ghenry@OpenLDAP.org]
Envoyé : vendredi 26 juin 2009 17:14
À : François Mehault
Cc : openldap-technical(a)openldap.org
Objet : Re: monitor mirror mode
You can use:
http://blog.suretecsystems.com/archives/146-OpenLDAP-Quick-Tips-Checking-...
----- "François Mehault" <Francois.Mehault(a)netplus.fr> wrote:
>
>
Hi all
I use 2 openldap with mirror mode replication. And in fact I want to monitor both with Nagios. I want to be sure that replication works, So I ask myself if there is some numerous version on each OpenLDAP that I could check if they are equal. This value would be update after each replication. Something like that exist ? Or, how can I monitor the replication ? If you have some lead, I am interested. Thanks for your help
Have a good week end.
François
--
Kind Regards,
Gavin Henry.
OpenLDAP Engineering Team.
E ghenry(a)OpenLDAP.org
Community developed LDAP software.
http://www.openldap.org/project/
13 years, 9 months
db_archive: DB_ENV->log_archive: DB_NOTFOUND: No matching key/data pair found
by Andreas Krummrich
Hi all,
I'm running OpenLDAP 2.4.11 on a debian lenny box and it seems that I'm
having trouble with the log files. I had a corrupt database some days ago
and needed to restore the database from the backup. The log said:
Jun 28 01:16:59 old slapd[17374]: bdb_db_open: database
"dc=intern,dc=domain,dc=de": unclean shutdown detected; attempting recovery.
Jun 28 01:16:59 old slapd[17374]: bdb_db_open: database
"dc=intern,dc=domain,dc=de": dbenv_open(/var/lib/ldap).
Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de): Ignoring
log file: /var/lib/ldap/log.0000000005: magic number 0, not 40988
Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de): Invalid
log file: log.0000000005: Invalid argument
Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de): PANIC:
Invalid argument
Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de): PANIC:
DB_RUNRECOVERY: Fatal error, run database recovery
Jun 28 01:16:59 old slapd[17374]: bdb_db_open: database
"dc=intern,dc=domain,dc=de" cannot be recovered, err -30978. Restore from
backup!
Jun 28 01:16:59 old slapd[17374]: ====> bdb_cache_release_all
Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de):
txn_checkpoint interface requires an environment configured for the
transaction subsystem
Jun 28 01:16:59 old slapd[17374]: bdb_db_close: database
"dc=intern,dc=domain,dc=de": txn_checkpoint failed: Invalid argument (22).
Jun 28 01:16:59 old slapd[17374]: backend_startup_one: bi_db_open failed!
(-30978)
So I installed a new OpenLDAP server with the same versions and the same
configuration. The first thing what I found out was that db_archive has some
trouble:
On the new box I get the following results from db_archive:
root@new:/var/lib/ldap# db4.2_archive -sa
/var/lib/ldap/cn.bdb
/var/lib/ldap/dn2id.bdb
/var/lib/ldap/gidNumber.bdb
/var/lib/ldap/givenName.bdb
/var/lib/ldap/id2entry.bdb
/var/lib/ldap/loginShell.bdb
/var/lib/ldap/objectClass.bdb
/var/lib/ldap/sn.bdb
/var/lib/ldap/uid.bdb
/var/lib/ldap/uidNumber.bdb
root@new:/var/lib/ldap# db4.2_archive -la
/var/lib/ldap/log.0000000001
root@new:/var/lib/ldap#
Looks good so far. On the old box I get the following results (there are the
same databases)
root@new:/var/lib/ldap# db4.2_archive -sa
root@new:/var/lib/ldap# db4.2_archive -la
db_archive: DB_ENV->log_archive: DB_NOTFOUND: No matching key/data pair
found
root@new:/var/lib/ldap#
I searched the archive and googled this message, but found nothing that fits
my case.
Hope that someone can give me a hint, solving this issue.
Thanks and kind regards,
Andreas
13 years, 9 months
LDAP user cannot login
by Richard Gillman
Hi,
I'm moving an LDAP server from one system to another. Data I copied
using slapcat -l ldapdata; slapadd -c -q -l ldapdata on new system, then
start ldap. But I can't log in as an ordinary user. I've tried resetting
the user password using JXplorer, but no luck.
Can anyone spot something wrong in what I'm trying to do? Suggestions
appreciated.
thanks in advance, Dick
slapd.conf contains
access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk" attrs=userPassword
by anonymous auth
by self write
by dn.exact="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by dn.exact="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read
slapd -d acl gives at startup
(#) $OpenLDAP: slapd 2.3.43 (Jan 21 2009 03:59:37) $
mockbuild@builder10.centos.org:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd
Backend ACL: access to attrs=SambaLMPassword,SambaNTPassword
by dn.base="cn=manager,dc=nerc-sf,dc=ac,dc=uk" write
by * none
Backend ACL: access to dn.base=""
by * read
Backend ACL: access to dn.base="cn=subschema"
by * read
Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
attrs=userPassword
by anonymous auth
by self write
by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read
Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
attrs=userPassword,sambaLMPassword,sambaNTPassword
by anonymous auth
by self write
by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read
Backend ACL: access to dn.subtree="ou=admins,dc=nerc-sf,dc=ac,dc=uk"
by dn.regex="cn=[^,]+,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read
by anonymous auth
Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk"
by peername.ip="192.171.172.0%255.255.255.0" read
by peername.ip="192.171.159.192%255.255.255.192" read
by peername.ip="127.0.0.1" read
=> bdb_entry_get: found entry: "dc=nerc-sf,dc=ac,dc=uk"
=> access_allowed: search access to
"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "entryCSN" requested
<= root access granted
slapd starting
When I try to login, slapd gives
=> access_allowed: read access to
"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "userPassword" requested
=> dn: [1] dc=nerc-sf,dc=ac,dc=uk
=> acl_get: [1] matched
=> acl_get: [1] attr userPassword
access_allowed: no res from state (userPassword)
=> acl_mask: access to entry
"uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: anonymous
<= acl_mask: [1] applying auth(=xd) (stop)
<= acl_mask: [1] mask: auth(=xd)
=> access_allowed: read access denied by auth(=xd)
send_search_entry: conn 1 access to attribute userPassword, value #0 not
allowed
--
Richard Gillman
ITC UNIX Systems Group, Maclean Building, Wallingford OX10 8BB
Tel: 01491 - 692 339
Fax: 01491 - 692 424
13 years, 9 months