I have an group with ~40,000 members. I'm trying to deleted a memberUid from it.
This is my changeset:
dn: uid=foobar,ou=People,dc=example,dc=com
changetype: delete
dn: cn=foobar,ou=Group,dc=example,dc=com
changetype: delete
dn: cn=giantgroup,ou=Group,dc=example,dc=com
changetype: modify
delete: memberUid
memberUid: foobar
This is my invocation:
ldapmodify -c -x -w 'password' -D cn=admin,dc=example,dc=com -f delete.ldif
This is the output (once I've already run it several times, so the user and the user's group are already deleted):
deleting entry "uid=foobar,ou=People,dc=example,dc=com"
ldap_delete: No such object (32)
matched DN: ou=People,dc=example,dc=com
deleting entry "cn=foobar,ou=Group,dc=example,dc=com"
ldap_delete: No such object (32)
matched DN: ou=Group,dc=example,dc=com
modifying entry "cn=giantgroup,ou=Group,dc=example,dc=com"
ldap_modify: Other (e.g., implementation specific) error (80)
How do I debug ldap_modify: Other (e.g., implementation specific) error (80)? This is a very active LDAP server, so enabling server debug output is overwhelming and I'm not sure what to grep for.
Update: Error in the slapd log:
5afb42f3 bdb(dc=example,dc=com): Lock table is out of available lock entries
5afb42f3 => bdb_idl_insert_key: c_get failed: Cannot allocate memory (12)
5afb42f3 conn=1005 op=3: attribute "memberUid" index add failure
More diagnostics from this blog post:
# db_stat -h /var/lib/ldap/ -c | grep "Maximum number of locks"
1500 Maximum number of locks possible
1511 Maximum number of locks at any one time
14 Maximum number of locks in any one bucket
422 Maximum number of locks stolen by for an empty partition
48 Maximum number of locks stolen for any one partition
Based on this, what would a good value for set_lk_max_locks be? 40000? And is there a recommended way to change this value for a running OpenLDAP server?
I've moved the follow-up question here: How do I change the maximum number of locks for OpenLDAP bdb?
