LDAP server gone -> impossible to login locally!
Daniel O'Connor
doconnor at gsoft.com.au
Wed Sep 23 02:00:00 UTC 2009
On Wed, 23 Sep 2009, Tim Judd wrote:
> > On a related note, why is slapd so damn fragile? It's a righteous
> > pain in the bum the way you have to run db_recover-X.Y
> > /var/db/openldap-data if slapd fails to start.
>
> I run OpenLDAP on a few boxes. I don't recall the power failures or
> rude shutdowns to ever give me problems... Course, I don't have
> anything hi-traffic, so I would definately have time for softupdates
> to flush to disk before a crash is inevitable.
This isn't high traffic, it's basically read only.
> I've marked this thread, it's been useful already with the
> '[unavail=continue notfound=continue]' pieces after the ldap
> dictionary in nsswitch.conf
man nsswitch.conf :)
> Now I have another command, db_recover
You can benefit from my torn out hair from when I went looking for it :)
> > disabled (which is recommended for performance!) it won't say
> > _anything_.
>
> To have OpenLDAP logging, you have to insert local4.* statements in
> syslog.conf, touch the given file, and restart syslog. Any logging
> that OpenLDAP would need to send, is then recorded in syslog.
>
> Why they picked 4, of 1 through 7, I'm not sure.
Thanks, I've enabled it, normally I just fish through all.log :)
--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090923/e425defe/attachment.pgp
More information about the freebsd-questions
mailing list