Penza Kenneth at MITA wrote:
Hi,
I am configuring an openldap 2.4.40 on RHEL7 x86_64 and want to enable database checksum. Below please find the steps I am following:
dn: olcDatabase={2}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcAccess: {0} to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=manager,dc=example,dc=com" write by * none olcAccess: {1} to dn.base="" by * read olcAccess: {2} to * by self write by dn="cn=manager,dc=example,dc=com" write by * read olcAddContentAcl: FALSE olcDatabase: {2}hdb olcDbCacheFree: 1 olcDbCacheSize: 1000 olcDbCheckpoint: 512 15 olcDbChecksum: true olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 3000 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbDirectory: /var/lib/ldap olcDbDirtyRead: FALSE olcDbDNcacheSize: 0 olcDbIDLcacheSize: 3000 olcDbIndex: cn,sn,mail pres,eq,approx,sub olcDbIndex: objectClass eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbNoSync: FALSE olcDbSearchStack: 16 olcDbShmKey: 0 olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=manager,dc=example,dc=com olcRootPW: {SSHA}C6JfIRI6XajtZcjabtSJZyi1rArPsy1j olcSuffix: dc=example,dc=com structuralObjectClass: olcHdbConfig [root@host01 mail]#
[root@host01 mail]# slapadd -v -F slapd.d -n 0 -l config.ldif added: "cn=config" (00000001) added: "cn=schema,cn=config" (00000001) added: "cn={0}core,cn=schema,cn=config" (00000001) added: "cn={1}cosine,cn=schema,cn=config" (00000001) added: "cn={2}inetorgperson,cn=schema,cn=config" (00000001) added: "cn={3}nis,cn=schema,cn=config" (00000001) added: "olcDatabase={-1}frontend,cn=config" (00000001) added: "olcDatabase={0}config,cn=config" (00000001) added: "olcDatabase={1}monitor,cn=config" (00000001) 56617865 Entry (olcDatabase={2}hdb,cn=config), attribute 'olcDbChecksum' not allowed slapadd: dn="olcDatabase={2}hdb,cn=config" (line=1079): (65) attribute 'olcDbChecksum' not allowed _#################### 100.00% eta none elapsed none fast! Closing DB... [root@host01 mail]#
From the github sources
back-bdb/config.c 78 { "checksum", NULL, 1, 2, 0, ARG_ON_OFF|ARG_MAGIC|BDB_CHECKSUM, 79 bdb_cf_gen, "( OLcfgDbAt:1.16 NAME 'olcDbChecksum' " 80 "DESC 'Enable database checksum validation' "
I tried olcDbChecksum: true, olcDbChecksum: TRUE, olcDbChecksum: 1, olcDbChecksum: ON without any success.
Do you have any ideas on how I get around this ?
Looks like the olcDbChecksum attribute is missing from the olcHdbConfig objectclass. Please file an ITS on this.