Full_Name: Tyler Gates Version: 2.4.25 OS: Ubuntu 10.04 LTS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (65.184.61.44)
I've been fighting with a strange issue related to a backend database using a pcache configuration since upgrading from 2.4.24 to 2.4.25. Assuming there was just something wrong with my cn=config I decided to start back fresh using slapd.conf instead. Once I got the config working just fine I used slaptest to convert the config to a new cn=config. Unfortunately when I tried using -F cn=config instead of my -f slapd.conf, slapd failed with the same old message:
May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup: warning, database 0 (hdb) has no suffix May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup_one: starting "(unknown)" May 22 09:15:58 directory-proxy2 slapd[25055]: hdb_db_open: need suffix. May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup_one (type=hdb, suffix="(null)"): bi_db_open failed! (-1) May 22 09:15:58 directory-proxy2 slapd[25055]: slapd shutdown: initiated
The backend database has never required me specify a suffix since it is already specified in the ldap overlay and when I try to add it in I get slapd trying to open the database twice which results in the second instance having access issues thus rendering all of the database inaccessible to queries.
I'm assuming there has been a configuration change in cn=config for this particular layout but slaptest has not been updated. Below is a copy of the flat file I used that worked fine but failed once converted to cn=config using slaptest -f slapd.conf -F /etc/ldap/slapd.d/
root@directory-proxy:~# grep "^[^#]" /etc/ldap/slapd.conf.back_ldap_ppcache include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/sudo.schema include /etc/ldap/schema/autofs.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/qmail.schema include /etc/ldap/schema/puppet.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/ldap moduleload back_ldap moduleload back_hdb moduleload pcache moduleload ppolicy TLSCertificateFile /etc/ldap/ssl/slapd.crt TLSCertificateKeyFile /etc/ldap/ssl/slapd.key TLSCACertificateFile /etc/ssl/certs/ca.castlebranch.com.crt loglevel -1 allow bind_anon_dn database config rootdn cn=admin,cn=config rootpw secret access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break database ldap suffix "dc=domain,dc=com" rootdn "cn=Manager,dc=domain,dc=com" rootpw secret uri "ldaps://directory1.domain.com ldaps://directory2.domain.com" overlay pcache proxycache hdb 100000 3 1000 100 proxyAttrset 0 uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description memberUid uniqueMember objectClass proxyAttrset 1 cn automountInformation proxyAttrset 2 cn mail proxyTemplate (&(objectClass=)(|(memberUid=)(uniqueMember=))) 0 1800 proxyTemplate (&(objectClass=)(uid=)) 0 1800 proxyTemplate (&(objectClass=)(cn=)) 0 1800 proxyTemplate (&(objectClass=)) 0 1800 proxyTemplate (objectClass=) 0 1800 proxyTemplate (&(objectClass=)(memberUid=)) 0 1800 900 proxyTemplate (&(objectClass=)(uniqueMember=)) 0 1800 900 proxyTemplate (&(objectClass=)(uidNumber=)) 0 1800 proxyTemplate (&(objectClass=)(gidNumber=)) 0 1800 proxyTemplate (&(objectClass=)(|(cn=)(gidNumber=))) 1 3600 600 proxyTemplate (&(objectClass=)(|(cn=)(cn=))) 1 3600 600 proxyTemplate (&(objectClass=)(|(cn=)(cn=)(cn=))) 1 3600 600 proxyTemplate (|(cn=)(mail=)(sn=)) 2 7200 directory /var/lib/ldap cachesize 1000 idletimeout 600 idlcachesize 3000 index objectClass eq index cn,mail,surname,givenname eq,subinitial index uidNumber,gidNumber,memberuid,member,uniqueMember eq index uid eq,subinitial index nisMapName,automountInformation eq index userPassword,homeDirectory,loginShell,gecos,description eq index pcacheQueryID eq