1

我有一个 python (2.7.4) 脚本,用于将大量组添加到使用 ldap 库的 OpenLDAP 服务器。对于绝大多数组,我可以毫无问题地添加它们。但是,对于一部分组,我在日志中看到以下内容:

    09-17 23:35|ERROR|13213|ldapcmd|add|{'info': 'index generation failed', 'desc': 'Internal (implementation specific) error'}
    Traceback (most recent call last):
      File "/export/home/somedir/lib/somedir/db/ldapcmd.py", line 308, in add
        self._RESULTS = self.__conn.add_s(dn, ldif)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 186, in add_s
        return self.result(msgid,all=1,timeout=self.timeout)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 428, in result
        res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 432, in result2
        res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 438, in result3
        ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 96, in _ldap_call
        result = func(*args,**kwargs)
    OTHER: {'info': 'index generation failed', 'desc': 'Internal (implementation specific) error'}
    09-17 23:35|ERROR|13213|googleGroupsToLdap|<module>|Internal Ldap - Add FAILED: somegroup@somehiddendomain.com
    Traceback (most recent call last):
      File "../bin/somescript", line 707, in <module>
        INTLDAP.add(dn=DN, attributes=LDAPENTRY)
      File "/export/home/somedir/lib/somedir/db/ldapcmd.py", line 313, in add
        raise DatabaseError(e)
    DatabaseError: OTHER({'info': 'index generation failed', 'desc': 'Internal (implementation specific) error'},)

有没有人见过这个错误 - 更重要的是 - 任何人都知道如何解决它?

如果需要在 ldap 服务器上启用日志记录,是否知道适当的日志级别是什么?

------------ 更新下午 3:25 -------------

我启用了日志记录,发现错误是由于锁表用完了可用锁。为了解决这个问题,将以下内容添加到 DB_CONFIG

    set_lk_max_objects 15000
    set_lk_max_lockers 5000
    set_lk_max_locks 15000

添加上述内容后,shutdown slapd(或者您将发生一些不太好的事情......)..您需要恢复数据库才能将新值推送到环境中。为此,您将运行sudo -u ldap /usr/sbin/slapd_db_recover -h <directory> -v

它应该完成得相当快,具体取决于您必须通过多少日志文件。此时重新启动 slapd。

slapd_db_stat -c 您可以通过运行该命令检查是否进行了更改 。您应该会看到类似这样的内容(此处删除了很多行...)---

    15000   Maximum number of locks possible
    5000    Maximum number of lockers possible
    15000   Maximum number of lock objects possible
4

0 回答 0