[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Database is getting corrupted




Quanah Gibson-Mount escribió:
> --On Monday, January 05, 2009 9:42 AM -0500 Jason Voorhees
> <jvoorhees1@gmail.com> wrote:
> 
>> (Sorry if maybe I'm sending this message twice. I think I sent the first
>> one in HTML format and I guess that format isn't allowed here).
>>
>> Ok, maybe I'm missing some essential knowledge about how OpenLDAP and
>> indexing works.
>> This is what I'm doing (as simple as possible after too many failed
>> tests with more complex scenarios):
>>
>> 1. Create a new database in slapd.conf withouy any ACLs yet:
>>
>> database      bdb
>> suffix            dc=test,dc=com
>> rootdn          cn=manager,dc=test,dc=com
>> rootpw          {SSHA}5b3FNT6a3PrldYD/X58ghCXa7vhUOO24
>> directory       /var/lib/ldap/test
>> mode            600
>> cachesize     10000
>>
>> index           objectClass     eq
>> index           mail            eq,sub
>>
>> 2. After stopping OpenLDAP I create the basic content of my LDAP tree
>> using slapadd:
>>
>> # slapadd -l test.ldif -b dc=test,dc=com
>> # cat test.ldif
>> dn: dc=test,dc=com
>> objectClass: domain
>> dc: test
>>
>> (all worked fine, no errors, no problems)
>>
>> 3. Then I fix perms and ownership of database directory
>> (/var/lib/ldap/test):
>>
>> # chown -R ldap.ldap /var/lib/ldap/test
>> # chmod 700 /var/lib/ldap/test
>> # chmod 600 /var/lib/ldap/test/*
>> # ls -ld /var/lib/ldap /var/lib/ldap/test
>> drwx------ 3 ldap ldap 4096 Dec 31 07:38 /var/lib/ldap/
>> drwx------ 2 ldap ldap 4096 Jan  1 10:39 /var/lib/ldap/test/
>>
>> # ls -l /var/lib/ldap/test
>> total 732
>> -rw------- 1 ldap ldap     2048 Jan  1 10:39 alock
>> -rw------- 1 ldap ldap    24576 Jan  1 10:38 __db.001
>> -rw------- 1 ldap ldap   278528 Jan  1 10:38 __db.002
>> -rw------- 1 ldap ldap   270336 Jan  1 10:38 __db.003
>> -rw------- 1 ldap ldap    98304 Jan  1 10:38 __db.004
>> -rw------- 1 ldap ldap   352256 Jan  1 10:38 __db.005
>> -rw------- 1 ldap ldap    24576 Jan  1 10:38 __db.006
>> -rw------- 1 ldap ldap     8192 Jan  1 10:39 dn2id.bdb
>> -rw------- 1 ldap ldap    32768 Jan  1 10:39 id2entry.bdb
>> -rw------- 1 ldap ldap 10485760 Jan  1 10:39 log.0000000001
>> -rw------- 1 ldap ldap     8192 Jan  1 10:39 objectClass.bdb
>>
>> (pay attetion, there's no mail.bdb file yet!, right?)
>>
>> 4. Check slapd syntax, start OpenLDAP and make a test:
>>
>> # slaptest -u
>> config file testing succeeded
>> # service ldap start
>> # ldapsearch -xLLL -b dc=test,dc=com
>>
>> (and Yes, /etc/init.d/ldap it forces slapd to run as ldap user)
>>
>> 5. Everithing is fine. Then I try to add some content from an LDIF file:
>>
>> # ldapmodify -a -x -D cn=manager,dc=test,dc=com -w secret -f test.ldif
>> adding new entry "mail=jvoorhees1@gmail.com,dc=test,dc=com"
>> ldap_add: Internal (implementation specific) error (80)
>>         additional info: index generation failed
>>
>> # cat test.ldif
>> dn: mail=jvoorhees1@gmail.com,dc=test,dc=com
>> objectClass: inetOrgPerson
>> mail: jvoorhees1@gmail.com
>> cn: Jason Voorhees
>> sn: Voorhees
>>
>> 6. What happened? What am I doing wrong? I'm working with "loglevel 256"
>> in slapd.conf and sending local4.* logs to /var/log/ldap.log and I'm
>> getting this error message while using ldapmodify:
>>
>> Jan  1 10:51:49 ha1 slapd[26023]: @(#) $OpenLDAP: slapd 2.3.27 (Jul  9
>> 2008 13:10:56) $
>> mockbuild@builder16.centos.org:/builddir/build/BUILD/openldap-2.3.27/open
>> ldap-2.3.27/build-servers/servers/slapd Jan  1 10:51:49 ha1 slapd[26024]:
>> bdb_db_open: Warning - No DB_CONFIG file found in directory
>> /var/lib/ldap/test: (2) Expect poor performance for suffix
>> dc=test,dc=com.
>> Jan  1 10:51:49 ha1 slapd[26024]: slapd starting
>> Jan  1 10:51:56 ha1 slapd[26024]: conn=0 fd=12 ACCEPT from
>> IP=127.0.0.1:40112 (IP=0.0.0.0:389)
>> Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=0 BIND
>> dn="cn=manager,dc=test,dc=com" method=128
>> Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=0 BIND
>> dn="cn=manager,dc=test,dc=com" mech=SIMPLE ssf=0
>> Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=0 RESULT tag=97 err=0 text=
>> Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=1 ADD
>> dn="mail=jvoorhees1@gmail.com,dc=test,dc=com"
>> Jan  1 10:51:56 ha1 slapd[26024]: bdb(dc=test,dc=com):
>> /var/lib/ldap/test/mail.bdb: Permission denied
>> Jan  1 10:51:56 ha1 slapd[26024]: bdb_db_cache: db_open(mail) failed:
>> Permission denied (13)
>> Jan  1 10:51:56 ha1 slapd[26024]: bdb_index_read: Could not open DB mail
>> Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=1 RESULT tag=105 err=80
>> text=index generation failed
>> Jan  1 10:51:56 ha1 slapd[26024]: conn=0 op=2 UNBIND
>> Jan  1 10:51:56 ha1 slapd[26024]: conn=0 fd=12 closed
>> Jan  1 10:51:56 ha1 slapd[26024]: connection_read(12): no connection!
>>
>> Why can't slapd create any index file in its database directory? Does
>> slapd need to have index files created before it is started? Is it
>> possible to slapd to create new index files when it is already running?
>> Those are my essential doubts  :(
>>
>>
>> 7. OK, according to error message I must check perms and ownership of
>> database files. But OMG everything is apparently fine!. Look:
>>
>> # ls -ld /var/lib/ldap /var/lib/ldap/test
>> drwx------ 3 ldap ldap 4096 Dec 31 07:38 /var/lib/ldap/
>> drwx------ 2 ldap ldap 4096 Jan  1 10:51 /var/lib/ldap/test/
>>
>> # ls -l /var/lib/ldap/test
>> total 752
>> -rw------- 1 ldap ldap     4096 Jan  1 10:51 alock
>> -rw------- 1 ldap ldap    24576 Jan  1 10:38 __db.001
>> -rw------- 1 ldap ldap   278528 Jan  1 10:38 __db.002
>> -rw------- 1 ldap ldap   270336 Jan  1 10:38 __db.003
>> -rw------- 1 ldap ldap    98304 Jan  1 10:38 __db.004
>> -rw------- 1 ldap ldap   352256 Jan  1 10:38 __db.005
>> -rw------- 1 ldap ldap    24576 Jan  1 10:38 __db.006
>> -rw------- 1 ldap ldap     8192 Jan  1 10:51 dn2id.bdb
>> -rw------- 1 ldap ldap    32768 Jan  1 10:39 id2entry.bdb
>> -rw------- 1 ldap ldap 10485760 Jan  1 10:51 log.0000000001
>> -rw------- 1 ldap ldap     8192 Jan  1 10:51 objectClass.bdb
>>
>> What else? SElinux?
>>
>> # getenforce
>> Disabled
>>
>> So, what's the problem?
>>
>> SO: CentOS 5.2
>> OpenLDAP: 2.3.27 (openldap-servers-2.3.27-8.el5_2.4.rpm)
>> Kernel: 2.6.18-92.1.22.el5xen
>> SElinux: disabled
>>
>> The same problem occurs in an equal envinronment but with no Xen kernel.
>> Could somebody help me? Thanks a lot
> 
> Well, other than you are using an ancient version of OpenLDAP with many
> known issues, which I would advise against, have you tried actually
> touching a file in /var/lib/ldap/test as the ldap user?  I.e., that's
> the one test I don't see you performing, but is the first thing that
> comes to my mind to test.
> 
> --Quanah
> 
> -- 
> 
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration

The same problem occurs in OpenSuSE 11 with OpenLDAP 2.4.9.
I became ldap user and I was able to create any files inside
/var/lib/ldap/test:

# su -s /bin/bash ldap
$ pwd
/var/lib/ldap
$ touch first
$ echo $?
0
$ cd /var/lib/ldap/test
$ touch second
$ echo $?
0

There's no problem creating files under /var/lib/ldap/*. What's the
problem then?