Adding 

# checkpointing - added 8/29/2017
checkpoint 128 10

To slapd.conf then running

sudo db_archive -d -h /var/lib/ldap/domain

Removed the old log files.  /var now using under 1GB.

Thanks Howard!

Our LDAP server contains about 4000 entries.  At what point would adding DB_CONFIG be needed for performance reasons?  How would I even ascertain that there's performance issues?


Thanks,

Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Physiology and Biophysics
Weill Cornell Medicine
E: doug@med.cornell.edu
O: 212-746-6305
F: 212-746-8690

On Mon, Aug 28, 2017 at 10:19 AM, Douglas Duckworth <dod2014@med.cornell.edu> wrote:
Thanks for the reply, Howard.

Thanks for pointing me in the right direction.  From what I have read there are two options.

1) Copy /usr/share/openldap-servers/DB_CONFIG.example to /var/lib/domain then rebuild the database.
2) Enable checkpointing in slapd.conf

Does enabling checkpointing in slapd.conf require rebuilding the database or can I simply restart slapd.conf?  We are not using online configuration.

Best
Doug



Thanks,

Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Physiology and Biophysics
Weill Cornell Medicine

On Fri, Aug 25, 2017 at 8:55 AM, Howard Chu <hyc@symas.com> wrote:
Douglas Duckworth wrote:
> Hi
>
> I am running openldap-servers-2.4.40-16.el6.x86_64 cluster on Centos 6.9.  My
> /var/lib/ldap directory contains many 10MB log files.  /var partition rather
> small...
>
> I've read they can be removed either by running "sudo db_archive -d -h
> /var/lib/ldap/domain" or by defining "DB_LOG_AUTOREMOVE" within the file
> "DB_CONFIG."  That file does not presently exist whereas the db_archive
> command does not actually remove any of the log files.

If the db_archive command doesn't remove anything, that means it thinks all of
the log files are still in active use.

Read the docs more carefully.
https://urldefense.proofpoint.com/v2/url?u=http-3A__docs.oracle.com_cd_E17076-5F05_html_programmer-5Freference_transapp-5Flogfile.html&d=DwICaQ&c=lb62iw4YL4RFalcE2hQUQealT9-RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m=WP95x8mwSiEHHqUWRqJv6WdpfcTtJDAUAKN756yEEDA&s=Kfi27b4v7vABZjPQYMkeo4xBqUyDGZeyB8pHAFin8xY&e=

>
> Can I remove the old log files manually using rm?

Not if the above is true, you will corrupt the logs and the DB will fail to
open on a subsequent restart.

> If not should I create
> /var/lib/ldap/DB_CONFIG then restart slapd to make this removal automatic?

> Do you have any idea why db_archive does not work or produce any helpful error
> to stdout?

There's no error message because there's no error, everything is working as
designed.

You need to do periodic checkpoints to allow log files to be closed, and then
db_archive will be able to remove some of them.

--
   -- Howard Chu
   CTO, Symas Corp.           https://urldefense.proofpoint.com/v2/url?u=http-3A__www.symas.com&d=DwICaQ&c=lb62iw4YL4RFalcE2hQUQealT9-RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m=WP95x8mwSiEHHqUWRqJv6WdpfcTtJDAUAKN756yEEDA&s=IT7tNF72SCugdO8WpRd-oNsk4nPNpdjE2aUFL4R4X_M&e=
   Director, Highland Sun     https://urldefense.proofpoint.com/v2/url?u=http-3A__highlandsun.com_hyc_&d=DwICaQ&c=lb62iw4YL4RFalcE2hQUQealT9-RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m=WP95x8mwSiEHHqUWRqJv6WdpfcTtJDAUAKN756yEEDA&s=XqfYCnjG9ibPbeW05QZOlWdl9u0ZH-7IXkxx0gh238k&e=
   Chief Architect, OpenLDAP  https://urldefense.proofpoint.com/v2/url?u=http-3A__www.openldap.org_project_&d=DwICaQ&c=lb62iw4YL4RFalcE2hQUQealT9-RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m=WP95x8mwSiEHHqUWRqJv6WdpfcTtJDAUAKN756yEEDA&s=-tGdeTJRpeaRbljBBUq49XgfNWzVElqiGEgv0LeqspU&e=