我有一个大约有 40,000 名成员的群组。我正尝试memberUid从中删除一个成员。
这是我的变更集:
dn: uid=foobar,ou=People,dc=example,dc=com
changetype: delete
dn: cn=foobar,ou=Group,dc=example,dc=com
changetype: delete
dn: cn=giantgroup,ou=Group,dc=example,dc=com
changetype: modify
delete: memberUid
memberUid: foobar
这是我的祈祷:
ldapmodify -c -x -w 'password' -D cn=admin,dc=example,dc=com -f delete.ldif
这是输出(我已经运行了几次,所以用户和用户的组已经被删除):
deleting entry "uid=foobar,ou=People,dc=example,dc=com"
ldap_delete: No such object (32)
matched DN: ou=People,dc=example,dc=com
deleting entry "cn=foobar,ou=Group,dc=example,dc=com"
ldap_delete: No such object (32)
matched DN: ou=Group,dc=example,dc=com
modifying entry "cn=giantgroup,ou=Group,dc=example,dc=com"
ldap_modify: Other (e.g., implementation specific) error (80)
我该如何调试ldap_modify: Other (e.g., implementation specific) error (80)?这是一个非常活跃的 LDAP 服务器,因此启用服务器调试输出非常困难,而且我不确定要 grep 什么。
更新:slapd日志中的错误:
5afb42f3 bdb(dc=example,dc=com): Lock table is out of available lock entries
5afb42f3 => bdb_idl_insert_key: c_get failed: Cannot allocate memory (12)
5afb42f3 conn=1005 op=3: attribute "memberUid" index add failure
更多诊断摘自这篇博文:
# db_stat -h /var/lib/ldap/ -c | grep "Maximum number of locks"
1500 Maximum number of locks possible
1511 Maximum number of locks at any one time
14 Maximum number of locks in any one bucket
422 Maximum number of locks stolen by for an empty partition
48 Maximum number of locks stolen for any one partition
基于此,一个好的值是什么set_lk_max_locks?40000?是否有推荐的方法来更改正在运行的 OpenLDAP 服务器的此值?
我已将后续问题移至此处:如何更改 OpenLDAP bdb 的最大锁数?