3

I'm trying to remove a memberUid from an LDAP group with ~50,000 members. It's failing with this error message:

5afc4c76 bdb(dc=example,dc=com): Lock table is out of available lock entries
5afc4c76 => bdb_idl_insert_key: c_get failed: Cannot allocate memory (12)

bdb is limited to 1500 locks:

#  db_stat -h /var/lib/ldap/ -c | grep "Maximum number of locks"
1500    Maximum number of locks possible
1514    Maximum number of locks at any one time
14  Maximum number of locks in any one bucket
476 Maximum number of locks stolen by for an empty partition
57  Maximum number of locks stolen for any one partition

I've tried editing the DB_CONFIG file as follows and restarting slapd:

# cat /var/lib/ldap/DB_CONFIG
set_cachesize 0 314572800 0
set_lk_max_objects 15000
set_lk_max_locks 15000
set_lk_max_lockers 15000

Unfortunately, this doesn't change the active values from 1500 to 15000.

How do I change the set_lk_max_locks value for an OpenLDAP bdb database?

Leo
  • 973
  • 6
  • 21
  • 38
  • 1
    apparently you need to stop slapd, modify or create the DB_CONFIG file and start slapd (as found here: https://www.openldap.org/lists/openldap-technical/201205/msg00065.html) – natxo asenjo May 22 '18 at 19:26
  • @natxo asenjo Unfortunately it doesn't work. I've deleted DB_CONFIG, updated the values in slapd.conf, and restarted slapd, but it just writes DB_CONFIG with the old values again. – Leo May 24 '18 at 15:32
  • If you try stopping `slapd`, changing the `DB_CONFIG` file and running `db_recover -h /var/lib/ldap -v` as whatever user `slapd` runs as (`ldap`?), does that work? – bodgit May 24 '18 at 16:38
  • Try stopping slapd, modifying the file, running db_recover -h /var/lib/ldap and starting it again (https://access.redhat.com/solutions/146863, you need to have a redhat account) – natxo asenjo May 24 '18 at 16:48

0 Answers0