After many hours of trial and error, I was finally able to get openldap on FC5 working the way we need it to. I noticed that there are a few differences in the way openldap works on FC5 when compared to the way things were on fc4.
In the past when using fc4 the database would sometimes get corrupted and I would have to run db_recover -h /var/lib/ldap. Well after installing the db4-utils rpm and trying to run db_recover -h /var/lib/ldap I would get this error:
db_recover: Program version 4.3 doesn’t match environment version
db_recover: Unacceptable log file /var/lib/ldap/log.0000000043: unsupported log version 11
db_recover: Invalid log file: log.0000000043: Invalid argument
db_recover: PANIC: Invalid argument
db_recover: PANIC: DB_RUNRECOVERY: Fatal error, run database recovery
db_recover: DB_ENV->open: DB_RUNRECOVERY: Fatal error, run database recovery
After a little hunting I discovered that openldap now comes with its own db_recover program called slapd_db_recover.
In order to keep the db log files in check, I would run db_archive -h /var/lib/ldap -d daily, now I run slapd_db_recover -h /var/lib/ldap -d daily.
I also ran into some trouble while trying to import our data. I used slapcat on our FC4 box to generate an ldif file and tried to use slapadd on the fc5 box to import it. Then I got an error that said “Lock table is out of available locks”. To fix that problem I copied the DB_CONFIG.example that came with openldap in /etc/openldap to /var/lib/ldap and renamed it just DB_CONFIG. Then I added these lines to the file:
set_lk_max_locks 8000
set_lk_max_lockers 2000
set_lk_max_objects 2000
And that fixed all my importing errors. Then I needed to change the ownership of all the files in /var/lib/ldap so they were owned by ldap and fire it up.
Leave a Reply