Hi!
First excuse me for my approximative english.
I'm trying to migrate from an old Redhat server running openldap 2.2 to a brand new one using Centos 7 and openldap 2.4. Using slapcat / sldapadd I can't have my new server running with an olc config.
I'd like to know what I'm doing wrong during this process :
# To remove entryUUID lines because they're not usable with openldap 2.4 sed -i -e "/entryUUID/d" /root/myslapcat.ldif
# Running slapadd with a 'cleaned' version of my old slapd.conf slapadd -f /tpm/oldserver/slapd.conf -F /etc/openldap/slapd.d/ -c -u -o schema-check=yes -l /root/myslapcat.ldif
# moving from file configuration to olc : slaptest -f /tmp/oldserver/slapdb.conf -F /etc/openldap/slapd.d/
# now, I can start the service without problem : systemctl start slapd
But, when I try to access the diectory, here is the error messages I have : Oct 29 16:02:57 ldap01-qualif slapd[12351]: conn=1002 fd=11 ACCEPT from IP=10.35.100.87:49238 (IP=0.0.0.0:389) Oct 29 16:02:57 ldap01-qualif slapd[12351]: conn=1002 op=0 BIND dn="cn=Manager,dc=mydomain,dc=fr" method=128 Oct 29 16:02:57 ldap01-qualif slapd[12351]: conn=1002 op=0 BIND dn="cn=Manager,dc=mydomain,dc=fr" mech=SIMPLE ssf=0 Oct 29 16:02:57 ldap01-qualif slapd[12351]: conn=1002 op=0 RESULT tag=97 err=0 text= Oct 29 16:02:57 ldap01-qualif slapd[12351]: conn=1002 op=1 SRCH base="dc=mydomain,dc=fr" scope=1 deref=0 filter="(objectClass=*)" Oct 29 16:02:57 ldap01-qualif slapd[12351]: conn=1002 op=1 SRCH attr=objectclass Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: conn=1002 op=1 SEARCH RESULT tag=101 err=80 nentries=0 text=internal error
But, if a launch slapd like telling it the configuration file to use, everything works well (ie : I can bind to server and view all entries)
slapd -u ldap -f /tmp/oldserver/slapd.conf
Am I missing something obvious? I'm new to openldap...
Regards,
DEVARIEUX Alain wrote:
# Running slapadd with a 'cleaned' version of my old slapd.conf slapadd -f /tpm/oldserver/slapd.conf -F /etc/openldap/slapd.d/ -c -u -o schema-check=yes -l /root/myslapcat.ldif
You invoked this command as user root?
Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery
Check ownership/permissions of the database files.
Ciao, Michael.
Le 30/10/2015 09:36, Michael Ströder a écrit :
DEVARIEUX Alain wrote:
# Running slapadd with a 'cleaned' version of my old slapd.conf slapadd -f /tpm/oldserver/slapd.conf -F /etc/openldap/slapd.d/ -c -u -o schema-check=yes -l /root/myslapcat.ldif
You invoked this command as user root?
Yes, but I then changed the ownership to user ldap group ldap.
Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery Oct 29 16:02:57 ldap01-qualif slapd[12351]: bdb(dc=mydomain,dc=fr): BDB0060 PANIC: fatal region error detected; run recovery
Check ownership/permissions of the database files.
Ownsership and permsissions are all OK. I compared a good server with this one and the file olcDatabase={1}bdb.ldif have lines which seems to be responsible for the error.
here is the bad content, I really don't know how it as arrived here :
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 XXXXXX dn: olcDatabase={1}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {1}bdb olcSuffix: dc=mydomain,dc=fr olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=mydomain,dc=fr olcRootPW:: XXXXXXXXXXXXXXXXXXXXXXX olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap olcDbCacheSize: 1000 olcDbConfig: {0}# $OpenLDAP$ olcDbConfig: {1}# Example DB_CONFIG file for use with slapd(8) BDB/HDB databas es. <========= this is a new line olcDbConfig: {2}# olcDbConfig: {3}# See the Oracle Berkeley DB documentation olcDbConfig: {4}# <http://www.oracle.com/technology/documentation/berkeley-d b/db/ref/env/db_config.html> <============== this is a new line olcDbConfig: {5}# for detail description of DB_CONFIG syntax and semantics. olcDbConfig: {6}# olcDbConfig: {7}# Hints can also be found in the OpenLDAP Software FAQ olcDbConfig:: ezh9Iwk8aHR0cDovL3d3dy5vcGVubGRhcC5vcmcvZmFxL2luZGV4LmNnaT9maWxl PTI+ <========= This a new line olcDbConfig: {9}# in particular: olcDbConfig: {10}# http://www.openldap.org/faq/index.cgi?file=1075 olcDbConfig: {11} olcDbConfig: {12}# Note: most DB_CONFIG settings will take effect only upon re building <============= this is a new line olcDbConfig: {13}# the DB environment. olcDbConfig: {14} olcDbConfig: {15}# one 0.25 GB cache olcDbConfig: {16}set_cachesize 0 268435456 1 olcDbConfig: {17} olcDbConfig: {18}# Data Directory olcDbConfig: {19}#set_data_dir db olcDbConfig: {20} olcDbConfig: {21}# Transaction Log settings olcDbConfig: {22}set_lg_regionmax 262144 olcDbConfig: {23}set_lg_bsize 2097152 olcDbConfig: {24}#set_lg_dir logs olcDbConfig: {25} olcDbConfig: {26}# Note: special DB_CONFIG flags are no longer needed for "qui ck" <============ new line olcDbConfig:: ezI3fSMgc2xhcGFkZCg4KSBvciBzbGFwaW5kZXgoOCkgYWNjZXNzIChzZWUgdGhl aXIgLXEgb3B0aW9uKS4g <============ New Line olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig entryUUID: a8d3783e-1299-1035-85e6-718a04e8aa45 creatorsName: cn=config createTimestamp: 20151029150121Z entryCSN: 20151029150121.235155Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20151029150121Z
I think my slaptest -f myoldconfigfile.conf -F /etc/openldap/slapd.d/ is doing that. I have to run some test to know when this happens exactly.
Would you know how this behaviour can happens?
Regards,
Ciao, Michael.
--On Friday, October 30, 2015 12:57 PM +0100 DEVARIEUX Alain alain.devarieux@sib.fr wrote:
Le 30/10/2015 09:36, Michael Ströder a écrit :
DEVARIEUX Alain wrote:
# Running slapadd with a 'cleaned' version of my old slapd.conf slapadd -f /tpm/oldserver/slapd.conf -F /etc/openldap/slapd.d/ -c -u -o schema-check=yes -l /root/myslapcat.ldif
You invoked this command as user root?
Yes, but I then changed the ownership to user ldap group ldap.
Those are not new lines. They are continuations. I suggest reading up on the LDIF RFC.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
DEVARIEUX Alain -
Michael Ströder -
Quanah Gibson-Mount