Problems with overflow files in OD password database

Subject: Problems with overflow files in OD password database

From: Tycho Sjögren <email@hidden>

Date: Wed, 31 Aug 2005 14:40:58 +0200

Delivered-to: email@hidden

The Open Directory password database can easily get corrupted, leaving us with an unusable server. After seeing this on a live server two times I decided to dig into what happens. Below is a description that will recreate the problem. I have checked it at two servers (10.4.2 with latest security update).

How do you know that you got a corrupted password database? You will get error messages when trying to change password or delete some users.

My guess is that new slots don't get created in the OD password database (/vardb/authserver/authservermain) as they should. It is no problems to import a big number of users on a fresh server (I tried with 3500), then new slots get created when needed. But if you have imported and deleted a number of users less than 511, then you have a big chance to be in trouble.

As I have this problem on a live server I really would appreciate all help to solve this problem, without recreating the OD domain.

This is the procedure I used to recreate the problem. If you would like to test you can find a link to my scripts below.

---------

1. Import 300 users via dsimport .

Results from mkpassdb -dump:

entrySize: 0

sequenceNumber: 304

numberOfSlotsCurrentlyInFile: 512

deepestSlotUsed: 304

deepestSlotUsedByThisServer: 304

All users placed in appropriate slots in password database

All users can login

2. Remove those 300 users with WGM. Re-import with dsimport.

Results from mkpassdb -dump:

entrySize: 0

sequenceNumber: 604

numberOfSlotsCurrentlyInFile: 512

deepestSlotUsed: 511

deepestSlotUsedByThisServer: 511

Users #0 to User #206 are placed in appropriate slots in password database. Last slot is #511

The remaining users are placed in overflow files in /var/db/authserver

All users can login

3. Remove those 300 users again with WGM.

Checking with mkpassdb -dump shows that many new overflow entrys has been created. All with creation time 01/01/1970 12:59:59 AM. many users still remains in the overflow entrys.

Re-import with dsimport.

Results from mkpassdb -dump:

entrySize: 0

sequenceNumber: 904

numberOfSlotsCurrentlyInFile: 512

deepestSlotUsed: 511

deepestSlotUsedByThisServer: 511

No users placed in appropriate slots in password database

A great number of users can not login.

Trying to change one of those users password results in a message:

"The password could not be set

An unexpected error of type -14090 occurred. All other settings were saved."

Trying to remove one user results in an other error message:

"Got unexpected error

Error of type eDSAuthFailed (-1490) on line 778 of

/SourceCache/ServerManagerUserGeneral/

ServerManagerUserGeneral- 193.1.1/

UserAdvancedPlugin.mm"

After this the database is corrupt and can not be used

If you like to test you can use my scripts. Get them at http://www.apoio.se/files/Overflow.zip

Use the script make300users.sh to create a file with 300 new users to import. File is placed in users home folder.

Import command: sudo dsimport -g ~/300users /LDAPv3/127.0.0.1 O -u diradmin

Command to show users who can not login: sudo ./logincheck 2>&1 | grep -B 1 incorrect

--------------------

Tycho Sjögren

Certified trainer for Apple Certified System Administrators and Apple Certified Technical Coordinators

Apoio AB

Gamla Riksvägen 51

428 32 Kållered

Sweden

Phone: +46 31 795 43 51

Mobil: +46 706 75 10 22

http://osx.nu

mailto: email@hidden

_______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/email@hidden This email sent to email@hidden