When installing openldap with database mdb, root entry cannot be deleted.
Tested on systems: OS Linux Debian 10, slapd 2.4.57+dfsg-2 Arch Linux, openldap 2.4.58-1 Oracle Linux 8, openldap 2.4.58 (from source)
The root entry was created by the command: ldapadd -x -D 'cn=admin,dc=example,dc=org' -f root_entry.ldif
Content of the root_entry.ldif file: dn: dc=example,dc=org objectClass: dcObject objectClass: organization dc: example o: Example description: Example directory
dn: cn=root,dc=example,dc=org objectClass: organizationalRole cn: root description: Directory Manager
Trying to delete the root entry: ldapdelete -x -r 'dc=example,dc=org' -D 'cn=admin,dc=example,dc=org' -w admin
Output - ldap_delete: No such object (32)
How can I delete the root entry and create a new one with other structural objectclasses?
--On Saturday, April 24, 2021 11:04 PM +0300 Николай Данилов niko@dwolfix.ru wrote:
When installing openldap with database mdb, root entry cannot be deleted.
This is a bug with back-mdb that was not present with back-bdb/hdb. When you originally opened your issue in the bug tracker, you said you couldn't delete the rootDSE, which would be correct. This is an issue with deleting the root of the database DIT, which is different.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Monday, April 26, 2021 10:46 AM -0700 Quanah Gibson-Mount quanah@symas.com wrote:
--On Saturday, April 24, 2021 11:04 PM +0300 Николай Данилов niko@dwolfix.ru wrote:
When installing openldap with database mdb, root entry cannot be deleted.
This is a bug with back-mdb that was not present with back-bdb/hdb. When you originally opened your issue in the bug tracker, you said you couldn't delete the rootDSE, which would be correct. This is an issue with deleting the root of the database DIT, which is different.
As a workaround, you can stop slapd and delete the database files (data.mdb, lock.mdb) in your configured path for where they are stored for that specific database.
Then add your new set of objects.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Quanah Gibson-Mount wrote:
--On Monday, April 26, 2021 10:46 AM -0700 Quanah Gibson-Mount quanah@symas.com wrote:
--On Saturday, April 24, 2021 11:04 PM +0300 Николай Данилов niko@dwolfix.ru wrote:
When installing openldap with database mdb, root entry cannot be deleted.
This is a bug with back-mdb that was not present with back-bdb/hdb. When you originally opened your issue in the bug tracker, you said you couldn't delete the rootDSE, which would be correct. This is an issue with deleting the root of the database DIT, which is different.
As a workaround, you can stop slapd and delete the database files (data.mdb, lock.mdb) in your configured path for where they are stored for that specific database.
No need to stop slapd - just change the directory path in cn=config to point to a new location. Then delete the old files.
Then add your new set of objects.
I tried the option with deleting mdb files the day before yesterday. It really works. However, we need to bring up the openldap service with replication in the k8s cluster. Therefore, low-level operations are unacceptable.
26.04.2021 18:43, Howard Chu hyc@symas.com пишет:
Quanah Gibson-Mount wrote:
--On Monday, April 26, 2021 10:46 AM -0700 Quanah Gibson-Mount quanah@symas.com wrote:
--On Saturday, April 24, 2021 11:04 PM +0300 Николай Данилов niko@dwolfix.ru wrote:
When installing openldap with database mdb, root entry cannot be deleted.
This is a bug with back-mdb that was not present with back-bdb/hdb. When you originally opened your issue in the bug tracker, you said you couldn't delete the rootDSE, which would be correct. This is an issue with deleting the root of the database DIT, which is different.
As a workaround, you can stop slapd and delete the database files (data.mdb, lock.mdb) in your configured path for where they are stored for that specific database.
No need to stop slapd - just change the directory path in cn=config to point to a new location. Then delete the old files.
Then add your new set of objects.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
--On Monday, April 26, 2021 11:39 PM +0300 Николай Данилов niko@dwolfix.ru wrote:
I tried the option with deleting mdb files the day before yesterday. It really works. However, we need to bring up the openldap service with replication in the k8s cluster. Therefore, low-level operations are unacceptable.
Creating a default database is a function of how debian does the packaging. I believe there's an option you can pass to have it not do that.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
I will deal with the docker options. Is it possible to resolve the issue of removing the root record using standard openldap tools?
26.04.2021 12:46, Quanah Gibson-Mount quanah@symas.com пишет:
--On Monday, April 26, 2021 11:39 PM +0300 Николай Данилов niko@dwolfix.ru wrote:
I tried the option with deleting mdb files the day before yesterday. It really works. However, we need to bring up the openldap service with replication in the k8s cluster. Therefore, low-level operations are unacceptable.
Creating a default database is a function of how debian does the packaging. I believe there's an option you can pass to have it not do that.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Monday, April 26, 2021 11:56 PM +0300 Николай Данилов niko@dwolfix.ru wrote:
I will deal with the docker options. Is it possible to resolve the issue of removing the root record using standard openldap tools?
No, it's a bug in the backend database. You could do what Howard said via ldapmodify as a runtime alternative.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
However, is it already fixed in the source code? https://github.com/openldap/openldap/commit/0c90b8c0011fdb80fc2f8a2d7192f8b4...
26.04.2021 13:32, Quanah Gibson-Mount quanah@symas.com пишет:
--On Monday, April 26, 2021 11:56 PM +0300 Николай Данилов niko@dwolfix.ru wrote:
I will deal with the docker options. Is it possible to resolve the issue of removing the root record using standard openldap tools?
No, it's a bug in the backend database. You could do what Howard said via ldapmodify as a runtime alternative.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Tuesday, April 27, 2021 12:47 AM +0300 Николай Данилов niko@dwolfix.ru wrote:
However, is it already fixed in the source code? https://github.com/openldap/openldap/commit/0c90b8c0011fdb80fc2f8a2d7192f 8b40217c7e3
Yep. If you build your own software, you should be able to backport it just fine.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Howard Chu -
Quanah Gibson-Mount -
Николай Данилов