So we are cooking with warm oil and I wan to the cooking with hot oil!!!!
I have been able to get upgraded 2.4.28 on open ldap. Having issue with getting a good build of 2.4.35. But that isn't the problem. Below is the log on my log from one of my consumers after starting the slapd service.
Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: loaded module back_hdb Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: module back_hdb: null module registered Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: loaded module ppolicy Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: module ppolicy: null module registered Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: loaded module memberof Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: module memberof: null module registered Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: loaded module dynlist Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: module dynlist: null module registered Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: loaded module syncprov Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: module syncprov: null module registered Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: loaded module refint Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: module refint: null module registered Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: loaded module back_ldap Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: module back_ldap: null module registered Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: Config: ** successfully added syncrepl rid=002 "ldap://tntest-ldap-master-1.oreillyauto.com" Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index objectClass 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index cn 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index uid 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index oreillyGroup 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index locationEntry 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index counterNumber 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index businessCategory 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index locationNumber 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index position 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index title 0x0214 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index givenName 0x0214 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index functionListing 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index manager 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index sn 0x0214 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index nickName 0x0214 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index employeeNumber 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index ou 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index entryUUID 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index supervisor 0x0004 Aug 7 21:36:16 tntest-ldap-2 slapd[3961]: index entryCSN 0x0004 Aug 7 21:36:17 tntest-ldap-2 slapd[3962]: slapd starting Aug 7 21:36:17 tntest-ldap-2 slapd[3962]: do_syncrep2: rid=002 LDAP_RES_SEARCH_RESULT
Here is where is stops.
Here in the ldif file from my master:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 3411e7fc dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcUpdateRef: ldap://tntest-ldap-master-1.oreillyauto.com olcsyncrepl: rid=002 provider=ldap://tntest-ldap-master-1.oreillyauto.com type=refreshAndPersist retry="10 +" searchbase="cn=config" bindmethod=simple binddn="uid=admin,dc=oreillyauto,dc=com" credentials=<password> olcAccess: to * by dn="uid=admin,dc=oreillyauto,dc=com" write by dn="uid=ldapadmin,ou=system,dc=oreillyauto,dc=com" write by * none olcRootDN: cn=admin,cn=config olcRootPW:: c2VjcmV0 structuralObjectClass: olcDatabaseConfig entryUUID: 35b75e72-93c2-1032-9ca4-711c013d2dcb creatorsName: cn=config createTimestamp: 20130807153144Z entryCSN: 20130807153144.468097Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20130807153144Z
Here is the ldif from my consumer:
dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootDN: cn=admin,cn=config olcRootPW: secret structuralObjectClass: olcDatabaseConfig olcsyncrepl: {0}rid=002 provider=ldap://tntest-ldap-master-1.oreillyauto.com type=refreshOnly retry="5 +" searchbase="cn=config" bindmethod=simple binddn="cn=admin,cn=config" credentials=<password> schemachecking=on olcAccess: to * by dn="uid=admin,dc=oreillyauto,dc=com" write by dn="uid=ldapadmin,ou=system,dc=oreillyauto,dc=com" write by * none entryUUID: f074ba7c-09ed-1030-952b-0bb60fbd91a8 creatorsName: cn=config createTimestamp: 20110503162710Z entryCSN: 20110503162710.319234Z#000000#000#000000 modifiersName: cn=config ModifyTimestamp: 20110503162710Z
logging is set to config and sync. Is the issue the maybe the entryCSN? I am wondering if I need to blow out the cn=config stuff and recreate it on the consumer It should be that hard, just take a little time. Am I headed in the right direction or am I off base.
Thank you, Eric Speake Web Systems Administrator O'Reilly Auto Parts
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
Hi,
On Wed, 7 Aug 2013, espeake@oreillyauto.com wrote:
So we are cooking with warm oil and I wan to the cooking with hot oil!!!!
I have been able to get upgraded 2.4.28 on open ldap. Having issue with getting a good build of 2.4.35. But that isn't the problem. Below is the log on my log from one of my consumers after starting the slapd service.
<snipp>
Here is where is stops.
Here in the ldif file from my master:
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 3411e7fc
use slapcat -n0 instead of copying manually the files from the slapd.d directory.
dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcUpdateRef: ldap://tntest-ldap-master-1.oreillyauto.com olcsyncrepl: rid=002 provider=ldap://tntest-ldap-master-1.oreillyauto.com type=refreshAndPersist retry="10 +" searchbase="cn=config" bindmethod=simple binddn="uid=admin,dc=oreillyauto,dc=com" credentials=<password> olcAccess: to * by dn="uid=admin,dc=oreillyauto,dc=com" write by dn="uid=ldapadmin,ou=system,dc=oreillyauto,dc=com" write by * none olcRootDN: cn=admin,cn=config olcRootPW:: c2VjcmV0 structuralObjectClass: olcDatabaseConfig entryUUID: 35b75e72-93c2-1032-9ca4-711c013d2dcb creatorsName: cn=config createTimestamp: 20130807153144Z entryCSN: 20130807153144.468097Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20130807153144Z
Here is the ldif from my consumer:
dn: olcDatabase={0}config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootDN: cn=admin,cn=config olcRootPW: secret structuralObjectClass: olcDatabaseConfig olcsyncrepl: {0}rid=002 provider=ldap://tntest-ldap-master-1.oreillyauto.com type=refreshOnly retry="5 +" searchbase="cn=config" bindmethod=simple binddn="cn=admin,cn=config" credentials=<password> schemachecking=on olcAccess: to * by dn="uid=admin,dc=oreillyauto,dc=com" write by dn="uid=ldapadmin,ou=system,dc=oreillyauto,dc=com" write by * none entryUUID: f074ba7c-09ed-1030-952b-0bb60fbd91a8 creatorsName: cn=config createTimestamp: 20110503162710Z entryCSN: 20110503162710.319234Z#000000#000#000000 modifiersName: cn=config ModifyTimestamp: 20110503162710Z
both your entryCSN have #000# for the serverID. Even though it seems you have somehow modified the configuration.
Your replication cannot work when you have not configured a serverID.
You need at least the following in your configs.
olcServerID: 1 ldap://tntest-ldap-master-1.oreillyauto.com olcServerID: 2 ldap://tntest-ldap-master-2.oreillyauto.com
Also why does the ModifyTimestamp: attribute from your second server start with a capital 'M'.
Are you still somehow manually poking at the files in slapd.d ?
Please use slapcat / slapadd with the -n0 option to export and import your configuration.
Greetings Christian
--On August 7, 2013 9:50:30 PM -0500 espeake@oreillyauto.com wrote:
So we are cooking with warm oil and I wan to the cooking with hot oil!!!!
I have been able to get upgraded 2.4.28 on open ldap. Having issue with getting a good build of 2.4.35. But that isn't the problem. Below is the log on my log from one of my consumers after starting the slapd service.
You seem to fail to understand that if you really want MMR and schema replication, then upgrading to 2.4.35 is not optional, it is required. Again, I will point you at the changes log:
http://www.openldap.org/software/release/changes.html
In addition, if you were having problems getting 2.4.35 to compile, it would have been wisest to ask for assistance from the list. At this point, it sounds most like you need the help of some professional services, such as Symas (http://www.symas.com). If you are running such a mission critical service, having a support team behind you would have resolved this for you weeks ago.
Regards, Quanah
Actually I did request help from the list in the building of a deb file since source and rpm files are the only things available. I even went through the setup instructions to get the updates done that I needed. I even tried converting an rpm with alien with no luck. Right now I am trying to figure out how I can slapcat the config and then when I slapadd it to another server as advised I get errors about invalid values for attribute types from a working server. the error is stating that the olcModuleList value is invalid from this part of the created ldif from the slapcat.
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}ppolicy olcModuleLoad: {2}memberof olcModuleLoad: {3}dynlist olcModuleLoad: {4}syncprov olcModuleLoad: {5}refint olcModuleLoad: {6}accesslog structuralObjectClass: olcModuleList
5203c44d str2entry: invalid value for attributeType objectClass #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapadd: could not parse entry (line=78)
The other error I get is this.
slapadd: dn="olcDatabase={-1}frontend,cn=config" (line=353): (64) value of single-valued naming attribute 'olcDatabase' conflicts with value present in entry
dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend olcSizeLimit: 500 structuralObjectClass: olcDatabaseConfig
I don't want to sound ungrateful for the help and education on software that I am a new user, but there are a few people offering assistance here that pretty well speak down to everyone that asks for and with a disgusted tone. We are doing this in a test environment at this point and everything that I have read says that we are on a version that accomplish what we are trying to do.
Thank you again, Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Quanah Gibson-Mount quanah@zimbra.com To: espeake@oreillyauto.com, openldap-technical@openldap.org Date: 08/08/2013 11:16 AM Subject: Re: Schema Replication and data replication. Sent by: openldap-technical-bounces@OpenLDAP.org
--On August 7, 2013 9:50:30 PM -0500 espeake@oreillyauto.com wrote:
So we are cooking with warm oil and I wan to the cooking with hot oil!!!!
I have been able to get upgraded 2.4.28 on open ldap. Having issue with getting a good build of 2.4.35. But that isn't the problem. Below is
the
log on my log from one of my consumers after starting the slapd service.
You seem to fail to understand that if you really want MMR and schema replication, then upgrading to 2.4.35 is not optional, it is required. Again, I will point you at the changes log:
http://www.openldap.org/software/release/changes.html
In addition, if you were having problems getting 2.4.35 to compile, it would have been wisest to ask for assistance from the list. At this point,
it sounds most like you need the help of some professional services, such as Symas (http://www.symas.com). If you are running such a mission critical service, having a support team behind you would have resolved this
for you weeks ago.
Regards, Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 7DDE0600A53.A3CE6
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
--On August 8, 2013 11:33:54 AM -0500 espeake@oreillyauto.com wrote:
Actually I did request help from the list in the building of a deb file since source and rpm files are the only things available. I even went through the setup instructions to get the updates done that I needed. I even tried converting an rpm with alien with no luck. Right now I am trying to figure out how I can slapcat the config and then when I slapadd it to another server as advised I get errors about invalid values for attribute types from a working server. the error is stating that the olcModuleList value is invalid from this part of the created ldif from the slapcat.
If you are on ubuntu/debian, you can trivially use apt-get to download their packaging bits for Debian, and update it for a new version of the source. However, I would still advise building from source yourself, and linking to OpenSSL rather than GnuTLS as debian does.
I don't want to sound ungrateful for the help and education on software that I am a new user, but there are a few people offering assistance here that pretty well speak down to everyone that asks for and with a disgusted tone. We are doing this in a test environment at this point and everything that I have read says that we are on a version that accomplish what we are trying to do.
I'm not quite clear what you are reading. I've pointed you at the changes list several times now. There are clearly numerous bugs fixed with sync replication since your 2.4.28 build. Here are just a few of the more obvious fixes that would have an impact on your deployment:
OpenLDAP 2.4.29 Release (2012/02/12) Fixed slapd syncrepl reference to freed memory (ITS#7127,ITS#7132) Fixed slapd syncrepl to ignore some errors on delete (ITS#7052) Fixed slapd syncrepl to handle missing oldRDN (ITS#7144) Fixed slapo-syncprov with already abandoned operation (ITS#7150)
OpenLDAP 2.4.30 Release (2012/02/29) Fixed slapd syncrepl delete handling (ITS#7052,ITS#7162) Fixed slapo-syncprov loop detection (ITS#6024)
OpenLDAP 2.4.31 Release (2012/04/21) Fixed slapd to reject MMR setups with bad serverID setting (ITS#7200) Fixed slapd schema validation with missing definitions (ITS#7224) Fixed slapd syncrepl -c with supplied CSN values (ITS#7245) Fixed slapo-syncprov sessionlog check (ITS#7218) Fixed slapo-syncprov entry leak (ITS#7234) Fixed slapo-syncprov startup initialization (ITS#7235)
OpenLDAP 2.4.32 Release (2012/07/31) Fixed slapd-bdb/hdb cache hang under high load (ITS#7222) Fixed slapo-syncprov memory leaks with sync replication (ITS#7292)
OpenLDAP 2.4.33 Release (2012/10/10) Fixed slapd syncprov to not reference ops inside a lock (ITS#7172)
OpenLDAP 2.4.34 Release (2013/03/01) Fixed slapd syncrepl for old entries in MMR setup (ITS#7427)
OpenLDAP 2.4.35 Release (2013/03/31) Fixed slapd syncrepl updateCookie status (ITS#7531)
Again, I would seriously suggest you look at professional help if you are unable to figure out how to build your own packages of OpenLDAP.
Regards, Quanah
So I have been able to build a package for ubuntu. A few questions.
I have yet to find where to set the default install directory when I run ./configure. The default is /etc/openldap and I would like to change it to /etc/ldap which is the current install directory.
I was able to install the package but the version still shows version 2.4.28. Do I need to reboot the server?
Thank you for you time. Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Quanah Gibson-Mount quanah@zimbra.com To: espeake@oreillyauto.com Cc: openldap-technical@openldap.org Date: 08/08/2013 11:50 AM Subject: Re: Schema Replication and data replication. Sent by: openldap-technical-bounces@OpenLDAP.org
--On August 8, 2013 11:33:54 AM -0500 espeake@oreillyauto.com wrote:
Actually I did request help from the list in the building of a deb file since source and rpm files are the only things available. I even went through the setup instructions to get the updates done that I needed. I even tried converting an rpm with alien with no luck. Right now I am trying to figure out how I can slapcat the config and then when I slapadd it to another server as advised I get errors about invalid values for attribute types from a working server. the error is stating that the olcModuleList value is invalid from this part of the created ldif from
the
slapcat.
If you are on ubuntu/debian, you can trivially use apt-get to download their packaging bits for Debian, and update it for a new version of the source. However, I would still advise building from source yourself, and linking to OpenSSL rather than GnuTLS as debian does.
I don't want to sound ungrateful for the help and education on software that I am a new user, but there are a few people offering assistance here that pretty well speak down to everyone that asks for and with a
disgusted
tone. We are doing this in a test environment at this point and everything that I have read says that we are on a version that accomplish what we are trying to do.
I'm not quite clear what you are reading. I've pointed you at the changes list several times now. There are clearly numerous bugs fixed with sync replication since your 2.4.28 build. Here are just a few of the more obvious fixes that would have an impact on your deployment:
OpenLDAP 2.4.29 Release (2012/02/12) Fixed slapd syncrepl reference to freed memory (ITS#7127,ITS#7132) Fixed slapd syncrepl to ignore some errors on delete (ITS#7052) Fixed slapd syncrepl to handle missing oldRDN (ITS#7144) Fixed slapo-syncprov with already abandoned operation (ITS#7150)
OpenLDAP 2.4.30 Release (2012/02/29) Fixed slapd syncrepl delete handling (ITS#7052,ITS#7162) Fixed slapo-syncprov loop detection (ITS#6024)
OpenLDAP 2.4.31 Release (2012/04/21) Fixed slapd to reject MMR setups with bad serverID setting (ITS#7200) Fixed slapd schema validation with missing definitions (ITS#7224) Fixed slapd syncrepl -c with supplied CSN values (ITS#7245) Fixed slapo-syncprov sessionlog check (ITS#7218) Fixed slapo-syncprov entry leak (ITS#7234) Fixed slapo-syncprov startup initialization (ITS#7235)
OpenLDAP 2.4.32 Release (2012/07/31) Fixed slapd-bdb/hdb cache hang under high load (ITS#7222) Fixed slapo-syncprov memory leaks with sync replication (ITS#7292)
OpenLDAP 2.4.33 Release (2012/10/10) Fixed slapd syncprov to not reference ops inside a lock (ITS#7172)
OpenLDAP 2.4.34 Release (2013/03/01) Fixed slapd syncrepl for old entries in MMR setup (ITS#7427)
OpenLDAP 2.4.35 Release (2013/03/31) Fixed slapd syncrepl updateCookie status (ITS#7531)
Again, I would seriously suggest you look at professional help if you are unable to figure out how to build your own packages of OpenLDAP.
Regards, Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 5604A600A4C.A2F0E
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
--On August 9, 2013 9:07:06 AM -0500 espeake@oreillyauto.com wrote:
So I have been able to build a package for ubuntu. A few questions.
I have yet to find where to set the default install directory when I run ./configure. The default is /etc/openldap and I would like to change it to /etc/ldap which is the current install directory.
I was able to install the package but the version still shows version 2.4.28. Do I need to reboot the server?
Hi,
First, you do not want to physically replace the distro provided OpenLDAP. You want your build to install somewhere else, so that you don't overwrite the distribution libldap, etc. If you do that, you may have a number of issues with other software programs that were linked to them.
Second, the best course would be to simply slapcat your existing config, and re-import it to a location specific to you, so that OS updates/upgrades don't potentially wipe out your configuration.
I.e., you should isolate your production instance from the OS.
Additionally, I would note the -F option to slapd, etc. See the related manual pages.
Hope this helps!
--Quanah
So I have installed openldap 2.4.35 and it shows in the dpkg -l list. From the master that is running I ran:
slapcat -n0 -F /etc/ldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
on my server that I have ran the update on and the server that I have not run the update on I run the following command:
slapadd -n0 -F /etc/openldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
On both servers I get the following error:
str2entry: invalid value for attributeType objectClass #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38)
Here that section of the ldif file created by the slapcat command:
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_hdb olcModuleLoad: {1}ppolicy olcModuleLoad: {2}memberof olcModuleLoad: {3}dynlist olcModuleLoad: {4}syncprov olcModuleLoad: {5}refint olcModuleLoad: {6}accesslog structuralObjectClass: olcModuleList entryUUID: 35b6151c-93c2-1032-9c9a-711c013d2dcb creatorsName: cn=config createTimestamp: 20130807153144Z entryCSN: 20130807153144.459666Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20130807153144Z
Am I just missing something simple? Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Quanah Gibson-Mount quanah@zimbra.com To: espeake@oreillyauto.com Cc: openldap-technical@openldap.org Date: 08/09/2013 11:11 AM Subject: Re: Schema Replication and data replication. Sent by: openldap-technical-bounces@OpenLDAP.org
--On August 9, 2013 9:07:06 AM -0500 espeake@oreillyauto.com wrote:
So I have been able to build a package for ubuntu. A few questions.
I have yet to find where to set the default install directory when I run ./configure. The default is /etc/openldap and I would like to change it to /etc/ldap which is the current install directory.
I was able to install the package but the version still shows version 2.4.28. Do I need to reboot the server?
Hi,
First, you do not want to physically replace the distro provided OpenLDAP. You want your build to install somewhere else, so that you don't overwrite the distribution libldap, etc. If you do that, you may have a number of issues with other software programs that were linked to them.
Second, the best course would be to simply slapcat your existing config, and re-import it to a location specific to you, so that OS updates/upgrades
don't potentially wipe out your configuration.
I.e., you should isolate your production instance from the OS.
Additionally, I would note the -F option to slapd, etc. See the related manual pages.
Hope this helps!
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 98FA5600A42.AF8AA
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
--On August 9, 2013 12:55:17 PM -0500 espeake@oreillyauto.com wrote:
So I have installed openldap 2.4.35 and it shows in the dpkg -l list. From the master that is running I ran:
slapcat -n0 -F /etc/ldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
on my server that I have ran the update on and the server that I have not run the update on I run the following command:
slapadd -n0 -F /etc/openldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
On both servers I get the following error:
str2entry: invalid value for attributeType objectClass #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38)
You've left out some of the error message. I'm also not clear why you think it is the Module load section generating the error. And it still looks like from your cn=config db that you are trying to use/load the system supplied OpenLDAP, not your own build, assuming you've correctly set it to *not* overwrite the system packages.
I.e., olcModulePath: /usr/lib/ldap
would clearly be loading from the system build, not your build, etc.
--Quanah
I understand what your are pointing in the location of the where the modules are being loaded. The only modules that I find on the system like back_hdb are found at usr/lib/ldap. I have done a find on the entire system and find no other module files. The date on all of the files is June 20th @14:36. Including the mappings/links.
I did not change any defaults and performed just the most basic of builds of the deb package. I'm not sure where to put it to at this point.
Thanks Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Quanah Gibson-Mount quanah@zimbra.com To: espeake@oreillyauto.com Cc: openldap-technical@openldap.org Date: 08/09/2013 05:55 PM Subject: Re: Schema Replication and data replication.
--On August 9, 2013 12:55:17 PM -0500 espeake@oreillyauto.com wrote:
So I have installed openldap 2.4.35 and it shows in the dpkg -l list. From the master that is running I ran:
slapcat -n0 -F /etc/ldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
on my server that I have ran the update on and the server that I have
not
run the update on I run the following command:
slapadd -n0 -F /etc/openldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
On both servers I get the following error:
str2entry: invalid value for attributeType objectClass #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38)
You've left out some of the error message. I'm also not clear why you think it is the Module load section generating the error. And it still looks like from your cn=config db that you are trying to use/load the system supplied OpenLDAP, not your own build, assuming you've correctly set
it to *not* overwrite the system packages.
I.e., olcModulePath: /usr/lib/ldap
would clearly be loading from the system build, not your build, etc.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 7E2A0600847.AC52C
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
--On Monday, August 12, 2013 10:56 AM -0500 espeake@oreillyauto.com wrote:
I understand what your are pointing in the location of the where the modules are being loaded. The only modules that I find on the system like back_hdb are found at usr/lib/ldap. I have done a find on the entire system and find no other module files. The date on all of the files is June 20th @14:36. Including the mappings/links.
I did not change any defaults and performed just the most basic of builds of the deb package. I'm not sure where to put it to at this point.
Well, I have no idea what options you used to configure. But if you don't build modules, then there won't be any to install. The fact that your slapd is still reporting 2.4.28 would also indicate you've not yet actually installed your build anywhere.
For example, I have:
--enable-dynamic \ --enable-slapd \ --enable-modules \ --enable-backends=mod \ --disable-shell \ --disable-sql \ --disable-bdb \ --disable-ndb \ --enable-overlays=mod \
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
I will try this in deb build app. I tried making changes in this and it did not like the build. We do not use sql but we do use hdb and the other options you have listed there.
I'll let you know what happens.
Thanks, Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Quanah Gibson-Mount quanah@zimbra.com To: espeake@oreillyauto.com Cc: openldap-technical@openldap.org Date: 08/12/2013 11:58 AM Subject: Re: Schema Replication and data replication.
--On Monday, August 12, 2013 10:56 AM -0500 espeake@oreillyauto.com wrote:
I understand what your are pointing in the location of the where the modules are being loaded. The only modules that I find on the system
like
back_hdb are found at usr/lib/ldap. I have done a find on the entire system and find no other module files. The date on all of the files is June 20th @14:36. Including the mappings/links.
I did not change any defaults and performed just the most basic of builds of the deb package. I'm not sure where to put it to at this point.
Well, I have no idea what options you used to configure. But if you don't build modules, then there won't be any to install. The fact that your slapd is still reporting 2.4.28 would also indicate you've not yet actually
installed your build anywhere.
For example, I have:
--enable-dynamic \ --enable-slapd \ --enable-modules \ --enable-backends=mod \ --disable-shell \ --disable-sql \ --disable-bdb \ --disable-ndb \ --enable-overlays=mod \
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 392C5600A4C.ACD4E
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
Hi,
On Mon, 12 Aug 2013, espeake@oreillyauto.com wrote:
I understand what your are pointing in the location of the where the modules are being loaded. The only modules that I find on the system like back_hdb are found at usr/lib/ldap. I have done a find on the entire system and find no other module files. The date on all of the files is June 20th @14:36. Including the mappings/links.
I did not change any defaults and performed just the most basic of builds of the deb package. I'm not sure where to put it to at this point.
it's quite possible that you built a statically linked slapd completely without modules. You need something like '--enable-mdb=mod' in your configure args for every feature you want as a module.
I use following in my centos rpm spec file:
%configure --with-threads=posix --enable-local --with-tls=openssl --prefix=%{_prefix} \ --includedir=%{_includedir} \ --libexecdir=%{_libdir} \ --enable-dynamic \ --enable-syslog \ --enable-proctitle \ --enable-ipv6 \ --enable-local \ --enable-slapd \ --enable-dynacl \ --enable-aci \ --enable-cleartext \ --enable-crypt \ --enable-lmpasswd \ --enable-spasswd \ --enable-modules \ --enable-rewrite \ --enable-rlookups \ --enable-wrappers \ --enable-cleartext \ --enable-crypt \ --enable-lmpasswd \ --enable-spasswd \ --disable-bdb \ --enable-hdb=mod \ --enable-ldap=mod \ --enable-mdb=mod \ --enable-monitor=mod \ --enable-overlays=mod \ --enable-accesslog=mod \ --enable-auditlog=mod \ --enable-memberof=mod \ --enable-ppolicy=mod \ --enable-syncprov=mod \ --enable-translucent=mod make depend
It really depends on what debian package you took as a starting point.
I am not sure how openldap would react if you built it completely without dynamic modules.
Greetings Christian
Thanks Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Quanah Gibson-Mount quanah@zimbra.com To: espeake@oreillyauto.com Cc: openldap-technical@openldap.org Date: 08/09/2013 05:55 PM Subject: Re: Schema Replication and data replication.
--On August 9, 2013 12:55:17 PM -0500 espeake@oreillyauto.com wrote:
So I have installed openldap 2.4.35 and it shows in the dpkg -l list. From the master that is running I ran:
slapcat -n0 -F /etc/ldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
on my server that I have ran the update on and the server that I have
not
run the update on I run the following command:
slapadd -n0 -F /etc/openldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
On both servers I get the following error:
str2entry: invalid value for attributeType objectClass #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38)
You've left out some of the error message. I'm also not clear why you think it is the Module load section generating the error. And it still looks like from your cn=config db that you are trying to use/load the system supplied OpenLDAP, not your own build, assuming you've correctly set
it to *not* overwrite the system packages.
I.e., olcModulePath: /usr/lib/ldap
would clearly be loading from the system build, not your build, etc.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 7E2A0600847.AC52C
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS ? 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
Christian,
Thanks for the reply. It doesn't do well without the options configured. The issue I am dealing with right now is formatting the rules file be able to modify the ./configure command. trying to google the error messages I get so I can get the formatting correct in the file.
Thanks, Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Christian Kratzer ck-lists@cksoft.de To: espeake@oreillyauto.com Cc: Quanah Gibson-Mount quanah@zimbra.com, openldap-technical@openldap.org Date: 08/12/2013 02:18 PM Subject: Re: Schema Replication and data replication.
Hi,
On Mon, 12 Aug 2013, espeake@oreillyauto.com wrote:
I understand what your are pointing in the location of the where the modules are being loaded. The only modules that I find on the system
like
back_hdb are found at usr/lib/ldap. I have done a find on the entire system and find no other module files. The date on all of the files is June 20th @14:36. Including the mappings/links.
I did not change any defaults and performed just the most basic of builds of the deb package. I'm not sure where to put it to at this point.
it's quite possible that you built a statically linked slapd completely without modules. You need something like '--enable-mdb=mod' in your configure args for every feature you want as a module.
I use following in my centos rpm spec file:
%configure --with-threads=posix --enable-local --with-tls=openssl --prefix=%{_prefix} \ --includedir=%{_includedir} \ --libexecdir=%{_libdir} \ --enable-dynamic \ --enable-syslog \ --enable-proctitle \ --enable-ipv6 \ --enable-local \ --enable-slapd \ --enable-dynacl \ --enable-aci \ --enable-cleartext \ --enable-crypt \ --enable-lmpasswd \ --enable-spasswd \ --enable-modules \ --enable-rewrite \ --enable-rlookups \ --enable-wrappers \ --enable-cleartext \ --enable-crypt \ --enable-lmpasswd \ --enable-spasswd \ --disable-bdb \ --enable-hdb=mod \ --enable-ldap=mod \ --enable-mdb=mod \ --enable-monitor=mod \ --enable-overlays=mod \ --enable-accesslog=mod \ --enable-auditlog=mod \ --enable-memberof=mod \ --enable-ppolicy=mod \ --enable-syncprov=mod \ --enable-translucent=mod make depend
It really depends on what debian package you took as a starting point.
I am not sure how openldap would react if you built it completely without dynamic modules.
Greetings Christian
Thanks Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Quanah Gibson-Mount quanah@zimbra.com To: espeake@oreillyauto.com Cc: openldap-technical@openldap.org Date: 08/09/2013 05:55 PM Subject: Re: Schema Replication and data replication.
--On August 9, 2013 12:55:17 PM -0500 espeake@oreillyauto.com wrote:
So I have installed openldap 2.4.35 and it shows in the dpkg -l list. From the master that is running I ran:
slapcat -n0 -F /etc/ldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
on my server that I have ran the update on and the server that I have
not
run the update on I run the following command:
slapadd -n0 -F /etc/openldap/slapd.d -l /mnt/downloads/ldap/config-20130809-3.ldif
On both servers I get the following error:
str2entry: invalid value for attributeType objectClass #0 (syntax 1.3.6.1.4.1.1466.115.121.1.38)
You've left out some of the error message. I'm also not clear why you think it is the Module load section generating the error. And it still looks like from your cn=config db that you are trying to use/load the system supplied OpenLDAP, not your own build, assuming you've correctly
set
it to *not* overwrite the system packages.
I.e., olcModulePath: /usr/lib/ldap
would clearly be loading from the system build, not your build, etc.
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 7E2A0600847.AC52C
This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS ? 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
-- Christian Kratzer CK Software GmbH Email: ck@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 1656C600D5E.AFE30
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
Hi Eric,
On Mon, 12 Aug 2013, espeake@oreillyauto.com wrote:
Christian,
Thanks for the reply. It doesn't do well without the options configured. The issue I am dealing with right now is formatting the rules file be able to modify the ./configure command. trying to google the error messages I get so I can get the formatting correct in the file.
as I told you previously, considering that you need to get several things right it might be a good idea to start fresh and build from source.
1. setup a fresh vm in a virtualisation setup of your choice 2. check that there is no openldap server package installed 3. build from source to keep it simple
Alternatively change to an OS for which there are prepackages current openldap packages available.
Greetings Christian
I am building my package from fresh source code from openldap.org. Changing OS is not going to be an option here. Once I get the formatting of the rules file straight I think everything should work. Right now it fails due to the format of the rules file. An I think I found the issue. Crossing my fingers for this next shot at the build. Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Christian Kratzer ck-lists@cksoft.de To: espeake@oreillyauto.com Cc: openldap-technical@openldap.org, Quanah Gibson-Mount quanah@zimbra.com Date: 08/12/2013 02:32 PM Subject: Re: Schema Replication and data replication.
Hi Eric,
On Mon, 12 Aug 2013, espeake@oreillyauto.com wrote:
Christian,
Thanks for the reply. It doesn't do well without the options configured. The issue I am dealing with right now is formatting the rules file be
able
to modify the ./configure command. trying to google the error messages I get so I can get the formatting correct in the file.
as I told you previously, considering that you need to get several things right it might be a good idea to start fresh and build from source.
1. setup a fresh vm in a virtualisation setup of your choice 2. check that there is no openldap server package installed 3. build from source to keep it simple
Alternatively change to an OS for which there are prepackages current openldap packages available.
Greetings Christian
-- Christian Kratzer CK Software GmbH Email: ck@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: DBDF36009F0.A2920
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
Hi,
On Mon, 12 Aug 2013, espeake@oreillyauto.com wrote:
I am building my package from fresh source code from openldap.org. Changing OS is not going to be an option here. Once I get the formatting of the rules file straight I think everything should work. Right now it fails due to the format of the rules file. An I think I found the issue. Crossing my fingers for this next shot at the build.
well if you are determined to do it your way I'll keep my thumbs pressed.
But be prepared for a steep learning curve.
Greetings Christian
Eric Speake Web Systems Administrator O'Reilly Auto Parts
From: Christian Kratzer ck-lists@cksoft.de To: espeake@oreillyauto.com Cc: openldap-technical@openldap.org, Quanah Gibson-Mount quanah@zimbra.com Date: 08/12/2013 02:32 PM Subject: Re: Schema Replication and data replication.
Hi Eric,
On Mon, 12 Aug 2013, espeake@oreillyauto.com wrote:
Christian,
Thanks for the reply. It doesn't do well without the options configured. The issue I am dealing with right now is formatting the rules file be
able
to modify the ./configure command. trying to google the error messages I get so I can get the formatting correct in the file.
as I told you previously, considering that you need to get several things right it might be a good idea to start fresh and build from source.
- setup a fresh vm in a virtualisation setup of your choice
- check that there is no openldap server package installed
- build from source to keep it simple
Alternatively change to an OS for which there are prepackages current openldap packages available.
Greetings Christian
-- Christian Kratzer CK Software GmbH Email: ck@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: DBDF36009F0.A2920
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS ? 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
openldap-technical@openldap.org
-
Christian Kratzer -
espeake@oreillyauto.com -
Quanah Gibson-Mount