unable to add DB DIT , getting value #0 invalid per syntax error
command used : ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif
below is the content of "create_sns_db.ldif" file
dn: olcDatabase=mdb,cn=config objectClass: olcMdbConfig olcDatabase: mdb olcDbMaxSize: 1073741824 olcSuffix: dc=smartsan olcDbDirectory: /usr/local/var/openldap-data/sns_db olcRootDN: cn=admin,dc=smartsan olcRootPW: secret2 olcDbIndex: objectClass eq
below is the debug output for the ldapadd command used:
#ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif -d 255 ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 4 tm: -1 async: 0 attempting to connect: connect success ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7f1aa9d18010 ptr=0x7f1aa9d18010 end=0x7f1aa9d1802d len=29 0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c 0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret ber_scanf fmt ({i) ber: ber_dump: buf=0x7f1aa9d18010 ptr=0x7f1aa9d18015 end=0x7f1aa9d1802d len=24 0000: 60 16 02 01 03 04 09 63 6e 3d 63 6f 6e 66 69 67 `......cn=config 0010: 80 06 73 65 63 72 65 74 ..secret ber_flush2: 29 bytes to sd 4 0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c 0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret ldap_write: want=29, written=29 0000: 30 1b 02 01 01 60 16 02 01 03 04 09 63 6e 3d 63 0....`......cn=c 0010: 6f 6e 66 69 67 80 06 73 65 63 72 65 74 onfig..secret ldap_result ld 0x7f1aaa121dc0 msgid 1 wait4msg ld 0x7f1aaa121dc0 msgid 1 (infinite timeout) wait4msg continue ld 0x7f1aaa121dc0 msgid 1 all 1 ** ld 0x7f1aaa121dc0 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Tue May 25 05:42:41 2021
** ld 0x7f1aaa121dc0 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7f1aaa121dc0 request count 1 (abandoned 0) ** ld 0x7f1aaa121dc0 Response Queue: Empty ld 0x7f1aaa121dc0 response count 0 ldap_chkResponseList ld 0x7f1aaa121dc0 msgid 1 all 1 ldap_chkResponseList returns ld 0x7f1aaa121dc0 NULL ldap_int_select read1msg: ld 0x7f1aaa121dc0 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 61 07 0a 0....a.. ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ...... ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b10 end=0x7f1aaa048b1c len=12 0000: 02 01 01 61 07 0a 01 00 04 00 04 00 ...a........ read1msg: ld 0x7f1aaa121dc0 msgid 1 message type bind ber_scanf fmt ({eAA) ber: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b13 end=0x7f1aaa048b1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ read1msg: ld 0x7f1aaa121dc0 0 new referrals read1msg: mark request completed, ld 0x7f1aaa121dc0 msgid 1 request done: ld 0x7f1aaa121dc0 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b13 end=0x7f1aaa048b1c len=9 0000: 61 07 0a 01 00 04 00 04 00 a........ ber_scanf fmt (}) ber: ber_dump: buf=0x7f1aaa048b10 ptr=0x7f1aaa048b1c end=0x7f1aaa048b1c len=0
ldap_msgfree adding new entry "olcDatabase=mdb,cn=config" ldap_add_ext ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7f1aa9d18020 ptr=0x7f1aa9d18020 end=0x7f1aa9d18148 len=296 0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc 0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn= 0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj 0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM 0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD 0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0. 0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1. 0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240... 0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc= 0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD 00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v 00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap- 00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o 00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a 00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan 00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1.. 0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD 0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object 0120: 43 6c 61 73 73 20 65 71 Class eq ber_scanf fmt ({) ber: ber_dump: buf=0x7f1aa9d18020 ptr=0x7f1aa9d18027 end=0x7f1aa9d18148 len=289 0000: 68 82 01 1d 04 19 6f 6c 63 44 61 74 61 62 61 73 h.....olcDatabas 0010: 65 3d 6d 64 62 2c 63 6e 3d 63 6f 6e 66 69 67 30 e=mdb,cn=config0 0020: 81 ff 30 1d 04 0b 6f 62 6a 65 63 74 43 6c 61 73 ..0...objectClas 0030: 73 31 0e 04 0c 6f 6c 63 4d 64 62 43 6f 6e 66 69 s1...olcMdbConfi 0040: 67 30 14 04 0b 6f 6c 63 44 61 74 61 62 61 73 65 g0...olcDatabase 0050: 31 05 04 03 6d 64 62 30 1c 04 0c 6f 6c 63 44 62 1...mdb0...olcDb 0060: 4d 61 78 53 69 7a 65 31 0c 04 0a 31 30 37 33 37 MaxSize1...10737 0070: 34 31 38 32 34 30 1a 04 09 6f 6c 63 53 75 66 66 418240...olcSuff 0080: 69 78 31 0d 04 0b 64 63 3d 73 6d 61 72 74 73 61 ix1...dc=smartsa 0090: 6e 30 31 04 0e 6f 6c 63 44 62 44 69 72 65 63 74 n01..olcDbDirect 00a0: 6f 72 79 31 1f 04 1d 2f 76 61 72 2f 6c 69 62 2f ory1.../var/lib/ 00b0: 6f 70 65 6e 6c 64 61 70 2d 64 61 74 61 2f 73 6e openldap-data/sn 00c0: 73 5f 64 62 30 23 04 09 6f 6c 63 52 6f 6f 74 44 s_db0#..olcRootD 00d0: 4e 31 16 04 14 63 6e 3d 61 64 6d 69 6e 2c 64 63 N1...cn=admin,dc 00e0: 3d 73 6d 61 72 74 73 61 6e 30 16 04 09 6f 6c 63 =smartsan0...olc 00f0: 52 6f 6f 74 50 57 31 09 04 07 73 65 63 72 65 74 RootPW1...secret 0100: 32 30 1e 04 0a 6f 6c 63 44 62 49 6e 64 65 78 31 20...olcDbIndex1 0110: 10 04 0e 6f 62 6a 65 63 74 43 6c 61 73 73 20 65 ...objectClass e 0120: 71 q ber_flush2: 296 bytes to sd 4 0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc 0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn= 0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj 0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM 0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD 0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0. 0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1. 0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240... 0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc= 0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD 00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v 00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap- 00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o 00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a 00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan 00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1.. 0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD 0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object 0120: 43 6c 61 73 73 20 65 71 Class eq ldap_write: want=296, written=296 0000: 30 82 01 24 02 01 02 68 82 01 1d 04 19 6f 6c 63 0..$...h.....olc 0010: 44 61 74 61 62 61 73 65 3d 6d 64 62 2c 63 6e 3d Database=mdb,cn= 0020: 63 6f 6e 66 69 67 30 81 ff 30 1d 04 0b 6f 62 6a config0..0...obj 0030: 65 63 74 43 6c 61 73 73 31 0e 04 0c 6f 6c 63 4d ectClass1...olcM 0040: 64 62 43 6f 6e 66 69 67 30 14 04 0b 6f 6c 63 44 dbConfig0...olcD 0050: 61 74 61 62 61 73 65 31 05 04 03 6d 64 62 30 1c atabase1...mdb0. 0060: 04 0c 6f 6c 63 44 62 4d 61 78 53 69 7a 65 31 0c ..olcDbMaxSize1. 0070: 04 0a 31 30 37 33 37 34 31 38 32 34 30 1a 04 09 ..10737418240... 0080: 6f 6c 63 53 75 66 66 69 78 31 0d 04 0b 64 63 3d olcSuffix1...dc= 0090: 73 6d 61 72 74 73 61 6e 30 31 04 0e 6f 6c 63 44 smartsan01..olcD 00a0: 62 44 69 72 65 63 74 6f 72 79 31 1f 04 1d 2f 76 bDirectory1.../v 00b0: 61 72 2f 6c 69 62 2f 6f 70 65 6e 6c 64 61 70 2d ar/lib/openldap- 00c0: 64 61 74 61 2f 73 6e 73 5f 64 62 30 23 04 09 6f data/sns_db0#..o 00d0: 6c 63 52 6f 6f 74 44 4e 31 16 04 14 63 6e 3d 61 lcRootDN1...cn=a 00e0: 64 6d 69 6e 2c 64 63 3d 73 6d 61 72 74 73 61 6e dmin,dc=smartsan 00f0: 30 16 04 09 6f 6c 63 52 6f 6f 74 50 57 31 09 04 0...olcRootPW1.. 0100: 07 73 65 63 72 65 74 32 30 1e 04 0a 6f 6c 63 44 .secret20...olcD 0110: 62 49 6e 64 65 78 31 10 04 0e 6f 62 6a 65 63 74 bIndex1...object 0120: 43 6c 61 73 73 20 65 71 Class eq ldap_result ld 0x7f1aaa121dc0 msgid 2 wait4msg ld 0x7f1aaa121dc0 msgid 2 (timeout 100000 usec) wait4msg continue ld 0x7f1aaa121dc0 msgid 2 all 1 ** ld 0x7f1aaa121dc0 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Tue May 25 05:42:41 2021
** ld 0x7f1aaa121dc0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x7f1aaa121dc0 request count 1 (abandoned 0) ** ld 0x7f1aaa121dc0 Response Queue: Empty ld 0x7f1aaa121dc0 response count 0 ldap_chkResponseList ld 0x7f1aaa121dc0 msgid 2 all 1 ldap_chkResponseList returns ld 0x7f1aaa121dc0 NULL ldap_int_select read1msg: ld 0x7f1aaa121dc0 msgid 2 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 34 02 01 02 69 2f 0a 04...i/. ldap_read: want=46, got=46 0000: 01 15 04 00 04 28 6f 62 6a 65 63 74 43 6c 61 73 .....(objectClas 0010: 73 3a 20 76 61 6c 75 65 20 23 30 20 69 6e 76 61 s: value #0 inva 0020: 6c 69 64 20 70 65 72 20 73 79 6e 74 61 78 lid per syntax ber_get_next: tag 0x30 len 52 contents: ber_dump: buf=0x565118724fb0 ptr=0x565118724fb0 end=0x565118724fe4 len=52 0000: 02 01 02 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 ...i/......(obje 0010: 63 74 43 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 ctClass: value # 0020: 30 20 69 6e 76 61 6c 69 64 20 70 65 72 20 73 79 0 invalid per sy 0030: 6e 74 61 78 ntax read1msg: ld 0x7f1aaa121dc0 msgid 2 message type add ber_scanf fmt ({eAA) ber: ber_dump: buf=0x565118724fb0 ptr=0x565118724fb3 end=0x565118724fe4 len=49 0000: 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 63 74 43 i/......(objectC 0010: 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 30 20 69 lass: value #0 i 0020: 6e 76 61 6c 69 64 20 70 65 72 20 73 79 6e 74 61 nvalid per synta 0030: 78 x read1msg: ld 0x7f1aaa121dc0 0 new referrals read1msg: mark request completed, ld 0x7f1aaa121dc0 msgid 2 request done: ld 0x7f1aaa121dc0 msgid 2 res_errno: 21, res_error: <objectClass: value #0 invalid per syntax>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_dump: buf=0x565118724fb0 ptr=0x565118724fb3 end=0x565118724fe4 len=49 0000: 69 2f 0a 01 15 04 00 04 28 6f 62 6a 65 63 74 43 i/......(objectC 0010: 6c 61 73 73 3a 20 76 61 6c 75 65 20 23 30 20 69 lass: value #0 i 0020: 6e 76 61 6c 69 64 20 70 65 72 20 73 79 6e 74 61 nvalid per synta 0030: 78 x ber_scanf fmt (}) ber: ber_dump: buf=0x565118724fb0 ptr=0x565118724fe4 end=0x565118724fe4 len=0
ldap_msgfree ldap_err2string ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 4 0000: 30 05 02 01 03 42 00 0....B. ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B. ldap_free_connection: actually freed
Note: i have manually typed the contents of the ldif file to make sure no extra characters are there.
--On Wednesday, May 26, 2021 8:58 AM +0000 govid govind.rathod@hpe.com wrote:
Hello,
This was already answered in the bug report you filed -- It appears you haven't actually loaded the MDB backend in your configuration.
Additionally, supplying the debug output of the *client* is rather useless when it's the *server* that's doing the validation of the configuration and generating the error.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hi, I am trying to do this in Apline OS. the same command "ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif" works fine in centos but fails in Alpine. content of create_sns_db.ldif is: dn: olcDatabase=mdb,cn=config objectClass: olcMdbConfig olcDatabase: mdb olcDbMaxSize: 1073741824 olcSuffix: dc=smartsan olcDbDirectory: /usr/local/var/openldap-data/sns_db olcRootDN: cn=admin,dc=smartsan olcRootPW: secret2 olcDbIndex: objectClass eq
*************************************************************************************************
content of slapd.conf file in working OS (centos) is as below: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_mdb.la # moduleload back_ldap.la
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # MDB database definitions #######################################################################
database mdb maxsize 1073741824 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq
both files have same contents except default openldap paths, the slapd.conf filefor Alpine OS is below:
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/nis.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/lib/run/slapd.pid argsfile /var/lib/run/slapd.args
# Load dynamic backend modules: #modulepath /usr/lib/openldap #moduleload back_mdb.la #moduleload back_ldap.la
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # MDB database definitions ####################################################################### #
database mdb maxsize 1073741824 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq
--On Thursday, June 3, 2021 5:04 AM +0000 govid govind.rathod@hpe.com wrote:
Looks like you failed to moduleload back_mdb.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hi,
Thanks for your suggestion. was able to load backend modules after adding following lines to slapd.conf file
# Load dynamic backend modules: modulepath /usr/lib/openldap #moduleload back_mdb.la #moduleload back_ldap.la moduleload back_mdb moduleload back_ldap
After making this change, my slaptest passed which was failing earlier.
/opt/hpe/nns/NVME-OF-Server/open-ldap/initial_config # slaptest -f /etc/openldap/slapd.conf -F /etc/ldap/sns/slapd.d -d 256 -u config file testing succeeded /opt/hpe/nns/NVME-OF-Server/open-ldap/initial_config #
but the original issue still persists, as below:
/opt/hpe/nns/NVME-OF-Server/open-ldap/initial_config # ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif adding new entry "olcDatabase=mdb,cn=config" ldap_add: Invalid syntax (21) additional info: objectClass: value #0 invalid per syntax
/opt/hpe/nns/NVME-OF-Server/open-ldap/initial_config #
--On Friday, June 4, 2021 4:20 AM +0000 govid govind.rathod@hpe.com wrote:
Then the value in the LDIF you are loading is invalid. This often is seen if there is a character such as a trailing space after the objectClass name, etc.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Today i tried to see what is the difference in working Centos and Alpine container:
1> Verified that the ldif file used to add is correct, no spaces or extra characters there. 2> When compared the debug output for slapadd of centos and Alpine i see that in centos back_mdb is initialized but in Alpine back_mdb is not initialized
then the ldap add command "ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif" is working in centos and fails in Alpine. This behavior makes me think if back_mdb has to be initialized for Alpine as well? if that is the case how to do that on Alpine? , as in Centos these modules are loaded by default.
Here is the debug log output of centos when the slapd service is atsrted :
ldap_url_parse_ext(ldap:///) 60bb6b53 daemon: listener initialized ldap:/// 60bb6b53 daemon_init: 2 listeners opened 60bb6b53 slapd init: initiated server. 60bb6b53 mdb_back_initialize: initialize MDB backend 60bb6b53 mdb_back_initialize: LMDB 0.9.25: (January 30, 2020) 60bb6b53 backend_startup_one: starting "cn=config" 60bb6b53 ldif_read_file: read entry file: "/etc/ldap/sns/slapd.d//cn=config.ldif" 60bb6b53 => str2entry: "# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
Here is the debug log output of Alpine when the slapd service is started :
ldap_url_parse_ext(ldap:///) 60bb70ac daemon: listener initialized ldap:/// 60bb70ac daemon_init: 2 listeners opened ldap_create 60bb70ac slapd init: initiated server. 60bb70ac slap_sasl_init: initialized! 60bb70ac backend_startup_one: starting "cn=config" 60bb70ac ldif_read_file: read entry file: "/etc/ldap/sns/slapd.d//cn=config.ldif" 60bb70ac => str2entry: "# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
clearly backend ldap configuration is missing in Alpine, not sure how to initialize the same ? I tired loading the modules in slapd.ldif after this slaptest initializes the backend mdb and test is successful in alpine, but the same (back_mdb) is not configured while starting the slapd services.
--On Saturday, June 5, 2021 2:02 PM +0000 govid govind.rathod@hpe.com wrote:
Here is the debug log output of centos when the slapd service is atsrted :
In CentOS, back-mdb is built statically into the slapd binary. I'd hazard that this is not the case with Alpine linux. You haven't provided a useful export of your cn=config database on Alpine to examine, so there's no ability to tell if it's actually correctly configured to load the MDB database module.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hi, was able to overcome the issue by adding below lines to load the back_end db modules in the ldif file "create_sns_db.ldif "
# # Load dynamic backend modules: # dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/openldap olcModuleload: back_bdb olcModuleload: back_mdb olcModuleload: back_ldap
and then if i execute "ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif" it works fine without any errors. not sure if the same line are present in the slapd.conf, why backend db modules are not initialized.
Now we are facing another issue while executing "ldapmodify -x -D 'cn=config' -w secret -f update_config.ldif"
adding new entry "olcDatabase={2}mdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}mdb,cn=config" ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
we have installed "opeldap-overlay-all" package and tried to execute the ldap modify command in Alpine. Any configurations are to be done before executing ldapmodify in Alpine?
below are the contents of update_config.ldif
dn: olcDatabase={2}mdb,cn=config changetype: add objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {2}mdb olcDbDirectory: /usr/local/var/openldap-data/sns_accesslog_db olcSuffix: cn=accesslog olcAccess: {0}to * by dn.base="cn=admin,dc=smartsan" read by * break olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcLimits: dn.exact="cn=admin,dc=smartsan" time=unlimited size=unlimited olcSizeLimit: unlimited olcTimeLimit: unlimited olcMonitoring: TRUE olcDbCheckpoint: 0 0 olcDbIndex: entryCSN eq olcDbIndex: objectClass eq olcDbIndex: entryUUID eq olcDbMode: 0600 olcDbSearchStack: 16 olcDbMaxsize: 85899345920
dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov olcSpNoPresent: TRUE olcSpReloadHint: TRUE
dn: olcDatabase={1}mdb,cn=config changetype: modify add: olcLimits olcLimits: dn.exact="cn=replicator,cn=appaccts,dc=example,dc=com" time=unlimited size=unlimited
--On Sunday, June 6, 2021 12:19 PM +0000 govid govind.rathod@hpe.com wrote:
One either uses slapd.conf OR cn=config.
You clearly need to add an additional moduleload for the syncprov module to your cn=config configuration.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
govid -
Quanah Gibson-Mount