Took the slapcat output from version 2.0.27 (ldbm) to version 2.3.32 (bdm). Used /usr/local/bin/slapadd on 2.3.32 and am using Berkeley 4.5.20. The slapadd works fine. Then I issued chown ldap:ldap on the /var/lib/ldap-2.3.32 directory and files. Any type of ldapsearch results in a 32 no such object. The identical ldapsearch on the old ldap works fine.
Search: /usr/local/bin/ldapsearch -h 10.16.13.85 -x -b o=pwgsc -s sub uid=gaberb
Slapd.conf: include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/fw1ng.schema
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
allow bind_v2 #loglevel 296
sizelimit 500000 access to * by self write by peername=10.16.13.84 write by peername=10.16.13.81 read by peername=10.16.13.82 read by peername=10.16.13.83 read by peername=10.16.13.85 read by peername=10.16.13.86 read
database bdb suffix "o=pwgsc" rootdn "cn=admin,o=pwgsc" rootpw {CRYPT}iWkhys7q1iVpM directory /var/lib/ldap-2.3.32
# Indices to maintain index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial
# Master from which we should accept changes updatedn "cn=admin,o=pwgsc" updateref ldap://10.16.13.84
Log:
do_bind: v3 anonymous bind daemon: activity on 1 descriptor daemon: activity on: 10r daemon: read activity on 10 connection_get(10) connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 2d 02 01 02 63 28 04 0-...c(.
ldap_read: want=39, got=39 0000: 07 6f 3d 70 77 67 73 63 0a 01 02 0a 01 00 02 01 .o=pwgsc........ 0010: 00 02 01 00 01 01 00 a3 0c 04 03 75 69 64 04 05 ...........uid.. 0020: 66 61 74 61 6d 30 00 fatam0.
ber_get_next: tag 0x30 len 45 contents: ber_dump: buf=0x081ff3d8 ptr=0x081ff3d8 end=0x081ff405 len=45 0000: 02 01 02 63 28 04 07 6f 3d 70 77 67 73 63 0a 01 ...c(..o=pwgsc.. 0010: 02 0a 01 00 02 01 00 02 01 00 01 01 00 a3 0c 04 ................ 0020: 03 75 69 64 04 05 66 61 74 61 6d 30 00 .uid..fatam0. ber_get_next do_search ber_scanf fmt ({miiiib) ber: ldap_read: want=8 error=Resource temporarily unavailable ber_dump: buf=0x081ff3d8 ptr=0x081ff3db end=0x081ff405 len=42 0000: 63 28 04 07 6f 3d 70 77 67 73 63 0a 01 02 0a 01 c(..o=pwgsc..... 0010: 00 02 01 00 02 01 00 01 01 00 a3 0c 04 03 75 69 ..............ui 0020: 64 04 05 66 61 74 61 6d 30 00 d..fatam0.
daemon: select: listen=6 active_threads=0 tvp=NULL
dnPrettyNormal: <o=pwgsc>
=> ldap_bv2dn(o=pwgsc,0) <= ldap_bv2dn(o=pwgsc)=0 => ldap_dn2bv(272) <= ldap_dn2bv(o=pwgsc)=0 => ldap_dn2bv(272) <= ldap_dn2bv(o=pwgsc)=0 <<< dnPrettyNormal: <o=pwgsc>, <o=pwgsc> SRCH "o=pwgsc" 2 0 0 0 0 begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x081ff3d8 ptr=0x081ff3f5 end=0x081ff405 len=16 0000: a3 0c 04 03 75 69 64 04 05 66 61 74 61 6d 30 00 ....uid..fatam0. end get_filter 0 filter: (uid=fatam) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x081ff3d8 ptr=0x081ff403 end=0x081ff405 len=2 0000: 00 00 ..
attrs: ==> limits_get: conn=0 op=1 dn="[anonymous]" => bdb_search bdb_dn2entry("o=pwgsc") => bdb_dn2id("o=pwgsc") <= bdb_dn2id: got id=0x00000001 send_ldap_result: conn=0 op=1 p=3 send_ldap_result: err=32 matched="" text="" send_ldap_response: msgid=2 tag=101 err=32 ber_flush: 14 bytes to sd 10 0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... .... ldap_write: want=14, written=14 0000: 30 0c 02 01 02 65 07 0a 01 20 04 00 04 00 0....e... .... daemon: activity on 1 descriptor daemon: activity on: 10r daemon: read activity on 10 connection_get(10) connection_get(10): got connid=0 connection_read(10): checking for input on id=0 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x082008e0 ptr=0x082008e0 end=0x082008e5 len=5 0000: 02 01 03 42 00 ...B.
ber_get_next ldap_read: want=8, got=0
ber_get_next on fd 10 failed errno=0 (Success) connection_read(10): input error=-2 id=0, closing. connection_closing: readying conn=0 sd=10 for close do_unbind connection_close: deferring conn=0 sd=10 daemon: select: listen=6 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: waked connection_resched: attempting closing conn=0 sd=10 daemon: select: listen=6 active_threads=0 tvp=NULL connection_close: conn=0 sd=10 daemon: removing 10 daemon: shutdown requested and initiated. daemon: closing 6 slapd shutdown: waiting for 0 threads to terminate slapd shutdown: initiated ====> bdb_cache_release_all slapd destroy: freeing system resources. slapd stopped.
On Wednesday, 4 July 2007, Brian Gaber wrote:
Took the slapcat output from version 2.0.27 (ldbm) to version 2.3.32 (bdm). Used /usr/local/bin/slapadd on 2.3.32 and am using Berkeley 4.5.20. The slapadd works fine. Then I issued chown ldap:ldap on the /var/lib/ldap-2.3.32 directory and files. Any type of ldapsearch results in a 32 no such object. The identical ldapsearch on the old ldap works fine.
Search: /usr/local/bin/ldapsearch -h 10.16.13.85 -x -b o=pwgsc -s sub uid=gaberb
Slapd.conf: include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/fw1ng.schema
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
allow bind_v2 #loglevel 296
sizelimit 500000 access to * by self write by peername=10.16.13.84 write by peername=10.16.13.81 read by peername=10.16.13.82 read by peername=10.16.13.83 read by peername=10.16.13.85 read by peername=10.16.13.86 read
database bdb suffix "o=pwgsc" rootdn "cn=admin,o=pwgsc" rootpw {CRYPT}iWkhys7q1iVpM directory /var/lib/ldap-2.3.32
# Indices to maintain index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial
# Master from which we should accept changes updatedn "cn=admin,o=pwgsc" updateref ldap://10.16.13.84
Log:
do_bind: v3 anonymous bind
To check if your ACLs need to be upgraded to more recent syntax, please try the search as rootdn. If it works, your peername clauses may need adjustment, e.g. to 'by peername.ip=xxx.xxx.xxx.xxx read'
If the search does not succeed as rootdn, then it may be worthwhile doing an ldapsearch from the 2.0.x, and ldapadd'ing this on the 2.3.x, to see if you may have missing data above the data you need (which slapadd may allow in, but slapd won't let out).
Regards, Buchan
openldap-software@openldap.org
-
Brian Gaber -
Buchan Milne