Re: bdb_equality_candidates

Harry Jede Tue, 22 Jul 2014 08:24:25 -0700

Philip Colmer wrote:
> 2014-07-22 13:42 GMT+01:00 Harry Jede <[email protected]>:
> > Then your slapd process is unable to read the index. Chown the
> > files to openldap:openldap if that are your slapd user/group.
> 
> I think there may be some confusion between my head and OpenLDAP as
> to where the files are located and that may be the underlying
> problem.
> 
> If I search the server for DB_CONFIG, there are two different
> locations found - /var/lib/ldap and /usr/local/var/openldap-data.
> 
> Now, this is where it gets a bit confusing. The files in
> /var/lib/ldap haven't been touched since 2013:
> 
> -rw-r--r--  1 openldap openldap     2048 Dec 29  2013 alock
> -rw-------  1 openldap openldap   933888 Dec 29  2013 cn.bdb
> -rw-------  1 openldap openldap    24576 Dec 29  2013 __db.001
> -rw-------  1 openldap openldap   368640 Dec 29  2013 __db.002
> -rw-------  1 openldap openldap  2629632 Dec 29  2013 __db.003
> -rw-------  1 openldap openldap   163840 Dec 29  2013 __db.004
> -rw-------  1 openldap openldap  1286144 Dec 29  2013 __db.005
> -rw-------  1 openldap openldap    32768 Dec 29  2013 __db.006
> -rw-r--r--  1 openldap openldap      124 Jun 12  2013 DB_CONFIG
> -rw-------  1 openldap openldap  1130496 Dec 29  2013 dn2id.bdb
> -rw-------  1 openldap openldap   204800 Dec 29  2013 entryCSN.bdb
> -rw-------  1 openldap openldap    65536 Dec 29  2013 entryUUID.bdb
> -rw-------  1 openldap openldap    32768 Dec 27  2013 gidNumber.bdb
> -rw-------  1 openldap openldap   176128 Dec 27  2013 givenName.bdb
> -rw-------  1 openldap openldap 15122432 Dec 29  2013 id2entry.bdb
> -rw-------  1 openldap openldap 10485760 Dec 29  2013 log.0000004856
> -rw-------  1 openldap openldap   876544 Dec 29  2013 mail.bdb
> -rw-------  1 openldap openldap   172032 Dec 29  2013 memberOf.bdb
> -rw-------  1 openldap openldap   139264 Dec 28  2013 memberUid.bdb
> -rw-------  1 openldap openldap   204800 Dec 29  2013 objectClass.bdb
> -rw-------  1 openldap openldap   217088 Dec 27  2013 sn.bdb
> -rw-------  1 openldap openldap    36864 Dec 27  2013 uid.bdb
> -rw-------  1 openldap openldap    32768 Dec 27  2013 uidNumber.bdb
> -rw-------  1 openldap openldap   155648 Dec 29  2013
> uniqueMember.bdb
> 
> whereas *some* of the files in /usr/local/var/openldap-data have been
> touched more recently:
> 
> drwxr-xr-x 2 openldap openldap     4096 Feb  1 16:37 accesslog
> -rw-r--r-- 1 openldap openldap     4096 Jul 19 09:40 alock
> -rw------- 1 openldap openldap  1040384 Feb  1 02:15 cn.bdb
> -rw------- 1 openldap openldap    24576 Jul 19 09:40 __db.001
> -rw------- 1 openldap openldap   368640 Jul 22 13:09 __db.002
> -rw------- 1 openldap openldap  2629632 Jul 22 13:09 __db.003
> -rw------- 1 openldap openldap   163840 Jul 22 13:07 __db.004
> -rw------- 1 openldap openldap  1286144 Jul 22 13:09 __db.005
> -rw------- 1 openldap openldap    32768 Jul 22 13:07 __db.006
> -rw-r--r-- 1 openldap openldap      124 Dec 29  2013 DB_CONFIG
> -rw------- 1 openldap openldap   991232 Jul 22 13:06 dn2id.bdb
> -rw------- 1 openldap openldap   835584 Jul 22 13:07 entryCSN.bdb
> -rw------- 1 openldap openldap    81920 Jul 22 13:06 entryUUID.bdb
> -rw------- 1 openldap openldap    32768 Jan 31 16:30 gidNumber.bdb
> -rw------- 1 openldap openldap   208896 Jan 31 16:30 givenName.bdb
> -rw------- 1 openldap openldap 16809984 Jul 22 13:07 id2entry.bdb
> -rw------- 1 openldap openldap 10485760 Jul 22 13:07 log.0000008873
> -rw------- 1 openldap openldap 10485760 Jul 22 13:07 log.0000008874
> -rw------- 1 openldap openldap   954368 Feb  1 02:15 mail.bdb
> -rw------- 1 openldap openldap   176128 Feb  1 02:35 memberOf.bdb
> -rw------- 1 openldap openldap   139264 Feb  1 02:01 memberUid.bdb
> -rw------- 1 openldap openldap   200704 Feb  1 02:15 objectClass.bdb
> -rw------- 1 openldap openldap   249856 Jan 31 16:30 sn.bdb
> -rw------- 1 openldap openldap    40960 Jan 31 16:30 uid.bdb
> -rw------- 1 openldap openldap    32768 Jan 31 16:30 uidNumber.bdb
> -rw------- 1 openldap openldap   163840 Feb  1 02:15 uniqueMember.bdb
If I run slapindex without options *all* index files are updated,
except those whos attributes are empty. In my case this is uniqueMember.bdb.


 
> If I grep the cn=config files for both of these file paths, though,
> only /var/lib/ldap appears (in olcDatabase={1}hdb.ldif). Digging a
> bit deeper, it looks like I specified /usr/local/var as the run
> directory when I built OpenLDAP, which is why
> /usr/local/var/openldap-data is where the files are being held.
> 
> So ... I guess that if I reconfigure olcDatabase={1}hdb.ldif to point
> at /usr/local/var/openldap-data, at least the files would be in the
> same directory although I don't entirely understand why OpenLDAP
> isn't at least updating the indexes properly even if they are in the
> wrong directory.
I assume you manually edit the config database? You should never
 do this.

> Presumably the various .bdb files are the indexes and this explains
> why I'm getting the complaints ... those dates, though, would suggest
> that it was all working properly until end of Jan/beginning of Feb
> but I'm not entirely sure why. As you can see, the file permissions
> are correct.
> 
> Hence my confusion :-(.
One may have more then one database. Each db have its own suffix and
 its own dbDirectory.

# ldapsearch -LLLY external -H ldapi:/// -b cn=config '(olcdbdirectory=*)' 
olcsuffix olcdbdirectory

dn: olcDatabase={1}hdb,cn=config
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=europa,dc=xx

If all fails:
stop slapd
slapcat your db
save your DB_CONFIG
remove content of dbDirectory
restore DB_CONFIG
slapadd
start slapd

good luck

> 
> Regards
> 
> Philip


-- 

Harry Jede

Re: bdb_equality_candidates

Reply via email to