Ldap and Ubuntu server a no go - serious problems here.

George Farris farrisg at mala.bc.ca
Fri Sep 16 15:21:27 CDT 2005 

On Fri, 2005-09-16 at 21:12 +0200, Ivan Krstic wrote:
> (Developers -- I proposed moving to the user list; if we're encroaching,
> yell.)
> I use the vanilla configuration that ships with slapd 2.1.30-3ubuntu3
> that's in Hoary, the only modifications being the inclusion of several
> custom schemata and access rules. I can send this to you, but I'm not
> sure it would be of any use.
> 
Well this doesn't say anything about how your /etc/pam.d files are
configured, do you have anything different in /etc/pam_ldap.conf
or /etc/libnss-ldap.conf.  There is a multitude of information about how
to configure these and it is all slightly different.

> Right, but "Ubuntu is extremely unstable" simply does not follow from
> "I'm having problems with a particular version of a particular piece of
> software I'm running under Ubuntu".
> 
You are of coarse correct here, I should have said that the two servers
I have are unstable, sorry.

> My suggestions were aimed at giving you ways to be able to explain
> 'bunged' in greater detail. Have you straced the process? ltraced? gdb
> attached? Can you figure out where it hangs?  

No I haven't been able to yet and quite frankly I have never run gdb and
wouldn't even know where to start.  If I'm required to do that type of
work for a server I would seriously hesitate to use it.  I have run
Linux servers since 1997 and never had to drop into gdb and tools.
Either software is not ready or documentation is not correct. Of course
I'm not expecting Ubuntu as a server to be perfect yet, I'm just
providing my results.

> Can you narrow down the
> hang to a repeatable scenario? Is there anything exotic about the
> hardware or general setup you're running? Are you reading the database
> files from a local filesystem - can remote locking issues be ruled out?

Two different machines, two different databases (bdb, ldbm) all local
files both servers have 3ware boards (one SATA one PATA) but I have been
running 3ware boards for years without problems.  I have been following
the information in Samba by Example, and the Samba Official Howto.

> Do you have any other software problems on the same machine? Are there
> any nightly resource-intensive tasks that coincide with the time the
> server locks up? 

No and in fact syslog shows ldap responding right to the point where it
quites and then no more ldap log information until a reboot???


> When you say 'every night', do you mean that it
> consistently locks up at some point during the night

As I said sometimes the server will run for a couple of days, sometimes
over night.  It's not entirely consistent.  I have run memtest on both
machines and I do not suspect the hardware.  If I stop ldap the machine
will run for ever.

>  Does the problem
> occur with a compiled version of the most recent OpenLDAP 2.2.x? 

The stock openldap in Hoary and Breezy.

> What
> about 2.3.x?

2.3.x is not stock available unless I compile it myself.  I'm trying to
stick with stock debs for obvious reasons.

Just for reference my /etc/pam.d files are like so:

# /etc/pam.d/common-account 
account sufficient    pam_ldap.so
account required      pam_unix.so

# /etc/pam.d/common-auth
auth    sufficient   pam_ldap.so nullok_secure 
auth   required      pam_unix.so nullok_secure use_first_pass

# /etc/pam.d/common-password
password  sufficient pam_ldap.so 
password required pam_unix.so nullok obscure min=4 max=8 md5
use_first_pass

# /etc/pam.d/common-session
session  sufficient    pam_ldap.so
session  required      pam_unix.so

#/etc/libnss-ldap.conf

base dc=cc,dc=mala,dc=ca
SIZELIMIT       20000
TIMELIMIT       15
DEREF           never
rootbinddn cn=Manager,dc=cc,dc=mala,dc=ca
pam_password md5
ldap_version 3
nss_base_passwd         ou=Computers,dc=cc,dc=mala,dc=ca?one
nss_base_passwd         ou=Users,dc=cc,dc=mala,dc=ca?one
nss_base_shadow         ou=Users,dc=cc,dc=mala,dc=ca?one
nss_base_group          ou=Groups,dc=cc,dc=mala,dc=ca?one

and pam_ldap.conf is basically the same.


What I see is that for whatever reason at some point the ldap database
is becoming corrupt and then all hell breaks loose.  A restart with bdb
backend always shows a database corruption and bd4.2_recover solves it.
I just switched yesterday to the ldbm backend on one machine and it was
hung this morning as well....


-- 
George Farris   farrisg at mala.bc.ca
Malaspina University-College

More information about the ubuntu-devel mailing list