[Date Prev][Date Next] [Chronological] [Thread] [Top]

bdb panics with openldap



We have openldap using the bdb has its database.For
some reason the bdb had crashed complaining permission
issue.

May 13 16:04:40 ccc slapd[30372]: conn=12430 fd=10
ACCEPT from IP=xxx.yyy.zzz.aaa:33905 (IP=0.0.0.0:389)

May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0 BIND
dn="cn=Directory Manager,o=none.com" method=128

May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0 BIND
dn="cn=Directory Manager,o=none.com" mech=SIMPLE ssf=0

May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0
RESULT tag=97 err=0 text=

May 13 16:04:40 ccc slapd[30372]: conn=12430 op=1 MOD
dn="uid=sysadmin,o=none.com"

May 13 16:04:40 ccc slapd[30372]: conn=12430 op=1 MOD
noner=lastlogints lastaccessts authcookie

May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
/var/lib/ldap/log.0000000002: log file open failed:
Permission denied

May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
PANIC: Permission denied

May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
DB_ENV->log_put: 2: DB_RUNRECOVERY: Fatal error, run
database recovery

May 13 16:04:40 ccc slapd[30372]: bdb(o=none.com):
/var/lib/ldap/log.0000000002: log file open failed:
Permission denied


The log.000000000 gets rotated based on the size
(10MB).The new logfile(log.0000000002) was rotated at
on Apr 30th and I believe the permission was set as
root:root instead of ldap:ldap(Note: the ldap being
run as user ldap).The reason why didnâ??t crash till
yesterday was, only search queries were run against
the ldap/bdb (The ldap search test for testing ldap
keep alive).Yesterday  a modify query was run from IP
xxx.yyy.zzz.aaa and I guess bdb complained of
permission problem and panicked 

 May 13 16:04:40 ccc slapd[30372]: conn=12430 fd=10
ACCEPT from IP=xxx.yyy.zzz.aaa:33905 (IP=0.0.0.0:389)

May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0 BIND
dn="cn=Directory Manager,o=none.com" method=128

May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0 BIND
dn="cn=Directory Manager,o=none.com" mech=SIMPLE ssf=0

May 13 16:04:40 ccc slapd[30372]: conn=12430 op=0
RESULT tag=97 err=0 text=

May 13 16:04:40 ccc slapd[30372]: conn=12430 op=1 MOD
dn="uid=sysadmin,o=none.com"


[root@ccc ldap]# ls -l /var/lib/ldap

total 13236

-rw-------  1 ldap ldap   106496 Mar 24 19:30 cn.bdb

-rw-------  1 ldap ldap    16384 Mar 20 11:50 __db.001

-rw-------  1 ldap ldap   278528 Mar 20 11:50 __db.002

-rw-------  1 ldap ldap    98304 Mar 20 11:50 __db.003

-rw-------  1 ldap ldap   450560 Mar 20 11:50 __db.004

-rw-------  1 ldap ldap    16384 Mar 20 11:50 __db.005

-rw-------  1 ldap ldap    45056 Mar 24 19:30
dn2id.bdb

-rw-------  1 ldap ldap   278528 Apr  2 13:40
id2entry.bdb

-rw-------  1 ldap ldap 10485710 Apr 30 14:40
log.0000000001

-rw-------  1 root root  1827874 May 13 16:00
log.0000000002

-rw-------  1 ldap ldap     8192 Mar 20 11:50 mail.bdb

-rw-------  1 ldap ldap    16384 Mar 24 19:30
objectClass.bdb

-rw-r--r--  1 ldap ldap        0 Apr  2 13:31
openldap-master-replog

-rw-r--r--  1 ldap ldap        0 Apr  2 13:31
openldap-master-replog.lock

-rw-------  1 ldap ldap     8192 Mar 20 11:50 ou.bdb

drwxr-xr-x  2 root root     4096 Mar 21 16:33 replica

-rw-------  1 ldap ldap    49152 Mar 20 11:50 sn.bdb

-rw-------  1 ldap ldap     8192 Mar 20 12:00 uid.bdb


The ldap is being run as user ldap

[root@ccc ~]# ps -ef | grep ldap

root      8983  6956  0 15:40 pts/0    00:00:00 grep
ldap

ldap     31694     1  0 Mar20 ?        00:01:57
/usr/sbin/slapd -u ldap -h ldap:///

 [root@ccc ~]# grep ldap /etc/passwd

ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false

 

Why should a modify cause a panic and not a search?Why
did the rotated log had root as owner instead of
ldap?Is there a fix for this issue?

Cheers
CG