Zitat von Pierangelo Masarati ando@sys-net.it:
Markus Krause wrote:
Hi list!
i have several consumer and one provider (lets call them ldapconX and ldapprov). syncrepl works fine, but i actually do not want any clients to contact the provider directly (and i have in addition some clients which would not understand referrals anyway), so reading through the admin guide and man pages i thought slapo-chain would be the solution! (correct me if i am wrong ;-)) But somehow a can not get it working...
the slapd.conf of the provider is untouched, the consumer have (simplified in some places; please tell me if you need it in more details):
slapo-chain must be global (i.e. before any database) since referrals are returned by the frontend, as soon as it discovers that the database that is candidate for a modification is shadow. See example in consumer slapd.conf in test018.
thanks for your answer! i assume you are referring to slapd-chain1.conf, as in slapd-chain2.conf the overlay chain is after the database definition (which i used after the success following your hint in my acl problem thread). but i am still doing something wrong... just to be sure i ran all tests again (make test) which all were finished ok.
now my slapd.conf is like: --- slapd.conf (simplified) ... acl overlay chain chain-rebind-as-user FALSE chain-uri "ldaps://ldapprov" chain-rebind-as-user TRUE chain-idassert-bind bindmethod="simple" binddn="cn=manager,o=test" credentials="secret" mode="self" flags=non-prescriptive database bdb ... overlay smbk5pwd syncrepl .... updateref ldaps://ldapprov ---- end of slapd.conf
using "ldappasswd -x <...>" i get: Re-enter new password: Enter LDAP Password: ldappasswd: ldap_result: Can't contact LDAP server (-1)
and the ldap consumer segfaults. last messages from slapd -d 65535 was: --- slapd -d 65535 .... conn=0 op=1 PASSMOD id="uid=testuser,ou=people,o=test" new
dnPrettyNormal: <uid=testuser,ou=people,o=test>
=> ldap_bv2dn(uid=testuser,ou=people,o=test,0) <= ldap_bv2dn(uid=testuser,ou=people,o=test)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=testuser,ou=people,o=test)=0 => ldap_dn2bv(272) <= ldap_dn2bv(uid=testuser,ou=people,o=test)=0 <<< dnPrettyNormal: <uid=testuser,ou=people,o=test>, <uid=testuser,ou=people,o=test> bdb_dn2entry("uid=testuser,ou=people,o=test") => bdb_dn2id("uid=testuser,ou=people,o=test") <= bdb_dn2id: got id=0x0000284c => bdb_dn2id("uid=testuser,ou=people,o=test") <= bdb_dn2id: got id=0x00002861 => bdb_dn2id("uid=testuser,ou=people,o=test") <= bdb_dn2id: got id=0x0000337f entry_decode: "uid=testuser,ou=people,o=test" <= entry_decode(uid=uid=testuser,ou=people,o=test) ldap_url_parse_ext(ldaps://ldapprov) send_ldap_extended: err=10 oid= len=0 ldap_url_parse_ext(ldaps://ldapprov) ----
the strace backlog says: --- strace (only last ~130 lines ... tell me if you want to read the whole 2500+!) [snip] read(13, "B\223l\0008\0\0\0007\376\205V8\0\0\0.\0\0\200\22\0\0\0"..., 32768) = 32768 _llseek(13, 7146591, [7146591], SEEK_SET) = 0 read(13, "\0\0\0\0\0\0\0\0\0\0\0\0", 12) = 12 close(13) = 0 stat64("/var/lib/ldap/__db.004", 0xbfd23b2c) = -1 ENOENT (No such file or directory) open("/var/lib/ldap/__db.004", O_RDWR|O_CREAT|O_LARGEFILE, 0600) = 13 fcntl64(13, F_SETFD, FD_CLOEXEC) = 0 _llseek(13, 0, [0], SEEK_END) = 0 _llseek(13, 442368, [442368], SEEK_CUR) = 0 write(13, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 8192) = 8192 mmap2(NULL, 450560, PROT_READ|PROT_WRITE, MAP_SHARED, 13, 0) = 0xb647d000 close(13) = 0 stat64("/var/lib/ldap/__db.005", 0xbfd23b6c) = -1 ENOENT (No such file or directory) open("/var/lib/ldap/__db.005", O_RDWR|O_CREAT|O_LARGEFILE, 0600) = 13 fcntl64(13, F_SETFD, FD_CLOEXEC) = 0 _llseek(13, 0, [0], SEEK_END) = 0 _llseek(13, 16384, [16384], SEEK_CUR) = 0 write(13, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 8192) = 8192 mmap2(NULL, 24576, PROT_READ|PROT_WRITE, MAP_SHARED, 13, 0) = 0xb6477000 close(13) = 0 time(NULL) = 1179177532 time(NULL) = 1179177532 stat64("/var/lib/ldap/log.0000000018", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0 open("/var/lib/ldap/log.0000000018", O_RDONLY|O_LARGEFILE) = 13 fcntl64(13, F_SETFD, FD_CLOEXEC) = 0 fstat64(13, {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0 _llseek(13, 7146535, [7146535], SEEK_SET) = 0 read(13, "\316\vm\0008\0\0\0\376\346\315~", 12) = 12 _llseek(13, 7113823, [7113823], SEEK_SET) = 0 read(13, "\0\0\0\30\0\0\0\317\2\0\0\220\1\0\0\10\0\0\0\10\0\0\0\4"..., 32768) = 32768 stat64("/var/lib/ldap/log.0000000001", 0xbfd2386c) = -1 ENOENT (No such file or directory) open("/var/lib/ldap", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 14 fstat64(14, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(14, F_SETFD, FD_CLOEXEC) = 0 getdents64(14, /* 33 entries */, 4096) = 1176 getdents64(14, /* 0 entries */, 4096) = 0 close(14) = 0 stat64("/var/lib/ldap/log.0000000018", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0 open("/var/lib/ldap/log.0000000018", O_RDONLY|O_LARGEFILE) = 14 fcntl64(14, F_SETFD, FD_CLOEXEC) = 0 read(14, "\330\354\237\0\34\0\0\0\0!\301\205\210\t\4\0\n\0\0\0\0"..., 28) = 28 close(14) = 0 stat64("/var/lib/ldap/log.0000000017", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0 open("/var/lib/ldap/log.0000000017", O_RDONLY|O_LARGEFILE) = 14 fcntl64(14, F_SETFD, FD_CLOEXEC) = 0 read(14, "\236\377\237\0\34\0\0\0\0!\301\205\210\t\4\0\n\0\0\0\0"..., 28) = 28 close(14) = 0 close(13) = 0 stat64("/var/lib/ldap/log.0000000017", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0 open("/var/lib/ldap/log.0000000017", O_RDONLY|O_LARGEFILE) = 13 fcntl64(13, F_SETFD, FD_CLOEXEC) = 0 fstat64(13, {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0 _llseek(13, 0, [0], SEEK_SET) = 0 read(13, "\236\377\237\0\34\0\0\0\0!\301\205", 12) = 12 _llseek(13, 0, [0], SEEK_SET) = 0 read(13, "\236\377\237\0\34\0\0\0\0!\301\205\210\t\4\0\n\0\0\0\0"..., 32768) = 32768 close(13) = 0 stat64("/var/lib/ldap/log.0000000018", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0 open("/var/lib/ldap/log.0000000018", O_RDONLY|O_LARGEFILE) = 13 fcntl64(13, F_SETFD, FD_CLOEXEC) = 0 fstat64(13, {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0 _llseek(13, 7146535, [7146535], SEEK_SET) = 0 read(13, "\316\vm\0008\0\0\0\376\346\315~", 12) = 12 _llseek(13, 7113823, [7113823], SEEK_SET) = 0 read(13, "\0\0\0\30\0\0\0\317\2\0\0\220\1\0\0\10\0\0\0\10\0\0\0\4"..., 32768) = 32768 stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 14 fcntl64(14, F_SETFD, FD_CLOEXEC) = 0 read(14, "\22\0\0\0\212^i\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0"..., 512) = 512 close(14) = 0 stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 14 fcntl64(14, F_SETFD, FD_CLOEXEC) = 0 fstat64(14, {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 pread64(14, "\22\0\0\0\212^i\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0"..., 16384, 0) = 16384 close(14) = 0 time(NULL) = 1179177532 time(NULL) = 1179177532 close(13) = 0 lseek(12, 0, SEEK_SET) = 0 fcntl64(12, F_SETLKW, {type=F_WRLCK, whence=SEEK_CUR, start=0, len=1024}) = 0 fstat64(12, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0 lseek(12, 2048, SEEK_SET) = 2048 read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0\20\322HF\0\0\0\0\271v\0"..., 1024) = 1024 lseek(12, 2048, SEEK_SET) = 2048 fcntl64(12, F_GETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024, pid=0}) = 0 lseek(12, 2048, SEEK_SET) = 2048 read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0\20\322HF\0\0\0\0\271v\0"..., 1024) = 1024 lseek(12, 2048, SEEK_SET) = 2048 write(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0\20\322HF\0\0\0\0\271v\0"..., 1024) = 1024 lseek(12, 3072, SEEK_SET) = 3072 read(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0 yHF\0\0\0\0\242q\0\0\0\0"..., 1024) = 1024 lseek(12, 0, SEEK_SET) = 0 fcntl64(12, F_SETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024}) = 0 stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13 fcntl64(13, F_SETFD, FD_CLOEXEC) = 0 read(13, "\22\0\0\0\212^i\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0"..., 512) = 512 close(13) = 0 stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13 fcntl64(13, F_SETFD, FD_CLOEXEC) = 0 fstat64(13, {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0 time(NULL) = 1179177532 stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0 stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0 open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14 fcntl64(14, F_SETFD, FD_CLOEXEC) = 0 read(14, "\22\0\0\0\tEQ\0\0\0\0\0b1\5\0\t\0\0\0\0\20\0\0\0\t\0\0"..., 512) = 512 close(14) = 0 stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0 open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14 fcntl64(14, F_SETFD, FD_CLOEXEC) = 0 fstat64(14, {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0 pread64(14, "\22\0\0\0\tEQ\0\0\0\0\0b1\5\0\t\0\0\0\0\20\0\0\0\t\0\0"..., 4096, 0) = 4096 time(NULL) = 1179177532 pread64(13, "\20\0\0\0008\fY\0\1\0\0\0\0\0\0\0\0\0\0\0\2\0\344?\3\3"..., 16384, 16384) = 16384 pread64(13, "\22\0\0\0:^i\0\220\3\0\0\0\0\0\0\0\0\0\0\335\0010"\2\3"..., 16384, 14942208) = 16384 pread64(13, "\22\0\0\0\235\0m\0W\3\0\0O\3\0\0\0\0\0\0\20\0\270!\1\5"..., 16384, 14008320) = 16384 write(2, "slapd starting\n", 15) = 15 mmap2(NULL, 385024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6419000 mmap2(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb5c18000 mprotect(0xb5c18000, 4096, PROT_NONE) = 0 clone(child_stack=0xb64184d4, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0xb6418be8, {entry_number:6, base_addr:0xb6418ba0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0xb6418be8) = 30400 futex(0xb6418be8, FUTEX_WAIT, 30400, NULL) = -1 EINTR (Interrupted system call) +++ killed by SIGSEGV +++ ----------------
what i find odd is the error "stat64("/var/lib/ldap/__db.004", 0xbfd23b2c) = -1 ENOENT (No such file or directory)" (just at the beginning of the post) because the file actually is there and accessable:
[host]: ls -l /var/lib/ldap/__db.004 -rw------- 1 ldap ldap 450560 May 12 22:45 /var/lib/ldap/__db.004
now if i change the settings in slapd.conf on the consumer and remove the line "updateref" (as in slapd-chain1.conf is no such line) the server (consumer) stays alive but on running "ldappasswd -x <...>" i get: ---- ldappasswd -x <...> New password: Re-enter new password: Enter LDAP Password: Result: Server is unwilling to perform (53) Additional info: shadow context; no update referral ----
is the line "updateref" needed? but it crashes the server with my config?!
what am i doing wrong?
thanks in advance for your help and patience (and sorry for the long post ...)
regards markus
+-----------------------------------------------------------------+ | Markus Krause, Mogli-Soft | | Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL | | by order of the | | Computing Center of the Max-Planck-Institute of Biochemistry | +--------------------------------+--------------------------------+ | E-Mail: krause@biochem.mpg.de | Tel.: 089 - 89 40 85 99 | | markus.krause@mac.com | Fax.: 089 - 89 40 85 98 | | Skype: markus.krause | iChat: markus.krause@mac.com | +--------------------------------+--------------------------------+
---------------------------------------------------------------------- This message was sent using https://webmail2.biochem.mpg.de If you encounter any problems please report to rz-linux@biochem.mpg.de