ChangeLog Repack Error on Sun Directory Server 6.1

Hello,
I am in the process of repacking our LDAP suffixes and I have run into a snagg. Currently our changelog is over 10GB in size and we recently set the max age for changelog entries to 2 months. Once all the records older than 2 months were deleted from the changelog, we proceeded to repack the changelog suffix. The repack process begins fine, however, about 5-10 minutes into the repack process I receive the following error:
[30/Dec/2009:23:44:21 -0500] - Repacking backend 'changelog', index entrydn finished, size now 10067968 bytes.
[30/Dec/2009:23:44:21 -0500] - Repacking backend 'changelog', index changenumber finished, size now 6062080 bytes.
*[30/Dec/2009:23:45:07 -0500] - DEBUG - conn=-1 op=-1 msgId=-1 - libdb: DB_ENV->log_put: record larger than maximum file size (15951056 > 10485760)*
*[30/Dec/2009:23:45:07 -0500] - Repacking backend 'changelog', LDAP entries error Invalid argument (22).*
*[30/Dec/2009:23:45:07 -0500] - Repacking backend 'changelog' ended.*
*[30/Dec/2009:23:45:08 -0500] - Repack finished.*
[30/Dec/2009:23:45:08 -0500] - Waiting for 6 database threads to stop
[30/Dec/2009:23:45:09 -0500] - All database threads now stopped
Any suggestions would be greatly appreciated.
Thanks
Mike

I talked with Sun today about this issue and they stated that the error I received is the result of a bug. Sun Bug ID: 6650667
Synopsis: Cannot repack the changelog after trimming. libdb: DB_ENV->log_put: record larger than maximum file
We can see the the following lines in your error log:
[05/Jan/2010:00:05:03 -0500] - DEBUG - conn=-1 op=-1 msgId=-1 - libdb: DB_ENV->log_put: record larger than maximum file size (15956384 > 10485760)
[05/Jan/2010:00:05:03 -0500] - Repacking backend 'changelog', LDAP entries error Invalid argument (22).
[05/Jan/2010:00:05:03 -0500] - Repacking backend 'changelog' ended.
There is no fix, and a workaround is listed as follows:
Work Around:
Increase nsslapd-db-logfile-size in dse.ldif (In entry "cn=config,cn=ldbm database,cn=plugins,cn=config" )
This attribute is not present by default in the file.
Its default value is 10485760.
Which would make it the default as stated in the bug workaround.
Make the change as directed above, perform the repack again and let me know the results.

Similar Messages

  • Error while migrating to Sun Directory Server 6.0

    Hi All,
    I am trying to migrate the Sun One Directory Server 5.2 to Sun Directory Server 6.0. I am getting the following error
    bash-3.2# ./dsmig migrate-config /var/Sun/mps/slapd-circb2bld3/ /var/SunDirectoryServer6.0/dsInst/
    Launching Configuration Migration of server instance /var/Sun/mps/slapd-circb2bld3 .....
    Enter the certificate database password:
    Starting server instance /var/SunDirectoryServer6.0/dsInst ..... Instance /var/SunDirectoryServer6.0/dsInst is already running (ns-slapd pid is 3868)
    Enter "cn=Directory Manager" password:
    Connecting to server localhost:389 .....
    Could not bind securely on "localhost:389".
    Remote host closed connection during handshake
    Details: SSL peer shut down incorrectly
    Could not create context for configuration migration.
    Operation "migrate-config" failed.
    Please help me.

    Please stop
    The migration guide has step by step instructions, including command line examples, are you using that as your reference?
    Your upgrade should be to (at a minimum) DSEE 6.3.1.1.1. Upgrading to 6.0 is upgrading to a release level that has no patches or fixes to the product. There are significant fixes to the migration command line tools. There is a good chance you will run into issues.
    You should install and review migration to ODSEE 11.1.1.7.0 (which would effectively be the 7.2 release of the DS).
    There is a specific guide for migration and upgrade, which includes migration from DS 5.2 to 11.x
    The full documentation collection for 11.1.1.7.0 is here
    http://docs.oracle.com/cd/E29127_01/index.htm
    The specific migration guide is here
    http://docs.oracle.com/cd/E29127_01/doc.111170/e28971/toc.htm
    See: Part II Migrating from ODSEE 5.2 to ODSEE 11g Release 1 (11.1.1.7.0)
    ODSEE 11.1.1.7.0 can be downloaded from here.
    http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html

  • Error while starting Sun Directory Server 6.0

    Hello,
    I recently migrated from Sun Directory Server 5.2 to Sun Directory Server 6.0. I am trying to start the server. I get the following error
    bash-3.2# ./start-slapd
    Enter PIN for Internal (Software) Token:
    Enter PIN for Internal (Software) Token:
    [29/Mar/2013:11:39:47 -0400] - ERROR<4780> - SSL - conn=-1 op=-1 msgId=-1 - Security Initialization: Unable to authenticate to slot for cipher family cn=RSA,cn=encryption,cn=config ( error -8177 - The security password entered is incorrect. )
    Server not running!! Failed to start ns-slapd process.
    Please help me here. I dont know the PIN for Internal (Software) Token. Please help.

    Hi,
    it seems you're trying to start an instance which is configured for SSL, so at startup time, it's asking the default keystore password to access the internal security certificate/device.
    You should know that password.
    Thanks,
    Marco

  • Sun Directory Server giving errors during installion

    Hi,
    Iam new to the LDAP world.
    Iam trying to install, a Sun Directory Server on windows platform.
    Iam using the zipped package of the installation.
    While installing , the error i encounterd is as follows:
    Error: dsccsetup failed.
    Please help in installing the server.
    Thanks

    Hi.
    We need more info to help you. Which version are you trying to install (6.0 / 6.1 / 6.2) ? Which command are you running ? Can you give all the output not only the error ?
    Regards,
    Carole.

  • Error installing OAM against Sun Directory Server 6.3: No such object (32)

    Hi folks,
    I'm getting error installing OAM 10.1.4.3.0 (Linux, 64 bit) against Sun Directory Server 6.3. I've followed Oracle troubleshooting doc (http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12493/trouble.htm#BABBAAFH), and replaced every occurrence of cn=userRoot with cn=my_company_name inside iPlanet5_oblix_index_add.ldif. I still get the same error "ldapmodify: No such object (32)" for every entry in the file. Has someone managed to get it to work?
    Thank you, Roman

    Hi folks,
    I got it to work, here're the steps:
    1. After loading the schema file, follow the article (http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12493/trouble.htm#BABBAAFH, not the doc 552157.1 as it states incorrect info, sorry
    Notoriuos) to edit the index file (iPlanet5_oblix_index_add.ldif) and replace all occurrences of "userRoot" with "your_company_name" (which is your ldap suffix without the c=us part as in
    o=your_company_name, c=us) using vi command:
    :%s/userRoot/your_company_name/g
    2. run ldapadd (not ldapmodify! as all but the one last object listed on the dn: line might already exist under cn=config), here's example:
    $ ldapadd -x -h your_ldap_host -p your_port -c -f IdentityServer_install_dir/identity/oblix/data.ldap/common/iPlanet5_oblix_index_add.ldif -D "cn=directory manager" -w directory_manager_passwd
    3. If done right, you should see smth like this:
    adding new entry "cn=obactionname,............... per every entry in the index file
    HTH
    Roman

  • Provisioning Sun directory Server to a User in OIM

    I am learning a OIM tool since 2 months, I could not able to do provisioning sun directory server to a user in OIM, the error is I am not getting the value for Organization DN. I am using ODSEE 11.1.1.5.0 and OIM 11.1.1.5.0. I have followed below steps
    1. Copy Connector and External Code Files.
    2. Configure Oracle Identity Manager Server.
    3. Import an Oracle Identity Manager Connector.
    4. Define an IT Resource.
    5. Create a User.
    6. Assign the Connector to a User.
    Please anyone suggest me solution for this problem.

    Hi,
    You need to run organization lookup reconciliation first then select value in the process form.
    If you are getting particular error, paste error messages from console?
    Regards,
    Raghav.

  • Error in iPlanet Directory Server documentation ?

    According the the Directory Server Schema Reference (http://docs.sun.com/db/coll/S1_ipDirectoryServer_51), a "Directory String indicates that values for this attribute are not case sensitive". Moreover, "IA5String indicates that values for this attribute are case sensitive".
    I thought a Directory String was a Unicode UTF-8 string, and could be made case sensitive or not case sensitive. As for IA5String, I thought it was just a 7-bits ASCII.
    Is this an error in the Directory Server documentation ?
    Christophe

    An error perhaps in that they do not conform with the standards, but that's how the DS treats them - DirString is case insensitive, and iA5String is case sensitive.

  • Log file size in Sun Directory Server

    Does anyone have an idea about the how the Sun Directory Server's log file size will increase in size with respective to the actions performed?
    Can someone give a data regarding this? If someone has a better scenario and the supportive data w.r.t log file size it will be helpful.
    Thanks,

    AFAIK No its based on time "At a certain time, or after a specified interval, the server rotates your access logs. "
    More info in Archiving Log Files in [http://docs.sun.com/app/docs/doc/820-7985/gczxv?l=en&a=vie]
    It should be easy to write such a script to be run as a daemon in logs directory. Here is the pseudo code :
    while [1]
    do
    get size of the access/error log file
    If size of file > max_size
    <ws-install-dir>/https-<instance>/bin/rotate
    sleep for sometime
    done

  • Sun Directory Server crashed

    Hi ,
    i dont know where to post this question because i really dont understand myself the error
    i downloaded Sun Directory Server 5.2 and installed in both my Solaris
    one of them is Solaris 8 ( Production Server)
    the other one is Solaris 10 ( Another Prod Server )
    i did master-master ldap replication but it works okay for quite sometimes ( few days )
    only today i found today that one of the directory server is crashing and what i found in the log is
    Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfe000000       /usr/lib/libpthread.so.1
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfdfd0000       /usr/lib/libCrun.so.1
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfdfb0000       /usr/lib/libmp.so.2
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfdf90000       /usr/lib/libaio.so.1
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfdf40000       /usr/lib/libresolv.so.2
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfede0000       /usr/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfded0000       /usr/lib/nss_files.so.1
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfdea0000       /var/Sun/mps/bin/https/lib/libAdmservPlugin.so
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfde70000       /var/Sun/mps/lib/libadmsslutil52.so
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): 0xfde40000       /v[19/Dec/2006:17:17:10] config (10607): # An error report file has been saved as hs_err_pid10607.log.
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): # Please refer to the file for further information.
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:10] config (10607): #
    [19/Dec/2006:17:17:10] config (10607):
    [19/Dec/2006:17:17:14] info (10610): Installing a new configuration
    [19/Dec/2006:17:17:14] info (10610): [LS ls1] http://ils1app3.tpcils.com, port 390 ready to accept requests
    [19/Dec/2006:17:17:14] info (10610): A new configuration was successfully installed
    [19/Dec/2006:17:17:14] info (10610): Using the Java HotSpot(TM) Server VM v1.4.1_01 from Sun Microsystems Inc.
    [19/Dec/2006:17:17:14] info (10610): Java VM classpath: /var/Sun/mps/bin/https/jar/NSServletLayer.jar:/var/Sun/mps/bin/https/jar/NSJavaUtil.jar:/var/Sun/mps/bin/https/jar/NSJavaMiscUtil.jar:/var/Sun/mps/bin/https/jar/servlet.jar:/var/Sun/mps/bin/https/jar/servlet-2.3-filters-api.jar:/var/Sun/mps/bin/https/jar/jspengine.jar:/var/Sun/mps/java/ldapjdk.jar:/var/Sun/mps/java/jss311.jar:
    [19/Dec/2006:17:17:14] info (10610): Loading IWSSessionManager by default.
    [19/Dec/2006:17:17:14] info (10610): IWSSessionManager: Maximum number of sessions is 1000
    [19/Dec/2006:17:17:14] catastrophe (10610): Server crash detected (signal SIGSEGV)
    [19/Dec/2006:17:17:14] info (10610): Crash occurred in function PR_Write from module /var/Sun/mps/lib/libnspr4.so
    [19/Dec/2006:17:17:14] config (10610):
    [19/Dec/2006:17:17:14] config (10610): An unexpected exception has been detected in native code outside the VM.
    [19/Dec/2006:17:17:14] config (10610):
    [19/Dec/2006:17:17:14] config (10610): Unexpected Signal : 11 occurred at PC=0xFEEBB384
    [19/Dec/2006:17:17:14] config (10610):
    [19/Dec/2006:17:17:14] config (10610): Function=
    [19/Dec/2006:17:17:14] config (10610): PR_Write+0x0
    [19/Dec/2006:17:17:14] config (10610):
    [19/Dec/2006:17:17:14] config (10610): Library=/var/Sun/mps/lib/libnspr4.so
    [19/Dec/2006:17:17:14] config (10610):
    [19/Dec/2006:17:17:14] config (10610):
    [19/Dec/2006:17:17:14] config (10610): Cannot obtain thread information
    [19/Dec/2006:17:17:14] config (10610):This is happening is the Solaris 8
    while in the Solaris 10 ( new box ) i cant see there is an error being logged.
    Any help/idea would be highly appreciated.
    Thanks

    Could it be because of too many load calls to LDAP server?
    or different java version ??

  • Sun Directory Server and OID Synchronization

    I'm having a problem with synchronizing OID with our existing Sun Directory Server. This is a one way synchronization, using Sun DS as the source, and OID as the destination. I've successfully installed OID with SSL enabled (this is part of an Oracle Portal installation), and followed what docs I could find. I created an integration profile based off the iPlanet Import profile, and imported a custom mapping profile based off a differing DIT naming convention (o=company.com vs dc=company,dc=com). I have applied an ACI that should allow the synchronization profile user to update entries on the OID side, and a user in Sun DS that has access to the appropriate areas on that side. I was able to successfully bootstrap and import all of our users, and it was also able modify the last changelog number.
    Having said all of that, incremental changes aren't propagating to OID. I'm not sure where to look or what steps to take to troubleshoot this, as I'm brand new to OID. There's an agent execution command that is blank in the integration profile, but according to what I've found that's the default and is acceptable.
    Am I missing a step here? According to the docs, all I need to do is enable the profile, and away it goes.
    One last thing I had to do to overcome an issue with the changelog number not updating was adding our internal root ca's certificate to the local JVM's cacerts file. I accomplished this with the keytool command, and it seemed to work fine. I'm unsure if it's the SSL config that is hosed and is causing this, or if it's a configuration parameter I'm missing.. but I don't have anywhere to start as far as troubleshooting is concerned.

    On your integration profile, did you set the debug level to 63? You should have a _____.aud and a _____.trc file in your $ORACLE_HOME/ldap/odi/log directory that will provide more info. Did you start your DIP server (odisrv) with the oidctl command?
    You might also look at downloading the "diptester" utility for troubleshooting OID synchronization issues.
    - Brian

  • Sun directory server 6.3.1 admin conlsole

    Hi
    In my sun directory server 6.3.1 admin conlsole and Applications view I have the following:
    Server Group
    Server Group (2)
    Administration Server
    Identity Synchronization
    If I click on the Directory Server I get the following error:
    This server component has not yet been downloaded, or it could not be activated. Press Download to retry.
    If I click on Download, I get : (Class loader error) Failed to install a local copy of ds523.jar or one of its supporting files: error result
    What can I do to fix it?
    Thanks!

    Hi
    In my sun directory server 6.3.1 admin conlsole and Applications view I have the following:
    Server Group
    Server Group (2)
    Administration Server
    Identity Synchronization
    If I click on the Directory Server I get the following error:
    This server component has not yet been downloaded, or it could not be activated. Press Download to retry.
    If I click on Download, I get : (Class loader error) Failed to install a local copy of ds523.jar or one of its supporting files: error result
    What can I do to fix it?
    Thanks!

  • Sun Directory Server as Primary Domain Controller.

    Hello,
    I've recently installed Sun Directory Server, Access Manager, and DSEE Identity Manager, on CentOS 5.2, with success, but my question is:
    Can I use this directory as a primary domain controller for my network, I want to know if it is possible to integrate this directory in the same way that Active Directory works, I mean connecting Windows computers to the DC with some kind of connector (because windows won't connect to another directory than AD natively). I know that there are some MSGina replacements, like pgina, but I'm looking for some serious solution, especially for computers running Windows Vista.
    Thanks in advance.

    Hi,
    thanks for your answer, but.. there is a way to configure the DSEE to be like a native 2000/2003 Active Directory?, I mean, connecting directly to the DSEE without using Samba, I know that is possible to use that solution, but you lose some functionality.
    I've been trying to do some research about the topic, like modifying the bind DNS to act like a AD DNS, and it works at a certain grade, windows xp detects the SVR records but when it tries to connect to the directory it fails giving me an error telling that the DC isn't available. It will be great to make such environment, Windows XP / Vista connected to DSEE without third party software.
    Any comment would be greatly appreciated.
    Thanks.

  • Sun Directory Server Resource Kit

    Hi All,
    I have downloaded the DSRK 5.2 for Sun Directory Server 5.2. However, when I try to install the same, i receive the following error:
    # java DSRK.class
    Exception in thread "main" java.lang.NoClassDefFoundError: DSRK/class
    can somebody please explain where the error lies?

    Hi
    you must run
    java DSRK

  • User provisioning with Sun Directory Server

    I'm migrating from the internal user data store to external with Sun Directory Server as the LDAP backend and I'm unable to provision new users. I use unidssearch to list the unprovisioned accounts and it lists the user I'd like to provision. I then execute 'uniuser -user -add "DID=uid=testy,ou=People,dc=domain,dc=com" -n 10' which returns an Insufficient access right error. When I look at das.log I see the following entry...
    DATE = Thu May 10 10:25:09 2007
    PID = 440; TID = 1095888896
    LOG TYPE -> DEBUG
    FUNCTION NAME -> ctldap_CalUserUpdateByDirectoryId
    dn: uid=testy,ou=People,dc=domain,dc=com
    changetype: add
    ctCalXItemId: 00010:00500
    o: Domain Corporation
    objectClass: ctCalUser
    This entry tells me that uniuser is try to do an LDAP_ADD on an existing object in the directory when it should do a LDAP_MODIFY.
    Does anyone know why this is?

    the unidsacisetup(8) command can be used to add the ACI for Sun Directory server. The ACI it sets is a little to loose for my liking so I modified it slightly.
    Original:
    (target="ldap:///dc=domain,dc=com") (targetattr = "*") (version 3.0; acl "Calendar Administrators Group"; allow(all) groupdn = "ldap:///cn=OracleCalendarAdminGroup,ou=OracleCalendar,dc=domain,dc=com";)
    Modified:
    (target="ldap:///dc=domain,dc=com") (targetattr = "*") (version 3.0; acl "Calendar Administrators Group"; allow(read,write,compare) groupdn = "ldap:///cn=OracleCalendarAdminGroup,ou=OracleCalendar,dc=domain,dc=com";)

  • Sun Directory Server Installation

    Hi all,
    I am a student in a Computer Science degree and as my project i am designing a web application that allows users to exchange ideas through a "messaging" system.
    After discussion with my tutors we have come up with a design idea that we would use an LDAP server to authenticate users as well as keep message details such as Topic, message header, etc. The actual body of the msg should be kept in a separate database.
    To the point....
    It has been suggested that i use the Sun Java System Directory Server 5.2 for this project and i was also given a compressed installation package. I have tried to install this and received error msgs similar to the ones i have found others have had in this forum.
    For example topics:
    1. Forums - Directory Server configuration issues in Windows
    2. Forums - Install failed on Windows XP
    I am using windows XP and from what i have read although it is not supported some people have managed to get this to work. Also i read that maybe Studio enterprise might solve this issue or provide some support?
    Is this true and if so can someone give me some guidance on how to achieve this?
    Also i would appreciate your opinion on wether this design approach( LDAP for authentication and database for store) is feasible or technicaly "correct" and maybe suggestions to a different approach....

    I think that its never a bad idea to get acquainted with something like the Sun Directory Server although I'm not sure that means that one HAS to use it in a project.
    The DS can be a pain to get up but for the most part if you get the latest DS5.2 Q4 or something...most installations go smoothly. If it was me I would just chuck every thing about the convo into the directory but I'm sure that there's a reason that you want to use the DS in conjuction with other storage DBs.
    I don't think you need to get Studio enterprise. I was able to get it up and running all by itself on windows. After I installed it I jsut made sure to remember the two random ports it picks up for Admin and DS ldap usage. Also I changed the password expiry time of the account that is used by the Admin console.
    GLuck with this.
    Cheers,
    - Pulkit

Maybe you are looking for