LDAP LOG PURGE (Housekeeping)

Similar Messages

• LDAP Log not showing external search results

  Hi,
  I'm conducting LDAP searches with a filter into the LDAP directory of OD Master. Results are as expected and authentication is correct for an LDAP user. I can see the authentication in PasswordServer.
  My question is, why doesn't the LDAP search show up in the LDAP Log (slapd.log)? All I get in this log are new user accounts when created showing a note that home directory attribute is not provided. I am not using home directories as AFP and Web services for groups are all that the user has access to. The preponderance of entries in LDAP Log are for
  "bdbsubstringcandidates: (authAuthority) index_param failed (18)"
  which has been there since 10.5 and continues despite making an index entry for authAuthority in slapd_macosxserver.conf and restarting the LDAP service.
  Can someone enlighten me on the functions of LDAP Log and what should be visible there?
  Harry

  I just discovered that if the formulation output doesn't have any entries in the cross reference section, it will not appear in eqt search results. does this make sense? Is there some config that we can adjust to make them apper even without a cross reference?
  thanks,
  David

• ODI - Logs purged while ETL is in progress.

  Hi All,
  We are using ODI 11.1.6 to execute ETL. We found that while a load plan is in progress, after some time ODI agent automatically stops executing the load plan, purges the logs and on agents command prompt window writes a message "Agent <AGENT NAME> executing load plan log purge for work repository <Work Repo Name>". After this, work repository goes down and ETL execution is halted.
  Is there any parameter which can be set for this behavior of ODI?
  Regards
  Gaurav.

  Hi All,
  We are using ODI 11.1.6 to execute ETL. We found that while a load plan is in progress, after some time ODI agent automatically stops executing the load plan, purges the logs and on agents command prompt window writes a message "Agent <AGENT NAME> executing load plan log purge for work repository <Work Repo Name>". After this, work repository goes down and ETL execution is halted.
  Is there any parameter which can be set for this behavior of ODI?
  Regards
  Gaurav.

• Question about "(authAuthority) index_param failed (18)" error LDAP Log

  After a couple months of working through many 10.5 OD problems (now 10.5.2 on Mac Pro) I've worked out most and only have the following error in LDAP Log
  Apr 23 18:31:29 crashdummy slapd[102]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
  I know its not a critical issue and everything finally seems stable but I'd like to check know what's going on.
  I tried indexing authAthority in slapd_macosxserver.conf with equality, substring, and presence directives with no change. (using slapindex after unloading )
  One issue might be that the authAuthority attribute on computers and users in LDAP has 2 entries, ApplePasswordServer and Kerberosv5.
  I'm new to Apple environment, so I'm not sure if this is normal.
  Should there be only one entry?
  I can delete ApplePasswordServer and still everything works OK including Home folders on an AFP share.
  So I'd like to know if anyone who doesn't get this error has only one entry in authAuthority attribute..

  I think you need to keep ApplePasswordServer in there if you want to be able to support authentication without Kerberos, like when ticket has expired.
  I currently have the same issue. As I understand this is not a serious warning but I'd still like to resolve it and stop cluttering my logs. I've tried changing LDAP mappings between "From Server" and "Opend Directory" and adding the value to conf and indexing, as did you, but this doesn't seem to have any effect. I'm also seeing occasional ipHostNumber failures.
  It very well might be a bug in the software because indexing doesn't resolve it. I've looked around but there doesn't seem to be a definitive answer.

• Alert & Audit Log Purging sample script

  Hi Experts,
  Can somebody point to sample scripts for
  1. alert & audit log purging?
  2. Listener log rotation?
  I am sorry if questions look too naive, I am new to DBA activities; pls let me know if more details are required.
  As of now the script is required to be independent of versions/platforms
  Regards,

  34MCA2K2 wrote:
  Thank a lot for your reply!
  If auditing is enabled in Oracle, does it generate Audit log or it inserts into a SYS. table?
  Well, what do your "audit" initialization parameters show?
  For the listener log "rotation", just rename listener.log to something else (there is an OS command for that), then bounce the listener.
  You don't want to purge the alert log, you want to "rotate" it as well.  Just rename the existing file to something else. (there is an OS command for that)
  So this has to be handled at operating system level instead of having a utility. Also if that is the case, all this has to be done when database is shut down right?
  No, the database does not have to be shut down to rotate the listener log.  The database doesn't give a flying fig about the listener log.
  No, the database does not have to be shut down to rotate the alert log.  If the alert log isn't there when it needs to write to it, it will just start a new one.  BTW, beginning with 11g, there are two alert logs .. the old familiar one, now located at $ORACLE_BASE/diag/rdbms/$ORACLE_SID/$ORACLE_SID/trace, and the xml file used by adrci.  There are adrci commands and configurations to manage the latter.
  Again, I leave the details as an exercise for the student to practice his research skills.
  Please confirm my understanding.
  Thanks in advance!

• "wrong principal" message filling ldap log.

  Getting the following repetitive listings in filling the ldap log. Anyone know what might be causing it?
  slapd[52]: SASL [conn=12837] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Wrong principal in request (found ldap/<server1.domain.com>@>KERBEROS REALM>, wanted ldap/<server2.domain.com@<KERBEROS REALM>))

  Hi,
  Could this link be of help?
  http://help.sap.com/saphelp_ep50sp2/helpdata/en/bf/f8b88f1c9011d6b1d200508b6b8b11/content.htm
  Regards,
  Srikishan

• Unknown error  LDAP Log

  Getting this error every few seconds in the LDAP log.
  fileserver slapd[55]: SASL [conn=4713] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Key table entry not found)
  Any ideas on how to solve it?
  TIa
  Mitch

  Been there done that have the t-shirt.
  Here is how I fixed it.
  Go into Server Manager app.
  Click on Open Directory on the left hand side.
  Click on Settings at the top
  Click on LDAP
  I am assuming you are using SSL for your LDAP connections.
  Uncheck "Enable SSL" and click Save
  Wait 30 seconds
  Check "Enable SSL" and make sure you reselect your SSL cert.
  Click Save
  Your GSSAPI error will be cured until the next time you reboot or start/stop LDAP.
  Then just repeat the process above.
  Hope that helps.
  Another sympton of the GSSAPI error (Key table entry not found) is that your diradmin user will NOT be able to authenticate!
  That's pretty awesome (end sarcasm) and I wish APPLE WOULD FIX THIS as it took a lot of trial and error to figure this out.
  FWIW, I'm using a Go Daddy SSL cert which also requires an intermediate cert.

• LDAP Log error message 10.4.5

  I am having a lot of trouble with a 10.4 install - the LDAP log is reading this at a restart:
  Mar 9 08:03:05 localhost slapd[54]: bdbdbinit: Initializing BDB database\n
  Mar 9 08:03:05 localhost slapd[54]: slapd starting\n
  Mar 9 08:12:12 dml slapd[54]: connection_read(25): no connection!\n
  What does this mean?
  Thanks for your time.

  Not an important message, evidently.

• LDAP log

  Not really sure why I'm getting this on the LDAP log -
  "Aug 8 11:34:08 lasxserv1 slapd[41]: SASL [conn=9821] Failure: no user in database\n". Running server 10.4.6 on Xserve, all users authenticated, all workstations are bound to "Open Directory" via Directory Access. All users can login to OD, and all have access to their network Home directories. All share point are available. I'm i missing something ?
  TIA
  2.5G DP G5 PPC   Mac OS X (10.4.6)  

  Did you ever get an answer to this question? My LDAP log has been showing the same type of thing for more than a year now.

• Log purge

  Hi,
  AWT groups in TimesTen data store.
  Replication and cache agent are started.
  In the beginning, log purge works well. Later I found that more and more logs are in log directory.
  So I run:
  call ttLogHolds
  < 245, 40265728, Replication , PERF7420:_ORACLE >
  < 841, 48642048, Checkpoint , rccpp.ds0 >
  < 841, 48646144, Checkpoint , rccpp.ds1 >
  Command> call ttRepSTart;
  12026: The agent is already running for the data store.
  The command failed.
  It shows that replication agent is running. I try to stop it and restart it, and run ttCkpt and ttLogHolds.
  Command> call ttLogHolds;
  < 414, 56417344, Replication , PERF7420:_ORACLE >
  < 845, 35186688, Checkpoint , rccpp.ds0 >
  < 845, 38623232, Checkpoint , rccpp.ds1 >
  3 rows found.
  It seems that there is some issue about replication agent.
  Regards,
  Nesta
  Edited by: nesta on Mar 4, 2010 6:50 AM

  Hi Nesta,
  Just because the repagent is running doesn't mean it is able to apply stuff in Oracle. Is Oracle up? Is it accepting connections? Check the TimesTen daemon log and the dsname.awterrs file to see what they show.
  Chris

• Lots of errors in LDAP Logs

  We are having some issues with some user accounts, and I went into the logs to see what I could find. I am getting tons of errors in LDAP alone. Here is from the last 30 minutes. Not sure what is means exactly... Can anybody shed some light on this
  Feb 8 12:00:38 server slapd[46]: SASL [conn=86077] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
  Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
  Feb 8 12:00:56 server slapd[46]: SASL [conn=86083] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:00:57 server slapd[46]: SASL [conn=86087] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:00:58 server slapd[46]: SASL [conn=86091] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:03:48 server slapd[46]: SASL [conn=86106] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:18 server slapd[46]: SASL [conn=86131] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:19 server slapd[46]: SASL [conn=86135] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:19 server slapd[46]: SASL [conn=86139] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:20 server slapd[46]: SASL [conn=86143] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
  Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
  Feb 8 12:08:53 server slapd[46]: SASL [conn=86150] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:54 server slapd[46]: SASL [conn=86154] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:54 server slapd[46]: SASL [conn=86156] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:11:38 server slapd[46]: SASL [conn=86175] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:11:39 server slapd[46]: SASL [conn=86179] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:13:08 server slapd[46]: connection_read(22): no connection!\n
  Feb 8 12:15:32 server slapd[46]: connection_read(28): no connection!\n
  Feb 8 12:23:32 server slapd[46]: SASL [conn=86249] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:23:33 server slapd[46]: SASL [conn=86253] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:23:35 server slapd[46]: SASL [conn=86257] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:30:37 server slapd[46]: connection_read(28): no connection!\n

  This article fixed my problem
  http://support.apple.com/kb/TS2915

• 12c Cloud Control Alert Log Purge Error

  I'm trying to purge old alert log events in EM 12c, but i'm getting error - The alert(s) could not be purged. Please ensure you have Edit privileges on this target while purging.
  What's i'm doing wrong? Cant find anything close to this in EM documentation.
  Thank you.

  Hi,
  What privileges do you have on the target? You'll need at least Manage Target Events (a subprivilege of Operator) in order to clear events on the target.
  regards,
  Ana

• Automount floods LDAP Log - need help

  I've installed an LDAP server on a linux machine (with debian 5.0.4 on it), so I can share my login/home-directorys among my mac minis.
  It took me a while to get everything working, but now I don't know how to fix this problem.
  The users home-directorys are provided through a NFS server (also running on the linux machine) and in LDAP I have configured these automount setting:
  dn: ou=mounts,dc=chemnitz,dc=abs-rz,dc=de
  objectClass: top
  objectClass: organizationalUnit
  objectClass: domainRelatedObject
  associatedDomain: chemnitz.abs-rz.de
  ou: mounts
  dn: automountKey=/home,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de
  objectClass: automount
  objectClass: top
  automountInformation: auto_home
  automountKey: /home
  dn: automountKey=*,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de
  objectClass: automount
  objectClass: top
  automountInformation: -fstype=nfs yoda3-vm4.chemnitz.abs-rz.de:/nfs/&
  automountKey: *
  dn: automountMapName=auto_master,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de
  objectClass: automountMap
  objectClass: top
  automountMapName: auto_master
  dn: automountMapName=auto_home,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de
  objectClass: automountMap
  objectClass: top
  automountMapName: auto_home
  In the user entry, there is an associating information about the home-directory f.e. /home/mg.
  Everything works fine so far but the logs of my LDAP are flooded with this:
  => dn: [2]
  => acl_get: [3] attr automountKey
  => acl_mask: access to entry "automountKey=/home,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de", attr "automountKey" requested
  => acl_mask: to value by "", (=0)
  <= check adnpat: cn=admin,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: uid=frank,ou=users,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: uid=mg,ou=users,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: *
  <= acl_mask: [4] applying read(=rscxd) (stop)
  <= acl_mask: [4] mask: read(=rscxd)
  => slapaccessallowed: search access granted by read(=rscxd)
  => access_allowed: search access granted by read(=rscxd)
  => access_allowed: search access to "automountKey=*,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de" "objectClass" requested
  => dn: [2]
  => acl_get: [3] attr objectClass
  => acl_mask: access to entry "automountKey=*,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de", attr "objectClass" requested
  => acl_mask: to value by "", (=0)
  <= check adnpat: cn=admin,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: uid=frank,ou=users,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: uid=mg,ou=users,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: *
  <= acl_mask: [4] applying read(=rscxd) (stop)
  <= acl_mask: [4] mask: read(=rscxd)
  => slapaccessallowed: search access granted by read(=rscxd)
  => access_allowed: search access granted by read(=rscxd)
  => access_allowed: search access to "automountKey=*,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de" "automountKey" requested
  => dn: [2]
  => acl_get: [3] attr automountKey
  => acl_mask: access to entry "automountKey=*,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de", attr "automountKey" requested
  => acl_mask: to value by "", (=0)
  <= check adnpat: cn=admin,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: uid=frank,ou=users,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: uid=mg,ou=users,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: *
  <= acl_mask: [4] applying read(=rscxd) (stop)
  <= acl_mask: [4] mask: read(=rscxd)
  => slapaccessallowed: search access granted by read(=rscxd)
  => access_allowed: search access granted by read(=rscxd)
  => access_allowed: read access to "automountKey=*,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de" "entry" requested
  => dn: [2]
  => acl_get: [3] attr entry
  => acl_mask: access to entry "automountKey=*,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de", attr "entry" requested
  => acl_mask: to all values by "", (=0)
  <= check adnpat: cn=admin,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: uid=frank,ou=users,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: uid=mg,ou=users,dc=chemnitz,dc=abs-rz,dc=de
  <= check adnpat: *
  <= acl_mask: [4] applying read(=rscxd) (stop)
  <= acl_mask: [4] mask: read(=rscxd)
  => slapaccessallowed: read access granted by read(=rscxd)
  => access_allowed: read access granted by read(=rscxd)
  => access_allowed: read access to "automountKey=*,ou=mounts,dc=chemnitz,dc=abs-rz,dc=de" "automountInformation" requested
  About 4 or 5 logs per second - Is this normal? - What can I do to reduce this traffic?
  My slapd is running mit -d acl and there is only 1 client logged on.
  Thank you in advance for your help.
  - mgoe

  no ideas?

• Automating Job Log Purges

  I was wondering if there are any standard practices regarding the purging of Job History Logs through the Automation Server? The # of logs gets pretty high pretty quickly on our system and I am looking for a way to automatically purge them weekly, or at least on some schedule.
  Does anyone know of a way to do this? I was thinking I could just purge them from the database using SQL, but I don't know what else this might affect.
  Thanks in advance!
  Jeff
  Jeffrey Turmelle <[email protected]>
  International Research Institute for Climate & Society
  Earth Institute at Columbia University

  Turns out it didn't work after all.
  I set the PTSERVERCONFIG setting "days before job logs should be expired" to 7.
  But after that, anytime the joblog got to 7 days full, it wouldn't expire the old jobs. It would simply fail all new jobs with an error message saying the joblogs folder was full.
  There must be another setting someplace?
  Jeffrey Turmelle <[email protected]>
  International Research Institute for Climate & Society
  Earth Institute at Columbia University

• LDAP Log Rotation

  Does anybody know how to change the time of the log rotation for access and error logs. Currently, the logs rotate at 12:50 in the afternoon. I would like to change that. I have looked at the admin console and documentation and there is nothing on changing the time. You can change the size and interval. I assume that it does it at 12:50 because that's when the database was created.

  The time (12:50) is the time you started the server. Unfortunately, iDS will only rotate your logs on this time. One solution is to start your server on another time. Another solution is to manually rotate your logs using a script. But, you need to shutdown your server to manually rotate logfiles.