openldap-technical July 2009

openldap-technical@openldap.org

68 participants
73 discussions

RE: monitor mirror mode
by François Mehault 02 Jul '09

02 Jul '09

Thanks for your response. ContextCSN seems perfect but, I try on my two OpenLDAP: <10:13>[labobe2:~]# ldapsearch -x -LLL -H ldap://openldapID1:389 -s base -b 'dc=netplus,dc=fr' contextCSN dn: dc=netplus,dc=fr dn: dc=netplus,dc=fr contextCSN: 20090629115508.383110Z#000000#002#000000 contextCSN: 20090702080926.118569Z#000000#001#000000 <10:07>[labobe1:~]# ldapsearch -x -LLL -H ldap:// openldapID2:389 -s base -b 'dc=netplus,dc=fr' contextCSN dn: dc=netplus,dc=fr dn: dc=netplus,dc=fr contextCSN: 20090629115508.383110Z#000000#002#000000 contextCSN: 20090702080926.118569Z#000000#001#000000 As you can see I have two results by request. And I have effectively the same result on each server. Can I conclude just with this results that the replication works well ? I though I would have one contextCSN for each request instead of two. Thanks for your help. Regards, François De : Gavin Henry [mailto:ghenry@OpenLDAP.org] Envoyé : vendredi 26 juin 2009 17:14 À : François Mehault Cc : openldap-technical(a)openldap.org Objet : Re: monitor mirror mode You can use: http://blog.suretecsystems.com/archives/146-OpenLDAP-Quick-Tips-Checking-th… ----- "François Mehault" <Francois.Mehault(a)netplus.fr> wrote: > > Hi all I use 2 openldap with mirror mode replication. And in fact I want to monitor both with Nagios. I want to be sure that replication works, So I ask myself if there is some numerous version on each OpenLDAP that I could check if they are equal. This value would be update after each replication. Something like that exist ? Or, how can I monitor the replication ? If you have some lead, I am interested. Thanks for your help Have a good week end. François -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/

1 0

db_archive: DB_ENV->log_archive: DB_NOTFOUND: No matching key/data pair found
by Andreas Krummrich 01 Jul '09

01 Jul '09

Hi all, I'm running OpenLDAP 2.4.11 on a debian lenny box and it seems that I'm having trouble with the log files. I had a corrupt database some days ago and needed to restore the database from the backup. The log said: Jun 28 01:16:59 old slapd[17374]: bdb_db_open: database "dc=intern,dc=domain,dc=de": unclean shutdown detected; attempting recovery. Jun 28 01:16:59 old slapd[17374]: bdb_db_open: database "dc=intern,dc=domain,dc=de": dbenv_open(/var/lib/ldap). Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de): Ignoring log file: /var/lib/ldap/log.0000000005: magic number 0, not 40988 Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de): Invalid log file: log.0000000005: Invalid argument Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de): PANIC: Invalid argument Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery Jun 28 01:16:59 old slapd[17374]: bdb_db_open: database "dc=intern,dc=domain,dc=de" cannot be recovered, err -30978. Restore from backup! Jun 28 01:16:59 old slapd[17374]: ====> bdb_cache_release_all Jun 28 01:16:59 old slapd[17374]: bdb(dc=intern,dc=domain,dc=de): txn_checkpoint interface requires an environment configured for the transaction subsystem Jun 28 01:16:59 old slapd[17374]: bdb_db_close: database "dc=intern,dc=domain,dc=de": txn_checkpoint failed: Invalid argument (22). Jun 28 01:16:59 old slapd[17374]: backend_startup_one: bi_db_open failed! (-30978) So I installed a new OpenLDAP server with the same versions and the same configuration. The first thing what I found out was that db_archive has some trouble: On the new box I get the following results from db_archive: root@new:/var/lib/ldap# db4.2_archive -sa /var/lib/ldap/cn.bdb /var/lib/ldap/dn2id.bdb /var/lib/ldap/gidNumber.bdb /var/lib/ldap/givenName.bdb /var/lib/ldap/id2entry.bdb /var/lib/ldap/loginShell.bdb /var/lib/ldap/objectClass.bdb /var/lib/ldap/sn.bdb /var/lib/ldap/uid.bdb /var/lib/ldap/uidNumber.bdb root@new:/var/lib/ldap# db4.2_archive -la /var/lib/ldap/log.0000000001 root@new:/var/lib/ldap# Looks good so far. On the old box I get the following results (there are the same databases) root@new:/var/lib/ldap# db4.2_archive -sa root@new:/var/lib/ldap# db4.2_archive -la db_archive: DB_ENV->log_archive: DB_NOTFOUND: No matching key/data pair found root@new:/var/lib/ldap# I searched the archive and googled this message, but found nothing that fits my case. Hope that someone can give me a hint, solving this issue. Thanks and kind regards, Andreas

4 6

LDAP user cannot login
by Richard Gillman 01 Jul '09

01 Jul '09

Hi, I'm moving an LDAP server from one system to another. Data I copied using slapcat -l ldapdata; slapadd -c -q -l ldapdata on new system, then start ldap. But I can't log in as an ordinary user. I've tried resetting the user password using JXplorer, but no luck. Can anyone spot something wrong in what I'm trying to do? Suggestions appreciated. thanks in advance, Dick slapd.conf contains access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk" attrs=userPassword by anonymous auth by self write by dn.exact="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read by dn.exact="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read slapd -d acl gives at startup (#) $OpenLDAP: slapd 2.3.43 (Jan 21 2009 03:59:37) $ mockbuild@builder10.centos.org:/builddir/build/BUILD/openldap-2.3.43/openldap-2.3.43/build-servers/servers/slapd Backend ACL: access to attrs=SambaLMPassword,SambaNTPassword by dn.base="cn=manager,dc=nerc-sf,dc=ac,dc=uk" write by * none Backend ACL: access to dn.base="" by * read Backend ACL: access to dn.base="cn=subschema" by * read Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk" attrs=userPassword by anonymous auth by self write by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk" attrs=userPassword,sambaLMPassword,sambaNTPassword by anonymous auth by self write by dn.base="cn=replica,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read by dn.base="cn=proxyagent,ou=profile,dc=nerc-sf,dc=ac,dc=uk" read Backend ACL: access to dn.subtree="ou=admins,dc=nerc-sf,dc=ac,dc=uk" by dn.regex="cn=[^,]+,ou=admins,dc=nerc-sf,dc=ac,dc=uk" read by anonymous auth Backend ACL: access to dn.subtree="dc=nerc-sf,dc=ac,dc=uk" by peername.ip="192.171.172.0%255.255.255.0" read by peername.ip="192.171.159.192%255.255.255.192" read by peername.ip="127.0.0.1" read => bdb_entry_get: found entry: "dc=nerc-sf,dc=ac,dc=uk" => access_allowed: search access to "uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "entryCSN" requested <= root access granted slapd starting When I try to login, slapd gives => access_allowed: read access to "uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk" "userPassword" requested => dn: [1] dc=nerc-sf,dc=ac,dc=uk => acl_get: [1] matched => acl_get: [1] attr userPassword access_allowed: no res from state (userPassword) => acl_mask: access to entry "uid=susa,ou=people,dc=nerc-sf,dc=ac,dc=uk", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: anonymous <= acl_mask: [1] applying auth(=xd) (stop) <= acl_mask: [1] mask: auth(=xd) => access_allowed: read access denied by auth(=xd) send_search_entry: conn 1 access to attribute userPassword, value #0 not allowed -- Richard Gillman ITC UNIX Systems Group, Maclean Building, Wallingford OX10 8BB Tel: 01491 - 692 339 Fax: 01491 - 692 424

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical July 2009