[Date Prev][Date Next] [Chronological] [Thread] [Top]
Stranges in databases, searches and mysterious dies...

To: openldap-software@OpenLDAP.org
Subject: Stranges in databases, searches and mysterious dies...
From: Turbo Fredriksson <turbo@nocrew.org>
Date: 09 May 2000 14:09:40 +0200
Organization: LDAP expert wannabe
User-agent: Gnus/5.0804 (Gnus v5.8.4) Emacs/20.6
I've started to get strangest in my database. I can't search
for stuff that have been searchable before, and I can't bind to
the server...

And every now and then the slapd process are taking up a lot of CPU power,
and every now and then it also dies (during the night usually, so I don't
know WHY)...

---- s n i p -----
[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* sn -s one
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* sn -s base
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* sn -s sub
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
[papadoc.pts/6]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' uid=turbo sn
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
[papadoc.pts/6]$ ldapsearch uid=turbo sn
uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com
sn=Fredriksson
[papadoc.pts/6]$ ldapsearch -b 'ou=People,dc=papadoc,dc=bayour,dc=com' uid=turbo sn
uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com
sn=Fredriksson
---- s n i p -----


---- s n i p -----
[pts/4.papadoc]# ldapsearch -D 'uid=turbo,ou=users,dc=papadoc,dc=bayour,dc=com' -W uid=turbo sn
Enter LDAP Password: 
ldap_bind: Invalid credentials
---- s n i p -----

But I can still login with the same passwords! There is no 'turbo' in
/etc/{passwd|shadow|group|gshadow}, and I've tried with and without
nscd. Just ~one minute before, the above line worked perfect!!!

And now to the strangest part of it all!!!
---- s n i p -----
[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* -s sub
uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com
uid=turbo
givenname=Turbo
sn=Fredriksson
objectclass=person
objectclass=organizationalPerson
objectclass=inetOrgPerson
objectclass=account
objectclass=posixAccount
objectclass=top
objectclass=kerberosSecurityObject
krbname=turbo@BAYOUR.COM
loginshell=/bin/bash
uidnumber=1000
gidnumber=1000
homedirectory=/home/operators/turbo
gecos=Turbo Fredriksson
creatorsname=cn=admin, ou=People, dc=papadoc, dc=bayour, dc=com
createtimestamp=20000325173208Z
cn=Turbo Fredriksson
cn=Super Pudas
cn=FransUrbo
modifytimestamp=20000429001154Z
modifiersname=cn=admin, ou=People, dc=papadoc, dc=bayour, dc=com

[papadoc.pts/3]$ ldapsearch -b 'uid=turbo,ou=People,dc=papadoc,dc=bayour,dc=com' objectclass=* -s sub
ldap_search: No such object
ldap_search: matched: OU=PEOPLE,DC=PAPADOC,DC=BAYOUR,DC=COM
---- s n i p -----
These two commands was with maximum 2 seconds between!!!!

This is HIGHLY strange, since it worked before the reboot, and I have 
tried change the password with ldappasswd... Can still login with
the new password, but I can't bind to the LDAP database!

Before the crash I had 'dbcachenowsync', which I removed when the machine
was back online... The index have been rebuilt.


[Files compressed, ie commented lines and empty lines removed]
/etc/pam.d/login:
auth		required	pam_nologin.so
auth		sufficient	pam_ldap.so
auth		required	pam_unix.so try_first_pass shadow
auth		required	pam_env.so
account		sufficient	pam_ldap.so
account		required	pam_unix.so try_first_pass shadow
session		required	pam_unix.so
session		optional	pam_lastlog.so
session		optional	pam_motd.so
session		optional	pam_mail.so standard noenv
password	required	pam_ldap.so


/etc/openldap/slapd.conf
loglevel 2048
include		/etc/openldap/slapd.at.conf
include		/etc/openldap/slapd.oc.conf
include		/etc/openldap/netscape_roaming.at.conf
include		/etc/openldap/netscape_roaming.oc.conf
include		/etc/openldap/debian.at.conf
include		/etc/openldap/debian.oc.conf
include		/etc/openldap/misc.at.conf
include		/etc/openldap/misc.oc.conf
schemacheck	on
pidfile		/var/run/slapd.pid
database	ldbm
suffix		"dc=bayour,dc=com"
directory	"/var/lib/openldap"
lastmod		on
sizelimit	1500
index		uid,cn,sn,mail,mailalternateaddress,mailforwardingaddress,package approx,sub
index		uidnumber,gidnumber pres,eq
include		/etc/openldap/slapd.access


/etc/openldap/slapd.access
defaultaccess	read
access to attr=userPassword
	by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write
	by self write
	by * none
access to attribute=cn,givenname,sn,krbname,loginshell,gecos
	by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write
	by self write
access to attr=mail,mailAlternateAddress,mailhost
	by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write
	by dn="cn=qmail,ou=People,dc=papadoc,dc=bayour,dc=com" read
	by dn=".+" read
	by * none
access to dn=".*,ou=Roaming,dc=papadoc,dc=bayour,dc=com"
	by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write
	by dnattr=owner write
	by * none
access to * by dn="cn=admin,ou=People,dc=papadoc,dc=bayour,dc=com" write


[If more files/info is required, don't hessitate to ask...]


UPDATE: I'm running Debian GNU/Linux, and there is a tool distributed
        with Debian that lets you search and look at all the packages
        distributed with Debian. It's name is 'apt-cache'. For example,
        the entry for 'openldapd' (where slapd resides) gives this:

----- s n i p -----
Package: openldapd
Version: 1:1.2.10-3
Priority: extra
Section: net
Maintainer: Ben Collins <bcollins@debian.org>
Depends: libc6 (>= 2.1.2), libopenldap1, libwrap0, debconf (>= 0.2.50), fileutil
s (>= 4.0i-1), psmisc, sed (>= 3.02-1)
Suggests: openldap-guide
Conflicts: umich-ldapd
Provides: slapd, ldap-server
Architecture: i386
Filename: dists/frozen/main/binary-i386/net/openldapd_1.2.10-3.deb
Size: 466398
MD5sum: 1f7b261d579f7503f24884a95cc6a5e8
Description: OpenLDAP server (slapd).
 This is the OpenLDAP (Lightweight Directory Access Protocol) standalone
 server (slapd). The server can be used to provide a standalone directory
 service and also includes the slurpd replication server and centipede.
installed-size: 1152
source: openldap
----- s n i p -----

        Now, I wanted this information in a LDAP database, so that I could
        do my own distributed and (web) searchable database over availible
        software for my intranet. I created a database. Please see 
        http://www.bayour.com/DebianDatabase.ldif.txt for the complete LDIF.
        There is also the debian.{oc|at}.conf.txt in that directory. I tried
        with and without the 'longdesc', and it went better without it...

        With this database, the db was huge, ~ 1.6Gb. I had 256Mb memory,
        but after a while slapd just died. I could do partial searches, but
        after a short while/a small number of returns, I got segfaults from
        slapd...

UPDATE: And now, just a couple of minutes ago, it ate all my availible memory
        for breakfast. Lucky for me it didn't burp to! :)


Any idea what have happened, still happens or what I do to find out? Logging
is not much use, since it usually works for days, and the logs don't tell me
anything anyway...
-- 
arrangements Kennedy $400 million in gold bullion bomb Soviet smuggle
SDI DES FSF Noriega Cocaine NSA class struggle supercomputer
ammunition
Follow-Ups:
- Re: Stranges in databases, searches and mysterious dies...
  - From: nazard@dragoninc.on.ca
Prev by Date: Re: continuous cache corruption behaviour ?
Next by Date: Re: Stranges in databases, searches and mysterious dies...
Index(es):
- Chronological
- Thread