Re: [Samba] Advices for Samba and OpenLDAP
just to close this thread: we used to run slapd as unprivileged user (user "ldap") this broke our setup (to bexact the database) under heavy load. now it´s running under root permissions w/out any problems greez Tomasz Chmielewski wrote: Michael Gasch schrieb: We are running almost 30 OpenLDAP (2.2.20 nd 2.2.24) servers (masters, slaves). No weird behaviour so far (we didn't torture it though). want to have my script :) ? sure, I could test it on a separate test server. publish it somewhere on the web, so that all human kind could kill their OpenLDAp servers :) We are running a ldbm backend (so it doesn't need a DB_CONFIG file). we had trouble with ldbm - it didn't crash but some entries simply were missing after some minutes of running slapd, samba couldn't find some users/groups although they were in the database, ldapsearch -x uid=someuser sometimes returns "dn: uid=someuser" and sometimes not and so on. may be it was a caching/indexing issue? weird. IMHO, the behaviour should be proper in each case and not depend on the backend used. In your case I'd upgrade to a newest 2.2.x version, and if the problem still happens, ask at OpenLDAP mailing lists, as it's a problem with OpenLDAP really, not with Samba. i know and already did that. but this list is good visited so i saw a chance to find someone with the same problems or more experience and still the same issues after an upgrade? maybe it's something with *bdb* libraries, headers etc., on which OpenLDAP depends? -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advices for Samba and OpenLDAP
Michael Gasch schrieb: We are running almost 30 OpenLDAP (2.2.20 nd 2.2.24) servers (masters, slaves). No weird behaviour so far (we didn't torture it though). want to have my script :) ? sure, I could test it on a separate test server. publish it somewhere on the web, so that all human kind could kill their OpenLDAp servers :) We are running a ldbm backend (so it doesn't need a DB_CONFIG file). we had trouble with ldbm - it didn't crash but some entries simply were missing after some minutes of running slapd, samba couldn't find some users/groups although they were in the database, ldapsearch -x uid=someuser sometimes returns "dn: uid=someuser" and sometimes not and so on. may be it was a caching/indexing issue? weird. IMHO, the behaviour should be proper in each case and not depend on the backend used. In your case I'd upgrade to a newest 2.2.x version, and if the problem still happens, ask at OpenLDAP mailing lists, as it's a problem with OpenLDAP really, not with Samba. i know and already did that. but this list is good visited so i saw a chance to find someone with the same problems or more experience and still the same issues after an upgrade? maybe it's something with *bdb* libraries, headers etc., on which OpenLDAP depends? -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advices for Samba and OpenLDAP
We are running almost 30 OpenLDAP (2.2.20 nd 2.2.24) servers (masters, slaves). No weird behaviour so far (we didn't torture it though). want to have my script :) ? We are running a ldbm backend (so it doesn't need a DB_CONFIG file). we had trouble with ldbm - it didn't crash but some entries simply were missing after some minutes of running slapd, samba couldn't find some users/groups although they were in the database, ldapsearch -x uid=someuser sometimes returns "dn: uid=someuser" and sometimes not and so on. may be it was a caching/indexing issue? In your case I'd upgrade to a newest 2.2.x version, and if the problem still happens, ask at OpenLDAP mailing lists, as it's a problem with OpenLDAP really, not with Samba. i know and already did that. but this list is good visited so i saw a chance to find someone with the same problems or more experience my old ldapservers run fine with ldbm. but there were only 30 users in the DIT - not comparable to our new ldapserver for >1000 users thx so far -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Advices for Samba and OpenLDAP
Michael Gasch schrieb: hi list, we have some trouble with openldap (back-bdb) and samba. i think it's more a problem with openldap and bdb (http://www.openldap.org/lists/openldap-bugs/200510/msg00185.html) but i want to know something about your experiences with openldap in large enterprises. what are your settings for slapd and bdb? or is there a better backend for slapd than bdb? which software versions are you using? did you make changes to DB_CONFIG? we tortured slapd with a perl script (50 instances of it parallel) which reads ~1000 user passwords from slapd1 and writes it to another slapd (different host) with $ldap->modify. we can reproducable crash our ldap server or its backend with this script. but that should not happen - it's just a simple perl script :-/ We are running almost 30 OpenLDAP (2.2.20 nd 2.2.24) servers (masters, slaves). No weird behaviour so far (we didn't torture it though). The packages were taken either from the distribution, or from the "devel" tree of a distribution (if they were from a "devel", all we did was rpm --rebuild openldap...version.src.rpm). We are running a ldbm backend (so it doesn't need a DB_CONFIG file). In your case I'd upgrade to a newest 2.2.x version, and if the problem still happens, ask at OpenLDAP mailing lists, as it's a problem with OpenLDAP really, not with Samba. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Advices for Samba and OpenLDAP
hi list, we have some trouble with openldap (back-bdb) and samba. i think it's more a problem with openldap and bdb (http://www.openldap.org/lists/openldap-bugs/200510/msg00185.html) but i want to know something about your experiences with openldap in large enterprises. what are your settings for slapd and bdb? or is there a better backend for slapd than bdb? which software versions are you using? did you make changes to DB_CONFIG? we tortured slapd with a perl script (50 instances of it parallel) which reads ~1000 user passwords from slapd1 and writes it to another slapd (different host) with $ldap->modify. we can reproducable crash our ldap server or its backend with this script. but that should not happen - it's just a simple perl script :-/ this happens when it crashes: Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb_modify: retrying... Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb(dc=eva,dc=mpg,dc=de): DB_TXN->abort: Log undo failed for LSN: 3 2173192: DB_NOTFOUND: No matching key/data pai r found Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb(dc=eva,dc=mpg,dc=de): PANIC: DB_NOTFOUND: No matching key/data pair found Oct 21 10:39:06 ldapmaster2 slapd[17172]: send_ldap_result: conn=16 op=10 p=3 Oct 21 10:39:06 ldapmaster2 slapd[17172]: send_ldap_response: msgid=13 tag=103 err=80 Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb(dc=eva,dc=mpg,dc=de): PANIC: fatal region error detected; run recovery Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb_cache_entry_db_relock: entry 552, rw 1, rc -30978 Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb(dc=eva,dc=mpg,dc=de): PANIC: fatal region error detected; run recovery Oct 21 10:39:06 ldapmaster2 slapd[17172]: bdb_modify: txn_commit failed: DB_RUNRECOVERY: Fatal error, run database recovery (-30978) Oct 21 10:39:06 ldapmaster2 slapd[17172]: send_ldap_result: conn=17 op=11 p=3 Oct 21 10:39:06 ldapmaster2 slapd[17172]: send_ldap_response: msgid=14 tag=103 err=80 after that we have to run db_recover to make it running again :( thx for your help in advance! i appreciate it! -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
