389ds can't start after "db error (no disk space)" ... space problem has been resolved
by Zarko D
Hi there, we have four IPA servers 4.4.0 and 389-ds is 1.3.5.10-11, and there is multi master replication among some of them.
There is daily backup via ipa-backup, and on one server it failed because of disk space. The /var/log/dirsrv/slapd-EXAMPLE-COM/errors read:
- NSMMReplicationPlugin - changelog program - _cl5WriteEntryCount: failed to write count entry for file /var/lib/dirsrv/slapd-EXAMPLE-COM/cldb/2acb5f15-a8ef11e6-81cbc137-643887ad_57be0c5f000000040000.db; db error - 28 No space left on device
- NSMMReplicationPlugin - changelog program - _cl5WriteRUV: failed to write purge RUV for file /var/lib/dirsrv/slapd-EXAMPLE-COM/cldb/2acb5f15-a8ef11e6-81cbc137-643887ad_57be0c5f000000040000.db; db error - 28 (No space left on device)
- NSMMReplicationPlugin - changelog program - _cl5WriteRUV: failed to write upper bound RUV for file /var/lib/dirsrv/slapd-EXAMPLE-COM/cldb/2acb5f15-a8ef11e6-81cbc137-643887ad_57be0c5f000000040000.db; db error - 28 (No space left on device)
- NSMMReplicationPlugin - changelog program - _cl5WriteEntryCount: failed to write count entry for file /var/lib/dirsrv/slapd-EXAMPLE-COM/cldb/6070479f-a8ef11e6-81cbc137-643887ad_57be0cb8000000600000.db; db error - 28 No space left on device
Disk space is resolved by growing logical volume, but 389ds fails to start with messages:
- NSMMReplicationPlugin - changelog program - cl5Open: failed to open changelog
- NSMMReplicationPlugin - changelog program - changelog5_init: failed to start changelog at /var/lib/dirsrv/slapd-EXAMPLE-COM/cldb
- Failed to start object plugin Multimaster Replication Plugin
- Error: Failed to resolve plugin dependencies
Can you please advise about possible resolution. Thanks in advance, Zarko
4 years, 3 months
389 Replication from 389-ds-base 1.2.11 to 1.3.8
by KONG, BOB
I have a simple question I hope…
We currently have a master 389 Directory Server on 1.2.11 and I was wondering if it is possible to replicate to a 389 Directory Server 1.3.8 consumer? Has anyone done this?
Thanks in advance
Bob Kong
4 years, 3 months
Server Group empty in 389 Management Console for windows
by Jason Jenkins
Hi,
I have 389 Management Console v1.1.6 installed on Windows and have been using it for some time without any problems. Today I logged in and found that after connecting to a host that there is nothing to be found under the Server Group folder. I navigate the tree for my host and what used to be “Administration Server” & “Dirsrv Hostname” are both gone from the Server Group folder.
[cid:image001.png@01D48CCD.594ADDD0]
This is the same for any directory server host that I connect to. I’ve also reinstalled the version that I am using. And there is no difference. I tried installing a newer version of Management Console and it dies right after running what-ever it does in a command prompt. So I went back to v1.1.6.
I verified that nothing changed on the network end. I can telnet to ports 389, 636 and 9830. I can hit 9830 from a web browser on this windows host. I ran “setup-ds-admin.pl -u” to re-register and nothing has changed. No errors or anything new in the logs from what I have seen prior. Once again this is across all of my directory server hosts that I was able to manage in the past.
4 years, 3 months
Limiting access to same ou
by Alistair Cunningham
Is there an elegant way to limit simpleSecurityObject users to reading
and searching within their own ou? Perhaps using an ACL based on a
regular expression?
Some background: I'm adding LDAP support to Enswitch, which is a
soft-switch for multi-tenant hosted telephone services. An Enswitch
system has many tenants, each of which is typically a small company.
Each tenant is completely independent and for privacy reasons must not
be able to see any other tenant on the system. Each tenant has people
and telephones. The telephones are physical VoIP telephones that sit on
the users' desks, and they have LDAP clients built-in that allow the
telephone to search for people within their tenant. Each telephone and
each person has a corresponding entry in Enswitch. These are stored in a
MySQL database, and pushed to the LDAP server by the Enswitch code. This
part is done and working. I'm storing each tenant as a separate ou below
the LDAP base, and within the tenant storing each person as a
inetOrgPerson and each telephone as a simpleSecurityObject. I have
anonymous access to LDAP disabled. This allows the telephones to connect
to the LDAP server with their username and password and search for
people. The only part missing is limiting the telephone lines to
searching within their own tenant (i.e. the same ou).
Any suggestions on how to do this? If this is not feasible using the ou
method, I'm willing to consider other methods such as groups.
--
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
https://enswitch.com/
4 years, 3 months
