Hello mailing list,
We have a problem using OpenLdap V. 2.4.11 with Debian Lenny. If we use the option logpurge in our slapd.conf, slapd can't start anymore.
Our slapd.conf:
8-----------------------------------------------/etc/ldap/slapd.conf
# Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/hdb.schema include /etc/ldap/schema/nis.schema
# Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values loglevel 4 #sasl-secprops minssf=0
# Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_hdb moduleload smbk5pwd moduleload accesslog
# The maximum number of entries that is returned for a search operation sizelimit unlimited
# TLS Stuff TLSCACertificateFile /etc/ssl/certs/ca.pem TLSCertificateKeyFile /etc/ldap/openldap.key TLSCertificateFile /etc/ldap/openldap.crt
# The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 2
# Specific Backend Directives for hdb: backend hdb # Specific Directives for database: accesslog database hdb directory "/var/lib/accesslog" suffix "cn=accesslog" checkpoint 512 30 rootdn "cn=accesslog" rootpw ... index default eq index reqStart eq index reqType eq dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500
# Specific Directives for database: data database hdb directory "/var/lib/ldap" overlay smbk5pwd
overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logold (objectClass=posixAccount) logpurge 07+00:00 01+00:00
suffix ...
rootdn ... rootpw ...
dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500
# Indexing options for database #1 index default eq index objectClass eq index uidNumber pres,eq index uid eq
smbk5pwd-enable krb5 smbk5pwd-enable samba smbk5pwd-must-change 2592000 password-hash {K5KEY}
# lastmod on
# The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange filter="(memberOf=Archiv)" by peername.ip=192.168.222.17 auth stop by peername.regex=.* none break
access to dn.base="..." by * read
access to attrs=userPassword,shadowLastChange filter="(!(memberOf=Archiv))" by peername.ip=192.168.222.17 none stop by peername.regex=.* none break
# this rule is more specific than the admin rule below
access to attrs=userPassword,shadowLastChange by set="user/memberOf & [Administratoren]" write by dn="cn=admin,..." write by anonymous auth by self write by * none
# Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else # can read everything.
# be sure to include the admins in the previous, more specific rule access to * by set="user/memberOf & [Administratoren]" write by dn="cn=admin,..." write by * read
access to dn.subtree="ou=Benutzer,..." by sockurl="ldapi:///" write
authz-regexp "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,..."
----------------------------------------------------8<
Starting slapd with the command: slapd -d 16383 produces the following output:
8---------------------------------------------------
... ...
dnPrettyNormal: <cn=accesslog>
=> ldap_bv2dn(cn=accesslog,0) <= ldap_bv2dn(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 <<< dnPrettyNormal: <cn=accesslog>, <cn=accesslog> line 65 (rootpw ***) line 66 (index default eq) line 67 (index reqStart eq) index reqStart 0x0004 line 68 (index reqType eq) index reqType 0x0004 line 69 (dbconfig set_cachesize 0 2097152 0) line 70 (dbconfig set_lk_max_objects 1500) line 71 (dbconfig set_lk_max_locks 1500) line 72 (dbconfig set_lk_max_lockers 1500) line 75 (database hdb) hdb_db_init: Initializing HDB database line 76 (directory "/var/lib/ldap") line 78 (overlay smbk5pwd) line 80 (overlay accesslog) line 81 (logdb cn=accesslog)
dnPrettyNormal: <cn=accesslog>
=> ldap_bv2dn(cn=accesslog,0) <= ldap_bv2dn(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=accesslog)=0 <<< dnPrettyNormal: <cn=accesslog>, <cn=accesslog> line 82 (logops writes) line 83 (logsuccess TRUE) line 85 (logpurge 07+00:00 01+00:00) Speicherzugriffsfehler ----------------------------------------------------8<
If the logpurge-option is uncommented, slapd starts without any problems.
It would be very nice if someone could help us !
Greetings Julian
___________________________________________________________ Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
--On Wednesday, September 30, 2009 4:37 PM +0200 Julian Thomé frostisch@yahoo.de wrote:
Hello mailing list,
We have a problem using OpenLdap V. 2.4.11 with Debian Lenny. If we use the option logpurge in our slapd.conf, slapd can't start anymore.
First verify whether or not you experience the problem with the current release, 2.4.18.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Hello Quanah,
First verify whether or not you experience the problem with the current release, 2.4.18.
We tried to use Version 2.4.17 (Debian Squeeze) but the failure was the same. We actually want to use 2.4.11 (Debian Lenny) if it is possible, because this is a stable version available from the official repositories.
Greetings,
Julian
___________________________________________________________ Der fr�he Vogel f�ngt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de
Julian Thomé wrote:
We actually want to use 2.4.11 (Debian Lenny) if it is possible, because this is a stable version available from the official repositories.
You should stick to the release marked as stable by the OpenLDAP project.
See also: http://www.openldap.org/faq/data/cache/1456.html
Ciao, Michael.
openldap-technical@openldap.org
-
Julian Thomé -
Michael Ströder -
Quanah Gibson-Mount