[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Database is getting corrupted

To: Jason Voorhees <jvoorhees1@gmail.com>, openldap-technical@openldap.org
Subject: Re: Database is getting corrupted
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Mon, 05 Jan 2009 08:33:08 -0800
Content-disposition: inline
In-reply-to: <49621C6A.7090809@gmail.com>
References: <495A54E7.20507@gmail.com> <13ca621c0812311009n56ffd35cl2fe06b316363457d@mail.gmail.com> <49621C6A.7090809@gmail.com>

--On Monday, January 05, 2009 9:42 AM -0500 Jason Voorhees <jvoorhees1@gmail.com> wrote:

(Sorry if maybe I'm sending this message twice. I think I sent the first
one in HTML format and I guess that format isn't allowed here).

Ok, maybe I'm missing some essential knowledge about how OpenLDAP and
indexing works.
This is what I'm doing (as simple as possible after too many failed
tests with more complex scenarios):

1. Create a new database in slapd.conf withouy any ACLs yet:

database      bdb
suffix            dc=test,dc=com
rootdn          cn=manager,dc=test,dc=com
rootpw          {SSHA}5b3FNT6a3PrldYD/X58ghCXa7vhUOO24
directory       /var/lib/ldap/test
mode            600
cachesize     10000

index           objectClass     eq
index           mail            eq,sub

2. After stopping OpenLDAP I create the basic content of my LDAP tree
using slapadd:

# slapadd -l test.ldif -b dc=test,dc=com
# cat test.ldif
dn: dc=test,dc=com
objectClass: domain
dc: test

(all worked fine, no errors, no problems)

3. Then I fix perms and ownership of database directory
(/var/lib/ldap/test):

# chown -R ldap.ldap /var/lib/ldap/test
# chmod 700 /var/lib/ldap/test
# chmod 600 /var/lib/ldap/test/*
# ls -ld /var/lib/ldap /var/lib/ldap/test
drwx------ 3 ldap ldap 4096 Dec 31 07:38 /var/lib/ldap/
drwx------ 2 ldap ldap 4096 Jan  1 10:39 /var/lib/ldap/test/

# ls -l /var/lib/ldap/test
total 732
-rw------- 1 ldap ldap     2048 Jan  1 10:39 alock
-rw------- 1 ldap ldap    24576 Jan  1 10:38 __db.001
-rw------- 1 ldap ldap   278528 Jan  1 10:38 __db.002
-rw------- 1 ldap ldap   270336 Jan  1 10:38 __db.003
-rw------- 1 ldap ldap    98304 Jan  1 10:38 __db.004
-rw------- 1 ldap ldap   352256 Jan  1 10:38 __db.005
-rw------- 1 ldap ldap    24576 Jan  1 10:38 __db.006
-rw------- 1 ldap ldap     8192 Jan  1 10:39 dn2id.bdb
-rw------- 1 ldap ldap    32768 Jan  1 10:39 id2entry.bdb
-rw------- 1 ldap ldap 10485760 Jan  1 10:39 log.0000000001
-rw------- 1 ldap ldap     8192 Jan  1 10:39 objectClass.bdb

(pay attetion, there's no mail.bdb file yet!, right?)

4. Check slapd syntax, start OpenLDAP and make a test:

# slaptest -u
config file testing succeeded
# service ldap start
# ldapsearch -xLLL -b dc=test,dc=com

(and Yes, /etc/init.d/ldap it forces slapd to run as ldap user)

5. Everithing is fine. Then I try to add some content from an LDIF file:

# ldapmodify -a -x -D cn=manager,dc=test,dc=com -w secret -f test.ldif
adding new entry "mail=jvoorhees1@gmail.com,dc=test,dc=com"
ldap_add: Internal (implementation specific) error (80)
        additional info: index generation failed

# cat test.ldif
dn: mail=jvoorhees1@gmail.com,dc=test,dc=com
objectClass: inetOrgPerson
mail: jvoorhees1@gmail.com
cn: Jason Voorhees
sn: Voorhees

6. What happened? What am I doing wrong? I'm working with "loglevel 256"
in slapd.conf and sending local4.* logs to /var/log/ldap.log and I'm
getting this error message while using ldapmodify:

Jan  1 10:51:49 ha1 slapd[26023]: @(#) $OpenLDAP: slapd 2.3.27 (Jul  9
2008 13:10:56) $
mockbuild@builder16.centos.org:/builddir/build/BUILD/openldap-2.3.27/open
ldap-2.3.27/build-servers/servers/slapd Jan  1 10:51:49 ha1 slapd[26024]:
bdb_db_open: Warning - No DB_CONFIG file found in directory
/var/lib/ldap/test: (2) Expect poor performance for suffix dc=test,dc=com.
Jan  1 10:51:49 ha1 slapd[26024]: slapd starting
Jan  1 10:51:56 ha1 slapd[26024]: conn=0 fd=12 ACCEPT from
IP=127.0.0.1:40112 (IP=0.0.0.0:389)
Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=0 BIND
dn="cn=manager,dc=test,dc=com" method=128
Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=0 BIND
dn="cn=manager,dc=test,dc=com" mech=SIMPLE ssf=0
Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=0 RESULT tag=97 err=0 text=
Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=1 ADD
dn="mail=jvoorhees1@gmail.com,dc=test,dc=com"
Jan  1 10:51:56 ha1 slapd[26024]: bdb(dc=test,dc=com):
/var/lib/ldap/test/mail.bdb: Permission denied
Jan  1 10:51:56 ha1 slapd[26024]: bdb_db_cache: db_open(mail) failed:
Permission denied (13)
Jan  1 10:51:56 ha1 slapd[26024]: bdb_index_read: Could not open DB mail
Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=1 RESULT tag=105 err=80
text=index generation failed
Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=2 UNBIND
Jan  1 10:51:56 ha1 slapd[26024]: conn=0 fd=12 closed
Jan  1 10:51:56 ha1 slapd[26024]: connection_read(12): no connection!

Why can't slapd create any index file in its database directory? Does
slapd need to have index files created before it is started? Is it
possible to slapd to create new index files when it is already running?
Those are my essential doubts  :(


7. OK, according to error message I must check perms and ownership of
database files. But OMG everything is apparently fine!. Look:

# ls -ld /var/lib/ldap /var/lib/ldap/test
drwx------ 3 ldap ldap 4096 Dec 31 07:38 /var/lib/ldap/
drwx------ 2 ldap ldap 4096 Jan  1 10:51 /var/lib/ldap/test/

# ls -l /var/lib/ldap/test
total 752
-rw------- 1 ldap ldap     4096 Jan  1 10:51 alock
-rw------- 1 ldap ldap    24576 Jan  1 10:38 __db.001
-rw------- 1 ldap ldap   278528 Jan  1 10:38 __db.002
-rw------- 1 ldap ldap   270336 Jan  1 10:38 __db.003
-rw------- 1 ldap ldap    98304 Jan  1 10:38 __db.004
-rw------- 1 ldap ldap   352256 Jan  1 10:38 __db.005
-rw------- 1 ldap ldap    24576 Jan  1 10:38 __db.006
-rw------- 1 ldap ldap     8192 Jan  1 10:51 dn2id.bdb
-rw------- 1 ldap ldap    32768 Jan  1 10:39 id2entry.bdb
-rw------- 1 ldap ldap 10485760 Jan  1 10:51 log.0000000001
-rw------- 1 ldap ldap     8192 Jan  1 10:51 objectClass.bdb

What else? SElinux?

# getenforce
Disabled

So, what's the problem?

SO: CentOS 5.2
OpenLDAP: 2.3.27 (openldap-servers-2.3.27-8.el5_2.4.rpm)
Kernel: 2.6.18-92.1.22.el5xen
SElinux: disabled

The same problem occurs in an equal envinronment but with no Xen kernel.
Could somebody help me? Thanks a lot

Well, other than you are using an ancient version of OpenLDAP with many known issues, which I would advise against, have you tried actually touching a file in /var/lib/ldap/test as the ldap user? I.e., that's the one test I don't see you performing, but is the first thing that comes to my mind to test.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- Re: Database is getting corrupted
  - From: Jason Voorhees <jvoorhees1@gmail.com>

References:
- Re: Database is getting corrupted
  - From: Jason Voorhees <jvoorhees1@gmail.com>

Prev by Date: Re: Database is getting corrupted
Next by Date: Re: Database is getting corrupted
Index(es):
- Chronological
- Thread