[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch on accesslog hangs in OpenLDAP 2.4.40 on RHEL 6.9 ( works ok w/ slapcat -b "cn=accesslog")

--On Thursday, June 22, 2017 9:19 PM +0000 Ron Lamarche <Ron.Lamarche@innovapost.com> wrote: 


I've installed the RHEL 6.9 OpenLDAP bundled product and have a working
suffix based on cn=config vs. slapd.conf  model but cannot get the
accesslog overlays/DB's to work  properly (ldapsearch returns accesslog
records but never completes and instead hangs showing
"ldap_int_select" . Need to ctl –c to exit )


Hi Ron,
The OpenLDAP build distributed by RedHat is known to have severe issues. It is strongly recommended to avoid their OpenLDAP builds because of this and their advanced age. If you are not able to build OpenLDAP yourself, the LTB project provides standard OpenLDAP builds for free: <http://ltb-project.org/wiki/download#openldap>
If you require support, Symas (my employer) has such an offering. Our OpenLDAP builds also include features not yet available from the OpenLDAP project.
You may be well facing any of a number of bugs that have been fixed in the 2.5 years since 2.4.40 was released, in particular: 

       Fixed slapd cn=config when updating olcAttributeTypes (ITS#8199)
Fixed slapo-accesslog to honor pauses during purge for cn=config update (ITS#8423)
Finally, I would also note that the back-bdb backend has been deprecated since OpenLDAP 2.3, and as of OpenLDAP 2.4, back-hdb is also deprecated. The recommended backend is back-mdb, which is built on top of LMDB (<http://www.symas.com/lmdb/>, <https://en.wikipedia.org/wiki/Lightning_Memory-Mapped_Database>)
In general, issues with RedHat's build will not be explored unless you can reproduce the same problem with a current build of OpenLDAP. 

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>