[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP hangs requiring slapd stop and deleting __db.00* files



On Tue, 2005-03-29 at 02:26, Abhishek Daga wrote:
> Hello and thanks for the quick response.
> I am posting some more relevant information in case that will help 
> diagnose the situation better.
> 
> Hardware information & Versions used.
> a) openldap-2.1.30

You should upgrade to the latest stable version of OpenLDAP.

> b) Berkeley DB 4.2.52
> c) Hardware: CPU - Intel p4 1.4 GHz, 1 GB RAM, 250 GB IDE Hard Drive
> We have around 5000 registered users of which 350 check email daily.  However being popular domains, we get a lot of spam as well as bounced invalid mail (where someone is using our domain as return mail). So after putting some filters/firewall in place we can determine that we get around 3/4 requests a second.
> 

Your hardware configuration should be able to handle the load without
any problem providing the LDAP server is properly configured.


> 
> You have suggested using db_recover which we have tried. 
> As per what we understood, db_recover can be used when our database is corrupt and we need to recover
> data but in our case ldap goes off not the data. In log file it shows
> authdaemon.ldap TEMP fail. I am pasting below the contents of our slapd.conf file if that will further assist in debugging the issue we are facing. 
> If you could tell me what other information is required, I'll be glad to fish it out for you. 
> 
> 
> 
> ===============================================================================================================
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /usr/local/etc/openldap/schema/core.schema
> include         /usr/local/etc/openldap/schema/cosine.schema
> include         /usr/local/etc/openldap/schema/nis.schema
> include         /usr/local/etc/openldap/schema/jamm.schema
> 
> 
> # Define global ACLs to disable default read access.
> 
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
> 
> pidfile         /var/run/slapd.pid
> argsfile        /var/run/slapd.args
> 
> loglevel        1
> 
> # Load dynamic backend modules:
> # modulepath    /usr/local/libexec/openldap
> # moduleload    back_bdb.la
> # moduleload    back_ldap.la
> # moduleload    back_ldbm.la
> # moduleload    back_passwd.la
> # moduleload    back_shell.la
> 
> # Sample security restrictions
> #       Require integrity protection (prevent hijacking)
> #       Require 112-bit (3DES or better) encryption for updates
> #       Require 63-bit encryption for simple bind
> # security ssf=1 update_ssf=112 simple_bind=64
> 
> #Allow bind_v2
> allow bind_v2
> 
> # Sample access control policy:
> #       Root DSE: allow anyone to read it
> #       Subschema (sub)entry DSE: allow anyone to read it
> #       Other DSEs:
> #               Allow self write access
> #               Allow authenticated users read access
> #               Allow anonymous users to authenticate
> #       Directives needed to implement policy:
> # access to dn.base="" by * read
> # access to dn.base="cn=Subschema" by * read
> # access to *
> #       by self write
> #       by users read
> #       by anonymous auth
> #
> # if no access controls are present, the default policy is:
> #       Allow read by all
> #
> # rootdn can always write!
> 
> #######################################################################
> # ldbm database definitions
> #######################################################################
> 
> database        bdb
> suffix          "dc=myhosting,dc=example"
> rootdn          "cn=Manager,dc=myhosting,dc=example"
> rootpw          xxxxxxxxxxxx
> directory       /usr/local/var/openldap-data
> 
> index   objectClass  pres,eq
> index   mail,cn      eq,sub
> 

What attributes do you use in all your filters?
Do you see any "index_param failed (18)" errors in your ldap logs?


> 
> #Access Control
> access to dn=".*,jvd=([^,]+),o=hosting,dc=myhosting,dc=example"
>           attr=userPassword
>         by self write
>         by group/jammPostmaster/roleOccupant="cn=postmaster,jvd=$1,o=hosting,dc=myhosting,dc=example" write
>         by anonymous auth
>         by * none
> access to dn=".*jvd=([^,]+),o=hosting,dc=myhosting,dc=example"
>         by self write
>         by group/jammPostmaster/roleOccupant="cn=postmaster,jvd=$1,o=hosting,dc=myhosting,dc=example" write
>         by * read
> access to *
>         by * read
> 

I don't see any "cachesize" or "idlcachesize" directive in your slapd.conf. You should definitely set them.

What about your DB_CONFIG file? It should be in your folder /usr/local/var/openldap-data.

Sam

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCSW0CMXUvRqB804QRAtBvAJ4itKs+nhlZRAJwq3++CIwMhp6oCgCffOmO
2Kuoz4rif0DgDjyENMFQK+A=+Ohs
-----END PGP SIGNATURE-----