-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, August 29, 2013 3:10 PM To: Clint Petty Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)"
--On Thursday, August 29, 2013 10:06 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
# /etc/init.d/slapd debug -1 -u ldap -F /usr/local/etc/openldap/slapd.d # -H ldapi:/// slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Halting OpenLDAP... slapd: [INFO] Can't read PID file, to stop OpenLDAP try: /etc/init.d/slapd forcestop slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 521fc4a1 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $ clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/ servers/slapd 521fc4a1 /usr/local/openldap/etc/openldap/slapd.conf: line 5: unknown directive dn: >outside backend info and database definitions. 521fc4a1 slapd stopped. 521fc4a1 connections_destroy: nothing to destroy.
Hi Clint,
The point is to use a ">" with the text *I* wrote, not the text you write. That's standard quoting of replies (as you will see my email client does automatically).
In the above, you used /etc/init.d/slapd, rather than the slapd *binary*. The above indicates you are using an invalid slapd.conf file localted in /usr/local/openldap/etc/openldap. I thought you used cn=config?
You may need to examine /etc/default/slapd to see how to fix it to use cn=config? etc. At this point, you may want to ask the LTB project for guidance on configuring their servers correctly.
--Quanah
_________________________________________________________________
# /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// ldap_url_parse_ext(ldap://localhost/) ldap_init: trying /usr/local/openldap/etc/openldap/ldap.conf ldap_init: using /usr/local/openldap/etc/openldap/ldap.conf ldap_init: HOME env is /root ldap_init: trying /root/ldaprc ldap_init: trying /root/.ldaprc ldap_init: trying ldaprc ldap_init: LDAPCONF env is NULL ldap_init: LDAPRC env is NULL 521fc7d9 @(#) $OpenLDAP: slapd 2.4.36 (Aug 21 2013 09:39:54) $ clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.36/servers/slapd ldap_pvt_gethostbyname_a: host=ip-10-15-2-169, r=0 521fc7d9 daemon_init: ldapi:/// 521fc7d9 daemon_init: listen on ldapi:/// 521fc7d9 daemon_init: 1 listeners to open... ldap_url_parse_ext(ldapi:///) 521fc7d9 daemon: listener initialized ldapi:/// 521fc7d9 daemon_init: 1 listeners opened ldap_create 521fc7d9 slapd init: initiated server. 521fc7d9 slap_sasl_init: initialized! 521fc7d9 bdb_back_initialize: initialize BDB backend 521fc7d9 bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007) 521fc7d9 hdb_back_initialize: initialize HDB backend 521fc7d9 hdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007) 521fc7d9 mdb_back_initialize: initialize MDB backend 521fc7d9 mdb_back_initialize: MDB 0.9.7: (January 10, 2013) 521fc7d9 ==> translucent_initialize 521fc7d9 backend_startup_one: starting "cn=config" 521fc7d9 ldif_read_file: Permission denied for "/usr/local/etc/openldap/slapd.d/cn=config.ldif" 521fc7d9 send_ldap_result: conn=-1 op=0 p=0 521fc7d9 send_ldap_result: err=80 matched="" text="internal error (cannot read some entry file)" 521fc7d9 slapd destroy: freeing system resources. 521fc7d9 slapd stopped. 521fc7d9 connections_destroy: nothing to destroy. #
My /etc/default/slapd file looks like this:
#==================================================================== # Configuration example of OpenLDAP's init script #====================================================================
# IP and port to listen IP="*" SSLIP="*" PORT="389" SSLPORT="636"
# OpenLDAP directory and files SLAPD_PATH="/usr/local/openldap" SLAPD_PID_FILE="$SLAPD_PATH/var/run/slapd.pid" SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf" SLAPD_CONF_DIR="" SLAPD_SERVICES="ldap://$IP:$PORT ldaps://$SSLIP:$SSLPORT" SLAPD_PARAMS="" SLAPD_BIN="$SLAPD_PATH/libexec/slapd" SLAPD_USER="ldap" SLAPD_GROUP="ldap" SLAPD_SYSLOG_LOCAL_USER="local4"
DATA_PATH="auto"
SLAPADD_BIN="$SLAPD_PATH/sbin/slapadd" SLAPADD_PARAMS="-q" SLAPCAT_BIN="$SLAPD_PATH/sbin/slapcat" SLAPINDEX_BIN="$SLAPD_PATH/sbin/slapindex" SLAPTEST_BIN="$SLAPD_PATH/sbin/slaptest"
SLURPD_PID_FILE="$SLAPD_PATH/var/run/slurpd.pid" SLURPD_PARAMS="" SLURPD_BIN="$SLAPD_PATH/libexec/slurpd"
# BerkeleyDB directory and files BDB_PATH="/usr/local/berkeleydb" DB_ARCHIVE_BIN="$BDB_PATH/bin/db_archive" DB_RECOVER_BIN="$BDB_PATH/bin/db_recover" RECOVER_AT_STARTUP="0"
# Backup BACKUP_AT_SHUTDOWN="0" BACKUP_PATH="/var/backups/openldap" BACKUP_SUFFIX="`date +%Y%m%d%H%M%S`.ldif" BACKUP_COMPRESS_EXT="" # gz, bz2, ... BACKUP_COMPRESS_BIN="" # /bin/gzip, /bin/bzip2, ... BACKUP_UNCOMPRESS_BIN="" # /bin/gunzip, /bin/bunzip2, ...
# Other TIMEOUT="30" # Max time to stop process FD_LIMIT="1024" # Max file descriptor DEBUG_LEVEL="256" # Debug loglevel SPECIAL_QUOTE="1" # Quote some command line parameters (eg: LDAP filters)
Clint
--On Thursday, August 29, 2013 10:28 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf" SLAPD_CONF_DIR=""
So this says to use slapd.conf. You likely want to set SLAPD_CONF="" and fix SLAPD_CONF_DIR to point to the location of your cn=config DB.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, August 29, 2013 3:31 PM To: Clint Petty Cc: openldap-technical@openldap.org Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)"
--On Thursday, August 29, 2013 10:28 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf" SLAPD_CONF_DIR=""
So this says to use slapd.conf. You likely want to set SLAPD_CONF="" and fix SLAPD_CONF_DIR to point to the location of your cn=config DB.
--Quanah
Ok, I changed permission for ldap, and modified the /etc/default/slapd file with this:
SLAPD_CONF="" SLAPD_CONF_DIR="/usr/local/etc/openldap/slapd.d/cn=config"
and now get the following error when I run slapd:
# /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:///
521fd341 slapd startup: initiated. 521fd341 backend_startup_one: starting "cn=config" 521fd341 config_back_db_open Backend ACL: access to * by * none 521fd341 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope wit hin backend naming context 521fd341 backend_startup_one: starting "dc=luthresearch,dc=net" 521fd341 bdb_db_open: "dc=luthresearch,dc=net" 521fd341 bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 521fd341 bdb(dc=luthresearch,dc=net): Program version 4.6 doesn't match environment version 4.7 521fd341 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30972. Restore from backup! 521fd341 ====> bdb_cache_release_all 521fd341 bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configu red for the transaction subsystem 521fd341 bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argum ent (22). 521fd341 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! ( -30972) 521fd341 slapd shutdown: initiated 521fd341 ====> bdb_cache_release_all 521fd341 bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 521fd341 slapd destroy: freeing system resources. 521fd341 syncinfo_free: rid=002 521fd341 slapd stopped.
Clint
--On Thursday, August 29, 2013 11:20 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
dbenv_open(/var/lib/ldap). 521fd341 bdb(dc=luthresearch,dc=net): Program version 4.6 doesn't match environment version 4.7 521fd341 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30972. Restore from backup!
I already covered this with you. Your old openldap build used BDB 4.6. Your new OpenLDAP build uses BDB 4.7. You need to delete the ldap database on this server, slapcat the db on your other server, and slapadd that export into this server, or start over from scratch. I also noted why using /var/lib/ldap is likely not a wise idea for your db, as it conflicts with the system defaults.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, August 29, 2013 4:25 PM To: Clint Petty Cc: openldap-technical@openldap.org Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)"
--On Thursday, August 29, 2013 11:20 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
dbenv_open(/var/lib/ldap). 521fd341 bdb(dc=luthresearch,dc=net): Program version 4.6 doesn't match environment version 4.7 521fd341 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30972. Restore from backup!
I already covered this with you. Your old openldap build used BDB 4.6. Your new OpenLDAP build uses BDB 4.7. You need to delete the ldap database on this server, slapcat the db on your other server, and slapadd that export into this server, or start over from scratch. I also noted why using /var/lib/ldap is likely not a wise idea for your db, as it conflicts with the system defaults.
--Quanah
I deleted the all files in /var/lib/ldap & /usr/local/openldap/var/openldap-data, for they were database files in both locations. Ran slapcat -l ldif on the original server, and copied that file to the new server, and ran the following:
# slapadd -l ldif 521fe3a5 /usr/local/openldap/etc/openldap/slapd.conf: line 5: unknown directive dn: outside backend info and database definitions. slapadd: bad configuration file!
Line 5 in /usr/local/openldap/etc/openldap/slapd.conf file is:
dn: cn=config
I did change the entry in /usr/local/openldap/etc/openldap/slapd.conf file to the following: olcDbDirectory: /usr/local/openldap/var/openldap-data not sure why it is still looking in /var/lib/ldap
Clint
On Aug 29, 2013, at 5:24 PM, Clint Petty cpetty@luthresearch.com wrote:
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, August 29, 2013 4:25 PM To: Clint Petty Cc: openldap-technical@openldap.org Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)"
--On Thursday, August 29, 2013 11:20 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
dbenv_open(/var/lib/ldap). 521fd341 bdb(dc=luthresearch,dc=net): Program version 4.6 doesn't match environment version 4.7 521fd341 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30972. Restore from backup!
I already covered this with you. Your old openldap build used BDB 4.6. Your new OpenLDAP build uses BDB 4.7. You need to delete the ldap database on this server, slapcat the db on your other server, and slapadd that export into this server, or start over from scratch. I also noted why using /var/lib/ldap is likely not a wise idea for your db, as it conflicts with the system defaults.
--Quanah
I deleted the all files in /var/lib/ldap & /usr/local/openldap/var/openldap-data, for they were database files in both locations. Ran slapcat -l ldif on the original server, and copied that file to the new server, and ran the following:
# slapadd -l ldif 521fe3a5 /usr/local/openldap/etc/openldap/slapd.conf: line 5: unknown directive dn: outside backend info and database definitions. slapadd: bad configuration file!
Line 5 in /usr/local/openldap/etc/openldap/slapd.conf file is:
dn: cn=config
I did change the entry in /usr/local/openldap/etc/openldap/slapd.conf file to the following: olcDbDirectory: /usr/local/openldap/var/openldap-data not sure why it is still looking in /var/lib/ldap
Clint
Read the man page for slapadd and use -F correctly with it
--Quanah
--On Thursday, August 29, 2013 6:35 PM -0700 Quanah Gibson-Mount quanah@zimbra.com wrote:
I did change the entry in /usr/local/openldap/etc/openldap/slapd.conf file to the following: olcDbDirectory: /usr/local/openldap/var/openldap-data not sure why it is still looking in /var/lib/ldap
Clint
Read the man page for slapadd and use -F correctly with it
Also, I would recommend renaming the /usr/local/openldap/etc/slapd.conf to something like /usr/local/etc/openldap/slapd.conf.example
You either use slapd.conf or cn=config, not both. Since you are using cn=config, you need to be consistent with that usage everywhere.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, August 29, 2013 4:25 PM To: Clint Petty Cc: openldap-technical@openldap.org Subject: RE: ldapadd "ldap_bind: Invalid credentials (49)"
--On Thursday, August 29, 2013 11:20 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
dbenv_open(/var/lib/ldap). 521fd341 bdb(dc=luthresearch,dc=net): Program version 4.6 doesn't match environment version 4.7 521fd341 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30972. Restore from backup!
I already covered this with you. Your old openldap build used BDB 4.6. Your new OpenLDAP build uses BDB 4.7. You need to delete the ldap database on this server, slapcat the db on your other server, and slapadd that export into this server, or start over from scratch. I also noted why using /var/lib/ldap is likely not a wise idea for your db, as it conflicts with the system defaults.
--Quanah
I deleted the all files in /var/lib/ldap & /usr/local/openldap/var/openldap-data, for they were database files in both locations. Ran slapcat -l ldif on the original server, and copied that file to the new server, and ran the following:
# slapadd -l ldif 521fe3a5 /usr/local/openldap/etc/openldap/slapd.conf: line 5: unknown directive dn: outside backend info and database definitions. slapadd: bad configuration file!
Line 5 in /usr/local/openldap/etc/openldap/slapd.conf file is:
dn: cn=config
I did change the entry in /usr/local/openldap/etc/openldap/slapd.conf file to the following: olcDbDirectory: /usr/local/openldap/var/openldap-data not sure why it is still looking in /var/lib/ldap
Clint
Read the man page for slapadd and use -F correctly with it
--Quanah
I renamed /usr/local/openldap/etc/openldap/slapd.conf to /usr/local/openldap/etc/openldap/slapd.conf.example, since I am using cn=config.
I ran the following slapadd command: # slapadd -F /usr/local/etc/openldap/slapd.d -n 0 -l /tmp/ldif slapadd: line 1: database #0 (cn=config) not configured to hold "dc=myplace,dc=local"; no database configured for that naming context _ 0.88% eta none elapsed none spd 1.4 M/s Closing DB... #
It appears somewhere in my cn=config directory structure there is an entry "dc=myplace,dc=local" that should reflect my company. I searched for this entry in my /usr/local/etc/openldap/slapd.d directory structure, however is not in any of those files. How can I change this?
Thanks,
Clint
--On Friday, August 30, 2013 5:21 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
I renamed /usr/local/openldap/etc/openldap/slapd.conf to /usr/local/openldap/etc/openldap/slapd.conf.example, since I am using cn=config.
I ran the following slapadd command: # slapadd -F /usr/local/etc/openldap/slapd.d -n 0 -l /tmp/ldif slapadd: line 1: database #0 (cn=config) not configured to hold "dc=myplace,dc=local"; no database configured for that naming context _ 0.88% eta none elapsed none spd 1.4 M/s Closing DB... #
It appears somewhere in my cn=config directory structure there is an entry "dc=myplace,dc=local" that should reflect my company. I searched for this entry in my /usr/local/etc/openldap/slapd.d directory structure, however is not in any of those files. How can I change this?
Hi Clint,
The complaint here is that the ldif file you are loading is for "dc=mycompany,dc=local", and your slapd configuration is not configured to load such a database. I suggest you examine the LDIF file you are attempting to load to see if it matches what you expect it to contain.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Friday, August 30, 2013 5:21 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
I renamed /usr/local/openldap/etc/openldap/slapd.conf to /usr/local/openldap/etc/openldap/slapd.conf.example, since I am using cn=config.
I ran the following slapadd command: # slapadd -F /usr/local/etc/openldap/slapd.d -n 0 -l /tmp/ldif slapadd: line 1: database #0 (cn=config) not configured to hold "dc=myplace,dc=local"; no database configured for that naming context _ 0.88% eta none elapsed none spd 1.4 M/s Closing DB... #
It appears somewhere in my cn=config directory structure there is an entry "dc=myplace,dc=local" that should reflect my company. I searched for this entry in my /usr/local/etc/openldap/slapd.d directory structure, however is not in any of those files. How can I change this?
Hi Clint,
The complaint here is that the ldif file you are loading is for "dc=mycompany,dc=local", and your slapd configuration is not configured to load such a database. I suggest you examine the LDIF file you are attempting to load to see if it matches what you expect it to contain.
--Quanah
Hi Quanah,
My LDIF file looks like this: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/RADIUS-LDAPv3.schema include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules: # modulepath /usr/local/openldap/libexec/openldap # moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la moduleload syncprov.la
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # BDB database definitions #######################################################################
database bdb suffix dc=luthresearch,dc=net rootdn dc=luthresearch,dc=net
# Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/openldap/var/openldap-data #directory /var/lib/ldap # Indices to maintain #index objectClass eq index objectclass,entryCSN,entryUUID eq
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
serverID 2 syncrepl rid=002 provider=ldap://10.15.2.199 bindmethod=simple binddn="cn=Manager,dc=luthresearch,dc=net" credentials=secret searchbase="dc=luthresearch,dc=net" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on
======================================================
# /usr/local/openldap/sbin/slaptest -uf /usr/local/openldap/etc/openldap/slapd.conf.InUse -F /usr/local/etc/openldap/slapd.d config file testing succeeded #
However, still not able to add the database:
# slapadd -F /usr/local/etc/openldap/slapd.d -n 0 -l /tmp/ldif slapadd: line 1: database #0 (cn=config) not configured to hold "dc=myplace,dc=local"; no database configured for that naming context _ 0.88% eta none elapsed none spd 2.5 M/s Closing DB...
Still references "dc=myplace,dc=local"? ----------------------------------------
When I start slapd in debug mode, I get this: 5220e9a9 slapd startup: initiated. 5220e9a9 backend_startup_one: starting "cn=config" 5220e9a9 config_back_db_open Backend ACL: access to * by * none
5220e9a9 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 5220e9a9 backend_startup_one: starting "dc=luthresearch,dc=net" 5220e9a9 bdb_db_open: "dc=luthresearch,dc=net" 5220e9a9 bdb_db_open: database "dc=luthresearch,dc=net": database already in use. 5220e9a9 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1) 5220e9a9 slapd shutdown: initiated 5220e9a9 ====> bdb_cache_release_all 5220e9a9 slapd destroy: freeing system resources. 5220e9a9 syncinfo_free: rid=002 5220e9a9 slapd stopped. #
Clint
--On Friday, August 30, 2013 6:54 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
My LDIF file looks like this:
This is a slapd.conf file, not an LDIF file generated by slapcat. Please go examine the contents of the LDIF file generated by slapcat.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Friday, August 30, 2013 6:54 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
My LDIF file looks like this:
This is a slapd.conf file, not an LDIF file generated by slapcat. Please go examine the contents of the LDIF file generated by slapcat.
--Quanah
When I run slapcat I get the following message because I renamed /usr/local/openldap/etc/openldap/slapd.conf to /usr/local/openldap/etc/openldap/slapd.conf.example, like you suggested, because I am using cn=config:
# slapcat 5220ed3a could not stat config file "/usr/local/openldap/etc/openldap/slapd.conf": No such file or directory (2) slapcat: bad configuration file!
If I copy slapd.conf.example back to slapd.conf, and run slapcat, I get the following:
# slapcat 5220edaf bdb_db_open: warning - no DB_CONFIG file found in directory /usr/local/openldap/var/openldap-data: (2). Expect poor performance for suffix "dc=luthresearch,dc=net". 5220edaf bdb_db_open: database "dc=luthresearch,dc=net": db_open(/usr/local/openldap/var/openldap-data/id2entry.bdb) failed: No such file or directory (2). 5220edaf backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (2) slap_startup failed #
Clint
--On Friday, August 30, 2013 7:15 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
--On Friday, August 30, 2013 6:54 PM +0000 Clint Petty cpetty@luthresearch.com wrote:
My LDIF file looks like this:
This is a slapd.conf file, not an LDIF file generated by slapcat. Please go examine the contents of the LDIF file generated by slapcat.
--Quanah
When I run slapcat I get the following message because I renamed /usr/local/openldap/etc/openldap/slapd.conf to /usr/local/openldap/etc/openldap/slapd.conf.example, like you suggested, because I am using cn=config:
Hi Clint,
Why did you do this? Do you understand how slapcat even works? Slapcat exports your existing database into LDIF format. That file you are exporting *clearly* has a reference to the entry slapadd is complaining about. You need to examine the LDIF file that is being generated by slapcat. You need to stop mucking with slapd.conf files, and stop emailing slapd.conf files, and look at what I asked you to look at. I.e., you need to look at /tmp/ldif that you generated via slapcat.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
I.e., you need to look at /tmp/ldif that you generated via slapcat.
--Quanah
-----------------------------------------------------------------
Ok, I cleaned up the /tmp/ldif file, and added the database: # slapadd -F /usr/local/etc/openldap/slapd.d -n 1 -l /tmp/ldif 52210b14 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable _#################### 100.00% eta none elapsed none fast! Closing DB... #
Then tried starting slapd: # service slapd start slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Launching OpenLDAP configuration test... slapd: [OK] OpenLDAP configuration test successful slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 slapd: [ALERT] No PID file for OpenLDAP
Then tried starting slapd in debug mode: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210bda slapd startup: initiated. 52210bda backend_startup_one: starting "cn=config" 52210bda config_back_db_open Backend ACL: access to * by * none 52210bda config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210bda backend_startup_one: starting "dc=luthresearch,dc=net" 52210bda bdb_db_open: "dc=luthresearch,dc=net" 52210bda bdb_db_open: database "dc=luthresearch,dc=net": alock package is unstable. 52210bda backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1) 52210bda slapd shutdown: initiated 52210bda ====> bdb_cache_release_all 52210bda slapd destroy: freeing system resources. 52210bda syncinfo_free: rid=002 52210bda slapd stopped.
Saw that alock package is unstable, so removed the alock file and ran db_recover (which recreated the alock file). Then tried starting slapd in debug mode again: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210d17 slapd startup: initiated. 52210d17 backend_startup_one: starting "cn=config" 52210d17 config_back_db_open Backend ACL: access to * by * none
52210d17 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210d17 backend_startup_one: starting "dc=luthresearch,dc=net" 52210d17 bdb_db_open: "dc=luthresearch,dc=net" 52210d17 bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210d17 bdb(dc=luthresearch,dc=net): /var/lib/ldap/log.0000000003: log file unreadable: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): PANIC: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): unable to join the environment 52210d17 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210d17 ====> bdb_cache_release_all 52210d17 bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210d17 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210d17 slapd shutdown: initiated 52210d17 ====> bdb_cache_release_all 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210d17 slapd destroy: freeing system resources. 52210d17 syncinfo_free: rid=002 52210d17 slapd stopped. #
Clint
I.e., you need to look at /tmp/ldif that you generated via slapcat.
--Quanah
-----------------------------------------------------------------
Ok, I cleaned up the /tmp/ldif file, and added the database: # slapadd -F /usr/local/etc/openldap/slapd.d -n 1 -l /tmp/ldif 52210b14 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable _#################### 100.00% eta none elapsed none fast! Closing DB... #
Then tried starting slapd: # service slapd start slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Launching OpenLDAP configuration test... slapd: [OK] OpenLDAP configuration test successful slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 slapd: [ALERT] No PID file for OpenLDAP
Then tried starting slapd in debug mode: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210bda slapd startup: initiated. 52210bda backend_startup_one: starting "cn=config" 52210bda config_back_db_open Backend ACL: access to * by * none 52210bda config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210bda backend_startup_one: starting "dc=luthresearch,dc=net" 52210bda bdb_db_open: "dc=luthresearch,dc=net" 52210bda bdb_db_open: database "dc=luthresearch,dc=net": alock package is unstable. 52210bda backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1) 52210bda slapd shutdown: initiated 52210bda ====> bdb_cache_release_all 52210bda slapd destroy: freeing system resources. 52210bda syncinfo_free: rid=002 52210bda slapd stopped.
Saw that alock package is unstable, so removed the alock file and ran db_recover (which recreated the alock file). Then tried starting slapd in debug mode again: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210d17 slapd startup: initiated. 52210d17 backend_startup_one: starting "cn=config" 52210d17 config_back_db_open Backend ACL: access to * by * none
52210d17 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210d17 backend_startup_one: starting "dc=luthresearch,dc=net" 52210d17 bdb_db_open: "dc=luthresearch,dc=net" 52210d17 bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210d17 bdb(dc=luthresearch,dc=net): /var/lib/ldap/log.0000000003: log file unreadable: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): PANIC: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): unable to join the environment 52210d17 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210d17 ====> bdb_cache_release_all 52210d17 bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210d17 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210d17 slapd shutdown: initiated 52210d17 ====> bdb_cache_release_all 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210d17 slapd destroy: freeing system resources. 52210d17 syncinfo_free: rid=002 52210d17 slapd stopped. #
Fixed the permissions error, and now get: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210e6f slapd startup: initiated. 52210e6f backend_startup_one: starting "cn=config" 52210e6f config_back_db_open Backend ACL: access to * by * none
52210e6f config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210e6f backend_startup_one: starting "dc=luthresearch,dc=net" 52210e6f bdb_db_open: "dc=luthresearch,dc=net" 52210e6f bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210e6f bdb(dc=luthresearch,dc=net): Unacceptable log file /var/lib/ldap/log.0000000003: unsupported log version 14 52210e6f bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): PANIC: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): unable to join the environment 52210e6f bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210e6f ====> bdb_cache_release_all 52210e6f bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210e6f backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210e6f slapd shutdown: initiated 52210e6f ====> bdb_cache_release_all 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210e6f slapd destroy: freeing system resources. 52210e6f syncinfo_free: rid=002 52210e6f slapd stopped. #
Clint
On Aug 30, 2013, at 2:31 PM, Clint Petty cpetty@luthresearch.com wrote:
I.e., you need to look at /tmp/ldif that you generated via slapcat.
--Quanah
Ok, I cleaned up the /tmp/ldif file, and added the database: # slapadd -F /usr/local/etc/openldap/slapd.d -n 1 -l /tmp/ldif 52210b14 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable _#################### 100.00% eta none elapsed none fast! Closing DB... #
Then tried starting slapd: # service slapd start slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Launching OpenLDAP configuration test... slapd: [OK] OpenLDAP configuration test successful slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 slapd: [ALERT] No PID file for OpenLDAP
Then tried starting slapd in debug mode: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210bda slapd startup: initiated. 52210bda backend_startup_one: starting "cn=config" 52210bda config_back_db_open Backend ACL: access to * by * none 52210bda config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210bda backend_startup_one: starting "dc=luthresearch,dc=net" 52210bda bdb_db_open: "dc=luthresearch,dc=net" 52210bda bdb_db_open: database "dc=luthresearch,dc=net": alock package is unstable. 52210bda backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1) 52210bda slapd shutdown: initiated 52210bda ====> bdb_cache_release_all 52210bda slapd destroy: freeing system resources. 52210bda syncinfo_free: rid=002 52210bda slapd stopped.
Saw that alock package is unstable, so removed the alock file and ran db_recover (which recreated the alock file). Then tried starting slapd in debug mode again: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210d17 slapd startup: initiated. 52210d17 backend_startup_one: starting "cn=config" 52210d17 config_back_db_open Backend ACL: access to * by * none
52210d17 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210d17 backend_startup_one: starting "dc=luthresearch,dc=net" 52210d17 bdb_db_open: "dc=luthresearch,dc=net" 52210d17 bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210d17 bdb(dc=luthresearch,dc=net): /var/lib/ldap/log.0000000003: log file unreadable: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): PANIC: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): unable to join the environment 52210d17 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210d17 ====> bdb_cache_release_all 52210d17 bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210d17 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210d17 slapd shutdown: initiated 52210d17 ====> bdb_cache_release_all 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210d17 slapd destroy: freeing system resources. 52210d17 syncinfo_free: rid=002 52210d17 slapd stopped. #
Fixed the permissions error, and now get: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210e6f slapd startup: initiated. 52210e6f backend_startup_one: starting "cn=config" 52210e6f config_back_db_open Backend ACL: access to * by * none
52210e6f config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210e6f backend_startup_one: starting "dc=luthresearch,dc=net" 52210e6f bdb_db_open: "dc=luthresearch,dc=net" 52210e6f bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210e6f bdb(dc=luthresearch,dc=net): Unacceptable log file /var/lib/ldap/log.0000000003: unsupported log version 14 52210e6f bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): PANIC: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): unable to join the environment 52210e6f bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210e6f ====> bdb_cache_release_all 52210e6f bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210e6f backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210e6f slapd shutdown: initiated 52210e6f ====> bdb_cache_release_all 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210e6f slapd destroy: freeing system resources. 52210e6f syncinfo_free: rid=002 52210e6f slapd stopped. #
Clint
Fairly obvious. You ran slapadd as root and slapd runs as a different user. Use slapadd as the same user as slapd uses or fix the permissions with champs
On Aug 30, 2013, at 2:57 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
On Aug 30, 2013, at 2:31 PM, Clint Petty cpetty@luthresearch.com wrote:
I.e., you need to look at /tmp/ldif that you generated via slapcat.
--Quanah
Ok, I cleaned up the /tmp/ldif file, and added the database: # slapadd -F /usr/local/etc/openldap/slapd.d -n 1 -l /tmp/ldif 52210b14 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable _#################### 100.00% eta none elapsed none fast! Closing DB... #
Then tried starting slapd: # service slapd start slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Launching OpenLDAP configuration test... slapd: [OK] OpenLDAP configuration test successful slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 slapd: [ALERT] No PID file for OpenLDAP
Then tried starting slapd in debug mode: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210bda slapd startup: initiated. 52210bda backend_startup_one: starting "cn=config" 52210bda config_back_db_open Backend ACL: access to * by * none 52210bda config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210bda backend_startup_one: starting "dc=luthresearch,dc=net" 52210bda bdb_db_open: "dc=luthresearch,dc=net" 52210bda bdb_db_open: database "dc=luthresearch,dc=net": alock package is unstable. 52210bda backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1) 52210bda slapd shutdown: initiated 52210bda ====> bdb_cache_release_all 52210bda slapd destroy: freeing system resources. 52210bda syncinfo_free: rid=002 52210bda slapd stopped.
Saw that alock package is unstable, so removed the alock file and ran db_recover (which recreated the alock file). Then tried starting slapd in debug mode again: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210d17 slapd startup: initiated. 52210d17 backend_startup_one: starting "cn=config" 52210d17 config_back_db_open Backend ACL: access to * by * none
52210d17 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210d17 backend_startup_one: starting "dc=luthresearch,dc=net" 52210d17 bdb_db_open: "dc=luthresearch,dc=net" 52210d17 bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210d17 bdb(dc=luthresearch,dc=net): /var/lib/ldap/log.0000000003: log file unreadable: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): PANIC: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): unable to join the environment 52210d17 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210d17 ====> bdb_cache_release_all 52210d17 bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210d17 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210d17 slapd shutdown: initiated 52210d17 ====> bdb_cache_release_all 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210d17 slapd destroy: freeing system resources. 52210d17 syncinfo_free: rid=002 52210d17 slapd stopped. #
Fixed the permissions error, and now get: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210e6f slapd startup: initiated. 52210e6f backend_startup_one: starting "cn=config" 52210e6f config_back_db_open Backend ACL: access to * by * none
52210e6f config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210e6f backend_startup_one: starting "dc=luthresearch,dc=net" 52210e6f bdb_db_open: "dc=luthresearch,dc=net" 52210e6f bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210e6f bdb(dc=luthresearch,dc=net): Unacceptable log file /var/lib/ldap/log.0000000003: unsupported log version 14 52210e6f bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): PANIC: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): unable to join the environment 52210e6f bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210e6f ====> bdb_cache_release_all 52210e6f bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210e6f backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210e6f slapd shutdown: initiated 52210e6f ====> bdb_cache_release_all 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210e6f slapd destroy: freeing system resources. 52210e6f syncinfo_free: rid=002 52210e6f slapd stopped. #
Clint
Fairly obvious. You ran slapadd as root and slapd runs as a different user. Use slapadd as the same user as slapd uses or fix the permissions with champs
chmod even. Stupid autocorrect.
On Aug 30, 2013, at 3:01 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
On Aug 30, 2013, at 2:57 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:
On Aug 30, 2013, at 2:31 PM, Clint Petty cpetty@luthresearch.com wrote:
I.e., you need to look at /tmp/ldif that you generated via slapcat.
--Quanah
Ok, I cleaned up the /tmp/ldif file, and added the database: # slapadd -F /usr/local/etc/openldap/slapd.d -n 1 -l /tmp/ldif 52210b14 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable _#################### 100.00% eta none elapsed none fast! Closing DB... #
Then tried starting slapd: # service slapd start slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Launching OpenLDAP configuration test... slapd: [OK] OpenLDAP configuration test successful slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 slapd: [ALERT] No PID file for OpenLDAP
Then tried starting slapd in debug mode: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210bda slapd startup: initiated. 52210bda backend_startup_one: starting "cn=config" 52210bda config_back_db_open Backend ACL: access to * by * none 52210bda config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210bda backend_startup_one: starting "dc=luthresearch,dc=net" 52210bda bdb_db_open: "dc=luthresearch,dc=net" 52210bda bdb_db_open: database "dc=luthresearch,dc=net": alock package is unstable. 52210bda backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1) 52210bda slapd shutdown: initiated 52210bda ====> bdb_cache_release_all 52210bda slapd destroy: freeing system resources. 52210bda syncinfo_free: rid=002 52210bda slapd stopped.
Saw that alock package is unstable, so removed the alock file and ran db_recover (which recreated the alock file). Then tried starting slapd in debug mode again: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210d17 slapd startup: initiated. 52210d17 backend_startup_one: starting "cn=config" 52210d17 config_back_db_open Backend ACL: access to * by * none
52210d17 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210d17 backend_startup_one: starting "dc=luthresearch,dc=net" 52210d17 bdb_db_open: "dc=luthresearch,dc=net" 52210d17 bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210d17 bdb(dc=luthresearch,dc=net): /var/lib/ldap/log.0000000003: log file unreadable: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): PANIC: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): unable to join the environment 52210d17 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210d17 ====> bdb_cache_release_all 52210d17 bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210d17 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210d17 slapd shutdown: initiated 52210d17 ====> bdb_cache_release_all 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210d17 slapd destroy: freeing system resources. 52210d17 syncinfo_free: rid=002 52210d17 slapd stopped. #
Fixed the permissions error, and now get: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210e6f slapd startup: initiated. 52210e6f backend_startup_one: starting "cn=config" 52210e6f config_back_db_open Backend ACL: access to * by * none
52210e6f config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210e6f backend_startup_one: starting "dc=luthresearch,dc=net" 52210e6f bdb_db_open: "dc=luthresearch,dc=net" 52210e6f bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210e6f bdb(dc=luthresearch,dc=net): Unacceptable log file /var/lib/ldap/log.0000000003: unsupported log version 14 52210e6f bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): PANIC: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): unable to join the environment 52210e6f bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210e6f ====> bdb_cache_release_all 52210e6f bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210e6f backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210e6f slapd shutdown: initiated 52210e6f ====> bdb_cache_release_all 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210e6f slapd destroy: freeing system resources. 52210e6f syncinfo_free: rid=002 52210e6f slapd stopped. #
Clint
Fairly obvious. You ran slapadd as root and slapd runs as a different user. Use slapadd as the same user as slapd uses or fix the permissions with champs
chmod even. Stupid autocorrect.
sheesh... chown even. :p
Any idea why I am getting this "bi_db_open failed!" error?
# /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 522118c4 slapd startup: initiated. 522118c4 backend_startup_one: starting "cn=config" 522118c4 config_back_db_open Backend ACL: access to * by * none
522118c4 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 522118c4 backend_startup_one: starting "dc=luthresearch,dc=net" 522118c4 bdb_db_open: "dc=luthresearch,dc=net" 522118c4 bdb_db_open: database "dc=luthresearch,dc=net": database already in use. 522118c4 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1) 522118c4 slapd shutdown: initiated 522118c4 ====> bdb_cache_release_all 522118c4 slapd destroy: freeing system resources. 522118c4 syncinfo_free: rid=002 522118c4 slapd stopped. #
Thanks,
Clint
I.e., you need to look at /tmp/ldif that you generated via slapcat.
--Quanah
-----------------------------------------------------------------
Ok, I cleaned up the /tmp/ldif file, and added the database: # slapadd -F /usr/local/etc/openldap/slapd.d -n 1 -l /tmp/ldif 52210b14 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable _#################### 100.00% eta none elapsed none fast! Closing DB... #
Then tried starting slapd: # service slapd start slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Launching OpenLDAP configuration test... slapd: [OK] OpenLDAP configuration test successful slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 slapd: [ALERT] No PID file for OpenLDAP
Then tried starting slapd in debug mode: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210bda slapd startup: initiated. 52210bda backend_startup_one: starting "cn=config" 52210bda config_back_db_open Backend ACL: access to * by * none 52210bda config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210bda backend_startup_one: starting "dc=luthresearch,dc=net" 52210bda bdb_db_open: "dc=luthresearch,dc=net" 52210bda bdb_db_open: database "dc=luthresearch,dc=net": alock package is unstable. 52210bda backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-1) 52210bda slapd shutdown: initiated 52210bda ====> bdb_cache_release_all 52210bda slapd destroy: freeing system resources. 52210bda syncinfo_free: rid=002 52210bda slapd stopped.
Saw that alock package is unstable, so removed the alock file and ran db_recover (which recreated the alock file). Then tried starting slapd in debug mode again: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210d17 slapd startup: initiated. 52210d17 backend_startup_one: starting "cn=config" 52210d17 config_back_db_open Backend ACL: access to * by * none
52210d17 config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210d17 backend_startup_one: starting "dc=luthresearch,dc=net" 52210d17 bdb_db_open: "dc=luthresearch,dc=net" 52210d17 bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210d17 bdb(dc=luthresearch,dc=net): /var/lib/ldap/log.0000000003: log file unreadable: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): PANIC: Permission denied 52210d17 bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery 52210d17 bdb(dc=luthresearch,dc=net): unable to join the environment 52210d17 bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210d17 ====> bdb_cache_release_all 52210d17 bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210d17 backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210d17 slapd shutdown: initiated 52210d17 ====> bdb_cache_release_all 52210d17 bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210d17 slapd destroy: freeing system resources. 52210d17 syncinfo_free: rid=002 52210d17 slapd stopped. #
Fixed the permissions error, and now get: # /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210e6f slapd startup: initiated. 52210e6f backend_startup_one: starting "cn=config" 52210e6f config_back_db_open Backend ACL: access to * by * none
52210e6f config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context 52210e6f backend_startup_one: starting "dc=luthresearch,dc=net" 52210e6f bdb_db_open: "dc=luthresearch,dc=net" 52210e6f bdb_db_open: database "dc=luthresearch,dc=net": dbenv_open(/var/lib/ldap). 52210e6f bdb(dc=luthresearch,dc=net): Unacceptable log file /var/lib/ldap/log.0000000003: unsupported log version 14 52210e6f bdb(dc=luthresearch,dc=net): Invalid log file: log.0000000003: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): PANIC: Invalid argument 52210e6f bdb(dc=luthresearch,dc=net): unable to join the environment 52210e6f bdb_db_open: database "dc=luthresearch,dc=net" cannot be opened, err -30975. Restore from backup! 52210e6f ====> bdb_cache_release_all 52210e6f bdb(dc=luthresearch,dc=net): txn_checkpoint interface requires an environment configured for the transaction subsystem 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": txn_checkpoint failed: Invalid argument (22). 52210e6f backend_startup_one (type=bdb, suffix="dc=luthresearch,dc=net"): bi_db_open failed! (-30975) 52210e6f slapd shutdown: initiated 52210e6f ====> bdb_cache_release_all 52210e6f bdb_db_close: database "dc=luthresearch,dc=net": alock_close failed 52210e6f slapd destroy: freeing system resources. 52210e6f syncinfo_free: rid=002 52210e6f slapd stopped. #
Removed the other 2 log files, and now get this:
# /usr/local/openldap/libexec/slapd -d -1 -u ldap -F /usr/local/etc/openldap/slapd.d -h ldapi:/// 52210fc9 do_syncrep2: rid=002 got search entry without Sync State control (dc=luthresearch,dc=net) ldap_msgfree ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 11 0000: 30 05 02 01 03 42 00 0....B. ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B. ldap_free_connection: actually freed 52210fc9 daemon: activity on 1 descriptor 52210fc9 daemon: activity on:52210fc9 52210fc9 daemon: epoll: listen=7 active_threads=0 tvp=zero 52210fc9 do_syncrepl: rid=002 rc -1 retrying
Where it hangs.
# service slapd start slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Launching OpenLDAP configuration test... slapd: [OK] OpenLDAP configuration test successful slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 slapd: [ALERT] No PID file for OpenLDAP
Clint
openldap-technical@openldap.org
-
Clint Petty -
Quanah Gibson-Mount