All,
I just restarted with the group, and the OpenLDAP software has not been upgraded - currently 2.4.23 (that will be coming...hopefully). Anyway, an issue that was brought to my attention upon starting was that slapd needs to be restarted daily. It is still running, it just stops responding (no one can log in). Nothing has, previously, been found in the logs. The other day, during my initial search through the slapd logs I found:
conn=1144 op=1 SRCH attr=automountKey automountInformation <= bdb_equality_candidates: (automountKey) not indexed <= bdb_equality_candidates: (automountKey) not indexed <= bdb_equality_candidates: (automountKey) not indexed
Which I added "olcDbIndex: automountKey eq" to the cn=config/olcDatabase={1}bdb.ldif. Took care of that one. But, under further investigation I am finding this, repeatedly (for slapcat, slapd, and others):
Dec 5 00:00:02 server_name slapcat: unable to dlopen /usr/lib/sasl2/libanonymous.so.2: /usr/lib/sasl2/libanonymous.so.2: wrong ELF class: ELFCLASS32 Dec 5 00:00:02 server_name slapcat: unable to dlopen /usr/lib/sasl2/libplain.so.2: /usr/lib/sasl2/libplain.so.2: wrong ELF class: ELFCLASS32 Dec 5 00:00:02 server_name slapcat: unable to dlopen /usr/lib/sasl2/libsasldb.so.2: /usr/lib/sasl2/libsasldb.so.2: wrong ELF class: ELFCLASS32 Dec 5 00:00:02 server_name slapcat: unable to dlopen /usr/lib/sasl2/liblogin.so.2: /usr/lib/sasl2/liblogin.so.2: wrong ELF class: ELFCLASS32 Dec 5 02:00:02 server_name setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read" to libsasl2.so.2 (usr_t). For complete SELinux messages. run sealert -l c4516acc-2dde-4dca-973e-86cd6686ee9f Dec 5 02:30:02 server_name setroubleshoot: SELinux is preventing sendmail (system_mail_t) "read" to libsasl2.so.2 (usr_t). For complete SELinux messages. run sealert -l c4516acc-2dde-4dca-973e-86cd6686ee9f Dec 5 02:31:08 server_name tar: nss-ldap: do_open: do_start_tls failed:stat=-1
Not sure why it should even been trying to use the these lib files, as one, we are not using SASL. Looking at "ldd slapd" it is seeing only 64-bit libraries.
Anyone have any suggestions?
John D. Borresen (Dave) Linux/Unix Systems Administrator MIT Lincoln Laboratory Surveillance Systems Group 244 Wood St Lexington, MA 02420 Ph: (781) 981-1609 Email: john.borresen@ll.mit.edumailto:john.borresen@ll.mit.edu
Borresen, John - 0442 - MITLL wrote:
I just restarted with the group, and the OpenLDAP software has not been upgraded - currently 2.4.23 (that will be coming...hopefully). Anyway, an issue that was brought to my attention upon starting was that slapd needs to be restarted daily. It is still running, it just stops responding (no one can log in). Nothing has, previously, been found in the logs. The other day, during my initial search through the slapd logs I found:
Please upgrade first. Everything else is waste of yours and others time.
Ciao, Michael.
Yea, I was afraid you were going to say that.
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Thursday, December 05, 2013 1:30 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: OPENLDAP HANGS DAILY
Borresen, John - 0442 - MITLL wrote:
I just restarted with the group, and the OpenLDAP software has not been upgraded - currently 2.4.23 (that will be coming...hopefully). Anyway, an issue that was brought to my attention upon starting was that slapd needs to be restarted daily. It is still running, it just stops responding (no one can log in). Nothing has, previously, been found in the logs. The other day, during my initial search through the slapd logs I found:
Please upgrade first. Everything else is waste of yours and others time.
Ciao, Michael.
You can quickly upgrade if you use the LTB packages... Which are more sanely built than the RH ones anyway, which I'm going to guess you are using based on the version.
--Quanah
--On December 5, 2013 at 1:53:15 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Yea, I was afraid you were going to say that.
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Thursday, December 05, 2013 1:30 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: OPENLDAP HANGS DAILY
Borresen, John - 0442 - MITLL wrote:
I just restarted with the group, and the OpenLDAP software has not been upgraded - currently 2.4.23 (that will be coming...hopefully). Anyway, an issue that was brought to my attention upon starting was that slapd needs to be restarted daily. It is still running, it just stops responding (no one can log in). Nothing has, previously, been found in the logs. The other day, during my initial search through the slapd logs I found:
Please upgrade first. Everything else is waste of yours and others time.
Ciao, Michael.
This was built from source, the OS flavor is 5.9 (originally built on 5.7). The rpm versions were/are too old.
Is the link to the LTB packages? http://ltb-project.org/wiki/documentation/openldap-rpm
Thanks Dave
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, December 05, 2013 2:19 PM To: Borresen, John - 0442 - MITLL; Michael Ströder; openldap-technical@openldap.org Subject: RE: OPENLDAP HANGS DAILY
You can quickly upgrade if you use the LTB packages... Which are more sanely built than the RH ones anyway, which I'm going to guess you are using based on the version.
--Quanah
--On December 5, 2013 at 1:53:15 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Yea, I was afraid you were going to say that.
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Thursday, December 05, 2013 1:30 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: OPENLDAP HANGS DAILY
Borresen, John - 0442 - MITLL wrote:
I just restarted with the group, and the OpenLDAP software has not been upgraded - currently 2.4.23 (that will be coming...hopefully). Anyway, an issue that was brought to my attention upon starting was that slapd needs to be restarted daily. It is still running, it just stops responding (no one can log in). Nothing has, previously, been found in the logs. The other day, during my initial search through the slapd logs I found:
Please upgrade first. Everything else is waste of yours and others time.
Ciao, Michael.
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
On Thu, Dec 05, 2013 at 02:36:07PM -0500, Borresen, John - 0442 - MITLL wrote:
This was built from source, the OS flavor is 5.9 (originally built on 5.7). The rpm versions were/are too old.
In that light, this thing...
Dec 5 00:00:02 server_name slapcat: unable to dlopen /usr/lib/sasl2/libplain.so.2: /usr/lib/sasl2/libplain.so.2: wrong ELF class: ELFCLASS32
...sounds vaguely like something changed on the underlying system in between compilation and now. The answer is probably still to upgrade, which will involve a recompile against what's on the system now anyway.
Googling that specific error message may be enlightening ("wrong ELF class: ELFCLASS32").
Is the link to the LTB packages? http://ltb-project.org/wiki/documentation/openldap-rpm
Thanks Dave
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, December 05, 2013 2:19 PM To: Borresen, John - 0442 - MITLL; Michael Ströder; openldap-technical@openldap.org Subject: RE: OPENLDAP HANGS DAILY
You can quickly upgrade if you use the LTB packages... Which are more sanely built than the RH ones anyway, which I'm going to guess you are using based on the version.
--Quanah
--On December 5, 2013 at 1:53:15 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Yea, I was afraid you were going to say that.
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Thursday, December 05, 2013 1:30 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: OPENLDAP HANGS DAILY
Borresen, John - 0442 - MITLL wrote:
I just restarted with the group, and the OpenLDAP software has not been upgraded - currently 2.4.23 (that will be coming...hopefully). Anyway, an issue that was brought to my attention upon starting was that slapd needs to be restarted daily. It is still running, it just stops responding (no one can log in). Nothing has, previously, been found in the logs. The other day, during my initial search through the slapd logs I found:
Please upgrade first. Everything else is waste of yours and others time.
Ciao, Michael.
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
The original problem might have to do (I'm not sure) with mixing 32- and 64bit libraries, maybe?
Quanah Gibson-Mount quanah@zimbra.com schrieb am 05.12.2013 um 20:18 in
Nachricht 75CAF0202FA5FCD98F0DD18E@quanah-mac.local:
You can quickly upgrade if you use the LTB packages... Which are more sanely built than the RH ones anyway, which I'm going to guess you are using based on the version.
--Quanah
--On December 5, 2013 at 1:53:15 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Yea, I was afraid you were going to say that.
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Thursday, December 05, 2013 1:30 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: OPENLDAP HANGS DAILY
Borresen, John - 0442 - MITLL wrote:
I just restarted with the group, and the OpenLDAP software has not been upgraded - currently 2.4.23 (that will be coming...hopefully). Anyway, an issue that was brought to my attention upon starting was that slapd needs to be restarted daily. It is still running, it just stops responding (no one can log in). Nothing has, previously, been found in the logs. The other day, during my initial search through the slapd logs I found:
Please upgrade first. Everything else is waste of yours and others time.
Ciao, Michael.
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
I looked back through my original notes, and it was compiled with the 64-bit libraries (even ran ldd on slapd to double-check). Looking at the links, and the libraries something was changed in Feb 2013 (so, I wasn't the culprit as I was not here then). What I did as fix (no, not the best solution but mainly for a test -- we are not using SASL, anyway), was modify the links in the 32-bit directory and point them to their 64-bit equivalent. Ran some tests commands, such as slapcat, and they ran with out those ELF32 errors popping up.
I am setting up the LTB repository, and starting down the upgrade path at the same time trying to get the original build back to where it was when I left the company. The replication was stopped, at some point, and the dbase corrupted on the replication receiver. At this point, was able to get the slapd running again on the receiver...
Thanks for the assistance. There will be more questions as I go. I haven't touched OpenLDAP in over a year so there is a lot of dust built up on the information that was accumulated.
Dave
-----Original Message----- From: Ulrich Windl [mailto:Ulrich.Windl@rz.uni-regensburg.de] Sent: Friday, December 06, 2013 3:55 AM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org; michael@stroeder.com; Quanah Gibson-Mount Subject: Antw: RE: OPENLDAP HANGS DAILY
The original problem might have to do (I'm not sure) with mixing 32- and 64bit libraries, maybe?
Quanah Gibson-Mount quanah@zimbra.com schrieb am 05.12.2013 um 20:18 in
Nachricht 75CAF0202FA5FCD98F0DD18E@quanah-mac.local:
You can quickly upgrade if you use the LTB packages... Which are more sanely built than the RH ones anyway, which I'm going to guess you are using based on the version.
--Quanah
--On December 5, 2013 at 1:53:15 PM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
Yea, I was afraid you were going to say that.
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Thursday, December 05, 2013 1:30 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: OPENLDAP HANGS DAILY
Borresen, John - 0442 - MITLL wrote:
I just restarted with the group, and the OpenLDAP software has not been upgraded - currently 2.4.23 (that will be coming...hopefully). Anyway, an issue that was brought to my attention upon starting was that slapd needs to be restarted daily. It is still running, it just stops responding (no one can log in). Nothing has, previously, been found in the logs. The other day, during my initial search through the slapd logs I found:
Please upgrade first. Everything else is waste of yours and others time.
Ciao, Michael.
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Borresen, John - 0442 - MITLL -
Christopher Wood -
Michael Ströder -
Quanah Gibson-Mount -
Ulrich Windl