From owner-freebsd-current@FreeBSD.ORG Wed Sep 23 09:08:05 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E4B2106566C for ; Wed, 23 Sep 2009 09:08:05 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id ECFB28FC14 for ; Wed, 23 Sep 2009 09:08:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id D80FF3A3886; Wed, 23 Sep 2009 15:57:02 +0700 (ICT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= references:subject:subject:in-reply-to:from:from:message-id:date :date:received:received:received; s=selector1; t=1253696222; x= 1255510622; bh=STJ5kIGxQhSTDRhBxRcPfR1MDfEsRreyc04rg8jhl4g=; b=K eBKNpn0KEC+UxTaCwWPxWYacypx+4RVAYUr7aB5RKsPb1HtyFw+E3OUJgOV8Lg3Z RBJqh3qTv/Q+Gdyt2CGlUP87RcEOeLhiCotoRZz9G9jpZjlbxm8OdJSPK1exlykc e4HvlQy4uL+IFWwp12g4gmbhal/epBaRNJmaIk7wI8= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by localhost (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id I-x2Mm-DU9LO; Wed, 23 Sep 2009 15:57:02 +0700 (ICT) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id 17C293A386B; Wed, 23 Sep 2009 15:57:02 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.14.3/8.14.3/Submit) id n8N8u2hp062395; Wed, 23 Sep 2009 15:56:02 +0700 (ICT) (envelope-from on) Date: Wed, 23 Sep 2009 15:56:02 +0700 (ICT) Message-Id: <200909230856.n8N8u2hp062395@banyan.cs.ait.ac.th> From: Olivier Nicole To: ohartman@zedat.fu-berlin.de In-reply-to: <4AB9DDD8.2020700@zedat.fu-berlin.de> (ohartman@zedat.fu-berlin.de) References: <4AB8BAA9.1060100@zedat.fu-berlin.de> <200909222248.16475.doconnor@gsoft.com.au> <4AB93614.2080106@locolomo.org> <200909231104.39234.doconnor@gsoft.com.au> <4AB9DDD8.2020700@zedat.fu-berlin.de> X-Mailman-Approved-At: Wed, 23 Sep 2009 11:21:45 +0000 Cc: freebsd-current@freebsd.org, freebsd-questions@freebsd.org Subject: Re: LDAP server gone -> impossible to login locally! X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2009 09:08:05 -0000 > > On a related note, why is slapd so damn fragile? It's a righteous pain > > in the bum the way you have to run db_recover-X.Y /var/db/openldap-data > > if slapd fails to start. > Yes, this is a lot of pain. I have had issues the same way and never > figured out what the reason was. /var/ is very often corrupted after a > crash, power failure or unclean reboot. Maybe not slpad is that fragile, > but db47 is. Last June, we had to shutdown our openldap server every night, I noticed that a simple halt(8) would leave the bdb backend database in a corrupted state. It worked well if I /usr/local/etc/rc.d/slapd stop and sync(8) a couple of type before I halt(8). After that I wrote a small script that would take a backup of the ldap data every 2 hours and keep 5 days of backup. It seems that Berkeley DB has a lot of options that need to be configured to be working optimally with openldap. Maybe soft-update should be desactivated from the filesystem where the db files reside. Bests, Olivier