[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Database is getting corrupted



Nothing is getting corrupt, only permission errors. Check what
permissions your init script is looking for and running slapd as.

On 30/12/2008, Jason Voorhees <jvoorhees1@gmail.com> wrote:
> Hi all:
>
> I'm running OpenLDAP 2.3.27 from CentOS 5.2 to build from scratch an
> LDAP tree based on Phamm sample LDIF files.
> I have these database definition in slapd.conf:
>
> database        bdb
> suffix          "dc=redtube,dc=com"
> rootdn          "cn=manager,dc=redtube,dc=com"
> rootpw          {SSHA}5b3FNT6a3PrldYD/X58ghCXa7vhUOO24
> directory       /var/lib/ldap
> mode            660
>
> index objectClass eq
> index cn,mail eq,subinitial
> index vd,delete eq,pres
> index accountActive,forwardActive eq,pres
> index smtpAuth eq,pres
> index sn,uid,displayName pres,eq,sub
> index uidNumber,gidNumber eq
> index default sub
>
> I always do the following:
>
> 1. # rm /var/lib/ldap/*
> (to be sure i'm starting from scratch)
>
>
> 2. # slapadd -b dc=redtube,dc=com redtube.ldif
>
> After step (2) I can see that /var/lib/ldap/alock has rw-r--r-- and all
> the other files have -w----r-T as permissions and are owned by root.root
> . Is that correct?
>
> Well, as far as I know they should be owned by ldap user and ldap group
> with 0660 permissions asigned (based on "mode" directive in slapd.conf).
> So I do the following:
>
>
> 3. # chown ldap.ldap /var/lib/ldap/*
>    # chmod 660 /var/lib/ldap/*
>    (/var/lib/ldap directory is 0700 and owned by ldap.ldap already)
>
> 4. I check against posible errors and then start OpenLDAP:
>
>    # slapd -Tt
>    # service ldap start
>
>
> 5. OpenLDAP starts correctly, it works perfectly. I can even do
> modificatons to the LDAP tree adding entries based on attributes like
> vd, cn, mail, among others.
> I'm aware that there are no uid.bdb created yet in /var/lib/ldap, so I
> guess that's ok.
>
> My problem comes when I try to perform some operation that causes
> OpenLDAP to create an index file in /var/lib/ldap.
> In example, when I try to log in with rootdn trough phpldapadmin I get
> something like this in logs:
>
> Dec 30 11:31:22 ha1 slapd[1889]: conn=5 fd=12 ACCEPT from
> IP=127.0.0.1:38395 (IP=0.0.0.0:389)                 Dec 30 11:31:22 ha1
> slapd[1889]: conn=5 op=0 BIND dn="" method=128
>                   Dec 30 11:31:22 ha1 slapd[1889]: conn=5 op=0 RESULT
> tag=97 err=0 text=                                        Dec 30
> 11:31:22 ha1 slapd[1889]: conn=5 op=1 SRCH base="dc=redtube,dc=com"
> scope=2 deref=0 filter="(uid=cn=manager,dc=redtube,dc=com)"
>
> Dec 30 11:31:22 ha1 slapd[1889]: conn=5 op=1 SRCH attr=dn
>                                       Dec 30 11:31:22 ha1 slapd[1889]:
> bdb(dc=redtube,dc=com): /var/lib/ldap/uid.bdb: Permission denied
>     Dec 30 11:31:22 ha1 slapd[1889]: bdb_db_cache: db_open(uid) failed:
> Permission denied (13)                    Dec 30 11:31:22 ha1
> slapd[1889]: <= bdb_equality_candidates: (uid) index_param failed (13)
>                   Dec 30 11:31:22 ha1 slapd[1889]: conn=5 op=1 SEARCH
> RESULT tag=101 err=0 nentries=0 text=                     Dec 30
> 11:31:22 ha1 slapd[1889]: conn=5 op=2 UNBIND
>                                Dec 30 11:31:22 ha1 slapd[1889]: conn=5
> fd=12 closed
>
> I don't know why phpldapadmin performs a search based on a filter like
> "(uid=cn=manager,dc=redtube,dc=com)" but well, it doesn't matter to me.
>
> Then I stop and start OpenLDAP and I start getting this:
>
> # /etc/init.d/ldap stop
> Stopping slapd:                                            [  OK  ]
> # /etc/init.d/ldap start
> Checking configuration files for slapd:  bdb_db_open: unclean shutdown
> detected; attempting recovery.
> bdb_db_open: Warning - No DB_CONFIG file found in directory
> /var/lib/ldap: (2)
> Expect poor performance for suffix dc=mailtest,dc=com.
> bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if
> errors are encountered.
> config file testing succeeded
>                                                            [  OK  ]
> Starting slapd:                                            [  OK  ]
>
>
> Question is: Why can't OpenLDAP create /var/lib/ldap/uid.bdb? Why is
> getting permission denied messages? The hole directory /var/lib/ldap is
> owned by ldap user with 660 permissions.
> Can anybody help me? Thanks
>

-- 
Sent from my mobile device

http://www.suretecsystems.com/services/openldap/