--On Monday, January 05, 2009 9:42 AM -0500 Jason Voorhees jvoorhees1@gmail.com wrote:
(Sorry if maybe I'm sending this message twice. I think I sent the first one in HTML format and I guess that format isn't allowed here).
Ok, maybe I'm missing some essential knowledge about how OpenLDAP and indexing works. This is what I'm doing (as simple as possible after too many failed tests with more complex scenarios):
- Create a new database in slapd.conf withouy any ACLs yet:
database bdb suffix dc=test,dc=com rootdn cn=manager,dc=test,dc=com rootpw {SSHA}5b3FNT6a3PrldYD/X58ghCXa7vhUOO24 directory /var/lib/ldap/test mode 600 cachesize 10000
index objectClass eq index mail eq,sub
- After stopping OpenLDAP I create the basic content of my LDAP tree
using slapadd:
# slapadd -l test.ldif -b dc=test,dc=com # cat test.ldif dn: dc=test,dc=com objectClass: domain dc: test
(all worked fine, no errors, no problems)
- Then I fix perms and ownership of database directory
(/var/lib/ldap/test):
# chown -R ldap.ldap /var/lib/ldap/test # chmod 700 /var/lib/ldap/test # chmod 600 /var/lib/ldap/test/* # ls -ld /var/lib/ldap /var/lib/ldap/test drwx------ 3 ldap ldap 4096 Dec 31 07:38 /var/lib/ldap/ drwx------ 2 ldap ldap 4096 Jan 1 10:39 /var/lib/ldap/test/
# ls -l /var/lib/ldap/test total 732 -rw------- 1 ldap ldap 2048 Jan 1 10:39 alock -rw------- 1 ldap ldap 24576 Jan 1 10:38 __db.001 -rw------- 1 ldap ldap 278528 Jan 1 10:38 __db.002 -rw------- 1 ldap ldap 270336 Jan 1 10:38 __db.003 -rw------- 1 ldap ldap 98304 Jan 1 10:38 __db.004 -rw------- 1 ldap ldap 352256 Jan 1 10:38 __db.005 -rw------- 1 ldap ldap 24576 Jan 1 10:38 __db.006 -rw------- 1 ldap ldap 8192 Jan 1 10:39 dn2id.bdb -rw------- 1 ldap ldap 32768 Jan 1 10:39 id2entry.bdb -rw------- 1 ldap ldap 10485760 Jan 1 10:39 log.0000000001 -rw------- 1 ldap ldap 8192 Jan 1 10:39 objectClass.bdb
(pay attetion, there's no mail.bdb file yet!, right?)
- Check slapd syntax, start OpenLDAP and make a test:
# slaptest -u config file testing succeeded # service ldap start # ldapsearch -xLLL -b dc=test,dc=com
(and Yes, /etc/init.d/ldap it forces slapd to run as ldap user)
- Everithing is fine. Then I try to add some content from an LDIF file:
# ldapmodify -a -x -D cn=manager,dc=test,dc=com -w secret -f test.ldif adding new entry "mail=jvoorhees1@gmail.com,dc=test,dc=com" ldap_add: Internal (implementation specific) error (80) additional info: index generation failed
# cat test.ldif dn: mail=jvoorhees1@gmail.com,dc=test,dc=com objectClass: inetOrgPerson mail: jvoorhees1@gmail.com cn: Jason Voorhees sn: Voorhees
- What happened? What am I doing wrong? I'm working with "loglevel 256"
in slapd.conf and sending local4.* logs to /var/log/ldap.log and I'm getting this error message while using ldapmodify:
Jan 1 10:51:49 ha1 slapd[26023]: @(#) $OpenLDAP: slapd 2.3.27 (Jul 9 2008 13:10:56) $ mockbuild@builder16.centos.org:/builddir/build/BUILD/openldap-2.3.27/open ldap-2.3.27/build-servers/servers/slapd Jan 1 10:51:49 ha1 slapd[26024]: bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap/test: (2) Expect poor performance for suffix dc=test,dc=com. Jan 1 10:51:49 ha1 slapd[26024]: slapd starting Jan 1 10:51:56 ha1 slapd[26024]: conn=0 fd=12 ACCEPT from IP=127.0.0.1:40112 (IP=0.0.0.0:389) Jan 1 10:51:56 ha1 slapd[26024]: conn=0 op=0 BIND dn="cn=manager,dc=test,dc=com" method=128 Jan 1 10:51:56 ha1 slapd[26024]: conn=0 op=0 BIND dn="cn=manager,dc=test,dc=com" mech=SIMPLE ssf=0 Jan 1 10:51:56 ha1 slapd[26024]: conn=0 op=0 RESULT tag=97 err=0 text= Jan 1 10:51:56 ha1 slapd[26024]: conn=0 op=1 ADD dn="mail=jvoorhees1@gmail.com,dc=test,dc=com" Jan 1 10:51:56 ha1 slapd[26024]: bdb(dc=test,dc=com): /var/lib/ldap/test/mail.bdb: Permission denied Jan 1 10:51:56 ha1 slapd[26024]: bdb_db_cache: db_open(mail) failed: Permission denied (13) Jan 1 10:51:56 ha1 slapd[26024]: bdb_index_read: Could not open DB mail Jan 1 10:51:56 ha1 slapd[26024]: conn=0 op=1 RESULT tag=105 err=80 text=index generation failed Jan 1 10:51:56 ha1 slapd[26024]: conn=0 op=2 UNBIND Jan 1 10:51:56 ha1 slapd[26024]: conn=0 fd=12 closed Jan 1 10:51:56 ha1 slapd[26024]: connection_read(12): no connection!
Why can't slapd create any index file in its database directory? Does slapd need to have index files created before it is started? Is it possible to slapd to create new index files when it is already running? Those are my essential doubts :(
- OK, according to error message I must check perms and ownership of
database files. But OMG everything is apparently fine!. Look:
# ls -ld /var/lib/ldap /var/lib/ldap/test drwx------ 3 ldap ldap 4096 Dec 31 07:38 /var/lib/ldap/ drwx------ 2 ldap ldap 4096 Jan 1 10:51 /var/lib/ldap/test/
# ls -l /var/lib/ldap/test total 752 -rw------- 1 ldap ldap 4096 Jan 1 10:51 alock -rw------- 1 ldap ldap 24576 Jan 1 10:38 __db.001 -rw------- 1 ldap ldap 278528 Jan 1 10:38 __db.002 -rw------- 1 ldap ldap 270336 Jan 1 10:38 __db.003 -rw------- 1 ldap ldap 98304 Jan 1 10:38 __db.004 -rw------- 1 ldap ldap 352256 Jan 1 10:38 __db.005 -rw------- 1 ldap ldap 24576 Jan 1 10:38 __db.006 -rw------- 1 ldap ldap 8192 Jan 1 10:51 dn2id.bdb -rw------- 1 ldap ldap 32768 Jan 1 10:39 id2entry.bdb -rw------- 1 ldap ldap 10485760 Jan 1 10:51 log.0000000001 -rw------- 1 ldap ldap 8192 Jan 1 10:51 objectClass.bdb
What else? SElinux?
# getenforce Disabled
So, what's the problem?
SO: CentOS 5.2 OpenLDAP: 2.3.27 (openldap-servers-2.3.27-8.el5_2.4.rpm) Kernel: 2.6.18-92.1.22.el5xen SElinux: disabled
The same problem occurs in an equal envinronment but with no Xen kernel. Could somebody help me? Thanks a lot
Well, other than you are using an ancient version of OpenLDAP with many known issues, which I would advise against, have you tried actually touching a file in /var/lib/ldap/test as the ldap user? I.e., that's the one test I don't see you performing, but is the first thing that comes to my mind to test.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration