I'm new to this forum but have a very technical question.
OS: FC4 2.6.11-1.1369_FC4smp (dual Pentium)
OpenLDAP: 2.3.34 (compiled from source)
./configure --prefix=/usr --mandir=/usr/share/man
--localstatedir=/var/openldap --enable-backends=yes --enable-sql
--without-cyrus-sasl --disable-bdb --enable-crypt --with-odbc=unixodbc
The error I was returned was: >>>> ./scripts/sql-test901-syncrepl
failed (exit 1)
All the other test for sql succeeded. Can anyone shed any light on this
Thank you very much!
"Open the pod bay doors HAL!" -2001: A Space Odyssey
"Good morning starshine, the Earth says hello." -Willy Wonka
I have just updated 2.4.3alpha to 2.4.4alpha, when restarting slapd I
get following error:
bdb_db_open: Database cannot be opened, err 22. Restore from backup!
bdb(o=avci,c=de): DB_ENV->lock_id_free interface requires an environment configured for the locking subsyst
bdb(o=avci,c=de): txn_checkpoint interface requires an environment configured for the transaction subsystem
bdb_db_close: txn_checkpoint failed: Invalid argument (22)
backend_startup_one: bi_db_open failed! (22)
slapd shutdown: initiated
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6
I know there are a lot of question on this topic and ask for your patience.
I'm trying to figure out how to discern if slapd is properly configured
for SSL/TLS. Reading through the slapd strace output shows that the
cacert & certfile are being opened & read
When I look at netstat -an ports 389 & 636 are listening:
tcp 0 0 0.0.0.0:389 0.0.0.0:*
tcp 0 0 0.0.0.0:636 0.0.0.0:*
Reading through the strace output shows that the cacert & certfile are
BASE dc=gmartin, dc=org
When I try ldapsearch or openssl s_client, I receive:
sslv3 alert handshake failure
And using slapd debug I see:
TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
I checked the FAQ and I think I've looked at everything there. Not sure
where to look next.
I seem can't find a way to allow OpenLDAP to execute a shell script or
exec binary whenever it gets modified by slurpd.
My agenda is to have master->slave LDAP replication and when the slave
is modified via slurpd, it will then execute something (shell
script/binary/anything) from the system and then resumes normal
operation (returning success code to slurpd)
Here's what i understand with openLDAP replication:
Step 1: An LDAP client starts up and connects to a master /slapd/.
Step 2: The LDAP client submits an LDAP modify operation to the master
Step 4: The master /slapd/ performs the modify operation, writes out the
change to its replication log file and returns a success code to the client.
Step 5: The /slurpd/ process notices that a new entry has been appended
to the replication log file, reads the replication log entry, and sends
the change to the slave /slapd/ via LDAP.
Step 6: The slave /slapd/ performs the modify operation and returns a
success code to the /slurpd/ process.
in step6, is there a way that slapd performs the modify operation... and
"execute a shell script or binary and when it exists", it returns a
success code to slurpd process?
maybe a patch somewhere? or a clue where to set this hook? or any light
Sorry for trying to kill three birds with one stone, but...
I've been playing with 2.4 this weekend and disovered
the accesslog and ppolicy overlays... But I found a
'bug' (I'm quite certain of it any way :) with the
The 'logops all' config statement does not seem to log ADDS!
Neither does 'logops writes' or 'logops add'...
----- s n i p -----
# ------- DB: 'cn=LOG1'
index reqStart eq
# ------- DB: 'c=SE' (Bayour.COM)
----- s n i p -----
Full config can be found at http://www.bayour.com/problems/ERROR-slapd_v2.4.conf
Also, I have a problem getting 'cn=Monitor' running. See strace
log at 'http://www.bayour.com/problems/ERROR-slapd_v2.4.monitor'.
And how do you actually use the 'pwdAttribute' of the 'pwdPolicy'
objectclass? I get 'value #0 invalid per syntax' when I try to
use it as 'pwdattribute: userPassword'...
See http://www.bayour.com/problems/ERROR-slapd_v2.4.ppolicy for
example LDIF an full log output.
How does this work in HEAD? Can I put a ppolicy in
a branch, and have all users _below_ that using it
(without setting a ppolicy in each user object)?
Also, what is the format of the pwdAttribute attribute?
I can't seem to get it (slapd) to accept:
I get something like 'invalid format' or something (don't
have my LDIF at hand right now so I can tripple check, but...).
I've found a situation similar to what I believe inspired "disclose" ACLs,
in which giving out the return value of LDAP_SIZELIMIT_EXCEEDED is telling
clients something that I don't want them to know (i.e. "keep digging.")
I'd like to just throw away the code and change it to LDAP_SUCCESS. Can
anybody think of a way to do this (slapo-retcode comes to mind, but I
can't see how it would work on these very non-dynamic entries) or should I
just write an eight line overlay?
Is this something that enough people want that there should be, say, a
"silent" option to the limits directive?
I am running OpenLDAP-2.3.32 on both a Linux server (using SLAPD) and a
On the client, I am doing the following:
ldap_initialize(&ldap, ldapuri); - works fine.
ldap_set_option(ldap, LDAP_OPT_PTOTOVOL_VERSION, &ldapver); - ldapver =3
- works fine.
Err = ldap_set_option(ldap, LDAP_OPT_X_TLS_CACERTFILE,
Err comes back as a -1. If I replace ldap with NULL, I do not get the
Has anyone seen this error?
MRV Communications, Inc.
Boston Product Division
295 Foster St.
Please excuse the typo in the last email.
> I am running OpenLDAP-2.3.32 on both a Linux server (using SLAPD) and
> a Linux client.
> On the client, I am doing the following:
> ldap_initialize(&ldap, ldapuri); - works fine.
> ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapver); - ldapver
> =3 - works fine.
> Err = ldap_set_option(ldap, LDAP_OPT_X_TLS_CACERTFILE,
> Err comes back as a -1. If I replace ldap with NULL, I do not get the
> Has anyone seen this error?
> Phil Bellino
> Phil Bellino
> MRV Communications, Inc.
> Boston Product Division
> 295 Foster St.
> Littleton,MA 01460
> Tel: (978)952-4807
> Email: pbellino(a)mrv.com