--On Thursday, June 22, 2017 9:19 PM +0000 Ron Lamarche Ron.Lamarche@innovapost.com wrote:
I've installed the RHEL 6.9 OpenLDAP bundled product and have a working suffix based on cn=config vs. slapd.conf model but cannot get the accesslog overlays/DB's to work properly (ldapsearch returns accesslog records but never completes and instead hangs showing "ldap_int_select" . Need to ctl –c to exit )
Hi Ron,
The OpenLDAP build distributed by RedHat is known to have severe issues. It is strongly recommended to avoid their OpenLDAP builds because of this and their advanced age. If you are not able to build OpenLDAP yourself, the LTB project provides standard OpenLDAP builds for free: http://ltb-project.org/wiki/download#openldap
If you require support, Symas (my employer) has such an offering. Our OpenLDAP builds also include features not yet available from the OpenLDAP project.
You may be well facing any of a number of bugs that have been fixed in the 2.5 years since 2.4.40 was released, in particular:
Fixed slapd cn=config when updating olcAttributeTypes (ITS#8199) Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS#8423)
Finally, I would also note that the back-bdb backend has been deprecated since OpenLDAP 2.3, and as of OpenLDAP 2.4, back-hdb is also deprecated. The recommended backend is back-mdb, which is built on top of LMDB (http://www.symas.com/lmdb/, https://en.wikipedia.org/wiki/Lightning_Memory-Mapped_Database)
In general, issues with RedHat's build will not be explored unless you can reproduce the same problem with a current build of OpenLDAP.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com