quanah@OpenLDAP.org wrote:
Full_Name: Quanah Gibson-Mount Version: openldap master OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.58.125)
As reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741248, slapacl when used with a base that is not contained in the OpenLDAP configuration can cause unclean DB messages.
Fixed now in master
To reproduce, I had to disable the monitor database in my configuration, so that there was only the cn=config db and a primary BDB based backend. It also does not occur if the suffix for the database is "" (as that contains everything).
If the suffix of the DB is specific(such as "cn=zimbra"), then you can cause the unclean shutdown status to trigger by running slapacl against a suffix that is not contained in the slapd configuration:
zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F /opt/zimbra/data/ldap/config -b "cn=zimbraaaaa" -D "uid=zimbra,cn=admins,cn=zimbra" entry 5331d242 hdb_monitor_db_open: monitoring disabled; configure monitor database to enable 5331d242 hdb_db_open: database "cn=zimbra": unclean shutdown detected; attempting recovery. 5331d242 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode. Run manual recovery if errors are encountered. authcDN: "uid=zimbra,cn=admins,cn=zimbra" cn=zimbraaaaa: no target database has been found for baseDN="slapacl"; you may try with "-u" (dry run). zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra" entry 5331d258 hdb_db_open: database "cn=zimbra": unclean shutdown detected; attempting recovery. 5331d258 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode. Run manual recovery if errors are encountered. 5331d258 hdb_monitor_db_open: monitoring disabled; configure monitor database to enable authcDN: "uid=zimbra,cn=admins,cn=zimbra" entry: write(=wrscxd) zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra" entry 5331d262 hdb_db_open: database "cn=zimbra": unclean shutdown detected; attempting recovery. 5331d262 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode. Run manual recovery if errors are encountered. 5331d262 hdb_monitor_db_open: monitoring disabled; configure monitor database to enable authcDN: "uid=zimbra,cn=admins,cn=zimbra" entry: write(=wrscxd)
Even running db_recover does not fix it:
zimbra@zre-ldap001:~/data/ldap/hdb/db$ db_recover zimbra@zre-ldap001:~/data/ldap/hdb/db$ cd zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra" entry 5331d350 hdb_db_open: database "cn=zimbra": unclean shutdown detected; attempting recovery. 5331d350 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode. Run manual recovery if errors are encountered. 5331d350 hdb_monitor_db_open: monitoring disabled; configure monitor database to enable authcDN: "uid=zimbra,cn=admins,cn=zimbra" entry: write(=wrscxd)
After starting slapd, the db is properly cleaned up:
zimbra@zre-ldap001:~$ ps -eaf | grep slapd zimbra 1655 1 3 12:05 ? 00:00:00 /opt/zimbra/openldap/sbin/slapd -l LOCAL0 -u zimbra -h ldap://zre-ldap001.eng.zimbra.com:389 ldapi:/// -F /opt/zimbra/data/ldap/config
zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra" entry authcDN: "uid=zimbra,cn=admins,cn=zimbra" entry: write(=wrscxd)