openldap-software March 2007

openldap-software@openldap.org

68 participants
83 discussions

bdb error with 2.4.4alpha
by Dieter Kluenter 10 Mar '07

10 Mar '07

Hi, I have just updated 2.4.3alpha to 2.4.4alpha, when restarting slapd I get following error bdb_db_open: dbenv_open(/var/lib/ldap) bdb_db_open: Database cannot be opened, err 22. Restore from backup! ====> bdb_cache_release_all bdb(o=avci,c=de): DB_ENV->lock_id_free interface requires an environment configured for the locking subsyst em bdb(o=avci,c=de): txn_checkpoint interface requires an environment configured for the transaction subsystem bdb_db_close: txn_checkpoint failed: Invalid argument (22) backend_startup_one: bi_db_open failed! (22) slapd shutdown: initiated slapd has been compiled with db-4.4 ldd slapd linux-gate.so.1 => (0xffffe000) libldap_r-2.4.so.2 => /usr/local/lib/libldap_r-2.4.so.2 (0x40036000) liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2 (0x40080000) libltdl.so.3 => /usr/lib/libltdl.so.3 (0x4008d000) libdb-4.4.so => /usr/local/BerkeleyDB.4.4/lib/libdb-4.4.so (0x40094000) libodbc.so.1 => /usr/lib/libodbc.so.1 (0x40170000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0x401d0000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401e3000) libdl.so.2 => /lib/libdl.so.2 (0x401f8000) libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x401fc000) libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x4022c000) libresolv.so.2 => /lib/libresolv.so.2 (0x4031f000) libc.so.6 => /lib/tls/libc.so.6 (0x40332000) /lib/ld-linux.so.2 (0x40000000) Any idea what went wrong? -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6

2 2

syncrepl failed issue - sorry for the re-post.
by louis gonzales 10 Mar '07

10 Mar '07

Hello Group, I'm new to this forum but have a very technical question. OS: FC4 2.6.11-1.1369_FC4smp (dual Pentium) OpenLDAP: 2.3.34 (compiled from source) ./configure --prefix=/usr --mandir=/usr/share/man --datadir=/usr/share/openldap --sysconfdir=/etc/ --localstatedir=/var/openldap --enable-backends=yes --enable-sql --without-cyrus-sasl --disable-bdb --enable-crypt --with-odbc=unixodbc unixODBC: 2.2.11-3.FC4.1 libiodbc-3.52.5-1 libiodbc-devl-3.52.5-1 The error I was returned was: >>>> ./scripts/sql-test901-syncrepl failed (exit 1) All the other test for sql succeeded. Can anyone shed any light on this matter? Thank you very much! -- Email: louis.gonzales(a)linuxlouis.net WebSite: http://www.linuxlouis.net "Open the pod bay doors HAL!" -2001: A Space Odyssey "Good morning starshine, the Earth says hello." -Willy Wonka

2 1

bdb error with 2.4.4alpha
by Dieter Kluenter 09 Mar '07

09 Mar '07

Hi, I have just updated 2.4.3alpha to 2.4.4alpha, when restarting slapd I get following error: bdb_db_open: dbenv_open(/var/lib/ldap) bdb_db_open: Database cannot be opened, err 22. Restore from backup! ====> bdb_cache_release_all bdb(o=avci,c=de): DB_ENV->lock_id_free interface requires an environment configured for the locking subsyst em bdb(o=avci,c=de): txn_checkpoint interface requires an environment configured for the transaction subsystem bdb_db_close: txn_checkpoint failed: Invalid argument (22) backend_startup_one: bi_db_open failed! (22) slapd shutdown: initiated -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6

1 0

SSL/TLS
by Greg Martin 09 Mar '07

09 Mar '07

I know there are a lot of question on this topic and ask for your patience. I'm trying to figure out how to discern if slapd is properly configured for SSL/TLS. Reading through the slapd strace output shows that the cacert & certfile are being opened & read slapd v2.3.27 When I look at netstat -an ports 389 & 636 are listening: tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN slapd.conf: TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLS_CACertificateFile /var/data/ca/cacert.pem TLS_CertificateFile /var/data/ca/newcerts/ldap1cert.pem TLS_CertificateKeyFile /etc/openldap/ldap1keyclear.txt TLSVerifyClient never Reading through the strace output shows that the cacert & certfile are being opened. ldap.conf BASE dc=gmartin, dc=org URI ldap://linux2.gmartin.org TLS_CACERT /var/data/ca/cacert.pem ldaprc: TLS_CACERT /var/data/ca/cacert.pem When I try ldapsearch or openssl s_client, I receive: sslv3 alert handshake failure And using slapd debug I see: TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:97 I checked the FAQ and I think I've looked at everything there. Not sure where to look next. \\Greg

1 2

*****SPAM***** openLDAP replication and trigger a script or exec binary
by Ivan R. Sy Jr. 09 Mar '07

09 Mar '07

Hi list! I seem can't find a way to allow OpenLDAP to execute a shell script or exec binary whenever it gets modified by slurpd. My agenda is to have master->slave LDAP replication and when the slave is modified via slurpd, it will then execute something (shell script/binary/anything) from the system and then resumes normal operation (returning success code to slurpd) Here's what i understand with openLDAP replication: Step 1: An LDAP client starts up and connects to a master /slapd/. Step 2: The LDAP client submits an LDAP modify operation to the master /slapd/. Step 4: The master /slapd/ performs the modify operation, writes out the change to its replication log file and returns a success code to the client. Step 5: The /slurpd/ process notices that a new entry has been appended to the replication log file, reads the replication log entry, and sends the change to the slave /slapd/ via LDAP. Step 6: The slave /slapd/ performs the modify operation and returns a success code to the /slurpd/ process. in step6, is there a way that slapd performs the modify operation... and "execute a shell script or binary and when it exists", it returns a success code to slurpd process? maybe a patch somewhere? or a clue where to set this hook? or any light on this? Thanks Ivan

3 2

accesslog overlay and 'logops all', Can't get get cn=Monitor running and problem with ppolicy (pwdAttribute)
by Turbo Fredriksson 09 Mar '07

09 Mar '07

Sorry for trying to kill three birds with one stone, but... I've been playing with 2.4 this weekend and disovered the accesslog and ppolicy overlays... But I found a 'bug' (I'm quite certain of it any way :) with the accesslog overlay. The 'logops all' config statement does not seem to log ADDS! Neither does 'logops writes' or 'logops add'... ----- s n i p ----- # ------- DB: 'cn=LOG1' database bdb suffix cn=LOG1 directory "/var/lib/ldap/cn=log1" index reqStart eq rootdn "uid=turbo,ou=People,o=Fredriksson,c=SE" # ------- DB: 'c=SE' (Bayour.COM) database hdb suffix "c=SE" directory "/var/lib/ldap/c=se" readonly off lastmod on [...] overlay accesslog logdb cn=LOG1 logops all logold (objectclass=person) ----- s n i p ----- Full config can be found at http://www.bayour.com/problems/ERROR-slapd_v2.4.conf Also, I have a problem getting 'cn=Monitor' running. See strace log at 'http://www.bayour.com/problems/ERROR-slapd_v2.4.monitor'. And how do you actually use the 'pwdAttribute' of the 'pwdPolicy' objectclass? I get 'value #0 invalid per syntax' when I try to use it as 'pwdattribute: userPassword'... See http://www.bayour.com/problems/ERROR-slapd_v2.4.ppolicy for example LDIF an full log output.

2 5

Inherited password policy?
by Turbo Fredriksson 09 Mar '07

09 Mar '07

How does this work in HEAD? Can I put a ppolicy in a branch, and have all users _below_ that using it (without setting a ppolicy in each user object)? Also, what is the format of the pwdAttribute attribute? I can't seem to get it (slapd) to accept: pwdAttribute: userPassword I get something like 'invalid format' or something (don't have my LDIF at hand right now so I can tripple check, but...).

1 0

masking LDAP_SIZELIMIT_EXCEEDED
by Aaron Richton 08 Mar '07

08 Mar '07

I've found a situation similar to what I believe inspired "disclose" ACLs, in which giving out the return value of LDAP_SIZELIMIT_EXCEEDED is telling clients something that I don't want them to know (i.e. "keep digging.") I'd like to just throw away the code and change it to LDAP_SUCCESS. Can anybody think of a way to do this (slapo-retcode comes to mind, but I can't see how it would work on these very non-dynamic entries) or should I just write an eight line overlay? Is this something that enough people want that there should be, say, a "silent" option to the limits directive?

2 4

Ldap_set_option problem
by Philip Bellino 08 Mar '07

08 Mar '07

Hello, I am running OpenLDAP-2.3.32 on both a Linux server (using SLAPD) and a Linux client. On the client, I am doing the following: ldap_initialize(&ldap, ldapuri); - works fine. ldap_set_option(ldap, LDAP_OPT_PTOTOVOL_VERSION, &ldapver); - ldapver =3 - works fine. Err = ldap_set_option(ldap, LDAP_OPT_X_TLS_CACERTFILE, "/usr/local/etc/openldap/cacert.pem"); Err comes back as a -1. If I replace ldap with NULL, I do not get the error. Has anyone seen this error? Thanks, Phil Bellino ============================ Phil Bellino MRV Communications, Inc. Boston Product Division 295 Foster St. Littleton,MA 01460 Tel: (978)952-4807 Email: pbellino(a)mrv.com ============================

2 1

RE: Ldap_set_option problem
by Philip Bellino 08 Mar '07

08 Mar '07

Please excuse the typo in the last email. > Hello, > I am running OpenLDAP-2.3.32 on both a Linux server (using SLAPD) and > a Linux client. > > On the client, I am doing the following: > > ldap_initialize(&ldap, ldapuri); - works fine. > ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldapver); - ldapver > =3 - works fine. > > Err = ldap_set_option(ldap, LDAP_OPT_X_TLS_CACERTFILE, > "/usr/local/etc/openldap/cacert.pem"); > > Err comes back as a -1. If I replace ldap with NULL, I do not get the > error. > > Has anyone seen this error? > > Thanks, > Phil Bellino > ============================ > Phil Bellino > MRV Communications, Inc. > Boston Product Division > 295 Foster St. > Littleton,MA 01460 > Tel: (978)952-4807 > Email: pbellino(a)mrv.com > ============================ >

1 0

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software March 2007