bdb panics with openldap - openldap-technical

3 Jun 2008


      We have openldap using the bdb has its database.For
some reason the bdb had crashed complaining permission
issue.
May 13 16:04:40 ccc slapd[30372]: conn=12430 fd=10
ACCEPT from IP=xxx.yyy.zzz.aaa:33905 (IP=0.0.0.0:389)
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0 BIND
dn="cn=Directory Manager,o=none.com" method=128
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0 BIND
dn="cn=Directory Manager,o=none.com" mech=SIMPLE ssf=0
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0
RESULT tag=97 err=0 text=
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=1 MOD
dn="uid=sysadmin,o=none.com"
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=1 MOD
noner=lastlogints lastaccessts authcookie
May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
/var/lib/ldap/log.0000000002: log file open failed:
Permission denied
May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
PANIC: Permission denied
May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
DB_ENV->log_put: 2: DB_RUNRECOVERY: Fatal error, run
database recovery
May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
/var/lib/ldap/log.0000000002: log file open failed:
Permission denied
The log.000000000 gets rotated based on the size
(10MB).The new logfile(log.0000000002) was rotated at
on Apr 30th and I believe the permission was set as
root:root instead of ldap:ldap(Note: the ldap being
run as user ldap).The reason why didnât crash till
yesterday was, only search queries were run against
the ldap/bdb (The ldap search test for testing ldap
keep alive).Yesterday  a modify query was run from IP
xxx.yyy.zzz.aaa and I guess bdb complained of
permission problem and panicked
May 13 16:04:40 ccc slapd[30372]: conn=12430 fd=10
ACCEPT from IP=xxx.yyy.zzz.aaa:33905 (IP=0.0.0.0:389)
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0 BIND
dn="cn=Directory Manager,o=none.com" method=128
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0 BIND
dn="cn=Directory Manager,o=none.com" mech=SIMPLE ssf=0
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0
RESULT tag=97 err=0 text=
May 13 16:04:40 ccc slapd[30372]: conn=12430 op=1 MOD
dn="uid=sysadmin,o=none.com"
[root@ccc ldap]# ls -l /var/lib/ldap
total 13236
-rw-------  1 ldap ldap   106496 Mar 24 19:30 cn.bdb
-rw-------  1 ldap ldap    16384 Mar 20 11:50 __db.001
-rw-------  1 ldap ldap   278528 Mar 20 11:50 __db.002
-rw-------  1 ldap ldap    98304 Mar 20 11:50 __db.003
-rw-------  1 ldap ldap   450560 Mar 20 11:50 __db.004
-rw-------  1 ldap ldap    16384 Mar 20 11:50 __db.005
-rw-------  1 ldap ldap    45056 Mar 24 19:30
dn2id.bdb
-rw-------  1 ldap ldap   278528 Apr  2 13:40
id2entry.bdb
-rw-------  1 ldap ldap 10485710 Apr 30 14:40
log.0000000001
-rw-------  1 root root  1827874 May 13 16:00
log.0000000002
-rw-------  1 ldap ldap     8192 Mar 20 11:50 mail.bdb
-rw-------  1 ldap ldap    16384 Mar 24 19:30
objectClass.bdb
-rw-r--r--  1 ldap ldap        0 Apr  2 13:31
openldap-master-replog
-rw-r--r--  1 ldap ldap        0 Apr  2 13:31
openldap-master-replog.lock
-rw-------  1 ldap ldap     8192 Mar 20 11:50 ou.bdb
drwxr-xr-x  2 root root     4096 Mar 21 16:33 replica
-rw-------  1 ldap ldap    49152 Mar 20 11:50 sn.bdb
-rw-------  1 ldap ldap     8192 Mar 20 12:00 uid.bdb
The ldap is being run as user ldap
[root@ccc ~]# ps -ef | grep ldap
root      8983  6956  0 15:40 pts/0    00:00:00 grep
ldap
ldap     31694     1  0 Mar20 ?        00:01:57
/usr/sbin/slapd -u ldap -h ldap:///
[root@ccc ~]# grep ldap /etc/passwd
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
Why should a modify cause a panic and not a search?Why
did the rotated log had root as owner instead of
ldap?Is there a fix for this issue?
Cheers
CG