And of course if I had read (and understood) the man page correctly before now, I would have realized I could easily run slapcat with the -F flag like so:
slapcat -F /var/symas/openldap-data/slapd.d/ -n0
... which works like a charm.
Not sure why it's not picking that directory up by default, but problem (mostly) solved.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, January 5th, 2022 at 10:57 AM, David White dmwhite823@protonmail.com wrote:
I'm starting a new thread on a different topic, as my current issue is veering way off topic from my original thread (c/f https://lists.openldap.org/hyperkitty/list/openldap-technical@openldap.org/t... and c/f https://lists.openldap.org/hyperkitty/list/openldap-technical@openldap.org/t...).
Thanks to Ulrich's suggestion to run slapcat -n0 with debug (-d -1). That did indeed get me some more information, but I still cannot pinpoint why slapcat keeps telling me that it "could not open database".
To recap: I'm currently running the Symas-provided openldap package v2.6, and my ultimate goal is to build a push-based proxy with syncrepl. But this thread is about the cn=config database.
As part of my troubleshooting, I found this quite old thread about the different ways to start slapd: https://openldap-technical.openldap.narkive.com/Y1yq9Qd1/can-not-modify-cn-c...
I stopped slapd with:
systemctl stop slapd
I then manually started it like so, in order to force it to use the ldif directory instead of the slapd.conf file:
/opt/symas/lib/slapd -F /var/symas/openldap-data/slapd.d/
This started right up, and I can confirm slapd is running.
I'm able to run a ldapsearch against: -b "cn=config" like so, where we see all of the various databases, frontend, and Overlays configured. I have redacted the password, and changed the domain to "example" in the following stdout. Given this information, I'm still very confused why slapcat can't open the cn=config database for its own processing. Any help on this would be appreciated.
root@ldap-provider:~# ldapsearch -x -LLL -D cn=config -W -s sub -b "cn=config" "(olcDatabase=)" '' '+' -v
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
filter: (olcDatabase=*)
requesting: * +
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcLastBind: TRUE
olcLastBindPrecision: 0
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 047a4d82-01dd-103c-8345-d3830b8ac76f
creatorsName: cn=config
createTimestamp: 20220104190525Z
entryCSN: 20220104190525.214003Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20220104190525Z
entryDN: olcDatabase={-1}frontend,cn=config
subschemaSubentry: cn=Subschema
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcLastBind: TRUE
olcLastBindPrecision: 0
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcRootPW: secret
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 047a4fda-01dd-103c-8346-d3830b8ac76f
creatorsName: cn=config
createTimestamp: 20220104190525Z
entryCSN: 20220104190525.214003Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20220104190525Z
entryDN: olcDatabase={0}config,cn=config
subschemaSubentry: cn=Subschema
dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/symas/openldap-data
olcSuffix: dc=example,dc=com
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcLastBind: TRUE
olcLastBindPrecision: 0
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: secret
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbNoSync: FALSE
olcDbIndex: objectClass eq
olcDbIndex: entryUUID eq
olcDbIndex: entryCSN eq
olcDbMaxReaders: 0
olcDbMaxSize: 10485760
olcDbMode: 0600
olcDbSearchStack: 16
olcDbMaxEntrySize: 0
olcDbRtxnSize: 10000
structuralObjectClass: olcMdbConfig
entryUUID: 047a52be-01dd-103c-8347-d3830b8ac76f
creatorsName: cn=config
createTimestamp: 20220104190525Z
entryCSN: 20220104190525.214003Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20220104190525Z
entryDN: olcDatabase={1}mdb,cn=config
subschemaSubentry: cn=Subschema
dn: olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpCheckpoint: 100 10
olcSpSessionlog: 100
structuralObjectClass: olcSyncProvConfig
entryUUID: 047a54da-01dd-103c-8348-d3830b8ac76f
creatorsName: cn=config
createTimestamp: 20220104190525Z
entryCSN: 20220104190525.214003Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20220104190525Z
entryDN: olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config
subschemaSubentry: cn=Subschema
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, January 5th, 2022 at 9:40 AM, Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
Hi!
I meant: The debug output is useless when you leave out "-n0" (the case that
doesn't work for you).
David White dmwhite823@protonmail.com schrieb am 05.01.2022 um 15:14 in
Nachricht
qn5VCvnElSb0fkpWltSUlY7hWAU=@protonmail.com>:
That's the thing.
-n0 always returns "unknown database".
Only -n1 returns data.
Thanks for the suggestion, though. :)
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, January 5th, 2022 at 8:11 AM, Ulrich Windl
Ulrich.Windl@rz.uni-regensburg.de wrote:
It seems you missed "-n0" for slapcat.