0

我们有一个作为开放目录主机运行的服务器。到目前为止,一切都很好:用户可以通过 VPN 或客户端计算机上的网络帐户访问他们的数据。但是,LDAP 日志始终报告错误。我附上了下面的日志:

Sep 12 13:01:54 server slapd[61]: conn=6890 op=27: attribute "entryCSN" index add failure
Sep 12 13:01:56 server slapd[61]: Entry (uid=untitled_1,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 13:01:56 server slapd[61]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 13:04:55 server slapd[61]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Sep 12 13:04:55 server slapd[61]: conn=6916 op=23: attribute "entryCSN" index delete failure
Sep 12 13:04:56 server slapd[61]: Entry (uid=untitled_1,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 13:04:56 server slapd[61]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 13:12:43 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 13:41:11 server slapd[61]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Sep 12 13:41:11 server slapd[61]: conn=7113 op=15: attribute "entryCSN" index delete failure
Sep 12 13:41:12 server slapd[61]: Entry (uid=untitled_1,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 13:41:12 server slapd[61]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 14:17:48 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 14:29:46 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 14:30:55 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 14:31:26: --- last message repeated 2 times ---
Sep 12 14:36:30 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 14:38:56: --- last message repeated 2 times ---
Sep 12 14:39:37 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 14:40:34: --- last message repeated 2 times ---
Sep 12 14:40:34 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 14:43:21 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 14:51:47 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 14:54:35: --- last message repeated 2 times ---
Sep 12 14:54:35 server slapd[61]: connection_read(22): no connection!
Sep 12 15:35:49 server slapd[61]: => nestedgroup_getgroup result (16)
Sep 12 15:36:27: --- last message repeated 2 times ---
Sep 12 16:45:10 server slapd[62]: @(#) $OpenLDAP: slapd 2.4.23 (Feb 25 2012 19:47:01) $
                root@melodie.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-186.4~2/servers/slapd
Sep 12 16:45:10 server slapd[62]: daemon: SLAP_SOCK_INIT: dtblsize=8192
Sep 12 16:45:11 server slapd[62]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Sep 12 16:45:11 server slapd[62]: slapd starting
Sep 12 16:45:11 server slapd[62]: daemon: posting com.apple.slapd.startup notification
Sep 12 16:53:06 server slapd[62]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Sep 12 16:53:06 server slapd[62]: conn=1216 op=19: attribute "entryCSN" index delete failure
Sep 12 16:53:07 server slapd[62]: Entry (uid=untitled_1,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 16:53:07 server slapd[62]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 17:09:40 server slapd[62]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Sep 12 17:09:40 server slapd[62]: conn=1366 op=19: attribute "entryCSN" index delete failure
Sep 12 17:09:41 server slapd[62]: Entry (uid=untitled_1,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 17:09:41 server slapd[62]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 17:11:25 server slapd[62]: Entry (uid=sadmin,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 17:11:25 server slapd[62]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 17:19:53 server slapd[62]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Sep 12 17:19:53 server slapd[62]: conn=1420 op=788: attribute "entryCSN" index delete failure
Sep 12 17:19:54 server slapd[62]: Entry (uid=untitled_1,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 17:19:54 server slapd[62]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 18:19:30 server slapd[62]: <= bdb_substring_candidates: (altSecurityIdentities) not indexed
Sep 12 18:21:21 server slapd[62]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Sep 12 18:21:21 server slapd[62]: conn=2057 op=55: attribute "entryCSN" index delete failure
Sep 12 18:21:22 server slapd[62]: Entry (uid=untitled_1,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 18:21:22 server slapd[62]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 18:25:09 server slapd[62]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Sep 12 18:25:09 server slapd[62]: conn=2095 op=61: attribute "entryCSN" index delete failure
Sep 12 18:25:10 server slapd[62]: Entry (uid=untitled_1,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'
Sep 12 18:25:10 server slapd[62]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'

任何人都可以阐明这意味着什么,以及一些可能的原因吗?

4

2 回答 2

0

您发布了许多错误消息。首先,您可以尝试降低 slapd.conf 中的详细程度,如果您需要工作的所有内容都可以正常工作,我不在乎。其次,如果你真的需要解决这些问题,你需要检查每个问题——这里显示的一些问题与无效的索引配置有关,其中一些需要修复嵌套组概念的问题,还有一些与模式不匹配对象有关。你打开模式检查了吗?AFAIR 来自一些 slapd 版本,默认情况下它是打开的。你用什么版本?

使用 slaptest 实用程序测试您的数据库和/或配置文件的一致性,并使用 slapcat 转储数据库,在发生错误后第一次尝试恢复后,您可能已经意识到了这一点。您提出的一些错误可能会影响转储数据库,导致无法转储。也可以使用 slapindex 检查/重建索引。

于 2012-09-17T21:56:31.590 回答
0

其中一个问题很容易发现:

Entry (uid=untitled_1,cn=users,dc=server,dc=speirhunter,dc=private): object class 'posixAccount' requires attribute 'homeDirectory'

entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'

您有一个不完整的类条目,posixAccount因为它没有指定homeDirectory属性。posix 帐户通常称为user。此类条目是打开目录等效于/etc/passwd. 但是该条目缺少主目录字段(属性,在 LDAP 用语中)。

因为它untitled_1可能是一些虚假的条目。您可能想要添加 homeDirectory 属性或完全删除该条目。您可能还想追查它是如何到达那里的以及它是如何以无效格式到达那里的(您有创建它的工具吗?那个 untitled_1 来自哪里?)

于 2012-09-17T21:57:18.323 回答