[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Stranges in databases, searches and mysterious dies...
- To: openldap-software@OpenLDAP.org
- Subject: Stranges in databases, searches and mysterious dies...
- From: Turbo Fredriksson <turbo@nocrew.org>
- Date: 09 May 2000 14:09:40 +0200
- Organization: LDAP expert wannabe
- User-agent: Gnus/5.0804 (Gnus v5.8.4) Emacs/20.6
I've started to get strangest in my database. I can't search
for stuff that have been searchable before, and I can't bind to
the server...
And every now and then the slapd process are taking up a lot of CPU power,
and every now and then it also dies (during the night usually, so I don't
know WHY)...
---- s n i p -----
[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* sn -s one
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* sn -s base
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* sn -s sub
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
[papadoc.pts/6]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' uid=turbo sn
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
[papadoc.pts/6]$ ldapsearch uid=turbo sn
uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com
sn=Fredriksson
[papadoc.pts/6]$ ldapsearch -b 'ou=People,dc=papadoc,dc=bayour,dc=com' uid=turbo sn
uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com
sn=Fredriksson
---- s n i p -----
---- s n i p -----
[pts/4.papadoc]# ldapsearch -D 'uid=turbo,ou=users,dc=papadoc,dc=bayour,dc=com' -W uid=turbo sn
Enter LDAP Password:
ldap_bind: Invalid credentials
---- s n i p -----
But I can still login with the same passwords! There is no 'turbo' in
/etc/{passwd|shadow|group|gshadow}, and I've tried with and without
nscd. Just ~one minute before, the above line worked perfect!!!
And now to the strangest part of it all!!!
---- s n i p -----
[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* -s sub
uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com
uid=turbo
givenname=Turbo
sn=Fredriksson
objectclass=person
objectclass=organizationalPerson
objectclass=inetOrgPerson
objectclass=account
objectclass=posixAccount
objectclass=top
objectclass=kerberosSecurityObject
krbname=turbo@BAYOUR.COM
loginshell=/bin/bash
uidnumber=1000
gidnumber=1000
homedirectory=/home/operators/turbo
gecos=Turbo Fredriksson
creatorsname=cn=admin, ou=People, dc=papadoc, dc=bayour, dc=com
createtimestamp=20000325173208Z
cn=Turbo Fredriksson
cn=Super Pudas
cn=FransUrbo
modifytimestamp=20000429001154Z
modifiersname=cn=admin, ou=People, dc=papadoc, dc=bayour, dc=com
[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* -s sub
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
---- s n i p -----
These two commands was with maximum 2 seconds between!!!!
This is HIGHLY strange, since it worked before the reboot, and I have
tried change the password with ldappasswd... Can still login with
the new password, but I can't bind to the LDAP database!
Before the crash I had 'dbcachenowsync', which I removed when the machine
was back online... The index have been rebuilt.
[Files compressed, ie commented lines and empty lines removed]
/etc/pam.d/login:
auth required pam_nologin.so
auth sufficient pam_ldap.so
auth required pam_unix.so try_first_pass shadow
auth required pam_env.so
account sufficient pam_ldap.so
account required pam_unix.so try_first_pass shadow
session required pam_unix.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
password required pam_ldap.so
/etc/openldap/slapd.conf
loglevel 2048
include /etc/openldap/slapd.at.conf
include /etc/openldap/slapd.oc.conf
include /etc/openldap/netscape_roaming.at.conf
include /etc/openldap/netscape_roaming.oc.conf
include /etc/openldap/debian.at.conf
include /etc/openldap/debian.oc.conf
include /etc/openldap/misc.at.conf
include /etc/openldap/misc.oc.conf
schemacheck on
pidfile /var/run/slapd.pid
database ldbm
suffix "dc=bayour,dc=com"
directory "/var/lib/openldap"
lastmod on
sizelimit 1500
index uid,cn,sn,mail,mailalternateaddress,mailforwardingaddress,package approx,sub
index uidnumber,gidnumber pres,eq
include /etc/openldap/slapd.access
/etc/openldap/slapd.access
defaultaccess read
access to attr=userPassword
by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write
by self write
by * none
access to attribute=cn,givenname,sn,krbname,loginshell,gecos
by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write
by self write
access to attr=mail,mailAlternateAddress,mailhost
by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write
by dn="cn=qmail,ou=People,dc=papadoc,dc=bayour,dc=com" read
by dn=".+" read
by * none
access to dn=".*,ou=Roaming,dc=papadoc,dc=bayour,dc=com"
by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write
by dnattr=owner write
by * none
access to * by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write
[If more files/info is required, don't hessitate to ask...]
UPDATE: I'm running Debian GNU/Linux, and there is a tool distributed
with Debian that lets you search and look at all the packages
distributed with Debian. It's name is 'apt-cache'. For example,
the entry for 'openldapd' (where slapd resides) gives this:
----- s n i p -----
Package: openldapd
Version: 1:1.2.10-3
Priority: extra
Section: net
Maintainer: Ben Collins <bcollins@debian.org>
Depends: libc6 (>= 2.1.2), libopenldap1, libwrap0, debconf (>= 0.2.50), fileutil
s (>= 4.0i-1), psmisc, sed (>= 3.02-1)
Suggests: openldap-guide
Conflicts: umich-ldapd
Provides: slapd, ldap-server
Architecture: i386
Filename: dists/frozen/main/binary-i386/net/openldapd_1.2.10-3.deb
Size: 466398
MD5sum: 1f7b261d579f7503f24884a95cc6a5e8
Description: OpenLDAP server (slapd).
This is the OpenLDAP (Lightweight Directory Access Protocol) standalone
server (slapd). The server can be used to provide a standalone directory
service and also includes the slurpd replication server and centipede.
installed-size: 1152
source: openldap
----- s n i p -----
Now, I wanted this information in a LDAP database, so that I could
do my own distributed and (web) searchable database over availible
software for my intranet. I created a database. Please see
http://www.bayour.com/DebianDatabase.ldif.txt for the complete LDIF.
There is also the debian.{oc|at}.conf.txt in that directory. I tried
with and without the 'longdesc', and it went better without it...
With this database, the db was huge, ~ 1.6Gb. I had 256Mb memory,
but after a while slapd just died. I could do partial searches, but
after a short while/a small number of returns, I got segfaults from
slapd...
UPDATE: And now, just a couple of minutes ago, it ate all my availible memory
for breakfast. Lucky for me it didn't burp to! :)
Any idea what have happened, still happens or what I do to find out? Logging
is not much use, since it usually works for days, and the logs don't tell me
anything anyway...
--
arrangements Kennedy $400 million in gold bullion bomb Soviet smuggle
SDI DES FSF Noriega Cocaine NSA class struggle supercomputer
ammunition