Sent: Fri Jun 15 2012 10:45:55 GMT-0400 (EDT) From: Francesco Belli Francesco.Belli@vegaspace.com To: openldap-technical@openldap.org openldap-technical@openldap.org Subject: Access Log: dynamic configuration problems.
Hello everybody, I'm using OpenLdap version 2.4.24 (4 Oct 2011) on a RedHat 6 machine. I use dynamic configuration and I'm having some problems setting up accesslog overlay. I didn't change the following file in etc/openldap/slapd.d/cn=config/ : olcDatabase={-1}frontend.ldif olcDatabase={0}config.ldif olcDatabase={1}monitor.ldif
I moved olcDatabase={2}bdb.ldif to olcDatabase={3}bdb.ldif, in this way it is loaded after the access log database that is defined in the new olcDatabase={2}bdb.ldif
Here there are the two configuration files:
######### olcDatabase={2}bdb.ldif ############### dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcDbDirectory: /var/lib/ldap/accesslog/ olcSuffix: cn=accesslog olcAccess: {0}to dn.subtree="cn=accesslog" by dn.exact="uid=manager,ou=Users,dc=domain,dc=com" manage by dn.exact="cn=config" read olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=accesslog olcSizeLimit: unlimited olcTimeLimit: unlimited olcMonitoring: TRUE olcDbCacheSize: 10000 olcDbCheckpoint: 64 5 olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 10000 olcDbIndex: entryCSN eq olcDbIndex: objectClass eq olcDbIndex: reqEnd eq olcDbIndex: reqResult eq olcDbIndex: reqStart eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0
######### olcDatabase={3}bdb.ldif ############### dn: olcDatabase={3}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {3}bdb olcSuffix: dc=domain,dc=com olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager, dc=domain,dc=com olcRootPW: pippopippo olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap olcDbCacheSize: 1000 olcDbCheckpoint: 1024 15 olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass pres,eq olcDbIndex: cn pres,eq,sub olcDbIndex: uid pres,eq,sub olcDbIndex: uidNumber pres,eq olcDbIndex: gidNumber pres,eq olcDbIndex: mail pres,eq,sub olcDbIndex: ou pres,eq,sub olcDbIndex: loginShell pres,eq olcDbIndex: sn pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbIndex: memberUid pres,eq,sub olcDbIndex: nisMapName pres,eq,sub olcDbIndex: nisMapEntry pres,eq,sub olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: 9ef24df8-376a-1031-947f-692d47ac0213 creatorsName: cn=config createTimestamp: 20120521082800Z entryCSN: 20120521082800.652940Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20120521082800Z olcOverlay: syncprov olcSpCheckpoint: 50 10 olcSpSessionlog: 100 olcOverlay: accesslog olcAccessLogDB: cn=accesslog olcAccessLogOps: writes olcAccessLogSuccess: TRUE olcAccessLogPurge: 07+00:00 01+00:00
When I run slapd -d 1 I obtain the following error that makes slapd to terminate:
backend_startup_one: starting "cn=accesslog" bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap/accesslog/: (2). Expect poor performance for suffix "cn=accesslog". bdb_db_open: database "cn=accesslog": dbenv_open(/var/lib/ldap/accesslog/). backend_startup_one: starting "dc=domain,dc=com" bdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2). Expect poor performance for suffix "dc=domain,dc=com". bdb_db_open: database "dc=domain,dc=com": dbenv_open(/var/lib/ldap). accesslog: "logdb<suffix>" missing or invalid. backend_startup_one (type=bdb, suffix="dc=domain,dc=com"): bi_db_open failed! (1) slapd shutdown: initiated
It seems that for some reason slapd doesn't like the olcAccessLogDB directive specified in olcDatabase={3}bdb.ldif. I tried some other configuration (I think that this is the more correct) but the problem is always there.
Thanks for any help, Francesco
And this is why you shouldnt be modifying those files by hand :-) olcOverlay (and all the attributes you have listed after it) are not valid on an olcDatabaseConfig object. You need to create a subentries under that olcDatabase with objectClass=olcOverlayConfig.
Please see http://www.openldap.org/doc/admin24/replication.html for whatever type of replication youre doing. Its called "dynamic configuration" for a reason. Shutting openldap down and messing with its config database files is not "dynamic configuration". You should be performing these changes while openldap is running through `ldapmodify` (or whatever tool you prefer). Then when you try and do invalid things like this, openldap will come back with an error telling you what went wrong.
-Patrick