Hello. This is again the problem of adding a new database with cn=config structure. Since I asked last question I now have much more knowledge to ask again with more understandable description of the problem, thus new post here.
In short the problem is "objectClass: olcBdbConfig" causes "ldap_add: Invalid syntax" error.
Step 1:
fresh new Ubuntu 10.04 installation with slapd package. (Production server is Debian, but home PC is Ubuntu, try at home first, there hardly can be difference on server packages like slapd between Ubutnu and Debian)
Step 2:
Not being able to find default credential to access cn=config I added my own, adding these two lines to /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif
olcRootDN: cn=Manager,cn=config olcRootPW: secret
And test the new credential works. (how do I test? [1])
Step 3:
Adding a new database definition from ldif file. Error:
# ldapadd -x -D cn=Manager,cn=config -w secret < /tmp/ldif adding new entry "olcDatabase=bdb,cn=config" ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
The file that caused the error is attached below, I could not see anything wrong in it and it is mostly copied from document[2] example.
# BDB definition for example.com dn: olcDatabase=bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: bdb olcSuffix: dc=example,dc=com olcDbDirectory: /var/lib/ldap olcRootDN: cn=Manager,dc=example,dc=com olcRootPW: secret olcDbIndex: uid pres,eq olcDbIndex: cn,sn,uid pres,eq,approx,sub olcDbIndex: objectClass eq olcAccess: to attrs=userPassword by self write by anonymous auth by dn.base="cn=Admin,dc=example,dc=com" write by * none olcAccess: to * by self write by dn.base="cn=Admin,dc=example,dc=com" write by * read
[1] To verify the credential I added to cn=config is usable I did this:
# ldapsearch -x -D cn=Manager,cn=config -w secret -b cn=config | tail ,cn=auth manage by * break olcRootDN: cn=Manager,cn=config olcRootPW: secret
# search result search: 2 result: 0 Success
# numResponses: 6 # numEntries: 5
[2] ending page of this document: http://www.openldap.org/doc/admin24/slapdconf2.html
--On Tuesday, July 27, 2010 9:56 AM +0800 Zhang Weiwu zhangweiwu@realss.com wrote:
Hello. This is again the problem of adding a new database with cn=config structure. Since I asked last question I now have much more knowledge to ask again with more understandable description of the problem, thus new post here.
Here's how I add a hdb database:
dn: olcDatabase={2}hdb,cn=config changetype: add objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /opt/zimbra/data/ldap/accesslog/db olcSuffix: cn=accesslog olcAccess: {0}to dn.subtree="cn=accesslog" by dn.exact="uid=zimbra,cn=admins,cn=zimbra" read by dn.exact="cn=config" read by dn.exact="uid=zmreplica,cn=admins,cn=zimbra" read olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=config olcSizeLimit: unlimited olcTimeLimit: unlimited olcMonitoring: TRUE olcDbCacheSize: 10000 olcDbCheckpoint: 64 5 olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 10000 olcDbIndex: entryCSN eq olcDbIndex: objectClass eq olcDbIndex: reqEnd eq olcDbIndex: reqResult eq olcDbIndex: reqStart eq olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
After struggle with this problem for several days, waisting around 1 working days in total, I now can answer my own question.
The behavior "objectClass: olcBdbConfig" causes "ldap_add: Invalid syntax" error simply indicate back_bdb module is not loaded. I guess one may argue an error at importing olcBackend is more user friendly as it clearly reminds not having backend loaded, while others may consider an error at objectClass is more logical to the programming aspect.
Below are off-topic thoughts of mine after this experience.
The document is pretty complete in documenting what the configuration system is made of, but not the process to make use of it. It documents status but not procedures to reach status. I think a well written step-by-step guide and checklist might save a lot of time.
That reminds me of a business case, an engineer is sent to a spot where the supervisor give every information needed to solve the problem, and he went confused and says, yes I have a lot of information now, but what do you want me to /do/? One may took this lack of proper knowledge as lack of motivation, but more frequently it is lack of knowledge. In the very case a complimentary document would help: it contains a list of problem to be solved, a list of steps to verify the problem is solved, and more helpful would be what steps to take to solve the problem. It cover only basic cases so engineer can improvise complicated cases. But such complimentary document is not in the Administrator's guide. Eventually an engineer might find himself not need the complimentary document much, but he needed it in the first place. Another comparison: pupils dump their textbook after learned them but keeps dictionaries. Yet without the text book pupils don't find dictionary much useful. I guess I am in this pupil case and can benefit a lot with text books. I didn't successfully manage find such text books on the Internet in this cn=config case, perhaps they don't exist yet.
After struggle with this problem for several days, waisting around 1 working days in total, I now can answer my own question.
The behavior "objectClass: olcBdbConfig" causes "ldap_add: Invalid syntax" error simply indicate back_bdb module is not loaded. I guess one may argue an error at importing olcBackend is more user friendly as it clearly reminds not having backend loaded, while others may consider an error at objectClass is more logical to the programming aspect.
Since the "olcBdbConfig" is defined in back_bdb module, and back_bdb registers it when loaded, I find it hard to figure out how an error message related to "olcBdbConfig" being undefined could mention the module that would load it. As a general rule, trying to use a module prior to loading it sounds a bit braindead. It is just one step away from documenting the need to switch the computer on before using ldapadd.
p.
openldap-technical@openldap.org
-
masarati@aero.polimi.it -
Quanah Gibson-Mount -
Zhang Weiwu