[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Openldap 2.1.17 - slapd running, can't kill and netstat does not show port 389. How do I fix?? Was previously working



Kathy,

Using the bdb backend I had problems with database corruption largely
because of power issues on the floor where I'm running my LDAP database
(I'm running a test server and it seems that the UPS it's on really sucks).
Adding the checkpoint option to slapd.conf seemed to resolve this:

checkpoint	1024 30

-Steve

-----Original Message-----
From: kkoehler [mailto:kkoehler@comcast.net]
Sent: Monday, July 14, 2003 10:21 PM
To: Alan Sparks
Cc: openldap-software@OpenLDAP.org
Subject: Re: Openldap 2.1.17 - slapd running, can't kill and netstat does not show port 389. How do I fix?? Was previously working


Thanks - that fixed it.  Unfortunately, the debugging does not show that database was corrupt.  Was a hard one to find!!

Thanks,

Kathy

Alan Sparks wrote:

I'm betting your database was corrupted from an unclean shutdown. 
Probably need to run the BerkeleyDB command 'db_recover' on the database
directory (after you kill slapd).
-Alan

kkoehler said:
  
I had openldap running for weeks.  What I noticed is the customer
rebooted the Linux box (RedHat 9.0)  and now when openldap starts, I get
 a "Can't contact openldap server".  The slapd process is running but
when I do a netstat -ant , it is not bound to the port.  I did not
change any of the configuration files.  Help!  I've been digging around
on the net without success how to fix this.  Here is my config file and
my debug file (which shows no errors).  I tried killing with 15 and it
catches it but doesn't kill the process.  Any help would be
appreciated!!! I also simulated this problem on my RedHat 8.0.
Also - here is my startup script:


  /usr/local/openldap/servers/slapd/slapd -f
/usr/local/etc/openldap/slapd.conf
-h ldap://www.company.net:389 -d 1 > /var/log/ldap.log 2>&1 &
--------------------------------------------------------------------------------
#
# if no access controls are present, the default policy is:
#       Allow read by all
#
# rootdn can always write!

#######################################################################
# ldbm database definitions
#######################################################################

database        bdb
suffix          "dc=mac,dc=com"
rootdn          "cn=Manager,dc=mac,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /usr/local/var/openldap-data
# Indices to maintain
index   objectClass     eq
Loglevel 1


Here is my debug - which shows no errors:

@(#) $OpenLDAP: slapd 2.1.17 (May 28 2003 02:00:22) $
        root@company.net:/usr/local/openldap-2.1.17/servers/slapd
daemon_init: listen on ldap://www.company.net:389
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap://www.company.net:389)
daemon: initialized ldap://www.company.net:389
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19,
2002)
 >>> dnNormalize: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
<= ldap_bv2dn(cn=Subschema,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=subschema,272)=0
<<< dnNormalize: <cn=subschema>
bdb_db_init: Initializing BDB database
 >>> dnPrettyNormal: <dc=mac,dc=com>
=> ldap_bv2dn(dc=mac,dc=com,0)
<= ldap_bv2dn(dc=mac,dc=com,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=mac,dc=com,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=mac,dc=com,272)=0
<<< dnPrettyNormal: <dc=mac,dc=com>, <dc=mac,dc=com>
 >>> dnPrettyNormal: <cn=Manager,dc=mac,dc=com>
=> ldap_bv2dn(cn=Manager,dc=mac,dc=com,0)
<= ldap_bv2dn(cn=Manager,dc=mac,dc=com,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Manager,dc=mac,dc=com,272)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=manager,dc=mac,dc=com,272)=0
<<< dnPrettyNormal: <cn=Manager,dc=mac,dc=com>,
<cn=manager,dc=mac,dc=com> matching_rule_use_init
    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.11355
6.1.4.804 NAME 'integerBitOrMatch' APPLIES ( mailPreferenceOption $
supportedLDA
PVersion ) )
    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.1135
56.1.4.803 NAME 'integerBitAndMatch' APPLIES ( mailPreferenceOption $
supportedL
DAPVersion ) )
    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.
4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( janetMailbox $
cNAMERecor
d $ sOARecord $ nSRecord $ mXRecord $ mDRecord $ aRecord $ email $
associatedDom
ain $ dc $ mail $ altServer ) )
    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
1.3.6.1.4
.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( janetMailbox $
cNAMERecord
$ sOARecord $ nSRecord $ mXRecord $ mDRecord $ aRecord $ email $
associatedDomai
n $ dc $ mail $ altServer ) )
    2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.3
0 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
supportedApplicationConte
xt $ ldapSyntaxes $ matchingRuleUse $ objectClasses $ attributeTypes $
matchingR
ules $ supportedFeatures $ supportedExtension $ supportedControl $
structuralObj
ectClass $ objectClass ) )
    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29

NAME 'i
ntegerFirstComponentMatch' APPLIES ( mailPreferenceOption $
supportedLDAPVersion
 ) )
    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'general
izedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp ) )
    2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24
NAME 'pro
tocolInformationMatch' APPLIES protocolInformation )
    2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemb
erMatch' APPLIES uniqueMember )
    2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22
NAME 'pre
sentationAddressMatch' APPLIES presentationAddress )
    2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telepho
neNumberMatch' APPLIES ( pager $ mobile $ homePhone $ telephoneNumber )
)
    2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
'octetString
Match' APPLIES userPassword )
    2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatc
h' APPLIES x500UniqueIdentifier )
    2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' A
PPLIES ( mailPreferenceOption $ supportedLDAPVersion ) )
    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' A
PPLIES hasSubordinates )
    2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
'caseIgno
reListMatch' APPLIES ( homePostalAddress $ registeredAddress $
postalAddress ) )
    2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStri
ngMatch' APPLIES ( internationaliSDNNumber $ x121Address ) )
    2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7
NAME 'caseE
xactSubstringsMatch' APPLIES ( dnQualifier $ destinationIndicator $
serialNumber
 ) )
    2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
'caseExa
ctOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $
serialNumber ) )
    2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch'
 APPLIES ( preferredLanguage $ employeeType $ employeeNumber $
displayName $ dep
artmentNumber $ carLicense $ documentPublisher $ buildingName $
organizationalSt
atus $ uniqueIdentifier $ co $ personalTitle $ documentLocation $
documentVersio
n $ documentTitle $ documentIdentifier $ host $ userClass $ roomNumber $
 drink $
 info $ textEncodedORAddress $ uid $ labeledURI $ dmdName $
houseIdentifier $ dn
Qualifier $ generationQualifier $ initials $ givenName $
destinationIndicator $
physicalDeliveryOfficeName $ postOfficeBox $ postalCode $
businessCategory $ des
cription $ title $ ou $ o $ street $ st $ l $ c $ serialNumber $ sn $
knowledgeI
nformation $ cn $ name $ ref $ vendorVersion $ vendorName $
supportedSASLMechani
sms ) )
    2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME

'caseIg
noreOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $
serialNumber )
 )
    2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatc
h' APPLIES ( preferredLanguage $ employeeType $ employeeNumber $
displayName $ d
epartmentNumber $ carLicense $ documentPublisher $ buildingName $
organizational
Status $ uniqueIdentifier $ co $ personalTitle $ documentLocation $
documentVers
ion $ documentTitle $ documentIdentifier $ host $ userClass $ roomNumber
 $ drink
 $ info $ textEncodedORAddress $ uid $ labeledURI $ dmdName $
houseIdentifier $
dnQualifier $ generationQualifier $ initials $ givenName $
destinationIndicator
$ physicalDeliveryOfficeName $ postOfficeBox $ postalCode $
businessCategory $ d
escription $ title $ ou $ o $ street $ st $ l $ c $ serialNumber $ sn $
knowledg
eInformation $ cn $ name $ ref $ vendorVersion $ vendorName $
supportedSASLMecha
nisms ) )
    2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME
'disting
uishedNameMatch' APPLIES ( dITRedirect $ associatedName $ secretary $
documentAu
thor $ manager $ seeAlso $ roleOccupant $ owner $ member $
distinguishedName $ a
liasedObjectName $ namingContexts $ subschemaSubentry $ modifiersName $
creators
Name ) )
    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectId
entifierMatch' APPLIES ( supportedApplicationContext $ supportedFeatures
 $ suppo
rtedExtension $ supportedControl $ structuralObjectClass $ objectClass )
) slapd startup: initiated.
bdb_db_open: dbenv_open(/usr/local/var/openldap-data)
slap_sig_shutdown: signal 15


Thanks,

Kathy
kkoehler@comcast.net
    


===========
Alan Sparks, UNIX/Linux Systems Administrator    <asparks@doublesparks.net>