(ITS#7070) test058-syncrepl-asymmetric failed for hdb
by michael@stroeder.com
Full_Name: Michael Ströder
Version: HEAD (from git master)
OS: openSUSE 11.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.163.51.243)
>>>>> Starting test058-syncrepl-asymmetric for hdb...
running defines.sh
Initializing master configurations...
Initializing search configurations...
Starting central master slapd on TCP/IP port 9011...
Using ldapsearch to check that central master slapd is running...
Waiting 1 seconds for slapd to start...
Waiting 2 seconds for slapd to start...
Waiting 3 seconds for slapd to start...
Waiting 4 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
ldapsearch failed (255)!
>>>>> test058-syncrepl-asymmetric failed for hdb
(exit 255)
make[2]: *** [hdb-mod] Error 255
make[2]: Leaving directory `/usr/src/michael/openldap/tests'
make[1]: *** [test] Error 2
make[1]: Leaving directory `/usr/src/michael/openldap/tests'
make: *** [test] Error 2
11 years, 11 months
Re: (ITS#7067) openldap not properly starting
by Pierangelo Masarati
Current release is OpenLDAP 2.4.26. In any case, there is no clear indication
in your report of a software bug. Please direct your message to the
openldap-technical mailing list.
p.
11 years, 11 months
(ITS#7069) test061-syncreplication-initiation failed for hdb
by michael@stroeder.com
Full_Name: Michael Ströder
Version: HEAD (from git)
OS: openSUSE 11.4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.163.45.214)
>>>>> test061-syncreplication-initiation failed for hdb
(exit 255)
make[2]: *** [hdb-mod] Error 255
make[2]: Leaving directory `/usr/src/michael/openldap/tests'
make[1]: *** [test] Error 2
make[1]: Leaving directory `/usr/src/michael/openldap/tests'
make: *** [test] Error 2
11 years, 11 months
Re: (ITS#7042) [PATCH] allow unsetting of tls_* options for syncrepl
by pm@datasphere.ch
--=-H9Xw5XBDhIDPupeYRJLz
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi,
I am the author of the patch at:
ftp://ftp.openldap.org/incoming/jvcelak-20110912-syncrepl-allow-unsetting-o=
f-tls-options.patch
and I want to argue in favor of it:
1) In a configuration using a simple bind to authenticate a client, you
have no choice but using ldaps to protect password sniffing: this
requires a SERVER certificate only.
2) Since primary and replicated servers can have their role reversed
(i.e.: after failure and/or recovery of the former primary server), the
configurations should be kept as symmetric as possible (except for
syncrepl) in order to speed-up switch: SSL in both servers should thus
have the same configuration.
3) syncrepl then forces SSL to use a client certificate rather than a
simple bind for authentication: this implies "normal" clients will also
need a certificate... we are then in a situation lying very far from
using ldaps for encryption only :-(
4) Using separate server and client certificates within a server,
although safer, does not resolve my problem.
For the above reason, I would really like to see my patch included in
openldap code, or at least an equivalent solution.
Because "third-party patch submissions cannot be accepted per our IPR
policies. The original author is required to submit their own patches.",
do you need me to re-submit it ?
Thanks in advance for your reply.
Regards,
Patrick Monnerat
DATASPHERE S.A.
16, chemin des Aulx
CH-1228 Plan-les-Ouates (GE)
--=-H9Xw5XBDhIDPupeYRJLz
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH/DCCA9Mw
ggK7oAMCAQICARQwDQYJKoZIhvcNAQEFBQAwgaIxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZHZW5l
dmExGDAWBgNVBAcTD1BsYW4tbGVzLU91YXRlczEYMBYGA1UEChMPREFUQVNQSEVSRSBTLkEuMSQw
IgYDVQQDExtEQVRBU1BIRVJFIG1haWwgc2VjdXJpdHkgQ0ExKDAmBgkqhkiG9w0BCQEWGWJ1cmVh
dXRpcXVlQGRhdGFzcGhlcmUuY2gwHhcNMTEwODIzMTM1MzAwWhcNMTIxMjMxMjM1OTAwWjCBvDEL
MAkGA1UEBhMCQ0gxDzANBgNVBAgTBkdlbmV2YTEYMBYGA1UEBxMPUGxhbi1sZXMtT3VhdGVzMRcw
FQYDVQQKEw5EQVRBU1BIRVJFIFMuQTEZMBcGA1UEAxMQUGF0cmljayBNb25uZXJhdDEtMCsGCSqG
SIb3DQEJARYecGF0cmljay5tb25uZXJhdEBkYXRhc3BoZXJlLmNoMR8wHQYJKoZIhvcNAQkBFhBw
bUBkYXRhc3BoZXJlLmNoMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzpT/ufabbhCa1JFvX
ZWLCDP8tPBxTilXjEFKAnNirdOc8Sj667iey7ypcgkA2QUZu+gHDSVD3iNRro2rQPdTzjnLCml5P
Up+AOB48X5jUwVbxihmAvtM21KQGZZwcmGdlj6AgY/Vxci48CRn+DzW6lY+VYCtf7HWhNHih4G1Y
IwIDAQABo3wwejAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR79vf/tmNLu8XwC0nU02j0WQLCzjAL
BgNVHQ8EBAMCA7gwKwYDVR0lBCQwIgYIKwYBBQUHAwQGCisGAQQBgjcCARUGCisGAQQBgjcCARYw
EQYJYIZIAYb4QgEBBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQA8gckFW7PMcfcFhZoVkI1ePP2f
XQ1UM4tChxfuPmKYXb2VbM2bYn33MiKnswlzsH/gDvQawYFKvRCehE5JiPUa42kGd8jXNzU8sRnm
uMHpjengOO3aLKZLAZRXS1dGjD9q3CQa/KDT31+ODWG7vztY8ZMBv008lb/eJvKt9ssm0cPTeKA9
/YenJzklzyY/MlNnW+zRce+3Ms4171wnrjKcA4J+Zyr0Ow1eEYzoIVEphT1WmybDPr0EJoueDUvH
9uz5cxRpxlIFY4jgTqhUQid/7uHrkaKU/OrADsOy2sGr4YpcvRpHseZZIA3Z8ovOHQ9J4WGviz9w
Z6gcTLtQu6baMIIEITCCAwmgAwIBAgIBEzANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBkdlbmV2YTEYMBYGA1UEBxMPUGxhbi1sZXMtT3VhdGVzMRgwFgYDVQQKEw9EQVRB
U1BIRVJFIFMuQS4xMjAwBgNVBAMTKURBVEFTUEhFUkUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eSAyMSgwJgYJKoZIhvcNAQkBFhlidXJlYXV0aXF1ZUBkYXRhc3BoZXJlLmNoMB4XDTExMDgy
MzEzNTEwMFoXDTMwMTIzMTIzNTkwMFowgaIxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIEwZHZW5ldmEx
GDAWBgNVBAcTD1BsYW4tbGVzLU91YXRlczEYMBYGA1UEChMPREFUQVNQSEVSRSBTLkEuMSQwIgYD
VQQDExtEQVRBU1BIRVJFIG1haWwgc2VjdXJpdHkgQ0ExKDAmBgkqhkiG9w0BCQEWGWJ1cmVhdXRp
cXVlQGRhdGFzcGhlcmUuY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTbQAxPu9L
skt5ddMLzbS+bLQlW+gtcecHp9zL+x44dSXc663y6s+/XWxDbLZ0s+w6vp5CMB6pXxR5s8KfMDSC
22s7nq0t/BpQ1WfLkszG2JRs8BXIyrsDrFqYBBxcxiyyjzyQYVJg7qtPveUw9aQs53QCnZfXwG9s
H2crPnAzoOzx5jptWvA5aHLMKqaZbGztUANABqZfZEwwGS/YG3nHxOKnl+UvmueJWiMs+plendlA
5+UBrUAk46/1IFNyjMqaBR8bug7IovHB9sn/k999eHVeBiu1qeTo0tcDEMvSBTh5JqIkl5lH7TU+
wgVCBA2/Eo1ccrvFkgTmztocbMczAgMBAAGjUjBQMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
FFxbVp/ZdU5YlwvAFPbbFg+jGWehMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwDQYJ
KoZIhvcNAQEFBQADggEBAH6oFynXqL8Tk6sA032VbJyibS8woHni0/ayhrcBdEORc/wvfmhEA2kK
9Yy4xEaprsxT0fFyBJ4YGYyXX4SkQdr0pRCDO/niL2woQmar5vq4v9xa2FgrWOh7jKcXuh/SMpGq
WZzQQTvYY0+X7SXX1+Ioje7rqzEDWNmzpp+mtPr/ENVmIxwTGEtXbDDLJN48sTmBDnKrca2UJrfU
EFDDHon9CBBg53u+JodQiJfSbraqwje1QrGCvOHkyBr3ulBmssePVQzPphON39pPgbJCoE7sd/WK
UX02QIorkbdaA8K/S38Ggc1xN9kNDE5tuClAYJSZUHeDnROgz1QncevRdKMxggGuMIIBqgIBATCB
qDCBojELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBkdlbmV2YTEYMBYGA1UEBxMPUGxhbi1sZXMtT3Vh
dGVzMRgwFgYDVQQKEw9EQVRBU1BIRVJFIFMuQS4xJDAiBgNVBAMTG0RBVEFTUEhFUkUgbWFpbCBz
ZWN1cml0eSBDQTEoMCYGCSqGSIb3DQEJARYZYnVyZWF1dGlxdWVAZGF0YXNwaGVyZS5jaAIBFDAJ
BgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTEx
MDIwMTYxMjEwWjAjBgkqhkiG9w0BCQQxFgQU/0S6iq+obCv1FnngaSJRbdoGRygwDQYJKoZIhvcN
AQEBBQAEgYBXOHzJGvDyRJTXk7jxmGjef5QY39Ziyodp0BIYwRukyAgQ273nzPxBga96lZog7obN
2qsnWxGi9RtGEyua27OacgUPOb9+vjX5/xb3DGol81GnBqOusj8ZrdNTa7i7lKmA+o7cFD3hM6o0
PLi3EqA3rsEgu65uGpWuuyS8rzeRFAAAAAAAAA==
--=-H9Xw5XBDhIDPupeYRJLz--
11 years, 11 months
Re: (ITS#7068) openldap connection issue
by sanjiv.singh@impetus.co.in
--_000_23A2685ED8B30D46A90227113A1ECE0758F3EAA3Mail3impetuscoi_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
hi all,
adding more details for debugging.....
when i fire ldapadd utility with following ldif , it repeatedly throughing =
following logs....
new.ldif
------------------------------------------------------
dn: cn=3DProcessor,dc=3Dmydomain,dc=3Dcom
description: some description
roleType: My Admin
uniqueMember: uid=3Dmyadmin,dc=3Dmydomain,dc=3Dcom
tenantId: Global
cn: Processor
objectClass: groupOfUniqueNames
objectClass: top
------------------------------------------------------
/usr/local/bin/ldapadd -d 65535 -h 10.122.215.40 -p 6070 -x -w ***** -D "cn=
=3DManager,dc=3Dmydomain,dc=3Dcom" -f new.ldif
------------------------------------------------------
** ld 0x4185ad0 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x4185ad0 request count 1 (abandoned 0)
** ld 0x4185ad0 Response Queue:
Empty
ld 0x4185ad0 response count 0
ldap_chkResponseList ld 0x4185ad0 msgid 2 all 1
ldap_chkResponseList returns ld 0x4185ad0 NULL
ldap_int_select
ldap_result ld 0x4185ad0 msgid 2
wait4msg ld 0x4185ad0 msgid 2 (timeout 100000 usec)
wait4msg continue ld 0x4185ad0 msgid 2 all 1
** ld 0x4185ad0 Connections:
* host: 10.122.215.40 port: 6070 (default)
refcnt: 2 status: Connected
last used: Thu Oct 20 08:42:30 2011
--------------------------------------------------------
Regards,
Sanjiv Singh
Software Engineer (iLabs)
Impetus Infotech (India) Pvt. Ltd.
D-40, Sector-59, Noida - 201307, UP | (M) +91-9990-447-339 | www.impetus.c=
om<http://www.impetus.com/>
________________________________
New Impetus webcast on-demand 'Big Data Technologies for Social Media Analy=
tics' available at http://bit.ly/nFdet0.
Visit http://www.impetus.com to know more. Follow us on www.twitter.com/imp=
etuscalling
NOTE: This message may contain information that is confidential, proprietar=
y, privileged or otherwise protected by law. The message is intended solely=
for the named addressee. If received in error, please destroy and notify t=
he sender. Any use of this email is prohibited when received in error. Impe=
tus does not represent, warrant and/or guarantee, that the integrity of thi=
s communication has been maintained nor that the communication is free of e=
rrors, virus, interception or interference.
--_000_23A2685ED8B30D46A90227113A1ECE0758F3EAA3Mail3impetuscoi_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<style>
<!--
@font-face
{font-family:Calibri}
@font-face
{font-family:Tahoma}
@font-face
{font-family:"Franklin Gothic Medium"}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
.MsoChpDefault
{font-family:"Calibri","sans-serif"}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
div.WordSection1
{}
-->
</style>
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">hi all,</p>
<p class=3D"MsoNormal">adding more details for debugging.....</p>
<p class=3D"MsoNormal"> </p>
<p class=3D"MsoNormal">when i fire ldapadd utility with following ldif , it=
repeatedly throughing following logs....</p>
<p class=3D"MsoNormal"> </p>
<p class=3D"MsoNormal">new.ldif</p>
<p class=3D"MsoNormal">----------------------------------------------------=
--</p>
<p class=3D"MsoNormal">dn: cn=3DProcessor,dc=3Dmydomain,dc=3Dcom</p>
<p class=3D"MsoNormal">description: some description</p>
<p class=3D"MsoNormal">roleType: My Admin</p>
<p class=3D"MsoNormal">uniqueMember: uid=3Dmyadmin,dc=3Dmydomain,dc=3Dcom</=
p>
<p class=3D"MsoNormal">tenantId: Global</p>
<p class=3D"MsoNormal">cn: Processor</p>
<p class=3D"MsoNormal">objectClass: groupOfUniqueNames</p>
<p class=3D"MsoNormal">objectClass: top</p>
<p class=3D"MsoNormal">----------------------------------------------------=
--</p>
<p class=3D"MsoNormal"> </p>
<p class=3D"MsoNormal">/usr/local/bin/ldapadd -d 65535 -h 10.122.215.40 -p =
6070 -x -w ***** -D "cn=3DManager,dc=3Dmydomain,dc=3Dcom" -f new.=
ldif</p>
<p class=3D"MsoNormal">----------------------------------------------------=
--</p>
<p class=3D"MsoNormal">** ld 0x4185ad0 Outstanding Requests:</p>
<p class=3D"MsoNormal">* msgid 2, origid 2, status InProgress</p>
<p class=3D"MsoNormal"> outstanding referrals 0, parent count 0=
</p>
<p class=3D"MsoNormal"> ld 0x4185ad0 request count 1 (abandoned 0)</p=
>
<p class=3D"MsoNormal">** ld 0x4185ad0 Response Queue:</p>
<p class=3D"MsoNormal"> Empty</p>
<p class=3D"MsoNormal"> ld 0x4185ad0 response count 0</p>
<p class=3D"MsoNormal">ldap_chkResponseList ld 0x4185ad0 msgid 2 all 1</p>
<p class=3D"MsoNormal">ldap_chkResponseList returns ld 0x4185ad0 NULL</p>
<p class=3D"MsoNormal">ldap_int_select</p>
<p class=3D"MsoNormal">ldap_result ld 0x4185ad0 msgid 2</p>
<p class=3D"MsoNormal">wait4msg ld 0x4185ad0 msgid 2 (timeout 100000 usec)<=
/p>
<p class=3D"MsoNormal">wait4msg continue ld 0x4185ad0 msgid 2 all 1</p>
<p class=3D"MsoNormal">** ld 0x4185ad0 Connections:</p>
<p class=3D"MsoNormal">* host: 10.122.215.40 port: 6070 (defaul=
t)</p>
<p class=3D"MsoNormal"> refcnt: 2 status: Connected</p>
<p class=3D"MsoNormal"> last used: Thu Oct 20 08:42:30 2011</p>
<p class=3D"MsoNormal">----------------------------------------------------=
----</p>
<p class=3D"MsoNormal"> </p>
<p class=3D"MsoNormal"><span style=3D"font-size:7.5pt; font-family:"Ta=
homa","sans-serif"; color:gray">Regards,</span></p>
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt; font-family:&quo=
t;Arial","sans-serif"">Sanjiv Singh</span></b><span style=3D=
"font-size:7.5pt; font-family:"Tahoma","sans-serif"; co=
lor:gray">
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:7.5pt; font-family:"Ta=
homa","sans-serif"; color:gray">Software Engineer (iLabs)</s=
pan></p>
<p class=3D"MsoNormal"><b><span style=3D"font-size:7.5pt; font-family:"=
;Tahoma","sans-serif"; color:gray">Impetus Infotech (India) =
Pvt. Ltd</span></b><span style=3D"font-size:7.5pt; font-family:"Tahoma=
","sans-serif"; color:gray">.
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:7.5pt; font-family:"Ta=
homa","sans-serif"; color:gray">D-40, Sector-59, Noida - 201=
307, UP</span>
<span style=3D"font-size:7.5pt; font-family:"Tahoma","sans-s=
erif"; color:gray">| (M) +91-9990-447-339</span>
<span style=3D"font-size:7.5pt; font-family:"Tahoma","sans-s=
erif"; color:gray">|</span>
<a href=3D"http://www.impetus.com/" title=3D"http://www.impetus.com"><span =
style=3D"font-size:7.5pt; font-family:"Franklin Gothic Medium",&q=
uot;sans-serif"; color:blue">www.impetus.com</span></a><span style=3D"=
font-size:10.0pt; font-family:"Arial","sans-serif"">&nb=
sp;</span></p>
<p class=3D"MsoNormal"> </p>
<p class=3D"MsoNormal"> </p>
</div>
<br>
<hr>
<font face=3D"Verdana" color=3D"Gray" size=3D"1"><br>
New Impetus webcast on-demand ‘Big Data Technologies for Social Media=
Analytics’ available at http://bit.ly/nFdet0.
<br>
<br>
Visit http://www.impetus.com to know more. Follow us on www.twitter.com/imp=
etuscalling
<br>
<br>
<br>
NOTE: This message may contain information that is confidential, proprietar=
y, privileged or otherwise protected by law. The message is intended solely=
for the named addressee. If received in error, please destroy and notify t=
he sender. Any use of this email
is prohibited when received in error. Impetus does not represent, warrant =
and/or guarantee, that the integrity of this communication has been maintai=
ned nor that the communication is free of errors, virus, interception or in=
terference.<br>
</font>
</body>
</html>
--_000_23A2685ED8B30D46A90227113A1ECE0758F3EAA3Mail3impetuscoi_--
11 years, 11 months
(ITS#7068) openldap connection issue
by sanjiv.is.on@gmail.com
Full_Name: Sanjiv Singh
Version: 2.4.20
OS: centOS 5.5
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (115.113.49.98)
Hi all,
I am facing openldap issue, facing problem during operation with openldap
utilities.
slapadd,ldapsearch and slapcat etc.
I have installed & configure openldap 2.4.20 from source.
enable debugging level -1(max debug level).
here is my LDIF that i want to add to my ldap server.
mydata.ldif
------------------------------------------------------
dn: cn=My Operator,dc=mydomain ,dc=com
description: My Operator for managing job types
roleType: Common
tenantId: Global
cn: My Operator
objectClass: groupOfUniqueNames
objectClass: top
structuralObjectClass: groupOfUniqueNames
entryUUID: 93385d1f-c9ec-4a1e-93fe-93f6cc58f759
creatorsName: cn=Manager,dc=mydomain,dc=com
createTimestamp: 20110506070135Z
entryCSN: 20110506070135.425379Z#000000#000#000000
modifiersName: cn=Manager,dc=mydomain,dc=com
modifyTimestamp: 20110506070135Z
-------------------------------------------------------
when I tried to fire slapadd ldap utility. following utility hand for infinite
time.
i had set max debug level( -d -1) for finding root cause.
$ /usr/local/sbin/slapadd -v -d -1 -c -l mydata.ldif -f
/usr/local/etc/openldap/slapd.conf
--------------------------------------------------------
slapadd startup: initiated.
backend_startup_one: starting "dc=mydomain,dc=com"
bdb_db_open: "dc=mydomain,dc=com"
bdb_db_open: database "dc=mydomain,dc=com": unclean shutdown detected;
attempting recovery.
bdb_db_open: database "dc=mydomain,dc=com": dbenv_open(/var/lib/ldap).
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
=> str2entry: "dn: cn=SMGOperator,dc=mydomain,dc=com
description: SMG Operator for managing job types
roleType: Common
tenantId: Global
cn: SMGOperator
objectClass: groupOfUniqueNames
objectClass: top
structuralObjectClass: groupOfUniqueNames
entryUUID: 93385d1f-c9ec-4a1e-93fe-93f6cc58f759
creatorsName: cn=Manager,dc=mydomain,dc=com
createTimestamp: 20110506070135Z
entryCSN: 20110506070135.425379Z#000000#000#000000
modifiersName: cn=Manager,dc=mydomain,dc=com
modifyTimestamp: 20110506070135Z
"
>>> dnPrettyNormal: <cn=SMGOperator,dc=mydomain,dc=com>
<<< dnPrettyNormal: <cn=SMGOperator,dc=mydomain,dc=com>,
<cn=smgoperator,dc=mydomain,dc=com>
>>> dnPretty: <cn=Manager,dc=mydomain,dc=com>
<<< dnPretty: <cn=Manager,dc=mydomain,dc=com>
>>> dnNormalize: <cn=Manager,dc=mydomain,dc=com>
<<< dnNormalize: <cn=manager,dc=mydomain,dc=com>
>>> dnPretty: <cn=Manager,dc=mydomain,dc=com>
<<< dnPretty: <cn=Manager,dc=mydomain,dc=com>
>>> dnNormalize: <cn=Manager,dc=mydomain,dc=com>
<<< dnNormalize: <cn=manager,dc=mydomain,dc=com>
<= str2entry(cn=My Operator,dc=mydomain,dc=com) -> 0xb5e5be8
oc_check_required entry (cn=My Operator,dc=mydomain,dc=com), objectClass
"groupOfUniqueNames"
oc_check_allowed type "description"
oc_check_allowed type "roleType"
oc_check_allowed type "tenantId"
oc_check_allowed type "cn"
oc_check_allowed type "objectClass"
oc_check_allowed type "structuralObjectClass"
oc_check_allowed type "entryUUID"
oc_check_allowed type "creatorsName"
oc_check_allowed type "createTimestamp"
oc_check_allowed type "entryCSN"
oc_check_allowed type "modifiersName"
oc_check_allowed type "modifyTimestamp"
=> bdb_tool_entry_put( -1, "cn=My Operator,dc=mydomain,dc=com" )
=> bdb_dn2id("dc=mydomain,dc=com")
<= bdb_dn2id: got id=0x1
=> bdb_dn2id("cn=myoperator,dc=mydomain,dc=com")
------------------------------------------------------------
and even after enabling -q option , it completes but ldap server would not be
able to start.
(-q : enable quick [fewer integrity checks mode] Does fewer consistency checks
on the input data, and no consistency checks when writing the database.
Improves the load time but if any errors or interruptions occur the resulting
database will be unusable.)
$ /usr/local/sbin/slapadd -v -d -1 -q -c -l mydata.ldif -f
/usr/local/etc/openldap/slapd.conf
-------------------------------------------------------------
slapadd startup: initiated.
backend_startup_one: starting "dc=dmbsso,dc=com"
bdb_db_open: "dc=dmbsso,dc=com"
bdb_db_open: database "dc=dmbsso,dc=com": unclean shutdown detected; attempting
recovery.
bdb_db_open: database "dc=dmbsso,dc=com": dbenv_open(/var/lib/ldap).
bdb(dc=dmbsso,dc=com): recovery requires transaction support
bdb_db_open: database "dc=dmbsso,dc=com" cannot be recovered, err 22. Restore
from backup!
====> bdb_cache_release_all
backend_startup_one (type=bdb, suffix="dc=dmbsso,dc=com"): bi_db_open failed!
(22)
slap_startup failed.
--------------------------------------------------------------
even I am face with ldap utility slapcat, after firing it hanged up for
infinite.
It seems , there are some problem with ldif file, but this ldif file works well
on other hosts
(having same schema and molules and ldap configuration).
We are facing this issue intermittently on some hosts, works well on some
hosts(all are CentOS 5.5).
is there some wrong in my understanding?
Am I missing some thing in my configuration ?
Is anyboby able to find root cause ?
Eagerly waiting for your response.
I can provide more like ldap log , ldap configuration (if that can help in
debugging the issue)
We are passing through very critical time.
Regards,
Sanjiv Singh
Software Engineer (iLabs)
Impetus Infotech (India) Pvt. Ltd.
D-40, Sector-59, Noida - 201307, UP | (M) +91-9990-447-339 | www.impetus.com
11 years, 11 months
(ITS#7067) openldap not properly starting
by sanjiv.is.on@gmail.com
Full_Name: Sanjiv Singh
Version: 2.4.20
OS: centOS 5.5
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (115.113.49.98)
Hi all,
I am facing openldap issue, facing problem during operation with openldap
utilities.
slapadd,ldapsearch and slapcat etc.
I have installed & configure openldap 2.4.20 from source.
enable debugginf level -1(max debug level).
here is my LDIF that i want to add to my ldap server.
mydata.ldif
------------------------------------------------------
dn: cn=My Operator,dc=mydomain ,dc=com
description: My Operator for managing job types
roleType: Common
tenantId: Global
cn: My Operator
objectClass: groupOfUniqueNames
objectClass: top
structuralObjectClass: groupOfUniqueNames
entryUUID: 93385d1f-c9ec-4a1e-93fe-93f6cc58f759
creatorsName: cn=Manager,dc=mydomain,dc=com
createTimestamp: 20110506070135Z
entryCSN: 20110506070135.425379Z#000000#000#000000
modifiersName: cn=Manager,dc=mydomain,dc=com
modifyTimestamp: 20110506070135Z
-------------------------------------------------------
when I tried to fire slapadd ldap utility. following utility hand for infinite
time.
i had set max debug level( -d -1) for finding root cause.
$ /usr/local/sbin/slapadd -v -d -1 -c -l mydata.ldif -f
/usr/local/etc/openldap/slapd.conf
--------------------------------------------------------
slapadd startup: initiated.
backend_startup_one: starting "dc=mydomain,dc=com"
bdb_db_open: "dc=mydomain,dc=com"
bdb_db_open: database "dc=mydomain,dc=com": unclean shutdown detected;
attempting recovery.
bdb_db_open: database "dc=mydomain,dc=com": dbenv_open(/var/lib/ldap).
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
=> str2entry: "dn: cn=SMGOperator,dc=mydomain,dc=com
description: SMG Operator for managing job types
roleType: Common
tenantId: Global
cn: SMGOperator
objectClass: groupOfUniqueNames
objectClass: top
structuralObjectClass: groupOfUniqueNames
entryUUID: 93385d1f-c9ec-4a1e-93fe-93f6cc58f759
creatorsName: cn=Manager,dc=mydomain,dc=com
createTimestamp: 20110506070135Z
entryCSN: 20110506070135.425379Z#000000#000#000000
modifiersName: cn=Manager,dc=mydomain,dc=com
modifyTimestamp: 20110506070135Z
"
>>> dnPrettyNormal: <cn=SMGOperator,dc=mydomain,dc=com>
<<< dnPrettyNormal: <cn=SMGOperator,dc=mydomain,dc=com>,
<cn=smgoperator,dc=mydomain,dc=com>
>>> dnPretty: <cn=Manager,dc=mydomain,dc=com>
<<< dnPretty: <cn=Manager,dc=mydomain,dc=com>
>>> dnNormalize: <cn=Manager,dc=mydomain,dc=com>
<<< dnNormalize: <cn=manager,dc=mydomain,dc=com>
>>> dnPretty: <cn=Manager,dc=mydomain,dc=com>
<<< dnPretty: <cn=Manager,dc=mydomain,dc=com>
>>> dnNormalize: <cn=Manager,dc=mydomain,dc=com>
<<< dnNormalize: <cn=manager,dc=mydomain,dc=com>
<= str2entry(cn=My Operator,dc=mydomain,dc=com) -> 0xb5e5be8
oc_check_required entry (cn=My Operator,dc=mydomain,dc=com), objectClass
"groupOfUniqueNames"
oc_check_allowed type "description"
oc_check_allowed type "roleType"
oc_check_allowed type "tenantId"
oc_check_allowed type "cn"
oc_check_allowed type "objectClass"
oc_check_allowed type "structuralObjectClass"
oc_check_allowed type "entryUUID"
oc_check_allowed type "creatorsName"
oc_check_allowed type "createTimestamp"
oc_check_allowed type "entryCSN"
oc_check_allowed type "modifiersName"
oc_check_allowed type "modifyTimestamp"
=> bdb_tool_entry_put( -1, "cn=My Operator,dc=mydomain,dc=com" )
=> bdb_dn2id("dc=mydomain,dc=com")
<= bdb_dn2id: got id=0x1
=> bdb_dn2id("cn=myoperator,dc=mydomain,dc=com")
------------------------------------------------------------
and even after enabling -q option , it completes but ldap server would not be
able to start.
(-q : enable quick [fewer integrity checks mode] Does fewer consistency checks
on the input data, and no consistency checks when writing the database.
Improves the load time but if any errors or interruptions occur the resulting
database will be unusable.)
$ /usr/local/sbin/slapadd -v -d -1 -q -c -l mydata.ldif -f
/usr/local/etc/openldap/slapd.conf
-------------------------------------------------------------
slapadd startup: initiated.
backend_startup_one: starting "dc=dmbsso,dc=com"
bdb_db_open: "dc=dmbsso,dc=com"
bdb_db_open: database "dc=dmbsso,dc=com": unclean shutdown detected; attempting
recovery.
bdb_db_open: database "dc=dmbsso,dc=com": dbenv_open(/var/lib/ldap).
bdb(dc=dmbsso,dc=com): recovery requires transaction support
bdb_db_open: database "dc=dmbsso,dc=com" cannot be recovered, err 22. Restore
from backup!
====> bdb_cache_release_all
backend_startup_one (type=bdb, suffix="dc=dmbsso,dc=com"): bi_db_open failed!
(22)
slap_startup failed.
--------------------------------------------------------------
even I am face with ldap utility slapcat, after firing it hanged up for
infinite.
It seems , there are some problem with ldif file, but this ldif file works well
on other hosts
(having same schema and molules and ldap configuration).
We are facing this issue intermittently on some hosts, works well on some
hosts(all are CentOS 5.5).
is there some wrong in my understanding?
Am I missing some thing in my configuration ?
Is anyboby able to find root cause ?
Eagerly waiting for your response.
I can provide more like ldap log , ldap configuration (if that can help in
debugging the issue)
We are passing through very critical time.
Regards,
Sanjiv Singh
Software Engineer (iLabs)
Impetus Infotech (India) Pvt. Ltd.
D-40, Sector-59, Noida - 201307, UP | (M) +91-9990-447-339 | www.impetus.com
11 years, 11 months
Re: (ITS#6987) cn=config renumbers indexes on startup without modrdn-ing them
by ondrej.kuznik@acision.com
On 07/07/2011 03:26 PM, ondrej.kuznik(a)acision.com wrote:
> ftp://ftp.openldap.org/incoming/ondrej-kuznik-20110707.c
> has an example of such overlay. To try it, initialize the overlay and
> add these entries:
>
> dn: olcTestAttrOne=zero,$OVERLAY_DN
> objectclass: olcTestOne
>
> dn: olcTestAttrTwo=one,$OVERLAY_DN
> objectclass: olcTestTwo
>
> dn: olcTestAttrOne=two,$OVERLAY_DN
> objectclass: olcTestOne
>
> dn: olcTestAttrTwo=three,$OVERLAY_DN
> objectclass: olcTestTwo
>
> After a restart compare the output of slapcat -n0 with the output of
> ldapsearch -b cn=config, you should see at least one different entry.
> You might also try to modify the entries before and after the restart.
> For those that do not match you get "no such object" as the dn is no
> longer in the ldif database.
The issue is in bconfig.c:4726, the code treats all siblings as part of
one ordering (contrary to what
http://highlandsun.com/hyc/drafts/draft-chu-ldap-xordered-xx.html
implies since cn=config seems to treat everything as X-ORDERED
'SIBLINGS'), while back-ldif orders them accordingly.
Also its caller (config_ldif_resp) does not expect any reordering to be
necessary, after all it should be (and is) reading a valid cn=config db,
so the entry renaming then never gets propagated to back-ldif causing
this desync.
--
Ondrej Kuznik
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
11 years, 11 months
(ITS#7066) ACL added to back-config only active after restart
by rhafer@suse.de
Full_Name: Ralf Haferkamp
Version: RE24, master
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (89.166.171.158)
The first ACL added to "olcDatabase={0}config,cn=config" does only get active
after slapd is restarted. This is because slapd upon startup creates a hardcoded
deny-everything ACL when no ACL is defined explicitly for the database. ACLs
added after slapd is started will be appended to that hardcoded ACL (but never
evaluated as the hardcoded one already matches everything).
I am working on a fix, reworking the way how the hardcoded default ACL for
olcDatabase={0}config,cn=config is applied.
11 years, 11 months