[CentOS] Why slapd dying?

Thu Jan 18 02:48:42 UTC 2007
Johnny Hughes <mailing-lists at hughesjr.com>

On Wed, 2007-01-17 at 20:02 -0500, Matt Hyclak wrote:
> On Thu, Jan 18, 2007 at 12:46:34AM +0000, Jun Salen enlightened us:
> > I am wondering why slapd in my CentOS 4.4s erver was
> > unable to run.  I already configure ldap to start at
> > boot and when I issue command /sbin/service ldap start
> > it is sucessfully started but again when I check the
> > status etheir thru service or by netstat, it was
> > stopped and not exist respectively. Is anybody
> > encountered this. If you need some more info
> > just let me know. Thanks.
> > 
> 
> I ran into this after restoring the ldap database files from a backup
> (/var/lib/ldap). You can create /etc/sysconfig/ldap and in it put something
> like:
> 
> SLAPD_OPTIONS="-d XXX" 
> 
> and restart ldap. Man the slapd manpage for all the options. If it is a
> corrupted database, you might look at the various db_* commands, such as
> db_recover. Googling for any error messages you get will help, too.

You can also turn on logging for slapd to figure out want is going
on ...

1.  add this line to /etc/syslog.conf

local4.*                         /var/log/ldap.log

2. add this line to /etc/openldap/slapd.conf

loglevel 256

(there are numerous levels ... see the below link and search the page
for loglevel)

http://www.openldap.org/doc/admin22/slapdconfig.html

set the loglevel back to a valid value (I use 0) when finished debuging
based on the above link.

3. add this to /etc/logrotate.d/syslog

(somewhere in the log names line for syslog  {that is the first line},
put this)

/var/log/ldap.log

(that will make ldap.log one of the logs it rotates)

----------------------
Some notes:

1.  The openldap people recommend a bdb type (and not ldbm type)
database for the backend.  

Backing up the database with slapcat > filename   ...   and after making
sure that "filename" is OK, removing all the files in /var/lib/ldap/ and
using slapadd -l filename to restore can fix database issues.

you can also use slapcat > filename ... edit slapd.conf to change from
ldbm to bdb database type ... create a DB_CONFIG file in /var/lib/ldap/
and then do slapadd -l filename

you need to chown all files to ldap.ldap in /var/log/ldap/ prior to
restarting ldap.

2.  look at the man pages for slapd_db_recover and slapindex and use
those if you database is not good.

3.  setup a test machine and play with slapcat and slapadd to get the
hang of it first with the slapcat output file.

4. Here is my DB_CONFIG and changes specifically to slapd.conf for bdb
(if you are not using it now):

----------------
###DB_CONFIG###

#
# Set the database in memory cache size.
#
set_cachesize 0 52428800 0

# Automatically remove log files that are no longer needed.
set_flags DB_LOG_AUTOREMOVE

#
# Set database flags.
# (for database loading/reindexing)
#set_flags       DB_TXN_NOSYNC
#set_flags DB_TXN_NOT_DURABLE

# Set log values.
#
set_lg_regionmax        1048576
set_lg_max              10485760
set_lg_bsize            2097152

------------------------
#slapd.conf adds#

#database ldbm
database bdb
cachesize 100000
checkpoint 512 720




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20070117/7b81f4e5/attachment-0005.sig>