All,
I just restarted with the group, and the OpenLDAP software has not been upgraded - currently 2.4.23 (that will be coming...hopefully). Anyway, an issue that was brought to my attention upon starting was that slapd needs to be restarted daily. It is still running, it just stops responding (no one can log in). Nothing has, previously, been found in the logs. The other day, during my initial search through the slapd logs I found:
conn=1144 op=1 SRCH attr=automountKey automountInformation
<= bdb_equality_candidates: (automountKey) not indexed
<= bdb_equality_candidates: (automountKey) not indexed
<= bdb_equality_candidates: (automountKey) not indexed
Which I added "olcDbIndex: automountKey eq" to the cn=config/olcDatabase={1}bdb.ldif. Took care of that one. But, under further investigation I am finding this, repeatedly (for slapcat, slapd, and others):
Dec 5 00:00:02 server_name slapcat: unable to dlopen /usr/lib/sasl2/libanonymous.so.2: /usr/lib/sasl2/libanonymous.so.2: wrong ELF class: ELFCLASS32
Dec 5 00:00:02 server_name slapcat: unable to dlopen /usr/lib/sasl2/libplain.so.2: /usr/lib/sasl2/libplain.so.2: wrong ELF class: ELFCLASS32
Dec 5 00:00:02 server_name slapcat: unable to dlopen /usr/lib/sasl2/libsasldb.so.2: /usr/lib/sasl2/libsasldb.so.2: wrong ELF class: ELFCLASS32
Dec 5 00:00:02 server_name slapcat: unable to dlopen /usr/lib/sasl2/liblogin.so.2: /usr/lib/sasl2/liblogin.so.2: wrong ELF class: ELFCLASS32
Dec 5 02:00:02 server_name setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read" to libsasl2.so.2 (usr_t). For complete SELinux messages. run sealert -l c4516acc-2dde-4dca-973e-86cd6686ee9f
Dec 5 02:30:02 server_name setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read" to libsasl2.so.2 (usr_t). For complete SELinux messages. run sealert -l c4516acc-2dde-4dca-973e-86cd6686ee9f
Dec 5 02:31:08 server_name tar: nss-ldap: do_open: do_start_tls failed:stat=-1
Not sure why it should even been trying to use the these lib files, as one, we are not using SASL. Looking at "ldd slapd" it is seeing only 64-bit libraries.
Anyone have any suggestions?
John D. Borresen (Dave)
Linux/Unix Systems Administrator
MIT Lincoln Laboratory
Surveillance Systems Group
244 Wood St
Lexington, MA 02420
Ph: (781) 981-1609
Email: john.borresen(a)ll.mit.edu<mailto:john.borresen@ll.mit.edu>