Hi All, I have install openldap, openldap-servers and openldap-clients and systemctl start slapd without anyproblem but when try ti do an initial ldapadd I got error. My slapd.conf and oidbase.ldif as below. Please help and thank you very much
Garry
slapd.conf # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema
include /etc/openldap/oidschema/oidbase.schema include /etc/openldap/oidschema/oidnet.schema include /etc/openldap/oidschema/oidrdbms.schema include /etc/openldap/oidschema/alias.schema
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
#default searchbase defaultsearchbase "dc=cornell,dc=edu" ####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=cornell,dc=edu" rootdn "cn=admin,dc=cornell,dc=edu" rootpw {SSHA}gZp2hnEA/xq/FfxMgPTjDmSPo78PuZAs
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap/cornell
# Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
### for root oraclecontext # database bdb suffix "" rootdn "cn=admin" rootpw {SSHA}gZp2hnEA/xq/FfxMgPTjDmSPo78PuZAs
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap/rootoraclecontext
# Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
oidbase.ldif dn: dc=cornell,dc=edu objectClass: top objectClass: dcObject objectClass: organization o: cornell.edu dc: cornell
dn: cn=OracleContext,dc=cornell,dc=edu objectclass: orclContext cn: OracleContext
l$ ldapadd -vc -x -D “cn=admin,dc=cornell,dc=edu” -w $passwd -f oidbase.ldif ldap_initialize( <DEFAULT> ) ldap_bind: Invalid DN syntax (34) additional info: invalid DN
--On Thursday, December 06, 2018 9:54 PM +0000 Eggo why eggo@hotmail.com wrote:
l$ ldapadd -vc -x -D "cn=admin,dc=cornell,dc=edu" -w $passwd -f oidbase.ldif ldap_initialize( <DEFAULT> )
ldap_bind: Invalid DN syntax (34) additional info: invalid DN
The quotes you're using appear to be high-bit instead of standard ascii. Did you cut and paste out of a word document or something?
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
On 12/6/18 10:54 PM, Eggo why wrote:
suffix ""
Any particular reason why you want to define your DB at root level?
Why not use a specific naming context like this:
suffix "dc=cornell,dc=edu"
rootdn "cn=admin"
The rootdn must then be
rootdn "cn=admin,dc=cornell,dc=edu"
l$ ldapadd -vc -x -D “cn=admin,dc=cornell,dc=edu”
Value given with -D must match rootdn in database section of your slapd.conf.
Ciao, Michael.
--On Friday, December 07, 2018 4:13 PM +0100 Michael Ströder michael@stroeder.com wrote:
Value given with -D must match rootdn in database section of your slapd.conf.
You may want to read the slapd.conf a little closer. There are multiple DB's defined.
database bdb suffix "dc=cornell,dc=edu" rootdn "cn=admin,dc=cornell,dc=edu"
Although it's not clear to me the submitter is actually reading our responses, given they didn't read the last set of answers.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hi All, Thank you very much for all your help. I just realized that all the emails from openldap.org was going to deleted folder.
The quotes you're using appear to be high-bit instead of standard ascii. Did you cut and paste out of a word document or something? --> Yes, I copy it from my note that was take down while doing my first configuration.
Any particular reason why you want to define your DB at root level? --> No reason, Because this Openldap instance is going to use for Oracle tnsname lookup only.
I will try out all your suggestions and report it back. Once again, I am very appreciate all your help.
Garry
________________________________ From: Quanah Gibson-Mount quanah@symas.com Sent: Friday, December 7, 2018 3:18 PM To: Michael Ströder; Eggo why; openldap-technical@openldap.org Subject: Re: Please help on Openldap issue
--On Friday, December 07, 2018 4:13 PM +0100 Michael Ströder michael@stroeder.com wrote:
Value given with -D must match rootdn in database section of your slapd.conf.
You may want to read the slapd.conf a little closer. There are multiple DB's defined.
database bdb suffix "dc=cornell,dc=edu" rootdn "cn=admin,dc=cornell,dc=edu"
Although it's not clear to me the submitter is actually reading our responses, given they didn't read the last set of answers.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hi All, After incorporate your suggestions I have mutl master replication environment up and running. I am able to ldapadd from server1 and do a ldapsearch on server2 and see the entry that was added from server1 and vice versa. However, I am run into restore issue. I use slapcat -b "dc=cornell,dc=edu" -l data.lfid to do a database backup and using slapadd -f data.ldif to restore it but when try to start slapd I got error. Do I mssing sometinng or forgot to do somthing? Below is my commands out put. Once again thank you very much for all your help.
Garry
[ldap@ip-10-92-164-27 ~]$ slapadd -f data.ldif
5c12a90f data.ldif: line 1: unknown directive dn: outside backend info and database definitions.
slapadd: bad configuration file!
[ldap@ip-10-92-164-27 ~]$ slapadd -l /home/ldap/data.ldif
5c12a94f bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
5c12a94f => bdb_tool_entry_put: id2entry_add failed: BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
5c12a94f => bdb_tool_entry_put: txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
slapadd: could not add entry dn="dc=cornell,dc=edu" (line=1): txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
_#### 20.90% eta none elapsed none spd 1.3 M/s
[centos@ip-10-92-164-27 lib]$ sudo systemctl start slapd
Job for slapd.service failed because the control process exited with error code. See "systemctl status slapd.service" and "journalctl -xe" for details.
[centos@ip-10-92-164-27 lib]$ systemctl status slapd.service -l
● slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2018-12-13 18:49:20 UTC; 9s ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 12775 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
Process: 12762 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: Starting OpenLDAP Server Daemon...
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal runuser[12765]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: @(#) $OpenLDAP: slapd 2.4.44 (Oct 30 2018 23:14:27) $
mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: /etc/openldap/slapd.conf: line 109: invalid path: Permission denied
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: slapd stopped.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: connections_destroy: nothing to destroy.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: slapd.service: control process exited, code=exited status=1
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: Failed to start OpenLDAP Server Daemon.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: Unit slapd.service entered failed state.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: slapd.service failed.
[centos@ip-10-92-164-27 lib]$ sudo ls -ltr /var/lib/ldap
total 19536
-rw-r--r--. 1 ldap ldap 845 Dec 13 18:43 DB_CONFIG
-rw-------. 1 ldap ldap 8192 Dec 13 18:43 dn2id.bdb
-rw-------. 1 ldap ldap 8192 Dec 13 18:43 cn.bdb
-rw-------. 1 ldap ldap 3761704 Dec 13 18:47 __db.003
-rw-------. 1 ldap ldap 17448960 Dec 13 18:47 __db.002
-rw-------. 1 ldap ldap 2326528 Dec 13 18:47 __db.001
-rw-------. 1 ldap ldap 8192 Dec 13 18:47 entryCSN.bdb
-rw-------. 1 ldap ldap 8192 Dec 13 18:47 entryUUID.bdb
-rw-------. 1 ldap ldap 8192 Dec 13 18:47 objectClass.bdb
-rw-------. 1 ldap ldap 32768 Dec 13 18:47 id2entry.bdb
-rw-------. 1 ldap ldap 10485760 Dec 13 18:47 log.0000000001
-rw-r--r--. 1 ldap ldap 4096 Dec 13 18:47 alock
[centos@ip-10-92-164-27 lib]$ journalctl -xe
-- The start-up result is done.
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal kubelet[12861]: F1213 18:51:40.496492 12861 server.go:189] failed to load Kubelet config file /var/li
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal systemd[1]: Unit kubelet.service entered failed state.
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service failed.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service holdoff time over, scheduling restart.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: Stopped kubelet: The Kubernetes Node Agent.
-- Subject: Unit kubelet.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished shutting down.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: Started kubelet: The Kubernetes Node Agent.
-- Subject: Unit kubelet.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished starting up.
--
-- The start-up result is done.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal kubelet[12867]: F1213 18:51:50.746589 12867 server.go:189] failed to load Kubelet config file /var/li
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: Unit kubelet.service entered failed state.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service failed.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service holdoff time over, scheduling restart.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: Stopped kubelet: The Kubernetes Node Agent.
-- Subject: Unit kubelet.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished shutting down.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: Started kubelet: The Kubernetes Node Agent.
-- Subject: Unit kubelet.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished starting up.
--
-- The start-up result is done.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal kubelet[12873]: F1213 18:52:00.996272 12873 server.go:189] failed to load Kubelet config file /var/li
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: Unit kubelet.service entered failed state.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service failed.
lines 2580-2622/2622 (END)
________________________________ From: openldap-technical openldap-technical-bounces@openldap.org on behalf of Eggo why eggo@hotmail.com Sent: Monday, December 10, 2018 11:56 PM To: Quanah Gibson-Mount; openldap-technical@openldap.org Subject: Re: Please help on Openldap issue
Hi All, Thank you very much for all your help. I just realized that all the emails from openldap.org was going to deleted folder.
The quotes you're using appear to be high-bit instead of standard ascii. Did you cut and paste out of a word document or something? --> Yes, I copy it from my note that was take down while doing my first configuration.
Any particular reason why you want to define your DB at root level? --> No reason, Because this Openldap instance is going to use for Oracle tnsname lookup only.
I will try out all your suggestions and report it back. Once again, I am very appreciate all your help.
Garry
________________________________ From: Quanah Gibson-Mount quanah@symas.com Sent: Friday, December 7, 2018 3:18 PM To: Michael Ströder; Eggo why; openldap-technical@openldap.org Subject: Re: Please help on Openldap issue
--On Friday, December 07, 2018 4:13 PM +0100 Michael Ströder michael@stroeder.com wrote:
Value given with -D must match rootdn in database section of your slapd.conf.
You may want to read the slapd.conf a little closer. There are multiple DB's defined.
database bdb suffix "dc=cornell,dc=edu" rootdn "cn=admin,dc=cornell,dc=edu"
Although it's not clear to me the submitter is actually reading our responses, given they didn't read the last set of answers.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Thursday, December 13, 2018 7:03 PM +0000 Eggo why eggo@hotmail.com wrote:
[ldap@ip-10-92-164-27 ~]$ slapadd -f data.ldif
5c12a90f data.ldif: line 1: unknown directive dn: outside backend info and database definitions.
slapadd: bad configuration file!
Read the man page for slapadd. "-f" is clearly documented as taking a configuration file, not a database in LDIF format.
[ldap@ip-10-92-164-27 ~]$ slapadd -l /home/ldap/data.ldif
5c12a94f bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
5c12a94f => bdb_tool_entry_put: id2entry_add failed: BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
5c12a94f => bdb_tool_entry_put: txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
slapadd: could not add entry dn="dc=cornell,dc=edu" (line=1): txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
The above indicates you failed to remove the existing database prior to restoring from backup. You cannot overwrite an existind database.
Additionally, you still appear to be using either the depcreated back-bdb or back-hdb database backend. As I noted in my very first response you should be using back-mdb.
Overally, I would advise reading the man pages for the slapcat and slapadd utilities, as you're clearly missing options (such as -b) as well.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Eggo why -
Michael Ströder -
Quanah Gibson-Mount