Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Errors in LDAP Log on Mac Server 10.4.9
  •  
macfreq

Messages: 12
Karma: 0
Send a private message to this user
I'm getting repeated errors in the /var/log/slapd.log file on my server. The entry is:

Nov 28 10:25:14 jimmy slapd[54]: <= bdb_equality_candidates: (kerio-Mail-Address) index_param failed (18)\n

And there is an entry several times a minute. Any idea on what this is?
I'm using the LDAP server to authenticate my Kerio user accounts.

Thanks.
  •  
epardee

Messages: 5
Karma: 0
Send a private message to this user
Getting same error:
didates:(kerio-Mail-Address) index_param failed (18)\n
radix slapd[49]: <= bdb_equality_candidates:(kerio-Mail-Address) index_param failed (18)\n
LDAP server: OS X 10.4.10
Kerio Mail Server: 6.4.1 patch 1

This happened to our last LDAP server in which the LDAP eventually became corrupt and had to be rebuilt. We rebuilt the machine and a few months later, the kerio mail address index_param error came back.
  •  
macfreq

Messages: 12
Karma: 0
Send a private message to this user
Here's a copy of how to fix the problem that worked for my server installation. Hope it helps.

Tom

----------------------------------------------------------


Jeff,

This appears to fix the problem, thanks! Is will the slapd.conf file get reverted back to the previous version after an OS update?

Thanks,

Tom

On Dec 10, 2007, at 4:03 PM, Jeffrey Wadlow wrote:

Hi Tom,

I recommend looking at the instructions on this page instead:

http://people.kerio.com/kwhittaker/notes/index_param_failed. html

You'll want to add this line: index kerio-Mail-Address eq to the slapd.conf. This file is located in /etc/openldap/. You'll then want to run these two commands: slapindex and then: killall -HUP slapd. Run those commands one at a time.

Best regards,
Jeff Wadlow

  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
I learned that in Leopard these "errors" can be resolved using Workgroup Manager and without having to stop slapd.

1. Make sure you enable the "Show All Records tab and inspector" in WGM preferences.
2. Access the all records tab (to the right of the "computer group" tab).
3. Select OLCBDBConfig from the pop-up menu.
4. Click on {1}bdb.
5. Locate and expand olcDbIndex.
6. Click the "New Value..." button.
7. Type "kerio-Mail-Address eq" in the text box (no quotes) and click OK.
8. Repeat step 6 and type "kerio-Mail-AccountEnabled eq" then click OK.
9. Click "Save" in the lower right.

I did not stop the service, nor re-index the database (not yet, at least), and the log entries stopped. It's been 4 days with no problems detected.

Your mileage may vary and I take no responsibility if you hose your system.

Cheers,
Lyle Millander

--

update:

Not only have there been no ill effects, but CPU utilization on our OD server (G4/1.3 DP xserve) has plummeted. We were averaging 35% with frequent peaks between 60-100%. Now we are averaging under 10%, with a 20% cap.
I should also note that launchctl maxfiles were bumped up to 4096 per user and AFP (on, but essentially unused) was disabled around the same time I made the slapd indexing changes. I doubt those other changes affected CPU utilization, but I should mention them.
I also added an index reference for authAuthority (authAuthority sub) some days after the kerio attributes were added. There was a corresponding CPU drop shortly thereafter.

update (6/26/11):

This method can be used for any unindexed ldap field. Look in /var/log/slapd.log for any bdb_substring_candidate and bdb_equality_candidates and add the appropriate entry in the olcDbIndex. I've only done this to resolve highly repetitive notices in the log.

Examples:

For this log entry: bdb_substring_candidates: (apple-mcxflags) not indexed
You would add: apple-mcxflags sub

For this log entry: bdb_equality_candidates: (displayName) not indexed
You would add: displayName eq

Cheers,
Lyle

[Updated on: Mon, 27 June 2011 04:25]

  •  
the_creative_partnership

Messages: 57
Karma: 0
Send a private message to this user
Thanks chaps for posting suggested fixes for this.

Can anybody explain what it is exactly that causes these errors to be logged?

Cheers
Dan
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
It's more a notice than an error. The system is letting you know that the object is not indexed.
Cheers,
Lyle
  •  
Kerio_Ken

Messages: 18
Karma: 0
Send a private message to this user
Hi Lyle! Just wanted to thank you for this. We use it all the time in support Smile Kudos
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
Cool. Thanks!
Just did it again on my OD rebuild. slapd's CPU grab stays under 10% with average use. It only hit 17% when I went to the users section of the admin tool (Mac version). This is essential for every OD-Kerio setup (password server in my case).
Cheers,
Lyle
  •  
johnakeating

Messages: 9

Karma: 0
Send a private message to this user
Hello,


Thanks for the fix!!!!!!


I have one issue that I was thinking was related. anyone else experience large files?
the files are authservermerge.****

bash-3.2# pwd
/private/var/db/authserver
bash-3.2# ls -lh
total 95547328
-rw-r--r-- 1 root wheel 0B Apr 6 12:07 .stats
drwx------ 3 root wheel 102B Apr 5 13:54 additional-data
-rw-r--r-- 1 root wheel 24B Apr 6 00:06 authserverfree
-rw------- 1 root wheel 4.2M Apr 6 12:17 authservermain
-rw------- 1 root wheel 1.8G Apr 6 12:07 authservermerge.9iZQj1
-rw------- 1 root wheel 26M Apr 6 11:55 authservermerge.GiQwwJ
-rw------- 1 root wheel 20G Apr 5 20:58 authservermerge.Tokf0a
-rw------- 1 root wheel 1.2G Apr 6 12:17 authservermerge.af90q0
-rw------- 1 root wheel 54M Apr 6 12:07 authservermerge.baVnNt
-rw------- 1 root wheel 22G Apr 6 11:55 authservermerge.pFnB0H
-rw-r--r-- 1 root wheel 1.7K Apr 6 12:06 authserverreplicas
-rw-r--r-- 1 root wheel 1.2K Apr 6 11:57 authserverreplicas.local
-rw-r--r-- 1 root wheel 44K Apr 6 12:08 changelist.cache
-rw-r--r-- 1 root wheel 36K Apr 6 12:12 changelist.cache-journal


I had one that was 55GB deleted it and everything is still working anyone know what these are?

I think it might be the files being created is taking up the CPU.
Thanks

John

[Updated on: Tue, 06 April 2010 21:21]

  •  
noahuser

Messages: 2
Karma: 0
Send a private message to this user
Hey John,

I am having the same issue with authservermerge files. They are growing about 1gb a minute. Did you find out why it was happening on your server, or how to address it? I am running 10.5.8 server, and am not encountering the "kerio-Mail-Address" messages.

Thanks,
Noah
  •  
johnakeating

Messages: 9

Karma: 0
Send a private message to this user
Hello,

I temporally ran a cron job every 15 min to remove the files.

rm /private/var/db/authserver/authservermerge.*

It never seemed to matter if I deleted the files....

This was really only a temp solution since I still had 40-50% cpu usage for password server. The system would become slow and non responsive after a day. I called kerio on Friday and they showed me a different option that I never knew about. You can used open directory authentication without installing the extension! All you will have to do is rebuild you ODM from an export or using the dscl command line utility. You cannot use an archive since that will take the extension to the new server.

When you are ready add the kerio accounts you just make local accounts (manually or CSV) then bulk change the accounts where it says password type and change it to kerberos for each user.

You will have full functionality beside being able to just activate accounts you will have to manually add them.

Hope this helps I am very happy about our directory now! day two and password service is not even using 2% of the processor! no large files! fast workgroup manger!


Let me know if you have any questions about this. I also move to snow leopard during this process.


John

[Updated on: Tue, 13 April 2010 21:18]

  •  
noahuser

Messages: 2
Karma: 0
Send a private message to this user
Thanks for your fast reply John. I will let you know how it goes.
Previous Topic: Search Kerio forums by exact text phrase?
Next Topic: multiple unrelated domains
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 04:46:21 CEST 2017

Total time taken to generate the page: 0.00629 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.