Author Topic: Removing Log File Spam: bdb_equality_candidates: (uid) not indexed not logged  (Read 13226 times)

corona

  • Zen Apprentice
  • *
  • Posts: 44
  • Karma: +0/-0
    • View Profile
Hi,
My /var/log/ebox/ebox.log file is absolutely full of these lines, is there any way to suppress them, or update the slapd config to fix them?
Code: [Select]
2008/10/14 10:03:23 DEBUG> FirewallLogHelper.pm:71 EBox::FirewallLogHelper::processLine - Oct 14 10:03:23 raerga slapd[19786]: <= bdb_equality_candidates: (uid) not indexed  not logged
2008/10/14 10:03:23 DEBUG> FirewallLogHelper.pm:71 EBox::FirewallLogHelper::processLine - Oct 14 10:03:23 raerga slapd[19786]: <= bdb_equality_candidates: (memberUid) not indexed  not logged

I tried adding index clauses to slapd.conf and it restarted fine, but then ebox interface wouldn't work, gave errors I can't remember (I reversed the change immediately). Apparently these logged things are only a warning, it doesn't actually matter (other than slowing down ldap lookups somewhat) so I'm fine if the index has to left how it is, but can it get filtered out of the log file somehow? It makes finding relevant issues in the log rather difficult.

Thanks,
Andrew

Javier Amor Garcia

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1225
  • Karma: +12/-0
    • View Profile
to filter out things you can use the standard 'grep' prgoram:

In your case: 
grep -v bdb_equality_candidates /var/log/ebox/ebox.log

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Hey Andrew,

I've removed the annoying debug line and I have uploaded  a new firewall package (0.12.2).

Thanks,

Javi

porjo

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
I've noticed these errors in my log too. Not having the attributes indexed, should in theory slow down ldap lookups however in practice it probably wouldn't be noticed unless your LDAP tree was huge!

The correct fix would be to include these attributes in the list of indexes in the /etc/ldap/slapd.conf. I've tried doing this myself manually, and it works:

Add the following line to /etc/ldap/slapd.conf (under the existing 'index' line):

index uid,memberUid      eq

Then issue the following commands:

sudo /etc/init.d/slapd stop
sudo slapindex
sudo chown openldap:openldap /var/lib/ldap/*
/etc/init.d/slapd start


This will add the missing indexes, and stop the errors in /var/log/syslog....however Ebox reverts the changes to /etc/ldap/slapd.conf when it next writes to the file.

EBOX devs, could somone please update the code relating to initialization of the slapd.conf file to include all the appropriate indexes....so these errors don't get logged anymore.

Thanks,
Ian.

« Last Edit: June 29, 2009, 07:18:03 am by porjo »

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Hi!

Yeah, we are going to fix that, thank you for pointing it out (and for the fix). While we fix it and get a new version with the fix, you can change it in the slapd.conf template:
Code: [Select]
/usr/share/ebox/stubs/usersandgroups/slapd.conf.mas
That will be overwritten only when installing a new ebox-usersandgroups version.

Cheers

drapsag

  • Zen Apprentice
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
I don't understand how I must implement this fix  ... ???

Could someone explain what I must change in the slapd.conf.mas ?

And where in the /etc/ldap/slapd.conf file I must insert the text? Where is the existing index line? I can't find the file /etc/ldap/slapd.conf...
Hi!

Yeah, we are going to fix that, thank you for pointing it out (and for the fix). While we fix it and get a new version with the fix, you can change it in the slapd.conf template:
Code: [Select]
/usr/share/ebox/stubs/usersandgroups/slapd.conf.mas
That will be overwritten only when installing a new ebox-usersandgroups version.

Cheers
I've noticed these errors in my log too. Not having the attributes indexed, should in theory slow down ldap lookups however in practice it probably wouldn't be noticed unless your LDAP tree was huge!

The correct fix would be to include these attributes in the list of indexes in the /etc/ldap/slapd.conf. I've tried doing this myself manually, and it works:

Add the following line to /etc/ldap/slapd.conf (under the existing 'index' line):

index uid,memberUid      eq

Then issue the following commands:

sudo /etc/init.d/slapd stop
sudo slapindex
sudo chown openldap:openldap /var/lib/ldap/*
/etc/init.d/slapd start


This will add the missing indexes, and stop the errors in /var/log/syslog....however Ebox reverts the changes to /etc/ldap/slapd.conf when it next writes to the file.

EBOX devs, could somone please update the code relating to initialization of the slapd.conf file to include all the appropriate indexes....so these errors don't get logged anymore.

Thanks,
Ian.



andudi

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
I have the same problem in ebox 1.3.10, installed with the image from here.
-> I can find the file /usr/share/ebox/stubs/usersandgroups/slapd.conf.mas
-> but there is no /etc/ldap/slapd.conf
-> and the described fix do not work at all !

thanks for help, the logfille is just full
Andreas

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Hi Andreas!

I have just fixed this in the SVN so the next release should not have this problem. This new release should be out in a week or so.

Cheers!

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Uhm, just realized that my fix will fix the problem for new installations but not for old ones :)

To fix it in an existing installation do the following:
Code: [Select]
sudo /etc/init.d/slapd stop
sudo vim /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{1\}hdb.ldif

In that file, look for a line like:
Code: [Select]
olcDbIndex: objectclass eq

and add the following below it:
Code: [Select]
olcDbIndex: uid eq
olcDbIndex: memberUid eq

Then save and run:
Code: [Select]
sudo /etc/init.d/slapd start

Warnings should be gone.

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
I've created a HOWTO to fix this, have a look on the wiki: http://trac.ebox-platform.com/wiki/Document/HowTo/LDAPoptimization
I hope it helps! :)