Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 55706 - openldap: default slapd.conf creates a directory that is nowhere near crash-safe
Summary: openldap: default slapd.conf creates a directory that is nowhere near crash-safe
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: x86 Linux
: High critical (vote)
Assignee: Robin Johnson
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-30 12:09 UTC by Jeremy Kitchen
Modified: 2004-08-22 13:24 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
patch to default slapd.conf to make the database more reliable. (slapd.conf.patch,561 bytes, patch)
2004-07-21 13:00 UTC, Jeremy Kitchen 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Kitchen 2004-06-30 12:09:06 UTC 
the default slapd.conf uses bdb but defines no checkpoints, therefore, if your system crashes, all of your data in your directory (at least since the last shutdown) is gone.

Reproducible: Always
Steps to Reproduce:
1. start slapd with deafault slapd.conf
2. add a ton of stuff to it
3. power off your machine
4. power your machine back on
5. cry.

Actual Results:  
all of the data since the last 'clean' shutdown is gone.  This is a bad thing.

Expected Results:  
if nothing else, it should have had *SOME* of the updates you made.

I would suggest adding the following line (or at least commenting it and
describing its function) to the default slapd.conf:
checkpoint      20      30

that will make slapd have a 'checkpoint' every 20 kilobytes written to the
database, or every 30 minutes, whichever comes first.

You might also add a couple of other commented entries for larger systems that
might actually be doing 20 kilobytes all the time, or 30 minutes is too fast.

http://sapiens.wustl.edu/~sysmain/info/openldap/openldap_configure_bdb.html has
some more description about some sane default settings.
http://www.openldap.org/faq/data/cache/893.html is some openldap.org
documentation about bdb
Comment 1 Jeremy Kitchen 2004-07-21 08:35:57 UTC 
this was reported almost 2 months ago.. I figured it would be a "oh yea, oops" and be in.. but I see nothing :)

Shall I provide a patch to the slapd.conf file?
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-07-21 08:59:05 UTC 
patches greatly accepted.
I'm basically the only person handling openldap presently, and I've got a lot of other things on my plate too.

For the most part, at the moment that means unless it breaks at work (where I've got gentoo deployed to ~20 servers), or I need something new at work/home, It's minor version bumps and the such only.
Comment 3 Jeremy Kitchen 2004-07-21 13:00:36 UTC 
Created attachment 35911 [details, diff]
patch to default slapd.conf to make the database more reliable.

you must not ever have power outages or unexpected shutdowns then, as it does
break then :)

unified diff enclosed.	Not sure if I would revbump or whatever, but I would
think that you'd want this in the config file.

I also added that bind_v2 be allowed, since I believe that's what squirrelmail
uses with php and ldap.

Enjoy.
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-07-21 13:20:00 UTC 
my LDAP server has a redudnant power supply, the hardware is good and solid (after my own burn-in testing), makes use of 3ware RAID1, and i've got a big friggin UPS for the server room :-).

i'll see about putting it in sometime tonight maybe.
Comment 5 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-08-22 13:24:43 UTC 
the checkpoint statement is now used in cvs.
I'm NOT putting the 'allow bind_v2' in place. If you have an old application that needs the backwards support of v2 binding, then you should enable it only for your configuration that needs it.