Hello

Am using OpenLDAP 'openldap-2.4.31' on debian. I have configured syncrepl .Everything work’s normal. But frequently am getting below Error. The log file ownership is getting changed any one of the node automatically .

here is the Error From syslog.


Mar 29 12:14:26 xxx slapd[29405]: conn=5774 op=40651 SEARCH RESULT tag=101 err=0 nentries=1 text=

Mar 29 12:14:29 xxx slapd[29405]: bdb(dc=xxx,dc=xxx,dc=xxx): /var/lib/ldap/xxx/log.0000000883:

log xxxle unreadable: Permission denied

Mar 29 12:14:29 xxx slapd[29405]: bdb(dc=xxx,dc=xxx,dc=xxx): PANIC: Permission denied

Mar 29 12:14:29 xxx slapd[29405]: bdb(dc=xxx,dc=xxx,dc=xxx): DB_ENV->log_newfh: 883: DB_RUNRECOVERY: Fatal error, run database recovery

Mar 29 12:14:29 xxx slapd[29405]: bdb(dc=xxx,dc=xxx,dc=xxx): txn_checkpoint: log failed at LSN [883 68682]: DB_RUNRECOVERY: Fatal error, run database recovery

Mar 29 12:14:30 xxx slapd[29405]: conn=5774 op=40652 SRCH base="" scope=0 deref=3 xxxlter="(objectClass=*)"

Mar 29 12:14:30 xxx slapd[29405]: conn=5774 op=40652 SRCH attr=objectclass



Any idea what is going wrong here?

LDAP is running as below user .


openldap:x:106:108:OpenLDAP Server Account,,,:/var/lib/ldap:/bin/false

$ id openldap
uid=106(openldap) gid=108(openldap) groups=108(openldap)


I dont find any logs for open file issue.But still i pasted below settings.

open file limit settings

openldap        soft    nofile          65536
openldap        hard    nofile          65536


slapd.conf settings

loglevel        sync stats 
modulepath      /usr/lib/ldap
moduleload      back_hdb
moduleload      syncprov
sizelimit 500
tool-threads 8
threads 16
backend         hdb
database        hdb
monitoring on
cachesize 50000
idlcachesize 50000
directory       "/var/lib/ldap/account"
dbconfig set_cachesize 0 167772160 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index           objectClass,snAccount,snEnabled,entryCSN,entryUUID eq
index           cn eq,pres,subany
lastmod         on
checkpoint      5120 30
access to dn.base="" by * read
syncrepl      rid=001
                provider=ldap://xx.xx.xxx.xxx
                bindmethod=simple
                binddn="cn=xxx,ou=administrators,dc=test,dc=IN"
                credentials=xxx
                searchbase="dc=account,dc=test,dc=IN"
                schemachecking=on
                type=refreshAndPersist
                retry="10 +"
mirrormode on
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 10000


Br/Prashanth