FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-18-2011, 04:13 PM
Tim Alberts
 
Default nss_ldap: reconnected to LDAP server ldap://127.0.0.1

Hello, I have a problem that I'm really having trouble figuring out. I
run CentOS Linux 5.5. I have three servers. All have been setup and
running with LDAP authentication for a couple years with absolutely no
problems.

Unfortunately a couple weeks ago, we had a power outage. Ever since, I
am having continuous problems with authentication to the server. I see
in /var/log/messages

nss_ldap: reconnected to LDAP server ldap://127.0.0.1

I did run a yum update that installed an update to ldap, however that
did not fix the issue.

I have seen a post mentioning changing 'nss_connect_policy persist' to
'nss_connect_policy oneshot'. However I don't see this setting in my
server, and again, the server was working perfectly fine for years
before the power outage.

I'm really thinking that some file got corrupted and I just need to
clean it out. Maybe a cache file somewhere?

Following is ldap.conf file. Any suggestions?

<ldap.conf>
base dc=inside,dc=msi
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman
rootbinddn cn=Manager,dc=inside,dc=msi
nss_base_passwd ou=People,dc=inside,dc=msi
nss_base_shadow ou=People,dc=inside,dc=msi
nss_base_group ou=Group,dc=inside,dc=msi
uri ldap://127.0.0.1 ldap://my.domain
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
</ldap.conf>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-18-2011, 05:11 PM
Tim Alberts
 
Default nss_ldap: reconnected to LDAP server ldap://127.0.0.1

On 2/18/2011 9:13 AM, Tim Alberts wrote:
> Hello, I have a problem that I'm really having trouble figuring out. I
> run CentOS Linux 5.5. I have three servers. All have been setup and
> running wi..

Update, using Webmin to restart the server, I see the following:
Stopping slapd: [ OK ]
Stopping slurpd: [ OK ]
Checking configuration files for slapd: bdb_db_open: unclean shutdown
detected; attempting recovery.
bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if
errors are encountered.
config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
Starting slurpd: [ OK ]

I've been reading that the recovery is supposed to be automatic.
Unfortunately it seems to be a read-only mode.

Anyone know why it is read-only mode?

Anyone have a simple tutorial on running 'db_recover' command?

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-18-2011, 05:13 PM
 
Default nss_ldap: reconnected to LDAP server ldap://127.0.0.1

Tim Alberts wrote:
> Hello, I have a problem that I'm really having trouble figuring out. I
> run CentOS Linux 5.5. I have three servers. All have been setup and
> running with LDAP authentication for a couple years with absolutely no
> problems.
>
> Unfortunately a couple weeks ago, we had a power outage. Ever since, I
> am having continuous problems with authentication to the server. I see
> in /var/log/messages
<snip>
Have you resynched everyone's timeclock?

mark


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-18-2011, 05:25 PM
Tim Alberts
 
Default nss_ldap: reconnected to LDAP server ldap://127.0.0.1

On 2/18/2011 10:13 AM, m.roth@5-cent.us wrote:
> Tim Alberts wrote:
>> Hello, I have a problem...
>>
>> Unfortunately a couple weeks ago, we had a power outage. Ever since, I
>> am having continuous problems with authentication to the server. I see
>> in /var/log/messages
> <snip>
> Have you resynched everyone's timeclock?
>
> mark

Thank you for your response. If your referring the computer system
clock, they are all in sync. I'm not sure how that is related? I am
running replication servers, but even services on the local host show
continuous reconnect errors (apache, dovecot, vsftpd, etc). Or do I
misunderstand your meaning?

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-18-2011, 06:05 PM
Tim Alberts
 
Default nss_ldap: reconnected to LDAP server ldap://127.0.0.1

On 2/18/2011 10:11 AM, Tim Alberts wrote:
>
> Update, using Webmin to restart the server, I see the following:
> Stopping slapd: [ OK ]
> Stopping slurpd: [ OK ]
> Checking configuration files for slapd: bdb_db_open: unclean shutdown
> detected; attempting recovery.
> bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if
> errors are encountered.
> config file testing succeeded
> [ OK ]
> Starting slapd: [ OK ]
> Starting slurpd: [ OK ]
>
> I've been reading that the recovery is supposed to be automatic.
> Unfortunately it seems to be a read-only mode.
>
> Anyone know why it is read-only mode?
>
> Anyone have a simple tutorial on running 'db_recover' command?
>

I found a helpful page:
http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html approximately
2/3 down the page, section titled 'Notes: LDAP on Red Hat/Fedora
distribution:' An example database recovery command as follows:

/usr/sbin/slapd_db_recover -v -h /var/lib/ldap/stooges/

I have run this (twice now with ldap stopped) on all three servers and
continue to have problems. Now I'm really lost as to what to do.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-18-2011, 06:24 PM
 
Default nss_ldap: reconnected to LDAP server ldap://127.0.0.1

Tim Alberts wrote:
> On 2/18/2011 10:13 AM, m.roth@5-cent.us wrote:
>> Tim Alberts wrote:
>>> Hello, I have a problem...
>>>
>>> Unfortunately a couple weeks ago, we had a power outage. Ever since, I
>>> am having continuous problems with authentication to the server. I see
>>> in /var/log/messages
>> <snip>
>> Have you resynched everyone's timeclock?
>
> Thank you for your response. If your referring the computer system
> clock, they are all in sync. I'm not sure how that is related? I am
> running replication servers, but even services on the local host show
> continuous reconnect errors (apache, dovecot, vsftpd, etc). Or do I
> misunderstand your meaning?

It does matter - if they're "too far" out of sync, too many seconds,
authentication? authorization? will fail, at least for kerborous, using
ldap or not.

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-18-2011, 07:23 PM
Peter Brady
 
Default nss_ldap: reconnected to LDAP server ldap://127.0.0.1

On 18/02/11 10:11 AM, Tim Alberts wrote:
> Checking configuration files for slapd: bdb_db_open: unclean shutdown
> detected; attempting recovery.
> bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if
> errors are encountered.
> config file testing succeeded

The LDAP database files are *very* sensitive to unclean shut downs. I'd
keep multi-master redundant servers on separate power supplies if
possible. Or at least a decent clean shut down off UPS power.

It may be simplest to recover the databases from backup using the import
scripts than attempt to recover an existing corrupted database. There
is a section in the manual (can't find the link right away) that states
if the servers go down hard then the databases "will" be corrupted and
to restore from backup.

Good luck,
-pete

--
Peter Brady
Email: pdbrady@ans.com.au
Home Page: http://www.simonplace.net/
Skype: pbrady77
Mobile: +61 410 490 797
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-18-2011, 08:39 PM
Tim Alberts
 
Default nss_ldap: reconnected to LDAP server ldap://127.0.0.1

On 2/18/2011 11:05 AM, Tim Alberts wrote:
> I found a helpful page:
> http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html approximately
> 2/3 down the page, section titled 'Notes: LDAP on Red Hat/Fedora
> distribution:' An example database recovery command as follows:
>
> /usr/sbin/slapd_db_recover -v -h /var/lib/ldap/stooges/
>
> I have run this (twice now with ldap stopped) on all three servers and
> continue to have problems. Now I'm really lost as to what to do.

Update, I believe this actually did fix the problem (db_recover).
Unfortunately, after I did this, I hadn't seen anymore:

nss_ldap: reconnected to LDAP serverldap://127.0.0.1

errors in /var/log/messages. However my Apache server was still giving Forbidden errors, and my subversion server was still giving Forbidden errors. I figured some berkelyDB was not shutdown in apache authentication and or subversion as well. Fortunately, I decided to do a restart of Apache and that seems to have fixed that problem too.

So solution appears to be, simple database recovery, followed by Apache restart. Thank you to the folks who posted responses to help. Hopefully my this thread can find it's way to helping someone else who runs in to this.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:49 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org