CentOS 5.5 : openLDAP server causes server to hang

Virtualmin
1

Hi All,

I’m having some issues (https://www.virtualmin.com/node/16904) which are causing my server to start to kill jobs out of memory. One of those jobs is the LDAP server. Here’s where there’s a nasty chain reaction
and upon reboot the system hangs before SSHd or the serial console are up. Only solution is to boot a recovery CD (or use Xen dom0 if it’s a VPS) and mount the hard drive to fix things.

Here’s what shows up on the console (for future googlers)

Starting HAL daemon: [ OK ]
Checking configuration files for slapd: bdb_db_open: unclean shutdown
detected; attempting recovery.
bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if
errors are encountered.

And then the machine halts there and you’re SOL.

From this fine blog : http://techarold.blogspot.com/2006/07/more-openldap-recovery.html
the solution is to run

/usr/sbin/slapd_db_recover -v -h /var/lib/ldap
Finding last valid log LSN: file: 1 offset 157293
Recovery starting from [1][156143]
Recovery complete at Mon Jan 17 10:02:19 2011
Maximum transaction ID 80000056 Recovery checkpoint [1][158343]

And then you can start the LDAP server.

However in order to get that far I had to mount the hard drive from a recover CD and then prevent the LDAP server from starting :

rm /etc/init.d/rc3.d/Sldap

And then I could boot the machine to run the above fix command. Don’t forget to put the LDAP server back in.

So for virtualmin I would strongly suggest an additional LDAP configuration command to prevent this deadlock. Here is the upstream bug : https://partner-bugzilla.redhat.com/show_bug.cgi?id=613966

To fix this I added -u to the ‘slaptest’ command at all times to make sure it would never hang. Edit /etc/init.d/ldap and change the configtest() function to match the following :

function configtest() {
local user= ldapuid= dbdir= file=
# Check for simple-but-common errors.
user=ldap
prog=basename ${slapd}
ldapuid=id -u $user
# Unaccessible database files.
slaptestflags=-u

I changed the last line only. IF you do not do this, you may find your server hung and unresponsive w/out SSH or Console available.

-m

2

hmmm… it seems my new lines are not appearing above, which makes it highly hard to read. how do you block quote on these forums again? Perhaps a hint on how to do that should be on the post / reply pages.