|
Philip Colmer wrote: > 2014-07-22 13:42 GMT+01:00 Harry Jede <harry.jede@arcor.de>: > > Then your slapd process is unable to read the index. Chown the > > files to openldap:openldap if that are your slapd user/group. > > I think there may be some confusion between my head and OpenLDAP as > to where the files are located and that may be the underlying > problem. > > If I search the server for DB_CONFIG, there are two different > locations found - /var/lib/ldap and /usr/local/var/openldap-data. > > Now, this is where it gets a bit confusing. The files in > /var/lib/ldap haven't been touched since 2013: > > -rw-r--r-- 1 openldap openldap 2048 Dec 29 2013 alock > -rw------- 1 openldap openldap 933888 Dec 29 2013 cn.bdb > -rw------- 1 openldap openldap 24576 Dec 29 2013 __db.001 > -rw------- 1 openldap openldap 368640 Dec 29 2013 __db.002 > -rw------- 1 openldap openldap 2629632 Dec 29 2013 __db.003 > -rw------- 1 openldap openldap 163840 Dec 29 2013 __db.004 > -rw------- 1 openldap openldap 1286144 Dec 29 2013 __db.005 > -rw------- 1 openldap openldap 32768 Dec 29 2013 __db.006 > -rw-r--r-- 1 openldap openldap 124 Jun 12 2013 DB_CONFIG > -rw------- 1 openldap openldap 1130496 Dec 29 2013 dn2id.bdb > -rw------- 1 openldap openldap 204800 Dec 29 2013 entryCSN.bdb > -rw------- 1 openldap openldap 65536 Dec 29 2013 entryUUID.bdb > -rw------- 1 openldap openldap 32768 Dec 27 2013 gidNumber.bdb > -rw------- 1 openldap openldap 176128 Dec 27 2013 givenName.bdb > -rw------- 1 openldap openldap 15122432 Dec 29 2013 id2entry.bdb > -rw------- 1 openldap openldap 10485760 Dec 29 2013 log.0000004856 > -rw------- 1 openldap openldap 876544 Dec 29 2013 mail.bdb > -rw------- 1 openldap openldap 172032 Dec 29 2013 memberOf.bdb > -rw------- 1 openldap openldap 139264 Dec 28 2013 memberUid.bdb > -rw------- 1 openldap openldap 204800 Dec 29 2013 objectClass.bdb > -rw------- 1 openldap openldap 217088 Dec 27 2013 sn.bdb > -rw------- 1 openldap openldap 36864 Dec 27 2013 uid.bdb > -rw------- 1 openldap openldap 32768 Dec 27 2013 uidNumber.bdb > -rw------- 1 openldap openldap 155648 Dec 29 2013 > uniqueMember.bdb > > whereas *some* of the files in /usr/local/var/openldap-data have been > touched more recently: > > drwxr-xr-x 2 openldap openldap 4096 Feb 1 16:37 accesslog > -rw-r--r-- 1 openldap openldap 4096 Jul 19 09:40 alock > -rw------- 1 openldap openldap 1040384 Feb 1 02:15 cn.bdb > -rw------- 1 openldap openldap 24576 Jul 19 09:40 __db.001 > -rw------- 1 openldap openldap 368640 Jul 22 13:09 __db.002 > -rw------- 1 openldap openldap 2629632 Jul 22 13:09 __db.003 > -rw------- 1 openldap openldap 163840 Jul 22 13:07 __db.004 > -rw------- 1 openldap openldap 1286144 Jul 22 13:09 __db.005 > -rw------- 1 openldap openldap 32768 Jul 22 13:07 __db.006 > -rw-r--r-- 1 openldap openldap 124 Dec 29 2013 DB_CONFIG > -rw------- 1 openldap openldap 991232 Jul 22 13:06 dn2id.bdb > -rw------- 1 openldap openldap 835584 Jul 22 13:07 entryCSN.bdb > -rw------- 1 openldap openldap 81920 Jul 22 13:06 entryUUID.bdb > -rw------- 1 openldap openldap 32768 Jan 31 16:30 gidNumber.bdb > -rw------- 1 openldap openldap 208896 Jan 31 16:30 givenName.bdb > -rw------- 1 openldap openldap 16809984 Jul 22 13:07 id2entry.bdb > -rw------- 1 openldap openldap 10485760 Jul 22 13:07 log.0000008873 > -rw------- 1 openldap openldap 10485760 Jul 22 13:07 log.0000008874 > -rw------- 1 openldap openldap 954368 Feb 1 02:15 mail.bdb > -rw------- 1 openldap openldap 176128 Feb 1 02:35 memberOf.bdb > -rw------- 1 openldap openldap 139264 Feb 1 02:01 memberUid.bdb > -rw------- 1 openldap openldap 200704 Feb 1 02:15 objectClass.bdb > -rw------- 1 openldap openldap 249856 Jan 31 16:30 sn.bdb > -rw------- 1 openldap openldap 40960 Jan 31 16:30 uid.bdb > -rw------- 1 openldap openldap 32768 Jan 31 16:30 uidNumber.bdb > -rw------- 1 openldap openldap 163840 Feb 1 02:15 uniqueMember.bdb If I run slapindex without options *all* index files are updated, except those whos attributes are empty. In my case this is uniqueMember.bdb.
> If I grep the cn=config files for both of these file paths, though, > only /var/lib/ldap appears (in olcDatabase={1}hdb.ldif). Digging a > bit deeper, it looks like I specified /usr/local/var as the run > directory when I built OpenLDAP, which is why > /usr/local/var/openldap-data is where the files are being held. > > So ... I guess that if I reconfigure olcDatabase={1}hdb.ldif to point > at /usr/local/var/openldap-data, at least the files would be in the > same directory although I don't entirely understand why OpenLDAP > isn't at least updating the indexes properly even if they are in the > wrong directory. I assume you manually edit the config database? You should never do this.
> Presumably the various .bdb files are the indexes and this explains > why I'm getting the complaints ... those dates, though, would suggest > that it was all working properly until end of Jan/beginning of Feb > but I'm not entirely sure why. As you can see, the file permissions > are correct. > > Hence my confusion :-(. One may have more then one database. Each db have its own suffix and its own dbDirectory.
# ldapsearch -LLLY external -H ldapi:/// -b cn=config '(olcdbdirectory=*)' olcsuffix olcdbdirectory
dn: olcDatabase={1}hdb,cn=config olcDbDirectory: /var/lib/ldap olcSuffix: dc=europa,dc=xx
If all fails: stop slapd slapcat your db save your DB_CONFIG remove content of dbDirectory restore DB_CONFIG slapadd start slapd
good luck
> > Regards > > Philip
--
Harry Jede |