I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is installed via the FreeBSD ports system and I compile it on my machine.
I recently wanted to switch from BDB since versions greater than 6 are not acceptable to OpenLDAP. I wanted to use "mdb", but I just cannot seem to get it configured correctly.
I changed the "database bdb" to "database mdb" but when I try to start openLDAP, I get this error:
Starting slapd Unrecognized database type (mdb) Warning: failed to start slapd
I removed the existing database, so it should be starting up with a clean environment, but the problem continues.
This is probably a problem specific to FreeBSD. If any user of FreeBSD has this working, I would love to see how they configured it. Feel free to contact me off list if it is more convenient.
Thanks!
Am Sat, 1 Nov 2014 14:29:10 -0400 schrieb Jerry jerry@seibercom.net:
I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is installed via the FreeBSD ports system and I compile it on my machine.
I recently wanted to switch from BDB since versions greater than 6 are not acceptable to OpenLDAP. I wanted to use "mdb", but I just cannot seem to get it configured correctly.
I changed the "database bdb" to "database mdb" but when I try to start openLDAP, I get this error:
Starting slapd Unrecognized database type (mdb) Warning: failed to start slapd
I removed the existing database, so it should be starting up with a clean environment, but the problem continues.
This is probably a problem specific to FreeBSD. If any user of FreeBSD has this working, I would love to see how they configured it. Feel free to contact me off list if it is more convenient.
Probably OpenLDAP has not been built with static back-mdb but with back-mdb module. You may check with ./slapd -VVV, this will show all built-in modules.
-Dieter
On Sat, 1 Nov 2014 22:08:38 +0100 Dieter Klünter dieter@dkluenter.de wrote:
Am Sat, 1 Nov 2014 14:29:10 -0400 schrieb Jerry jerry@seibercom.net:
I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is installed via the FreeBSD ports system and I compile it on my machine.
I recently wanted to switch from BDB since versions greater than 6 are not acceptable to OpenLDAP. I wanted to use "mdb", but I just cannot seem to get it configured correctly.
I changed the "database bdb" to "database mdb" but when I try to start openLDAP, I get this error:
Starting slapd Unrecognized database type (mdb) Warning: failed to start slapd
I removed the existing database, so it should be starting up with a clean environment, but the problem continues.
This is probably a problem specific to FreeBSD. If any user of FreeBSD has this working, I would love to see how they configured it. Feel free to contact me off list if it is more convenient.
Probably OpenLDAP has not been built with static back-mdb but with back-mdb module. You may check with ./slapd -VVV, this will show all built-in modules.
This is the output:
@(#) $OpenLDAP: slapd 2.4.40 (Oct 28 2014 06:27:00) $ gerard@scorpio.seibercom.net:/usr/ports/net/openldap24-server/work/openldap-2.4.40/servers/slapd
Included static overlays: syncprov Included static backends: config ldif relay
Remembering that this is a FreeBSD-10 system, what should I do? This is the configuration of the port:
/usr/ports/net/openldap24-server $ make showconfig ===> The following configuration options are available for openldap-server-2.4.40: ACCESSLOG=off: With In-Directory Access Logging overlay ACI=off: Per-object ACI (experimental) AUDITLOG=off: With Audit Logging overlay BDB=on: With BerkeleyDB backend (DEPRECATED) COLLECT=off: With Collect overy Services overlay CONSTRAINT=off: With Attribute Constraint overlay DDS=off: With Dynamic Directory Services overlay DEREF=off: With Dereference overlay DNSSRV=off: With Dnssrv backend DYNACL=off: Run-time loadable ACL (experimental) DYNAMIC_BACKENDS=on: Build dynamic backends DYNGROUP=off: With Dynamic Group overlay DYNLIST=off: With Dynamic List overlay FETCH=off: Enable fetch(3) support GSSAPI=off: With GSSAPI support (implies SASL support) MDB=on: With Memory-Mapped DB backend MEMBEROF=off: With Reverse Group Membership overlay ODBC=off: With SQL backend PASSWD=off: With Passwd backend PERL=off: With Perl backend PPOLICY=off: With Password Policy overlay PROXYCACHE=off: With Proxy Cache overlay REFINT=off: With Referential Integrity overlay RELAY=off: With Relay backend RETCODE=off: With Return Code testing overlay RLOOKUPS=off: With reverse lookups of client hostnames RWM=off: With Rewrite/Remap overlay SASL=off: With (Cyrus) SASL2 support SEQMOD=off: With Sequential Modify overlay SHA2=off: With SHA2 Password hashes overlay SHELL=off: With Shell backend (disables threading) SLAPI=off: With Netscape SLAPI plugin API (experimental) SLP=off: With SLPv2 (RFC 2608) support SMBPWD=off: With Samba Password hashes overlay SOCK=off: With Sock backend SSSVLV=off: With ServerSideSort/VLV overlay SYNCPROV=on: With Syncrepl Provider overlay TCP_WRAPPERS=off: With tcp wrapper support TRANSLUCENT=off: With Translucent Proxy overlay UNIQUE=off: With attribute Uniqueness overlay VALSORT=off: With Value Sorting overlay ===> Use 'make config' to modify these settings
What other information could I provide to help track this problem down?
Am Sun, 2 Nov 2014 05:46:07 -0500 schrieb Jerry jerry@seibercom.net:
On Sat, 1 Nov 2014 22:08:38 +0100 Dieter Klünter dieter@dkluenter.de wrote:
Am Sat, 1 Nov 2014 14:29:10 -0400 schrieb Jerry jerry@seibercom.net:
I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is installed via the FreeBSD ports system and I compile it on my machine.
I recently wanted to switch from BDB since versions greater than 6 are not acceptable to OpenLDAP. I wanted to use "mdb", but I just cannot seem to get it configured correctly.
I changed the "database bdb" to "database mdb" but when I try to start openLDAP, I get this error:
Starting slapd Unrecognized database type (mdb) Warning: failed to start slapd
I removed the existing database, so it should be starting up with a clean environment, but the problem continues.
This is probably a problem specific to FreeBSD. If any user of FreeBSD has this working, I would love to see how they configured it. Feel free to contact me off list if it is more convenient.
Probably OpenLDAP has not been built with static back-mdb but with back-mdb module. You may check with ./slapd -VVV, this will show all built-in modules.
This is the output:
@(#) $OpenLDAP: slapd 2.4.40 (Oct 28 2014 06:27:00) $ gerard@scorpio.seibercom.net:/usr/ports/net/openldap24-server/work/openldap-2.4.40/servers/slapd
Included static overlays: syncprov Included static backends: config ldif relay
Remembering that this is a FreeBSD-10 system, what should I do? This is the configuration of the port:
/usr/ports/net/openldap24-server $ make showconfig ===> The following configuration options are available for openldap-server-2.4.40: ACCESSLOG=off: With In-Directory Access Logging overlay ACI=off: Per-object ACI (experimental) AUDITLOG=off: With Audit Logging overlay BDB=on: With BerkeleyDB backend (DEPRECATED) COLLECT=off: With Collect overy Services overlay CONSTRAINT=off: With Attribute Constraint overlay DDS=off: With Dynamic Directory Services overlay DEREF=off: With Dereference overlay DNSSRV=off: With Dnssrv backend DYNACL=off: Run-time loadable ACL (experimental) DYNAMIC_BACKENDS=on: Build dynamic backends DYNGROUP=off: With Dynamic Group overlay DYNLIST=off: With Dynamic List overlay FETCH=off: Enable fetch(3) support GSSAPI=off: With GSSAPI support (implies SASL support) MDB=on: With Memory-Mapped DB backend
^^^^^^^^^
This is the important part, back-mdb has been built as module. Include back-mdb into the module load part of your slapd configuraton.
-Dieter
On Sun, 2 Nov 2014 13:40:56 +0100 Dieter Klünter dieter@dkluenter.de wrote:
Am Sun, 2 Nov 2014 05:46:07 -0500 schrieb Jerry jerry@seibercom.net:
On Sat, 1 Nov 2014 22:08:38 +0100 Dieter Klünter dieter@dkluenter.de wrote:
Am Sat, 1 Nov 2014 14:29:10 -0400 schrieb Jerry jerry@seibercom.net:
I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is installed via the FreeBSD ports system and I compile it on my machine.
I recently wanted to switch from BDB since versions greater than 6 are not acceptable to OpenLDAP. I wanted to use "mdb", but I just cannot seem to get it configured correctly.
I changed the "database bdb" to "database mdb" but when I try to start openLDAP, I get this error:
Starting slapd Unrecognized database type (mdb) Warning: failed to start slapd
I removed the existing database, so it should be starting up with a clean environment, but the problem continues.
This is probably a problem specific to FreeBSD. If any user of FreeBSD has this working, I would love to see how they configured it. Feel free to contact me off list if it is more convenient.
Probably OpenLDAP has not been built with static back-mdb but with back-mdb module. You may check with ./slapd -VVV, this will show all built-in modules.
This is the output:
@(#) $OpenLDAP: slapd 2.4.40 (Oct 28 2014 06:27:00) $ gerard@scorpio.seibercom.net:/usr/ports/net/openldap24-server/work/openldap-2.4.40/servers/slapd
Included static overlays: syncprov Included static backends: config ldif relay
Remembering that this is a FreeBSD-10 system, what should I do? This is the configuration of the port:
/usr/ports/net/openldap24-server $ make showconfig ===> The following configuration options are available for openldap-server-2.4.40: ACCESSLOG=off: With In-Directory Access Logging overlay ACI=off: Per-object ACI (experimental) AUDITLOG=off: With Audit Logging overlay BDB=on: With BerkeleyDB backend (DEPRECATED) COLLECT=off: With Collect overy Services overlay CONSTRAINT=off: With Attribute Constraint overlay DDS=off: With Dynamic Directory Services overlay DEREF=off: With Dereference overlay DNSSRV=off: With Dnssrv backend DYNACL=off: Run-time loadable ACL (experimental) DYNAMIC_BACKENDS=on: Build dynamic backends DYNGROUP=off: With Dynamic Group overlay DYNLIST=off: With Dynamic List overlay FETCH=off: Enable fetch(3) support GSSAPI=off: With GSSAPI support (implies SASL support) MDB=on: With Memory-Mapped DB backend
^^^^^^^^^This is the important part, back-mdb has been built as module. Include back-mdb into the module load part of your slapd configuraton.
Okay, this is what my slapd.conf file looks like now. It is the one installed by FreeBSD when openldap is installed via its port's system. I removed personal information.
# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb # moduleload back_hdb # moduleload back_ldap
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # BDB database definitions #######################################################################
database bdb #database mdb suffix "REMOVED" rootdn "REMOVED" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw "REMOVED" # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/db/openldap-data #maxsize 1073741824 # Indices to maintain index objectClass eq index cn,sn,mail,o eq,sub index givenName,displayName eq,sub index ou eq,sub
What change should I make? I apologize, but I am new at this and could really use some help.
Jerry wrote:
What change should I make? I apologize, but I am new at this and could really use some help.
Are you also new to BSD and manpages? You've been told, multiple times, what to do. Read the docs.
On Sun, 02 Nov 2014 13:13:57 +0000 Howard Chu hyc@symas.com wrote:
Jerry wrote:
What change should I make? I apologize, but I am new at this and could really use some help.
Are you also new to BSD and manpages? You've been told, multiple times, what to do. Read the docs.
I have read the "docs", "man pages" and searched on-line. I even copied configuration files from the web and tried them, all without success. FreeBSD does not work the way other *.nix systems do, and I don't have any more time to invest in this venture today. Perhaps if the FreeBSD team releases an OpenLDAP that is configured to work with "mdb" in the future, I will revisit the issue. In any case, it is working with "bdb" and that will have to suffice for now.
--On November 2, 2014 at 8:43:00 AM -0500 Jerry jerry@seibercom.net wrote:
Are you also new to BSD and manpages? You've been told, multiple times, what to do. Read the docs.
I have read the "docs", "man pages" and searched on-line. I even copied configuration files from the web and tried them, all without success. FreeBSD does not work the way other *.nix systems do, and I don't have any more time to invest in this venture today. Perhaps if the FreeBSD team releases an OpenLDAP that is configured to work with "mdb" in the future, I will revisit the issue. In any case, it is working with "bdb" and that will have to suffice for now.
Hi Jerry,
As someone who works on the documentation for OpenLDAP, I would like to understand this answer better.
First off, in the 2nd response to your email from Dieter, he specifically said:
This is the important part, back-mdb has been built as module. Include back-mdb into the module load part of your slapd configuraton.
In the slapd.conf you provided, there is a clear and explicit example of a module being loaded:
moduleload back_bdb
Please explain to me, in depth, what was lacking in response and documentation that you were unable to comprehend an explicit instruction to moduleload back mdb that was provided to you multiple times?
I'm also not sure what FreeBSD vs Linux has to do with anything. OpenLDAP is simply a piece of compiled software. How it is compiled and what options are available to it may vary from distribution to distribution (whether those are linux or *bsd distributions), but there is zero to do with FreeBSD vs Linux.
Thanks, Quanah
Quanah Gibson-Mount wrote:
Hi Jerry,
As someone who works on the documentation for OpenLDAP, I would like to understand this answer better.
You're wasting your time with this one.
--On November 2, 2014 at 8:43:00 AM -0500 Jerry jerry@seibercom.net wrote:
Are you also new to BSD and manpages? You've been told, multiple times, what to do. Read the docs.
I have read the "docs", "man pages" and searched on-line. I even copied configuration files from the web and tried them, all without success.
The one thing Jerry did *not* say he did, and which he clearly did *not* do, was actually read his own config file and try to understand what was in it.
Copying random files off the web willy-nilly to solve an issue is like trying to fix an automobile by randomly throwing screwdrivers and hammers at it.
Am Mon, 03 Nov 2014 09:30:49 -0800 schrieb Quanah Gibson-Mount quanah@zimbra.com:
--On November 2, 2014 at 8:43:00 AM -0500 Jerry jerry@seibercom.net wrote:
Are you also new to BSD and manpages? You've been told, multiple times, what to do. Read the docs.
I have read the "docs", "man pages" and searched on-line. I even copied configuration files from the web and tried them, all without success. FreeBSD does not work the way other *.nix systems do, and I don't have any more time to invest in this venture today. Perhaps if the FreeBSD team releases an OpenLDAP that is configured to work with "mdb" in the future, I will revisit the issue. In any case, it is working with "bdb" and that will have to suffice for now.
Hi Jerry,
As someone who works on the documentation for OpenLDAP, I would like to understand this answer better.
First off, in the 2nd response to your email from Dieter, he specifically said:
This is the important part, back-mdb has been built as module. Include back-mdb into the module load part of your slapd configuraton.
In the slapd.conf you provided, there is a clear and explicit example of a module being loaded:
moduleload back_bdb
Please explain to me, in depth, what was lacking in response and documentation that you were unable to comprehend an explicit instruction to moduleload back mdb that was provided to you multiple times?
I'm also not sure what FreeBSD vs Linux has to do with anything. OpenLDAP is simply a piece of compiled software. How it is compiled and what options are available to it may vary from distribution to distribution (whether those are linux or *bsd distributions), but there is zero to do with FreeBSD vs Linux.
Quanah, be patient, remember 14-15 years ago we had almost the same questions and problems.
-Dieter
--On November 3, 2014 at 9:54:56 PM +0100 Dieter Klünter dieter@dkluenter.de wrote:
Quanah, be patient, remember 14-15 years ago we had almost the same questions and problems.
I'm simply trying to ascertain where there was a documentation failure as was asserted by Jerry. I fail to see what's wrong with that.
--Quanah
On Mon, 03 Nov 2014 13:36:40 -0800 Quanah Gibson-Mount quanah@zimbra.com wrote:
--On November 3, 2014 at 9:54:56 PM +0100 Dieter Klünter dieter@dkluenter.de wrote:
Quanah, be patient, remember 14-15 years ago we had almost the same questions and problems.
I'm simply trying to ascertain where there was a documentation failure as was asserted by Jerry. I fail to see what's wrong with that.
--Quanah
The problem is that I failed to realize that I needed to place:
moduleload back_mdb.la
in my slapd.conf file. I had other entries there, "back_bdb" "back_hda", etcetera, but none ended in ".la" I simple changed the moduleload to "back_mdb" which obviously did not work. Thanks to Dieter Klünter who pointed this out to me, I was able to get everything up and running as I wanted.
Now Howard Chu, who obviously was born a frigging genius doesn't understand that while I spend two days reading every frigging thing I could get my hands on, the one thing I never ran across was an actual working config for openldap utilizing "mdb". Now that I know what I was suppose to be looking for, I found a reference to it http://www.openldap.org/doc/admin24/backends.html 11. Backends. The problem is since I did not have any backends that had the ".la" extension, it did not occur to me that I needed to use it.
This is the stock slapd.conf "backend modules" section that is created when openldap is installed via the FreeBSD ports system. Obviously, I added the "back_mdb.la" entry. I don't know why neither the "back_bdb" or "back_hdb" have that extension though. However, they do work. That is what led to my confusion.
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb moduleload back_mdb.la # moduleload back_hdb # moduleload back_ldap
Anyway, it is working now and I have Dieter to thank for that. Interestingly enough, I never received any help on the FreeBSD forum, although I did get a few requests for how to do it if I ever got it to work. Obviously, the geniuses over there aren't all that brilliant either. I did get the port maintainer for openldap at FreeBSD to agree to rework the port and have it configured for "mdb" and not "bdb" when installed new. Time will tell though.
On Mon, Nov 3, 2014 at 2:16 PM, Jerry jerry@seibercom.net wrote:
Now Howard Chu, who obviously was born a frigging genius
Yes, you got that part right. And he's molding kellabyte in his own image.
that while I spend two days reading every frigging thing I could get my hands on, the one thing I never ran across was an actual working config for openldap utilizing "mdb".
Nicely stated: "A useful addition to the documentation would be a working config."
Now that I know what I was suppose to be looking for, I found a reference to it http://www.openldap.org/doc/admin24/backends.html 11. Backends. The problem is since I did not have any backends that had the ".la" extension, it did not occur to me that I needed to use it.
Nicely stated: "A lot more description about what .la does when it's specified in the openldap config as an extension of the module being loaded would go a long way. And an explanation of why it can be removed after being run once with it present." I'm not sure if "it" refers to "the entire line can be dropped" (seems unlikely) or to "the .la extension can be dropped."
...Todd
Todd Lyons wrote:
On Mon, Nov 3, 2014 at 2:16 PM, Jerry jerry@seibercom.net wrote:
that while I spend two days reading every frigging thing I could get my hands on, the one thing I never ran across was an actual working config for openldap utilizing "mdb".
Nicely stated: "A useful addition to the documentation would be a working config."
You mean like this?
http://www.openldap.org/doc/admin24/slapdconf2.html#Configuration%20Example
Now that I know what I was suppose to be looking for, I found a reference to it http://www.openldap.org/doc/admin24/backends.html 11. Backends. The problem is since I did not have any backends that had the ".la" extension, it did not occur to me that I needed to use it.
Nicely stated: "A lot more description about what .la does when it's specified in the openldap config as an extension of the module being loaded would go a long way. And an explanation of why it can be removed after being run once with it present." I'm not sure if "it" refers to "the entire line can be dropped" (seems unlikely) or to "the .la extension can be dropped."
Actually irrelevant. The .la suffix is totally optional and would have no impact on whether the load would succeed or not. In any case Jerry never actually tried "moduleload back_mdb", despite being told to check his module load statements, on 3 separate occasions, including the very first reply to his question.
http://www.openldap.org/lists/openldap-technical/201411/msg00004.html http://www.openldap.org/lists/openldap-technical/201411/msg00006.html http://www.openldap.org/lists/openldap-technical/201411/msg00007.html
Hello,
You mean like this?
http://www.openldap.org/doc/admin24/slapdconf2.html#Configuration%20Example
Maybe the table 5.2 (http://www.openldap.org/doc/admin24/slapdconf2.html#Backend-specific%20Direc...) could be edited to add the mdb backend ?
I know it appears in this section of the documentation http://www.openldap.org/doc/admin24/backends.html but a lot of people doens't read all the doc...
Regards
Julien Huon
--On November 4, 2014 at 4:29:05 PM +0000 Julien Huon Julien.Huon@aduneo.com wrote:
Hello,
You mean like this?
http://www.openldap.org/doc/admin24/slapdconf2.html#Configuration%20Exam ple
Maybe the table 5.2 (http://www.openldap.org/doc/admin24/slapdconf2.html#Backend-specific%20D irectives) could be edited to add the mdb backend ?
The documentation for 2.5 is already being rewritten to use back-mdb as the default in examples. However, that still won't resolve cases where people cannot make the logical leap between changing a "b" to an "m" or a "h" to an "m" etc when examining what is an example configuration.
--Quanah
On Tue, 04 Nov 2014 13:59:02 +0000 Howard Chu hyc@symas.com wrote:
Actually irrelevant. The .la suffix is totally optional and would have no impact on whether the load would succeed or not. In any case Jerry never actually tried "moduleload back_mdb", despite being told to check his module load statements, on 3 separate occasions, including the very first reply to his question.
Actually, I did try it. I even rebooted the system to see if that made any difference.
Please, if you don't know what you are talking about, shut the hell up.
Jerry wrote:
On Tue, 04 Nov 2014 13:59:02 +0000 Howard Chu hyc@symas.com wrote:
Actually irrelevant. The .la suffix is totally optional and would have no impact on whether the load would succeed or not. In any case Jerry never actually tried "moduleload back_mdb", despite being told to check his module load statements, on 3 separate occasions, including the very first reply to his question.
Actually, I did try it. I even rebooted the system to see if that made any difference.
Please, if you don't know what you are talking about, shut the hell up.
Having written the code, I know quite well what I'm talking about. If only you would do the same...
Meanwhile, nowhere in any of your posts did you ever mention trying that.
http://www.openldap.org/lists/openldap-technical/201411/msg00003.html
All you said was you changed the "database bdb" to "database mdb" which obviously didn't work since you hadn't loaded the back_mdb module yet.
Now, if you want to say that what you reported in your posts is not what you actually attempted, that's obvious by now. But also not helpful to the people trying to help you, who need to know exactly what was done, to figure out what went wrong.
In the meantime - I've loaded a FreeBSD system here and repeated the exercise, and "moduleload back_mdb" works perfectly well.
Am Sun, 2 Nov 2014 08:07:32 -0500 schrieb Jerry jerry@seibercom.net:
On Sun, 2 Nov 2014 13:40:56 +0100 Dieter Klünter dieter@dkluenter.de wrote:
Am Sun, 2 Nov 2014 05:46:07 -0500 schrieb Jerry jerry@seibercom.net:
On Sat, 1 Nov 2014 22:08:38 +0100 Dieter Klünter dieter@dkluenter.de wrote:
Am Sat, 1 Nov 2014 14:29:10 -0400 schrieb Jerry jerry@seibercom.net:
I am running OpenLDAP on a FreeBSD-10 amd 64 machine. It is installed via the FreeBSD ports system and I compile it on my machine.
I recently wanted to switch from BDB since versions greater than 6 are not acceptable to OpenLDAP. I wanted to use "mdb", but I just cannot seem to get it configured correctly.
I changed the "database bdb" to "database mdb" but when I try to start openLDAP, I get this error:
Starting slapd Unrecognized database type (mdb) Warning: failed to start slapd
I removed the existing database, so it should be starting up with a clean environment, but the problem continues.
This is probably a problem specific to FreeBSD. If any user of FreeBSD has this working, I would love to see how they configured it. Feel free to contact me off list if it is more convenient.
Probably OpenLDAP has not been built with static back-mdb but with back-mdb module. You may check with ./slapd -VVV, this will show all built-in modules.
This is the output:
@(#) $OpenLDAP: slapd 2.4.40 (Oct 28 2014 06:27:00) $ gerard@scorpio.seibercom.net:/usr/ports/net/openldap24-server/work/openldap-2.4.40/servers/slapd
Included static overlays: syncprov Included static backends: config ldif relay
Remembering that this is a FreeBSD-10 system, what should I do? This is the configuration of the port:
/usr/ports/net/openldap24-server $ make showconfig ===> The following configuration options are available for openldap-server-2.4.40: ACCESSLOG=off: With In-Directory Access Logging overlay ACI=off: Per-object ACI (experimental) AUDITLOG=off: With Audit Logging overlay BDB=on: With BerkeleyDB backend (DEPRECATED) COLLECT=off: With Collect overy Services overlay CONSTRAINT=off: With Attribute Constraint overlay DDS=off: With Dynamic Directory Services overlay DEREF=off: With Dereference overlay DNSSRV=off: With Dnssrv backend DYNACL=off: Run-time loadable ACL (experimental) DYNAMIC_BACKENDS=on: Build dynamic backends DYNGROUP=off: With Dynamic Group overlay DYNLIST=off: With Dynamic List overlay FETCH=off: Enable fetch(3) support GSSAPI=off: With GSSAPI support (implies SASL support) MDB=on: With Memory-Mapped DB backend
^^^^^^^^^This is the important part, back-mdb has been built as module. Include back-mdb into the module load part of your slapd configuraton.
Okay, this is what my slapd.conf file looks like now. It is the one installed by FreeBSD when openldap is installed via its port's system. I removed personal information.
# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb # moduleload back_hdb # moduleload back_ldap
moduleload back_mdb.la
What change should I make? I apologize, but I am new at this and could really use some help.
-Dieter
On Sun, 2 Nov 2014 14:52:36 +0100 Dieter Klünter dieter@dkluenter.de wrote:
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb # moduleload back_hdb # moduleload back_ldap
moduleload back_mdb.la
Thank you so much. That was the missing piece of the puzzle. Now everything works fine. Do I still need to keep the "moduleload back_bdb" entry or can I just comment it out? It is not commented out yet, and everything seems to be working fine.
Am Sun, 2 Nov 2014 09:59:50 -0500 schrieb Jerry jerry@seibercom.net:
On Sun, 2 Nov 2014 14:52:36 +0100 Dieter Klünter dieter@dkluenter.de wrote:
# Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb # moduleload back_hdb # moduleload back_ldap
moduleload back_mdb.laThank you so much. That was the missing piece of the puzzle. Now everything works fine. Do I still need to keep the "moduleload back_bdb" entry or can I just comment it out? It is not commented out yet, and everything seems to be working fine.
There is no necessity to comment it out, but you may do so without any harm.
-Dieter
Hi Jerry,
your version of OpenLDAP has been compiled with dynamic backend support (DYNAMIC_BACKENDS=on: Build dynamic backends), meaning slapd is capable to add additional features at runtime (if you use cn=config) or at start time (if configured in slapd.conf). As you can see from the output of slapd -VVV the mdb backend has not been compiled statically into the slapd binary requiring you to instruct it to load the module containing mdb in order to support it. To find out how this is done, you should read chapter 11 of the OpenLDAP Administrators guide (http://www.openldap.org/doc/admin24/backends.html).
You also might want to read the slapd.conf manpage (assuming you still use the plain file configuration), especially the moduleload and modulepath sections. In addition man 'slapd.backends' and 'man slapd-mdb' could be helpful.
Regards,
openldap-technical@openldap.org
-
Bernd May -
Dieter Klünter -
Howard Chu -
Jerry -
Julien Huon -
Quanah Gibson-Mount -
Todd Lyons