在向openldap添加记录时,需要帮助跟踪“索引生成失败”错误消息

时间:2013-09-18 15:40:24

标签: python python-2.7 openldap python-ldap

我有一个python(2.7.4)脚本,用于使用ldap库向OpenLDAP服务器添加大量组。对于绝大多数组,我能够毫无问题地添加它们。但是对于组的子集,我在日志中看到以下内容:

    09-17 23:35|ERROR|13213|ldapcmd|add|{'info': 'index generation failed', 'desc': 'Internal (implementation specific) error'}
    Traceback (most recent call last):
      File "/export/home/somedir/lib/somedir/db/ldapcmd.py", line 308, in add
        self._RESULTS = self.__conn.add_s(dn, ldif)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 186, in add_s
        return self.result(msgid,all=1,timeout=self.timeout)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 428, in result
        res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 432, in result2
        res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 438, in result3
        ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
      File "/usr/local/lib/python2.7/site-packages/python_ldap-2.3.9-py2.7-linux-x86_64.egg/ldap/ldapobject.py", line 96, in _ldap_call
        result = func(*args,**kwargs)
    OTHER: {'info': 'index generation failed', 'desc': 'Internal (implementation specific) error'}
    09-17 23:35|ERROR|13213|googleGroupsToLdap|<module>|Internal Ldap - Add FAILED: somegroup@somehiddendomain.com
    Traceback (most recent call last):
      File "../bin/somescript", line 707, in <module>
        INTLDAP.add(dn=DN, attributes=LDAPENTRY)
      File "/export/home/somedir/lib/somedir/db/ldapcmd.py", line 313, in add
        raise DatabaseError(e)
    DatabaseError: OTHER({'info': 'index generation failed', 'desc': 'Internal (implementation specific) error'},)

之前有没有人见过这个错误 - 更重要的是 - 有人知道如何修复它吗?

如果需要在ldap服务器上启用日志记录,那么知道适当的日志级别是什么吗?

------------更新3:25 PM -------------

我启用了日志记录,发现错误是由于锁表耗尽了可用的锁。要解决此问题,请将以下内容添加到DB_CONFIG 

    set_lk_max_objects 15000
    set_lk_max_lockers 5000
    set_lk_max_locks 15000

添加上面的内容后,关闭slapd(或者你会遇到一些不太好的事情......)。你需要恢复数据库才能将新值推送到环境中。为此,您将运行sudo -u ldap /usr/sbin/slapd_db_recover -h <directory> -v

它应该相当快地完成,具体取决于您必须经历多少个日志文件。那时重启slapd。

您可以通过运行slapd_db_stat -c命令来检查更改是否已完成。你应该看到这样的东西(这里删除了很多行......)--- 

    15000   Maximum number of locks possible
    5000    Maximum number of lockers possible
    15000   Maximum number of lock objects possible

0 个答案:

没有答案
相关问题
最新问题