On Wed, Nov 26, 2008 at 8:12 AM, Gilbert Wilson <[EMAIL PROTECTED]>wrote:
> > Essentially, what is happening is that user accounts will "disappear" > from workgroup manager and dscl[1]. Accounts that have maintained a > persistent connection will continue to be authenticated. But, accounts > that are not authenticated will be unable to authenticate. The > Directory Administrator account, for example, cannot authenticate at > these times. If I restart slapd, all the missing accounts that had > persistent connections will no longer be able to authenticate. > Sounds like your indexs may be bad, or becoming bad for some reason or another. Restarting slapd, rebuilding, etc. generally does not rebuild the indexes if I recall. Take a look at 'slapindex'. > A restore from backup is the only way to fix it. However, I suspect > that there is malformed data lurking somewhere in the OpenLDAP system. > The backups all have this malformed data. Thus, it doesn't take very > much for the system to get corrupted again. A hard shutdown does it > every time, and a minor upgrade to the OS did it, too. > If there is malformed data in your backup, then the import should report that in the logs. Unless, perhaps, it is part of a encode64 attribute. And, if I recall, Apple's Open Directory uses these quite a bit. (Which is the primary reason I don't use OpenDirectory.) > > Has anyone else had this kind of persistent corruption of their LDAP > system? What was causing it? How did you find it? > I've been running OpenLdap for a few years, and the only "persistent corruption" I've seen is when the indexes aren't current. This generally causes one or more accounts or attributes to "dissapear" from the server until the indexes are rebuilt. But I've only had this problem after making changes to my schema and reloading the server. -- Perfection is just a word I use occasionally with mustard. --Atom Powers--
_______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
