LDAP server gone -> impossible to login locally!

Daniel O'Connor doconnor at gsoft.com.au
Wed Sep 23 02:00:00 UTC 2009

On Wed, 23 Sep 2009, Tim Judd wrote:
> > On a related note, why is slapd so damn fragile? It's a righteous
> > pain in the bum the way you have to run db_recover-X.Y
> > /var/db/openldap-data if slapd fails to start.
> I run OpenLDAP on a few boxes.  I don't recall the power failures or
> rude shutdowns to ever give me problems...  Course, I don't have
> anything hi-traffic, so I would definately have time for softupdates
> to flush to disk before a crash is inevitable.

This isn't high traffic, it's basically read only.

> I've marked this thread, it's been useful already with the
> '[unavail=continue notfound=continue]' pieces after the ldap
> dictionary in nsswitch.conf

man nsswitch.conf :)

> Now I have another command, db_recover

You can benefit from my torn out hair from when I went looking for it :)

> > disabled (which is recommended for performance!) it won't say
> > _anything_.
> To have OpenLDAP logging, you have to insert local4.* statements in
> syslog.conf, touch the given file, and restart syslog.  Any logging
> that OpenLDAP would need to send, is then recorded in syslog.
> Why they picked 4, of 1 through 7, I'm not sure.

Thanks, I've enabled it, normally I just fish through all.log :)

Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090923/e425defe/attachment.pgp

More information about the freebsd-questions mailing list