On Tuesday 03 June 2008 18:06:46 Govind c wrote:
We have openldap
What version ?
using the bdb has its database.For some reason the bdb had crashed complaining permission issue.
[...]
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=1 MOD noner=lastlogints lastaccessts authcookie
May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com): /var/lib/ldap/log.0000000002: log file open failed: Permission denied
May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com): PANIC: Permission denied
May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com): DB_ENV->log_put: 2: DB_RUNRECOVERY: Fatal error, run database recovery
May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com): /var/lib/ldap/log.0000000002: log file open failed: Permission denied
[...]
-rw------- 1 ldap ldap 10485710 Apr 30 14:40 log.0000000001
-rw------- 1 root root 1827874 May 13 16:00 log.0000000002
-rw------- 1 ldap ldap 8192 Mar 20 11:50 mail.bdb
[...]
The ldap is being run as user ldap
Why should a modify cause a panic and not a search?
Transactions usually only occur when an entry is changed (added, deleted, modified).
Why did the rotated log had root as owner instead of ldap?
Since slapd is not running as root, it is impossible that slapd created the transaction log.
Is there a fix for this issue?
I think in some versions of OpenLDAP (2.1 to 2.2?) slapcat could incorrectly incur a transaction. So, if slapcat was run as root on 13 May at 16:00, that would be the cause. The fix would be to either upgrade, or to run your slapcat as the ldap user.
If slapcat wasn't run on 13 May at 16:00, some other administration (slapadd?) was run as root, and the permissions were not corrected before slapd was started.
Regards, Buchan