Hello mailing list,
We have a problem using OpenLdap V. 2.4.11 with Debian Lenny. If we use the option logpurge in our slapd.conf, slapd can't start anymore.
Our slapd.conf:
8-----------------------------------------------/etc/ldap/slapd.conf
# Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/hdb.schema include /etc/ldap/schema/nis.schema
# Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values loglevel 4 #sasl-secprops minssf=0
# Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_hdb moduleload smbk5pwd moduleload accesslog
# The maximum number of entries that is returned for a search operation sizelimit unlimited
# TLS Stuff TLSCACertificateFile /etc/ssl/certs/ca.pem TLSCertificateKeyFile /etc/ldap/openldap.key TLSCertificateFile /etc/ldap/openldap.crt
# The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 2
# Specific Backend Directives for hdb: backend hdb # Specific Directives for database: accesslog database hdb directory "/var/lib/accesslog" suffix "cn=accesslog" checkpoint 512 30 rootdn "cn=accesslog" rootpw ... index default eq index reqStart eq index reqType eq dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500
# Specific Directives for database: data database hdb directory "/var/lib/ldap" overlay smbk5pwd
overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logold (objectClass=posixAccount) logpurge 07+00:00 01+00:00
suffix ...
rootdn ... rootpw ...
dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500
# Indexing options for database #1 index default eq index objectClass eq index uidNumber pres,eq index uid eq
smbk5pwd-enable krb5 smbk5pwd-enable samba smbk5pwd-must-change 2592000 password-hash {K5KEY}
# lastmod on
# The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange filter="(memberOf=Archiv)" by peername.ip=192.168.222.17 auth stop by peername.regex=.* none break
access to dn.base="..." by * read
access to attrs=userPassword,shadowLastChange filter="(!(memberOf=Archiv))" by peername.ip=192.168.222.17 none stop by peername.regex=.* none break
# this rule is more specific than the admin rule below
access to attrs=userPassword,shadowLastChange by set="user/memberOf & [Administratoren]" write by dn="cn=admin,..." write by anonymous auth by self write by * none
# Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else # can read everything.
# be sure to include the admins in the previous, more specific rule access to * by set="user/memberOf & [Administratoren]" write by dn="cn=admin,..." write by * read
access to dn.subtree="ou=Benutzer,..." by sockurl="ldapi:///" write
authz-regexp "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,..."
----------------------------------------------------8<
Starting slapd with the command: slapd -d 16383 produces the following output:
8---------------------------------------------------
... ...
dnPrettyNormal: <cn=accesslog>
=> ldap_bv2dn(cn=accesslog,0) <= ldap_bv2dn(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 <<< dnPrettyNormal: <cn=accesslog>, <cn=accesslog> line 65 (rootpw ***) line 66 (index default eq) line 67 (index reqStart eq) index reqStart 0x0004 line 68 (index reqType eq) index reqType 0x0004 line 69 (dbconfig set_cachesize 0 2097152 0) line 70 (dbconfig set_lk_max_objects 1500) line 71 (dbconfig set_lk_max_locks 1500) line 72 (dbconfig set_lk_max_lockers 1500) line 75 (database hdb) hdb_db_init: Initializing HDB database line 76 (directory "/var/lib/ldap") line 78 (overlay smbk5pwd) line 80 (overlay accesslog) line 81 (logdb cn=accesslog)
dnPrettyNormal: <cn=accesslog>
=> ldap_bv2dn(cn=accesslog,0) <= ldap_bv2dn(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 <<< dnPrettyNormal: <cn=accesslog>, <cn=accesslog> line 82 (logops writes) line 83 (logsuccess TRUE) line 85 (logpurge 07+00:00 01+00:00) Speicherzugriffsfehler ----------------------------------------------------8<
If the logpurge-option is uncommented, slapd starts without any problems.
It would be very nice if someone could help us !
Greetings Julian
___________________________________________________________ Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de