Re: alock File Keeps LDAP (slapd) from Starting Up

[Aaron Richton <richton@nbcs.rutgers.edu>]

I don't change these files often, so I'm not speaking from personal
experience, because I'd just slapadd the entire thing again. But...

I think you have to recreate your bdb environment after changing
DB_CONFIG. cd to /var/lib/openldap-bdb and run db_recover (do NOT do this
while OpenLDAP is using the files; if you're using that ldbm config this
might be safe). Then try switching back from ldbm to bdb and see if that
made a difference. If I'm right, there should be info about this in the
Sleepycat docs.

And if you're at all concerned about performance, make sure you're running
OL2.3, because you'll want appropriate workarounds for the Linux 2.6
sched_yield() silliness. I'm not sure that they made it into 2.2.

BTW, if you're concerned over data integrity, NOSYNC is a BAD option. You
run the risk of severe data loss on a hard fail (e.g. power). If you want
speed at all costs, it's a good option.

On Thu, 25 May 2006, Todd Lyons wrote:

> On Thu, May 25, 2006 at 01:56:22PM -0700, Todd Lyons wrote:
>
> >>BDB 4.3 is a known problem release.  The suggested BDB release is
> >>4.2.52+patches, and possible BDB 4.4.20+patches.  But not BDB 4.3.anything.
> >Ah, that's good to know.  I upgraded an old 2.1.30 production server to
> >2.3.21 with bdb 4.3 and the load went through the roof, searches were
> >blindingly slow, etc.  I'm rolling back to 2.2.30 right now with db 4.2.
> >We'll see if that fixes my speed problem.
>
> Followup:
> No, it didn't fix the speed problem.  When using the ldbm backend, the
> machine sits at load around 0.1 and 2% or 3% cpu usage.  I switch to bdb
> backend and my load jumps to 14 or so, searches take seconds to complete
> (of course slows down as the load gets higher).  At that point, the
> acceptance of new incoming connects gets degraded enough that it drops
> out of the load balancer until OpenLDAP catches up on things.  In short,
> I wasn't able to get it to work.  I had to go back to ldbm.  I'll keep
> hacking away at it.
>
> Here are my configs:
>
> /etc/openldap/slapd.conf:
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/sendmail.schema
> include         /etc/openldap/schema/courier.schema
> include         /etc/ssh/openssh-lpk.schema
>
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
>
> loglevel 0
>
> allow bind_v2
>
> access to attr=userPassword
>         by dn="cn=master,dc=ivenue,dc=net" write
>         by dn="cn=courier,dc=ivenue,dc=net" read
>         by dn="cn=sendmail,dc=ivenue,dc=net" read
>         by dn="cn=pam,dc=ivenue,dc=net" read
>         by dn="cn=pam,ou=employees,dc=ivenue,dc=net" read
>         by self write
>         by * auth
> access to *
>         by dn="cn=master,dc=ivenue,dc=net" write
>         by * read
>
> #######################################################################
> # ldbm database definitions
> #######################################################################
>
> database        ldbm
> suffix          "dc=ivenue,dc=net"
> rootdn          "cn=Manager,dc=ivenue,dc=net"
> rootpw          {crypt}blahblahblahblah
> directory       /var/lib/openldap-data
> # Indices to maintain
> index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
> index   cn,mail,surname,givenname                       eq,subinitial
> index   sendmailMTAKey,sendmailMTAMapName               eq
> index   sendmailMTAHost,sendmailMTACluster              eq
> index   sendmailMTAAliasGrouping,sendmailMTAClassName   eq
>
> #database       bdb
> #suffix         "dc=ivenue,dc=net"
> #rootdn         "cn=Manager,dc=ivenue,dc=net"
> #rootpw         {crypt}6d1Y8zMFOZQ/6
> #directory      /var/lib/openldap-bdb
> ## Tried 10000 too
> #cachesize      50000
> ## Indices to maintain
> #index  objectClass                                     eq
> #index  uid,uidNumber,gidNumber,memberUid               eq
> #index  cn,mail,surname,givenname                       eq,subinitial
> #index  sendmailMTAKey,sendmailMTAMapName               eq
> #index  sendmailMTAHost,sendmailMTACluster              eq
> #index  sendmailMTAAliasGrouping,sendmailMTAClassName   eq
>
> updatedn cn=master,dc=ivenue,dc=net
>
>
> 2.6.12-gentoo-r10 ldap1 openldap # cat /var/lib/openldap-bdb/DB_CONFIG
> #
> # Set the database in memory cache size.
> #
> set_cachesize   0       52428800        0
>
> #
> # Set database flags.
> #
> set_flags       DB_TXN_NOSYNC
>
> #
> # Set log values.
> #
> set_lg_regionmax        1048576
> set_lg_max              10485760
> set_lg_bsize            2097152
> set_lg_dir              /var/lib/openldap-bdb/log
>
> #
> # Set temporary file creation directory.
> #
> set_tmp_dir             /var/tmp
>
>
> All directories exist, owned by ldap:ldap (except for /var/tmp of
> course).  I didn't do anything as far as fine tuning the DB_CONFIG,
> don't know where to start with that.  I am using values I found in a
> discussion on the ML somewhere.
>
>
> 2.6.12-gentoo-r10 ldap1 openldap # vdir /var/lib/openldap-bdb/
> total 157332
> -rw-r--r--    1 ldap     ldap          435 May 25 13:54 DB_CONFIG
> -rw-------    1 ldap     ldap         8192 May 25 13:54 __db.001
> -rw-------    1 ldap     ldap     65544192 May 25 13:54 __db.002
> -rw-------    1 ldap     ldap      3145728 May 25 13:54 __db.003
> -rw-------    1 ldap     ldap       368640 May 25 13:54 __db.004
> -rw-------    1 ldap     ldap        24576 May 25 13:54 __db.005
> -rw-------    1 ldap     ldap       212992 May 25 14:02 cn.bdb
> -rw-------    1 ldap     ldap     17272832 May 25 14:02 dn2id.bdb
> -rw-------    1 ldap     ldap       102400 May 25 14:02 gidNumber.bdb
> -rw-------    1 ldap     ldap     64372736 May 25 14:02 id2entry.bdb
> drwxr-xr-x    2 ldap     ldap         4096 May 25 13:56 log
> -rw-------    1 ldap     ldap      5533696 May 25 14:02 mail.bdb
> -rw-------    1 ldap     ldap         8192 May 25 14:02 memberUid.bdb
> -rw-------    1 ldap     ldap      2387968 May 25 14:02 objectClass.bdb
> -rw-------    1 ldap     ldap         8192 May 25 14:02 sendmailMTAAliasGrouping.bdb
> -rw-------    1 ldap     ldap         8192 May 25 13:56 sendmailMTAClassName.bdb
> -rw-------    1 ldap     ldap       483328 May 25 14:02 sendmailMTACluster.bdb
> -rw-------    1 ldap     ldap         8192 May 25 14:02 sendmailMTAHost.bdb
> -rw-------    1 ldap     ldap      1273856 May 25 14:02 sendmailMTAKey.bdb
> -rw-------    1 ldap     ldap       483328 May 25 14:02 sendmailMTAMapName.bdb
> -rw-------    1 ldap     ldap         8192 May 25 13:56 sn.bdb
> -rw-------    1 ldap     ldap       520192 May 25 14:02 uid.bdb
> -rw-------    1 ldap     ldap       266240 May 25 14:02 uidNumber.bdb
>
>
> Any pointers, urls, or regular ole help would be much appreciated.
> --
> Regards...		Todd
> There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo.  Please use in that order. --Ed Howdershelt
> Linux kernel 2.6.12-18mdksmp   2 users,  load average: 1.43, 1.14, 0.67
>