Hi,
On 28/07/2010 19:26, Kendall Gifford wrote:
Sorry for the somewhat vague email title but it is actually somewhat descriptive of a problem I'm having. I also apologize if this is the incorrect list for this question (I first subscribed to openldap-software@... but upon subscription the "welcome" message said it had been shut down and to use this list instead). I'm pretty new to the whole OpenLDAP (and LDAP in general) thing.
I'm running an old OpenLDAP server (2.2.29) in a production environment. I recently needed to add some extra schema definitions for my postfix email server (attached as postfix.schema). I edited my slapd.conf file and included my schema file, then restarted the server. All is good so far...
Skipping ahead in my story, to test things out I created the following LDIF below:
dn: mailDomain=example.com,ou=Email,dc=EXAMPLE,dc=COM mailDomain: example.com objectClass: top objectClass: mailDomainEntry mailDomainVirtual: FALSE
The "organization unit" named "Email" already existed. I then ran sladadd:
$ sudo slapadd -v -l data.ldif added: "mailDomain=example.com,ou=Email,dc=EXAMPLE,dc=COM" (0000023e)
I then ran ldapsearch to dump everything at or under my "Email" ou:
$ ldapsearch -x -b "ou=Email,dc=EXAMPLE,dc=COM"
This dumped the Email organization unit entry and nothing else. So, on a whim I re-ran the above slapadd command to retry adding a sub-entry beneath my "Email" entry. This time I got the following error:
slapadd: could not add entry dn="mailDomain=example.com,ou=Email,dc=EXAMPLE,dc=COM" (line=6): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)
So, apparently it DID get added as this says it "already exists". Hmm, so I'll try to delete it:
$ sudo ldapdelete -vx -D "cn=root,dc=EXAMPLE,dc=COM" \ -W "mailDomain=example.com,dc=EXAMPLE,dc=COM" ldap_initialize(<DEFAULT> ) Enter LDAP Password: ******** deleting entry "mailDomain=example.com,dc=EXAMPLE,dc=COM" Delete Result: No such object (32) Matched DN: dc=EXAMPLE,dc=COM
So, now it doesn't exist? "To be or not to be?" Hmm.
Anyhow, I've tried many search queries and used tools like phpLDAPadmin and JXplorer and cannot find this entry I've created/added. The only command/tool that claims it exists is slapadd when I try to add the same entry again.
I know my server version is very very old (2005-ish?) but does anyone have any ideas or recommendations (besides the obvious "save/export your data and upgrade your server" kind which isn't an immediate option).
Thanks in advance. I'm hoping I'm just doing something obviously stupid.
Well, I think you expect this answer, so I'll play the part: 2.2 is *very* old now, and you really should consider upgrading to the latest and greatest (2.4.23 at this time). Many features and bugs (including security holes) have been implemented/corrected...
But, anyway, regarding your problem. slapadd is a tool that you would usually only use to load a database offline. Certainly not just to add an entry. Don't do that. Use ldapadd instead (like you use ldapsearch and ldapdelete).
However, given the situation you're in, it's likely that after your slapadd, you just need to reindex the database. Stop slapd and run slapindex, making sure owners/permissions on the database files are identical before and after.
Hope this helps, Jonathan