OpenLDAP 2.4.36 slapd stop with assertion fail message
by "POISSON Frédéric"
Hello,
I'm testing the latest release of OpenLDAP 2.4.36 and my slapd stop while i'm doing a change on cn=config.
My tests are with my own compilation of OpenLDAP on a RHEL6 server but i see the same problem with "LTB project RPMs" http://ltb-project.org/wiki/download#openldap with RHEL6 package.
My aim is to modify cn=config like this in order to implement TLS, here is my ldif :
dn: cn=config
changetype: modify
add: olcTLSRandFile
olcTLSRandFile: /dev/random
The server shutdown when i add this entry and with slapd option "-d 255" i have :
slapd: result.c:813: slap_send_ldap_result: Assertion `!((rs->sr_err)<0)' failed.
/etc/init.d/slapd: line 285: 5461 Aborted $SLAPD_BIN -h "$SLAPD_SERVICES" $SLAPD_PARAMS
Notice that i test this ldif modification on release 2.4.35 without problem.
Is there any changes inside cn=config behavior with release 2.4.36 that i don't see ?
Thanks in advance,
Regards,
PS: In attachment my cn=config with slapcat, and the lines when starting slapd with debug -d 255.
--
Frederic Poisson
7 years, 7 months
Re: Antw: Re: Object not found
by espeake@oreillyauto.com
Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
From: "Ulrich Windl" <Ulrich.Windl(a)rz.uni-regensburg.de>
To: <espeake(a)oreillyauto.com>
Date: 08/29/2013 01:46 AM
Subject: Antw: Re: Object not found
Eric,
following you progress on LDAP, why don't you use a working simple starting
configuration and then try simple steps towards getting where you want to
be at
the end? Only proceed if the current configuration works as intended; if
not
either undo or fix it.
Something like:
olcAccess: {0}to * by dn.base="uid=syncrepl,ou=system,dc=whatever" read by
group/organizationalRole/roleOccupant.exact="cn=LDAP-Manager,dc=whatever"
write
by * break
olcAccess: {1}to attrs=userPassword by self write by * auth
olcAccess: {2}to attrs=shadowLastChange by self write by * read
olcAccess: {3}to attrs=userPKCS12 by self read by * none
olcAccess: {4}to * by * read
You can leave out rule {0}, because that's some local extension used here
(use a group for Managers).
Also I can recommend turning on auth logging for your tests. In
LDIF-format:
dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: ACL
-
I also recommend doing frequent database dumps per slapcat, so you can
revert
to a working configuration once you messed up things. However when using
replication, be aware that restoring one node to an older configuration,
the
older node may be overwritten if the other nodes still have a newer
configuration.
To all: Is there an option to slapadd to make any entries actually added
being
"new" (i.e. ignoring CSNs and modification timestamps in the LDIF)?
Regards,
Ulrich
>>> <espeake(a)oreillyauto.com> schrieb am 29.08.2013 um 05:25 in Nachricht
<OF5EFEDB5F.26657526-ON86257BD6.001209FD-86257BD6.0012CADD@LocalDomain>:
> Okay so I have the access list figured out and everything looks good
except
> now the credentials for my user aren't working. I get an error 49
(invalid
> credentials) I have reentered the password for the user. There is one
> other user that will not autenticate. Both of thes users are in the ou
> System. The base admin account can login and get the informatio. Here
is
> the new access list.
>
> olcAccess: {0}to * by
> dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com" read by
> dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read by
> dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write by
> dn.base="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write by
> dn.base="uid=passwordAdmin,ou=System,dc=oreillyauto,dc=com" write by *
> break
> olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by
> group/groupOfUniqueNames/uniqueMember="cn=System
> Administrators,ou=Groups,dc=oreillyauto,dc=com" write
> by group/groupOfUniqueNames/uniqueMember="cn=LDAP
> Admin,ou=Groups,dc=oreillyauto,dc=com" write by * none break
> olcAccess: {2}to attrs=userPassword by
>
group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreillya
> uto,dc=com"
> write by anonymous auth by self write
> olcAccess: {3}to attrs=uid by anonymous read by users read
> olcAccess: {4}to attrs=ou,employeeNumber by users read
> olcAccess: {5}to dn.subtree="ou=System,dc=oreillyauto,dc=com" by
> dn.subtree="ou=Users,dc=oreillyauto,dc=com" none by users read
> olcAccess: {6}to dn.children="ou=Groups,dc=oreillyauto,dc=com" by
> dnattr=owner write by dnattr=uniqueMember read by * none
> olcAccess: {7}to dn.children="ou=Users,dc=oreillyauto,dc=com by self read
> by
>
group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreillya
> uto,dc=com"
> read by * none
> olcAccess: {8}to * by self read by users read
>
> The two users that I need to work are:
> readOnlyUser
> dn="uid=readOnlyUser,ou=System,dc=oreilly,dc=com
> and
> ldapadmin dn="uid=ldapadmin,
ou=System,dc=oreulllyauto,dc=com
>
> Here is the search and result:
>
> root@tntest-ldap-3:/var/lib/ldap# ldapsearch -Wx -D
> "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" -b
> "dc=oreillyauto,dc=com" -H ldap://<ldap-server>.oreillyauto.com
uid=espeake
> uid dsplayName employeeNumber
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> any and all ideas are welcomed.
> Eric Speake
> Web Systems Administrator
> O'Reilly Auto Parts
>
>
>
> From: Quanah Gibson-Mount <quanah(a)zimbra.com>
> To: espeake(a)oreillyauto.com, openldap-technical(a)openldap.org
> Date: 08/28/2013 11:35 AM
> Subject: Re: Object not found
> Sent by: openldap-technical-bounces(a)OpenLDAP.org
>
>
>
> --On Wednesday, August 28, 2013 8:12 AM -0500 espeake(a)oreillyauto.com
> wrote:
>
>>
>> I have a user name readonly that we use in our applications to get
uid's.
>> THis has worked in the past with our old LDAP solution. We have moved
to
>> 2.4.31 on Ubuntu 12.04 with a n-way Multi master setup.
>>
>> The slap cat for this database looks like this.
>>
>> dn: olcDatabase={1}hdb,cn=config
>> objectClass: olcDatabaseConfig
>> objectClass: olcHdbConfig
>> olcDatabase: {1}hdb
>> olcDbDirectory: /var/lib/ldap
>> olcSuffix: dc=oreillyauto,dc=com
>> olcAccess: {0}to attrs=userPassword by anonymous auth by * none
>> olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com" by
>> group/groupOfUniqueName
>> s/uniqueMember="cn=System
> Administrators,ou=Groups,dc=oreillyauto,dc=com"
>> wri
>> te by group/groupOfUniqueNames/uniqueMember="cn=LDAP
>> Admin,ou=Groups,dc=oreil
>> lyauto,dc=com" write by * none break
>> olcAccess: {2}to attrs=userPassword by
>> group/groupOfUniqueNames/uniqueMember="
>> cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com" write by anonymous
auth
>> by s
>> elf write
>
> Hi,
>
> You need to spend some time reading the manual pages and admin guide on
> access rules for slapd.
>
> It is immediately obvious that rule {2) will never evaluate because of
rule
>
> {0}. Those shouldn't even be separate rule lines, they should be a
single
> rule. I haven't looked further because that was so blatant, I'm guessing
> you have any number of other issues in your access lines.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Lead Engineer
> Zimbra, Inc
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
>
>
> --
> This message has been scanned for viruses and dangerous content,
> and is believed to be clean.
> Message id: 898DB600A44.A073B
>
>
>
>
> This communication and any attachments are confidential, protected by
> Communications Privacy Act 18 USCS § 2510, solely for the use of the
intended
> recipient, and may contain legally privileged material. If you are not
the
> intended recipient, please return or destroy it immediately. Thank you.
Here what shows up in the log. I am high lighting what I thought would
have been the issue but it appears to be a double-negative so it is not
where it is getting denied. Just must be missing it because it looks like
it really working.
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: conn=1027 op=0 BIND
dn="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" method=128
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (userPassword)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: auth access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => acl_get: [1] attr
userPassword
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => acl_mask: access to entry
"uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => acl_mask: to value by "",
(=0)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=syncrepl,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=readonlyuser,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=ldapadmin,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=newuseradmin,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= check a_dn_pat:
uid=passwordadmin,ou=system,dc=oreillyauto,dc=com
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= acl_mask: no more <who>
clauses, returning =0 (stop)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => slap_access_allowed: auth
access denied by =0
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: no more
rules
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 slapd[18777]: last message repeated 3 times
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= acl_access_allowed: granted
to database root
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: search
access granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (objectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (objectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (uid)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (description)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (objectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (objectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (uid)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (description)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdPolicySubentry)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (structuralObjectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
"structuralObjectClass" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (entryUUID)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (creatorsName)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (createTimestamp)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdHistory)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdPolicySubentry)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (structuralObjectClass)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
"structuralObjectClass" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (entryUUID)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (creatorsName)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (createTimestamp)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdHistory)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (pwdHistory)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (userPassword)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (pwdHistory)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdChangedTime)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (userPassword)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdFailureTime)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdChangedTime)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (pwdFailureTime)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (pwdFailureTime)
Aug 29 08:53:32 slapd[18777]: last message repeated 5 times
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (entryCSN)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryCSN" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (modifiersName)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "modifiersName"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (modifyTimestamp)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "modifyTimestamp"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (entryDN)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryDN" requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (entryDN)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (subschemaSubentry)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "subschemaSubentry"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (subschemaSubentry)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result not
in cache (hasSubordinates)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "hasSubordinates"
requested
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: result was
in cache (hasSubordinates)
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: <= root access granted
Aug 29 08:53:32 tntest-ldap-1 slapd[18777]: => access_allowed: read access
granted by manage(=mwrscxd)
--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
Message id: 28CE360097D.AE572
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
7 years, 7 months
Error message with memberof overlay
by Sylvain
Hi !
In my logs, I saw lot of lines like this (we have a poor script which
refresh the base with delete/add primitives) :
memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete
memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16
I can reproduce the problem with a small LDIF :
# 1st part
dn: uid=V6971,ou=people,dc=xxx,dc=com
changetype: delete
dn: uid=V6971,ou=people,dc=xxx,dc=com
changetype: add
objectClass...
# 2nd part
dn: cn=VAC,ou=groups,dc=xxx,dc=com
changetype: delete
dn: cn=VAC,ou=groups,dc=xxx,dc=com
changetype: add
objectClass...
In the logs (shown below), we saw that problem occurs only on the delete of
cn=VAC but if I reduce the LDIF to that (2nd part), I have no more the
problem !? I don't understand...
Here the logs with all the LDIF :
Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 fd=32 ACCEPT from IP=
192.168.0.1:48049 (IP=0.0.0.0:389)
Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND
dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128
Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 BIND
dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0
Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=0 RESULT tag=97 err=0
text=
--> Aug 30 12:01:42 ldap1 slapd[1229]: conn=363692 op=1 DEL
dn="cn=VAC,ou=groups,dc=xxx,dc=com"
--> Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1:
memberof_value_modify DN="uid=v6971,ou=people,dc=xxx,dc=com" delete
memberOf="cn=VAC,ou=groups,dc=xxx,dc=com" failed err=16
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=1 RESULT tag=107 err=0
text=
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 ADD
dn="cn=VAC,ou=groups,dc=xxx,dc=com"
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=2 RESULT tag=105 err=0
text=
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 DEL
dn="uid=V6971,ou=people,dc=xxx,dc=com"
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=3 RESULT tag=107 err=0
text=
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 ADD
dn="uid=V6971,ou=people,dc=xxx,dc=com"
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=4 RESULT tag=105 err=0
text=
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 op=5 UNBIND
Aug 30 12:01:43 ldap1 slapd[1229]: conn=363692 fd=32 closed
And here the logs with only the 2nd part of LDIF :
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 ACCEPT from IP=
192.168.0.1:43599 (IP=0.0.0.0:389)
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND
dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" method=128
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 BIND
dn="cn=portail,ou=ldapusers,dc=xxx,dc=com" mech=SIMPLE ssf=0
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=0 RESULT tag=97 err=0
text=
--> Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 DEL
dn="cn=VAC,ou=groups,dc=xxx,dc=com"
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=1 RESULT tag=107 err=0
text=
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 ADD
dn="cn=VAC,ou=groups,dc=xxx,dc=com"
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=2 RESULT tag=105 err=0
text=
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 op=3 UNBIND
Aug 30 12:06:22 ldap1 slapd[1229]: conn=364437 fd=107 closed
For information, here the configuration of memberOf overlay :
dn: olcOverlay={0}memberof, olcDatabase={1}hdb, cn=config
olcMemberOfMemberAD: member
olcMemberOfRefInt: FALSE
olcOverlay: memberof
olcMemberOfDangling: ignore
objectClass: olcMemberOf
objectClass: olcOverlayConfig
olcMemberOfMemberOfAD: memberOf
olcMemberOfGroupOC: groupOfNames
We run OpenLDAP 2.4.31 replicated onto another host on Debian Wheezy.
Do you have an idea on the problem ?
Thanks,
Sylvain
7 years, 7 months
Limit value count of multivalued attribute?
by Ole
Hi,
i'm searching a solution to limit the number of values for multivalued
attributes. For example, my users can wirte multivalued "mail". But
they should set only 20 mailaddress in max, not 20.000.
Is there a way to do this with overlays?
Regards Ole
7 years, 7 months
RE: ldapadd "ldap_bind: Invalid credentials (49)"
by Clint Petty
-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
Sent: Thursday, August 29, 2013 3:10 PM
To: Clint Petty
Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)"
--On Thursday, August 29, 2013 10:06 PM +0000 Clint Petty
<cpetty(a)luthresearch.com> wrote:
>> # /etc/init.d/slapd debug -1 -u ldap -F /usr/local/etc/openldap/slapd.d
>> # -H ldapi:///
>> slapd: [INFO] Using /etc/default/slapd for configuration
>> slapd: [INFO] Halting OpenLDAP...
>> slapd: [INFO] Can't read PID file, to stop OpenLDAP try:
>> /etc/init.d/slapd forcestop slapd: [INFO] No db_recover done
>> slapd: [INFO] Launching OpenLDAP...
>> slapd: [OK] File descriptor limit set to 1024
>> 521fc4a1 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $
>> clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/
>> servers/slapd 521fc4a1 /usr/local/openldap/etc/openldap/slapd.conf: line
>> 5: unknown directive <dn:> >outside backend info and database
>> definitions. 521fc4a1 slapd stopped.
>> 521fc4a1 connections_destroy: nothing to destroy.
> Hi Clint,
> The point is to use a ">" with the text *I* wrote, not the text you write.
> That's standard quoting of replies (as you will see my email client does
> automatically).
> In the above, you used /etc/init.d/slapd, rather than the slapd *binary*.
> The above indicates you are using an invalid slapd.conf file localted in
> /usr/local/openldap/etc/openldap. I thought you used cn=config?
> You may need to examine /etc/default/slapd to see how to fix it to use
> cn=config? etc. At this point, you may want to ask the LTB project for
> guidance on configuring their servers correctly.
> --Quanah
_________________________________________________________________
# /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:///
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /usr/local/openldap/etc/openldap/ldap.conf
ldap_init: using /usr/local/openldap/etc/openldap/ldap.conf
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
521fc7d9 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $
clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/servers/slapd
ldap_pvt_gethostbyname_a: host=ip-10-15-2-169, r=0
521fc7d9 daemon_init: ldapi:///
521fc7d9 daemon_init: listen on ldapi:///
521fc7d9 daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldapi:///)
521fc7d9 daemon: listener initialized ldapi:///
521fc7d9 daemon_init: 1 listeners opened
ldap_create
521fc7d9 slapd init: initiated server.
521fc7d9 slap_sasl_init: initialized!
521fc7d9 bdb_back_initialize: initialize BDB backend
521fc7d9 bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
521fc7d9 hdb_back_initialize: initialize HDB backend
521fc7d9 hdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
521fc7d9 mdb_back_initialize: initialize MDB backend
521fc7d9 mdb_back_initialize: MDB 0.9.7: (January 10, 2013)
521fc7d9 ==> translucent_initialize
521fc7d9 backend_startup_one: starting "cn=config"
521fc7d9 ldif_read_file: Permission denied for "/usr/local/etc/openldap/slapd.d/cn=config.ldif"
521fc7d9 send_ldap_result: conn=-1 op=0 p=0
521fc7d9 send_ldap_result: err=80 matched="" text="internal error (cannot read some entry file)"
521fc7d9 slapd destroy: freeing system resources.
521fc7d9 slapd stopped.
521fc7d9 connections_destroy: nothing to destroy.
#
My /etc/default/slapd file looks like this:
#====================================================================
# Configuration example of OpenLDAP's init script
#====================================================================
# IP and port to listen
IP="*"
SSLIP="*"
PORT="389"
SSLPORT="636"
# OpenLDAP directory and files
SLAPD_PATH="/usr/local/openldap"
SLAPD_PID_FILE="$SLAPD_PATH/var/run/slapd.pid"
SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf"
SLAPD_CONF_DIR=""
SLAPD_SERVICES="ldap://$IP:$PORT ldaps://$SSLIP:$SSLPORT"
SLAPD_PARAMS=""
SLAPD_BIN="$SLAPD_PATH/libexec/slapd"
SLAPD_USER="ldap"
SLAPD_GROUP="ldap"
SLAPD_SYSLOG_LOCAL_USER="local4"
DATA_PATH="auto"
SLAPADD_BIN="$SLAPD_PATH/sbin/slapadd"
SLAPADD_PARAMS="-q"
SLAPCAT_BIN="$SLAPD_PATH/sbin/slapcat"
SLAPINDEX_BIN="$SLAPD_PATH/sbin/slapindex"
SLAPTEST_BIN="$SLAPD_PATH/sbin/slaptest"
SLURPD_PID_FILE="$SLAPD_PATH/var/run/slurpd.pid"
SLURPD_PARAMS=""
SLURPD_BIN="$SLAPD_PATH/libexec/slurpd"
# BerkeleyDB directory and files
BDB_PATH="/usr/local/berkeleydb"
DB_ARCHIVE_BIN="$BDB_PATH/bin/db_archive"
DB_RECOVER_BIN="$BDB_PATH/bin/db_recover"
RECOVER_AT_STARTUP="0"
# Backup
BACKUP_AT_SHUTDOWN="0"
BACKUP_PATH="/var/backups/openldap"
BACKUP_SUFFIX="`date +%Y%m%d%H%M%S`.ldif"
BACKUP_COMPRESS_EXT="" # gz, bz2, ...
BACKUP_COMPRESS_BIN="" # /bin/gzip, /bin/bzip2, ...
BACKUP_UNCOMPRESS_BIN="" # /bin/gunzip, /bin/bunzip2, ...
# Other
TIMEOUT="30" # Max time to stop process
FD_LIMIT="1024" # Max file descriptor
DEBUG_LEVEL="256" # Debug loglevel
SPECIAL_QUOTE="1" # Quote some command line parameters (eg: LDAP filters)
Clint
7 years, 7 months
Re : Antw: Re: OpenLDAP 2.4.36 slapd crash with "assertion failed" message
by "POISSON Frédéric"
Hello,
I open ITS number 7676 (cf http://www.openldap.org/its/index.cgi/Incoming?id=7676;selectid=7676;stat...).
Thanks all,
Le 30/08/13, Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de> a écrit :
> >>> Quanah Gibson-Mount <quanah(a)zimbra.com> schrieb am 29.08.2013 um 20:46 in
> Nachricht <435F5EA8223A74BCD46762EC(a)[192.168.1.22]>:
> > --On Thursday, August 29, 2013 4:17 PM +0200 "\"POISSON Frédéric\""
> > <frederic.poisson(a)admin.gmessaging.net> wrote:
> >
> >> Ok i have downloaded all the debuginfo package on my RHEL6.2 server, and
> >> also i have to install with "--nodeps" options the package
> >> glibc-debuginfo-2.12-1.47.el6_2.12.x86_64.rpm because it require the
> >> glibc-debuginfo-common rpm package which do not found on Redhat website.
> >
> > Please file an ITS at http://www.openldap.org/its on this issue.
> >
> > Include your full cn=config (minus passwords), ldapmodify command, and the
> > full backtrace from gdb you collected.
>
> ...and be aware that your gdb backtrace may include credentials (in non-obious
> encoding) also... ;-)
>
> >
> > Thanks.
> >
> > --Quanah
> >
> >
> > --
> >
> > Quanah Gibson-Mount
> > Lead Engineer
> > Zimbra, Inc
> > --------------------
> > Zimbra :: the leader in open source messaging and collaboration
>
>
>
>
--
Frederic Poisson
7 years, 7 months
OpenLDAP 2.4.36 slapd crash with "assertion failed" message
by "POISSON Frédéric"
Ok i have downloaded all the debuginfo package on my RHEL6.2 server, and also i have to install with "--nodeps" options the package glibc-debuginfo-2.12-1.47.el6_2.12.x86_64.rpm because it require the glibc-debuginfo-common rpm package which do not found on Redhat website.
Here is now the result :
# gdb /usr/local/openldap/libexec/slapd 12945
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-50.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/openldap/libexec/slapd...Reading symbols from /usr/lib/debug/usr/local/openldap/libexec/slapd.debug...done.
done.
Attaching to program: /usr/local/openldap/libexec/slapd, process 12945
Reading symbols from /usr/local/berkeleydb/lib64/libdb-4.6.so...Reading symbols from /usr/lib/debug/usr/local/berkeleydb/lib64/libdb-4.6.so.debug...
warning: "/usr/lib/debug/usr/local/berkeleydb/lib64/libdb-4.6.so.debug": separate debug info file has no debug info
(no debugging symbols found)...done.
(no debugging symbols found)...done.
Loaded symbols for /usr/local/berkeleydb/lib64/libdb-4.6.so
Reading symbols from /lib64/libpthread.so.0...Reading symbols from /usr/lib/debug/lib64/libpthread-2.12.so.debug...done.
[Thread debugging using libthread_db enabled]
[New Thread 0x7f823ed22700 (LWP 12947)]
done.
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /usr/lib64/libsasl2.so.2...Reading symbols from /usr/lib/debug/usr/lib64/libsasl2.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/libsasl2.so.2
Reading symbols from /usr/lib64/libssl.so.10...Reading symbols from /usr/lib/debug/usr/lib64/libssl.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libssl.so.10
Reading symbols from /usr/lib64/libcrypto.so.10...Reading symbols from /usr/lib/debug/usr/lib64/libcrypto.so.1.0.0.debug...done.
done.
Loaded symbols for /usr/lib64/libcrypto.so.10
Reading symbols from /lib64/libcrypt.so.1...Reading symbols from /usr/lib/debug/lib64/libcrypt-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libresolv.so.2...Reading symbols from /usr/lib/debug/lib64/libresolv-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /usr/lib64/libltdl.so.7...Reading symbols from /usr/lib/debug/usr/lib64/libltdl.so.7.2.1.debug...done.
done.
Loaded symbols for /usr/lib64/libltdl.so.7
Reading symbols from /lib64/libc.so.6...Reading symbols from /usr/lib/debug/lib64/libc-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib64/ld-2.12.so.debug...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib64/libdl.so.2...Reading symbols from /usr/lib/debug/lib64/libdl-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libgssapi_krb5.so.2...Reading symbols from /usr/lib/debug/lib64/libgssapi_krb5.so.2.2.debug...done.
done.
Loaded symbols for /lib64/libgssapi_krb5.so.2
Reading symbols from /lib64/libkrb5.so.3...Reading symbols from /usr/lib/debug/lib64/libkrb5.so.3.3.debug...done.
done.
Loaded symbols for /lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...Reading symbols from /usr/lib/debug/lib64/libcom_err.so.2.1.debug...done.
done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /lib64/libk5crypto.so.3...Reading symbols from /usr/lib/debug/lib64/libk5crypto.so.3.1.debug...done.
done.
Loaded symbols for /lib64/libk5crypto.so.3
Reading symbols from /lib64/libz.so.1...Reading symbols from /usr/lib/debug/lib64/libz.so.1.2.3.debug...done.
done.
Loaded symbols for /lib64/libz.so.1
Reading symbols from /lib64/libfreebl3.so...Reading symbols from /usr/lib/debug/lib64/libfreebl3.so.debug...done.
done.
Loaded symbols for /lib64/libfreebl3.so
Reading symbols from /lib64/libkrb5support.so.0...Reading symbols from /usr/lib/debug/lib64/libkrb5support.so.0.1.debug...done.
done.
Loaded symbols for /lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...Reading symbols from /usr/lib/debug/lib64/libkeyutils.so.1.3.debug...done.
done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /lib64/libselinux.so.1...Reading symbols from /usr/lib/debug/lib64/libselinux.so.1.debug...done.
done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libnss_files.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_files-2.12.so.debug...done.
done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /usr/lib64/sasl2/libsasldb.so...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libsasldb.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libsasldb.so
Reading symbols from /lib64/libdb-4.7.so...Reading symbols from /usr/lib/debug/lib64/libdb-4.7.so.debug...done.
done.
Loaded symbols for /lib64/libdb-4.7.so
Reading symbols from /usr/lib64/sasl2/libanonymous.so...Reading symbols from /usr/lib/debug/usr/lib64/sasl2/libanonymous.so.2.0.23.debug...done.
done.
Loaded symbols for /usr/lib64/sasl2/libanonymous.so
0x0000003a00c0804d in pthread_join (threadid=140197376435968, thread_return=0x0) at pthread_join.c:89
89 lll_wait_tid (pd->tid);
(gdb) backtrace full
#0 0x0000003a00c0804d in pthread_join (threadid=140197376435968, thread_return=0x0) at pthread_join.c:89
__ignore = -512
_tid = 12947
_buffer = {__routine = 0x3a00c07f20 <cleanup>, __arg = 0x7f823ed22d28, __canceltype = 1053960656, __prev = 0x0}
oldtype = 0
pd = 0x7f823ed22700
self = 0x7f8281c967c0
result = 0
#1 0x000000000043a0e9 in slapd_daemon () at daemon.c:2929
i = <value optimized out>
rc = <value optimized out>
#2 0x0000000000426435 in main (argc=11, argv=<value optimized out>) at main.c:1012
i = <value optimized out>
no_detach = 0
rc = -12
urls = 0x1aad010 "ldap://*:25389 ldaps://*:25636"
username = 0x1aad080 "root"
groupname = 0x1aad0a0 "\026\065U"
sandbox = 0x0
syslogUser = 160
pid = <value optimized out>
waitfds = {9, 10}
g_argc = 11
g_argv = <value optimized out>
configfile = 0x0
configdir = 0x1aad040 "/usr/local/openldap/etc/openldap/slapd.d"
serverName = <value optimized out>
scp = <value optimized out>
scp_entry = <value optimized out>
debug_unknowns = 0x0
syslog_unknowns = 0x0
serverNamePrefix = <value optimized out>
slapd_pid_file_unlink = 1
slapd_args_file_unlink = 1
firstopt = <value optimized out>
__PRETTY_FUNCTION__ = "main"
(gdb) continue
Continuing.
[New Thread 0x7f823e521700 (LWP 11522)]
[New Thread 0x7f823dd20700 (LWP 11523)]
Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7f823e521700 (LWP 11522)]
0x0000003a00432885 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) backtrace full
#0 0x0000003a00432885 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = 0
pid = 12945
selftid = 11522
#1 0x0000003a00434065 in abort () at abort.c:92
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x5dc95e, sa_sigaction = 0x5dc95e}, sa_mask = {__val = {249113688989,
140197368029312, 0, 140197368029552, 249112713062, 206158430232, 140197368029568, 140197368029344, 249112620008,
206158430256, 140197368029600, 140197128851280, 117, 117, 0, 140736009787411}}, sa_flags = 5579917,
sa_restorer = 0x5dc857}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x0000003a0042b9fe in __assert_fail_base (fmt=<value optimized out>, assertion=0x5dc95e "!((rs->sr_err)<0)",
file=0x5dc857 "result.c", line=<value optimized out>, function=<value optimized out>) at assert.c:96
str = 0x7f8230104f50 ""
total = 4096
#3 0x0000003a0042bac0 in __assert_fail (assertion=0x5dc95e "!((rs->sr_err)<0)", file=0x5dc857 "result.c", line=813,
function=0x5dcb40 "slap_send_ldap_result") at assert.c:105
No locals.
#4 0x0000000000450bed in slap_send_ldap_result (op=0x7f8230002660, rs=0x7f823e520950) at result.c:813
tmp = 0x0
otext = 0x7f823e51f394 ""
oref = 0x0
__PRETTY_FUNCTION__ = "slap_send_ldap_result"
#5 0x000000000042d567 in config_back_modify (op=<value optimized out>, rs=<value optimized out>) at bconfig.c:5926
cfb = <value optimized out>
ce = <value optimized out>
last = 0xd00000000
ml = <value optimized out>
ca = {argc = 2, argv = 0x7f8230103ef0, argv_size = 513, line = 0x7f8230102bf0 "/dev/random", tline = 0x7f8230103ed0 "",
fname = 0x5d1f79 "slapd", lineno = 0, log = "olcTLSRandFile: value #0", '\000' <repeats 4099 times>, reply = {err = 0,
msg = '\000' <repeats 255 times>}, depth = 0, valx = -1, values = {v_int = 806375360, v_uint = 806375360,
v_long = 140197128851392, v_ulong = 140197128851392, v_ber_t = 140197128851392,
v_string = 0x7f8230104fc0 "/dev/random", v_bv = {bv_len = 140197128851392, bv_val = 0x0}, v_dn = {vdn_dn = {
bv_len = 140197128851392, bv_val = 0x0}, vdn_ndn = {bv_len = 0, bv_val = 0x0}}, v_ad = 0x7f8230104fc0},
rvalue_vals = 0x0, rvalue_nvals = 0x0, op = 0, type = 4, ca_op = 0x7f8230002660, be = 0x88e960, bi = 0x0,
ca_entry = 0x1b300d8, ca_private = 0x1b2f970, cleanup = 0x427a70 <config_tls_cleanup>, table = Cft_Global}
rdn = {bv_len = 2, bv_val = 0x1b2fe30 "cn=config"}
ptr = <value optimized out>
rad = 0x1ada450
do_pause = <value optimized out>
#6 0x000000000045745b in fe_op_modify (op=0x7f8230002660, rs=0x7f823e520950) at modify.c:303
update = <value optimized out>
repl_user = <value optimized out>
op_be = <value optimized out>
bd = 0x88e960
textbuf = "8,\000\060\202\177", '\000' <repeats 18 times>, "\003\000\000\000\000\000\000\000\020/Z\000\000\000\000\000Â7Z\000\000\000\000\000`s¬\001\000\000\000\000ð\035\000\060\202\177\000\000\200ªG\000\000\000\000\000\066¢E\000\000\000\000\000\016\000\000\000\000\000\000\000+&\000\060\202\177", '\000' <repeats 18 times>, "\v\000\000\000\000\000\000\000ð+\020\060\202\177\000\000 +\000\060\202\177\000\000\020,\020\060\202\177\000\000\000\000\000\000\000\000\000\000\200\036¯\001", '\000' <repeats 28 times>, "\237nE\000\000\000\000\000\000\bR>\202\177\000\000p\tR>\202\177\000\000\000\001\000\000\000\000\000\000`&\000\060\202\177\000\000\210&\000\060\202\177\000\000\230&"...
#7 0x0000000000457d86 in do_modify (op=0x7f8230002660, rs=0x7f823e520950) at modify.c:177
dn = {bv_len = 9, bv_val = 0x7f8230002617 "cn=config"}
textbuf = "\027)\000\060\202\177\000\000Ð+\000\060\202\177\000\000\000\060\020\000\000\000\000\000\000@\000\000\000\000\000\000\000\020\002\000\000\000\000\000\060\000\020\000\000\000\000\000\004\000\000\000\000\000\000\000 \000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\001\000\001\000\060@\000\000[\b\000\000\200\000\000\000\227\000\000\000n\001", '\000' <repeats 20 times>, "\020\000\000\000\000\000 \000\000\060\202\177\000\000\001\000\000\000\000\000\000\000°\nR>\202\177\000\000Ð'\000\060\202\177\000\000Ñ\227G\000:", '\000' <repeats 13 times>, "\020\000\000\000\000\000\001\000\000\000\000\000\000\000\031\001\\\000\000\000\000\000\000\000\020\000\000\000\000\000û\237E\000\000\000\000\000 +\000\060\202"...
tmp = <value optimized out>
#8 0x000000000043fb79 in connection_operation (ctx=0x7f823e520ab0, arg_v=0x7f8230002660) at connection.c:1155
rc = 80
cancel = <value optimized out>
op = 0x7f8230002660
rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = -12, sr_matched = 0x0, sr_text = 0x7f823e51f394 "",
---Type <return> to continue, or q <return> to quit---
sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {sru_search = {r_entry = 0x0, r_attr_flags = 0, r_operational_attrs = 0x0,
r_attrs = 0x0, r_nentries = 0, r_v2ref = 0x0}, sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0,
r_rspdata = 0x0}}, sr_flags = 0}
tag = 102
opidx = SLAP_OP_MODIFY
conn = 0x1bbad20
memctx = 0x7f8230002ba0
memctx_null = 0x0
memsiz = 1048576
__PRETTY_FUNCTION__ = "connection_operation"
#9 0x0000000000440365 in connection_read_thread (ctx=0x7f823e520ab0, argv=<value optimized out>) at connection.c:1291
rc = <value optimized out>
cri = {op = 0x7f8230002660, func = 0, arg = 0x0, ctx = 0x7f823e520ab0, nullop = <value optimized out>}
s = <value optimized out>
#10 0x0000000000595b80 in ldap_int_thread_pool_wrapper (xpool=0x1add680) at tpool.c:688
pool = 0x1add680
task = 0x7f8238000a20
work_list = <value optimized out>
ctx = {ltu_id = 140197368043264, ltu_key = {{ltk_key = 0x43e990, ltk_data = 0x7f8230002a90,
ltk_free = 0x43ea60 <conn_counter_destroy>}, {ltk_key = 0x492f40, ltk_data = 0x7f8230002ba0,
ltk_free = 0x492f60 <slap_sl_mem_destroy>}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0} <repeats 27 times>, {
ltk_key = 0x0, ltk_data = 0x3a00c07e8a, ltk_free = 0}, {ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0}, {
ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0}}}
kctx = <value optimized out>
keyslot = 936
hash = <value optimized out>
__PRETTY_FUNCTION__ = "ldap_int_thread_pool_wrapper"
#11 0x0000003a00c077f1 in start_thread (arg=0x7f823e521700) at pthread_create.c:301
__res = <value optimized out>
pd = 0x7f823e521700
now = <value optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140197368043264, -7363636271228307732, 140197376425120, 140197368043968, 0, 3,
7407127774185469676, -7369267418370066708}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
pagesize_m1 = <value optimized out>
sp = <value optimized out>
freesize = <value optimized out>
#12 0x0000003a004e5ccd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
No locals.
(gdb) continue
Continuing.
[Thread 0x7f823dd20700 (LWP 11523) exited]
[Thread 0x7f823e521700 (LWP 11522) exited]
[Thread 0x7f823ed22700 (LWP 12947) exited]
Program terminated with signal SIGABRT, Aborted.
The program no longer exists.
(gdb) quit
Regards,
Le 29/08/13, Aaron Richton <richton(a)nbcs.rutgers.edu> a écrit :
> On Thu, 29 Aug 2013, "POISSON Fr?d?ric" wrote:
>
> >Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-13.el6.x86_64 db4-4.7.25-16.el6.x86_64 glibc-2.12-1.47.el6_2.12.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6_2.1.x86_64
> >libcom_err-1.41.12-11.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 openssl-1.0.0-20.el6_2.4.x86_64 zlib-1.2.3-27.el6.x86_64
>
> Admittedly the slapd symbols are the most important and may (or may not) be sufficient, but it'd be kinder on our eyes if you followed this advice and got a fresh backtrace?
>
>
>
--
Frederic Poisson
7 years, 7 months
Q: duplicate contextCSN; remove it?
by Ulrich Windl
Hi!
When I examine my slapcat of the config database (multi-master replication), I see a duplicate contextCSN; one of them seems obsolete:
contextCSN: 20130722065709.189194Z#000000#000#000000
contextCSN: 20130729112421.079210Z#000000#001#000000
Can I remove one of those, and if so, how? I tried once, but the CSN re-appered, maybe from an other master...
Or are those expected to be there?
Regards,
Ulrich
7 years, 7 months
RE: ldapadd "ldap_bind: Invalid credentials (49)"
by Clint Petty
-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
Sent: Thursday, August 29, 2013 3:10 PM
To: Clint Petty
Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)"
--On Thursday, August 29, 2013 10:06 PM +0000 Clint Petty
<cpetty(a)luthresearch.com> wrote:
>> # /etc/init.d/slapd debug -1 -u ldap -F /usr/local/etc/openldap/slapd.d
>> # -H ldapi:///
>> slapd: [INFO] Using /etc/default/slapd for configuration
>> slapd: [INFO] Halting OpenLDAP...
>> slapd: [INFO] Can't read PID file, to stop OpenLDAP try:
>> /etc/init.d/slapd forcestop slapd: [INFO] No db_recover done
>> slapd: [INFO] Launching OpenLDAP...
>> slapd: [OK] File descriptor limit set to 1024
>> 521fc4a1 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $
>> clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/
>> servers/slapd 521fc4a1 /usr/local/openldap/etc/openldap/slapd.conf: line
>> 5: unknown directive <dn:> >outside backend info and database
>> definitions. 521fc4a1 slapd stopped.
>> 521fc4a1 connections_destroy: nothing to destroy.
> Hi Clint,
> The point is to use a ">" with the text *I* wrote, not the text you write.
> That's standard quoting of replies (as you will see my email client does
> automatically).
> In the above, you used /etc/init.d/slapd, rather than the slapd *binary*.
> The above indicates you are using an invalid slapd.conf file localted in
> /usr/local/openldap/etc/openldap. I thought you used cn=config?
> You may need to examine /etc/default/slapd to see how to fix it to use
> cn=config? etc. At this point, you may want to ask the LTB project for
> guidance on configuring their servers correctly.
> --Quanah
_________________________________________________________________
# /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:///
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /usr/local/openldap/etc/openldap/ldap.conf
ldap_init: using /usr/local/openldap/etc/openldap/ldap.conf
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
521fc7d9 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $
clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/servers/slapd
ldap_pvt_gethostbyname_a: host=ip-10-15-2-169, r=0
521fc7d9 daemon_init: ldapi:///
521fc7d9 daemon_init: listen on ldapi:///
521fc7d9 daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldapi:///)
521fc7d9 daemon: listener initialized ldapi:///
521fc7d9 daemon_init: 1 listeners opened
ldap_create
521fc7d9 slapd init: initiated server.
521fc7d9 slap_sasl_init: initialized!
521fc7d9 bdb_back_initialize: initialize BDB backend
521fc7d9 bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
521fc7d9 hdb_back_initialize: initialize HDB backend
521fc7d9 hdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007)
521fc7d9 mdb_back_initialize: initialize MDB backend
521fc7d9 mdb_back_initialize: MDB 0.9.7: (January 10, 2013)
521fc7d9 ==> translucent_initialize
521fc7d9 backend_startup_one: starting "cn=config"
521fc7d9 ldif_read_file: Permission denied for "/usr/local/etc/openldap/slapd.d/cn=config.ldif"
521fc7d9 send_ldap_result: conn=-1 op=0 p=0
521fc7d9 send_ldap_result: err=80 matched="" text="internal error (cannot read some entry file)"
521fc7d9 slapd destroy: freeing system resources.
521fc7d9 slapd stopped.
521fc7d9 connections_destroy: nothing to destroy.
#
Clint
7 years, 7 months
Re: Antw: Problems recovering my ldap db[Solved]
by Ger Hooton
I just started over with a new DB
Thanks for your help
//Ger
----------------original message-----------------
From: "Ulrich Windl" Ulrich.Windl(a)rz.uni-regensburg.de
To: ghooton(a)scins.ie
Date: Thu, 29 Aug 2013 08:07:51 +0200
-------------------------------------------------
>>>> ghooton(a)scins.ie schrieb am 28.08.2013 um 18:37 in Nachricht
> 8004e8d0438c1185f5c2c6b474f7cea0.squirrel(a)www.scins.ie :
>> Hi all, I am
>> recovering form a disaster. when I do slapcat I can see all the info
>
> Hi!
>
> I think it depends on the type of desaster: For human error or filesystem
> corruption, you must probably restore your last successful database dump. If
> the machine just crashed (and the filesystem configuration was sane), there
> shouldn't be a problem with automatic recovery (IMHO).
>
> Regards,
> Ulrich
>
>> stored in the ldap db However, when I do ldapsearch
>> I cannot see anything. When I do slapcat -l backup.ldif I get :
>> unclean shutdown
>> detected; attempting recovery
>> recovery skipped in read-only mode.
>> Run manual
>> recovery if errors are encountered
>>
>> I am using Debian 6 2.6.32-5-amd64 and :-
>> ldapsearch -VV
>> ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.23 (Dec 16 2012 11:48:21) $
>>
>> root@carillon :/tmp/buildd/openldap-2.4.23/debian/build/clients/too
>> ls
>> (LDAP library: OpenLDAP 20423)
>>
>>
>> //Ger
>
>
>
>
--
Scoil Chroí Íosa Blarney.
Blarney.
Co. Cork
7 years, 7 months