1:54 p.m.
Hi All,
I have install openldap, openldap-servers and openldap-clients and systemctl start
slapd without anyproblem but when try ti do an initial ldapadd I got error. My slapd.conf
and oidbase.ldif as below. Please help and thank you very much
Garry
slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/oidschema/oidbase.schema
include /etc/openldap/oidschema/oidnet.schema
include /etc/openldap/oidschema/oidrdbms.schema
include /etc/openldap/oidschema/alias.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
#default searchbase
defaultsearchbase "dc=cornell,dc=edu"
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=cornell,dc=edu"
rootdn "cn=admin,dc=cornell,dc=edu"
rootpw {SSHA}gZp2hnEA/xq/FfxMgPTjDmSPo78PuZAs
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/cornell
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
### for root oraclecontext
#
database bdb
suffix ""
rootdn "cn=admin"
rootpw {SSHA}gZp2hnEA/xq/FfxMgPTjDmSPo78PuZAs
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/rootoraclecontext
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
oidbase.ldif
dn: dc=cornell,dc=edu
objectClass: top
objectClass: dcObject
objectClass: organization
o: cornell.edu
dc: cornell
dn: cn=OracleContext,dc=cornell,dc=edu
objectclass: orclContext
cn: OracleContext
l$ ldapadd -vc -x -D “cn=admin,dc=cornell,dc=edu” -w $passwd -f oidbase.ldif
ldap_initialize( <DEFAULT> )
ldap_bind: Invalid DN syntax (34)
additional info: invalid DN
7:09 a.m.
--On Thursday, December 06, 2018 9:54 PM +0000 Eggo why <eggo(a)hotmail.com>
wrote:
l$ ldapadd -vc -x -D "cn=admin,dc=cornell,dc=edu" -w
$passwd -f
oidbase.ldif
ldap_initialize( <DEFAULT> )
ldap_bind: Invalid DN syntax (34)
additional info: invalid DN
The quotes you're using appear to be high-bit instead of standard ascii.
Did you cut and paste out of a word document or something?
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
7:13 a.m.
On 12/6/18 10:54 PM, Eggo why wrote:
suffix ""
Any particular reason why you want to define your DB at root level?
Why not use a specific naming context like this:
suffix "dc=cornell,dc=edu"
rootdn "cn=admin"
The rootdn must then be
rootdn "cn=admin,dc=cornell,dc=edu"
l$ ldapadd -vc -x -D “cn=admin,dc=cornell,dc=edu”
Value given with -D must match rootdn in database section of your
slapd.conf.
Ciao, Michael.
7:18 a.m.
--On Friday, December 07, 2018 4:13 PM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
Value given with -D must match rootdn in database section of your
slapd.conf.
You may want to read the slapd.conf a little closer. There are multiple
DB's defined.
database bdb
suffix "dc=cornell,dc=edu"
rootdn "cn=admin,dc=cornell,dc=edu"
Although it's not clear to me the submitter is actually reading our
responses, given they didn't read the last set of answers.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
3:56 p.m.
Hi All,
Thank you very much for all your help. I just realized that all the emails from
openldap.org was going to deleted folder.
The quotes you're using appear to be high-bit instead of standard ascii.
Did you cut and paste out of a word document or something? --> Yes, I copy it from my
note that was take down while doing my first configuration.
Any particular reason why you want to define your DB at root level? --> No reason,
Because this Openldap instance is going to use for Oracle tnsname lookup only.
I will try out all your suggestions and report it back. Once again, I am very appreciate
all your help.
Garry
________________________________
From: Quanah Gibson-Mount <quanah(a)symas.com>
Sent: Friday, December 7, 2018 3:18 PM
To: Michael Ströder; Eggo why; openldap-technical(a)openldap.org
Subject: Re: Please help on Openldap issue
--On Friday, December 07, 2018 4:13 PM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
Value given with -D must match rootdn in database section of your
slapd.conf.
You may want to read the slapd.conf a little closer. There are multiple
DB's defined.
database bdb
suffix "dc=cornell,dc=edu"
rootdn "cn=admin,dc=cornell,dc=edu"
Although it's not clear to me the submitter is actually reading our
responses, given they didn't read the last set of answers.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
11:03 a.m.
Hi All,
After incorporate your suggestions I have mutl master replication environment up and
running. I am able to ldapadd from server1 and do a ldapsearch on server2 and see the
entry that was added from server1 and vice versa. However, I am run into restore issue.
I use slapcat -b "dc=cornell,dc=edu" -l data.lfid to do a database backup and
using slapadd -f data.ldif to restore it but when try to start slapd I got error. Do I
mssing sometinng or forgot to do somthing? Below is my commands out put. Once again
thank you very much for all your help.
Garry
[ldap@ip-10-92-164-27 ~]$ slapadd -f data.ldif
5c12a90f data.ldif: line 1: unknown directive <dn:> outside backend info and
database definitions.
slapadd: bad configuration file!
[ldap@ip-10-92-164-27 ~]$ slapadd -l /home/ldap/data.ldif
5c12a94f bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
5c12a94f => bdb_tool_entry_put: id2entry_add failed: BDB0067 DB_KEYEXIST: Key/data pair
already exists (-30994)
5c12a94f => bdb_tool_entry_put: txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already
exists (-30994)
slapadd: could not add entry dn="dc=cornell,dc=edu" (line=1): txn_aborted!
BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
_#### 20.90% eta none elapsed none spd 1.3 M/s
[centos@ip-10-92-164-27 lib]$ sudo systemctl start slapd
Job for slapd.service failed because the control process exited with error code. See
"systemctl status slapd.service" and "journalctl -xe" for details.
[centos@ip-10-92-164-27 lib]$ systemctl status slapd.service -l
● slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset:
disabled)
Active: failed (Result: exit-code) since Thu 2018-12-13 18:49:20 UTC; 9s ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 12775 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
(code=exited, status=1/FAILURE)
Process: 12762 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited,
status=0/SUCCESS)
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: Starting OpenLDAP Server
Daemon...
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal runuser[12765]: pam_unix(runuser:session):
session opened for user ldap by (uid=0)
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: @(#) $OpenLDAP: slapd 2.4.44
(Oct 30 2018 23:14:27) $
mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: /etc/openldap/slapd.conf: line
109: invalid path: Permission denied
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: slapd stopped.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal slapd[12775]: connections_destroy: nothing to
destroy.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: slapd.service: control process
exited, code=exited status=1
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: Failed to start OpenLDAP Server
Daemon.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: Unit slapd.service entered failed
state.
Dec 13 18:49:20 ip-10-92-164-27.ec2.internal systemd[1]: slapd.service failed.
[centos@ip-10-92-164-27 lib]$ sudo ls -ltr /var/lib/ldap
total 19536
-rw-r--r--. 1 ldap ldap 845 Dec 13 18:43 DB_CONFIG
-rw-------. 1 ldap ldap 8192 Dec 13 18:43 dn2id.bdb
-rw-------. 1 ldap ldap 8192 Dec 13 18:43 cn.bdb
-rw-------. 1 ldap ldap 3761704 Dec 13 18:47 __db.003
-rw-------. 1 ldap ldap 17448960 Dec 13 18:47 __db.002
-rw-------. 1 ldap ldap 2326528 Dec 13 18:47 __db.001
-rw-------. 1 ldap ldap 8192 Dec 13 18:47 entryCSN.bdb
-rw-------. 1 ldap ldap 8192 Dec 13 18:47 entryUUID.bdb
-rw-------. 1 ldap ldap 8192 Dec 13 18:47 objectClass.bdb
-rw-------. 1 ldap ldap 32768 Dec 13 18:47 id2entry.bdb
-rw-------. 1 ldap ldap 10485760 Dec 13 18:47 log.0000000001
-rw-r--r--. 1 ldap ldap 4096 Dec 13 18:47 alock
[centos@ip-10-92-164-27 lib]$ journalctl -xe
-- The start-up result is done.
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal kubelet[12861]: F1213 18:51:40.496492 12861
server.go:189] failed to load Kubelet config file /var/li
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service: main process
exited, code=exited, status=255/n/a
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal systemd[1]: Unit kubelet.service entered
failed state.
Dec 13 18:51:40 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service failed.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service holdoff time
over, scheduling restart.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: Stopped kubelet: The Kubernetes
Node Agent.
-- Subject: Unit kubelet.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished shutting down.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: Started kubelet: The Kubernetes
Node Agent.
-- Subject: Unit kubelet.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished starting up.
--
-- The start-up result is done.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal kubelet[12867]: F1213 18:51:50.746589 12867
server.go:189] failed to load Kubelet config file /var/li
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service: main process
exited, code=exited, status=255/n/a
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: Unit kubelet.service entered
failed state.
Dec 13 18:51:50 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service failed.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service holdoff time
over, scheduling restart.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: Stopped kubelet: The Kubernetes
Node Agent.
-- Subject: Unit kubelet.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished shutting down.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: Started kubelet: The Kubernetes
Node Agent.
-- Subject: Unit kubelet.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished starting up.
--
-- The start-up result is done.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal kubelet[12873]: F1213 18:52:00.996272 12873
server.go:189] failed to load Kubelet config file /var/li
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service: main process
exited, code=exited, status=255/n/a
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: Unit kubelet.service entered
failed state.
Dec 13 18:52:00 ip-10-92-164-27.ec2.internal systemd[1]: kubelet.service failed.
lines 2580-2622/2622 (END)
________________________________
From: openldap-technical <openldap-technical-bounces(a)openldap.org> on behalf of Eggo
why <eggo(a)hotmail.com>
Sent: Monday, December 10, 2018 11:56 PM
To: Quanah Gibson-Mount; openldap-technical(a)openldap.org
Subject: Re: Please help on Openldap issue
Hi All,
Thank you very much for all your help. I just realized that all the emails from
openldap.org was going to deleted folder.
The quotes you're using appear to be high-bit instead of standard ascii.
Did you cut and paste out of a word document or something? --> Yes, I copy it from my
note that was take down while doing my first configuration.
Any particular reason why you want to define your DB at root level? --> No reason,
Because this Openldap instance is going to use for Oracle tnsname lookup only.
I will try out all your suggestions and report it back. Once again, I am very appreciate
all your help.
Garry
________________________________
From: Quanah Gibson-Mount <quanah(a)symas.com>
Sent: Friday, December 7, 2018 3:18 PM
To: Michael Ströder; Eggo why; openldap-technical(a)openldap.org
Subject: Re: Please help on Openldap issue
--On Friday, December 07, 2018 4:13 PM +0100 Michael Ströder
<michael(a)stroeder.com> wrote:
Value given with -D must match rootdn in database section of your
slapd.conf.
You may want to read the slapd.conf a little closer. There are multiple
DB's defined.
database bdb
suffix "dc=cornell,dc=edu"
rootdn "cn=admin,dc=cornell,dc=edu"
Although it's not clear to me the submitter is actually reading our
responses, given they didn't read the last set of answers.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
12:24 p.m.
--On Thursday, December 13, 2018 7:03 PM +0000 Eggo why <eggo(a)hotmail.com>
wrote:
[ldap@ip-10-92-164-27 ~]$ slapadd -f data.ldif
5c12a90f data.ldif: line 1: unknown directive <dn:> outside backend info
and database definitions.
slapadd: bad configuration file!
Read the man page for slapadd. "-f" is clearly documented as taking a
configuration file, not a database in LDIF format.
[ldap@ip-10-92-164-27 ~]$ slapadd -l /home/ldap/data.ldif
5c12a94f bdb_monitor_db_open: monitoring disabled; configure monitor
database to enable
5c12a94f => bdb_tool_entry_put: id2entry_add failed: BDB0067 DB_KEYEXIST:
Key/data pair already exists (-30994)
5c12a94f => bdb_tool_entry_put: txn_aborted! BDB0067 DB_KEYEXIST:
Key/data pair already exists (-30994)
slapadd: could not add entry dn="dc=cornell,dc=edu" (line=1):
txn_aborted! BDB0067 DB_KEYEXIST: Key/data pair already exists (-30994)
The above indicates you failed to remove the existing database prior to
restoring from backup. You cannot overwrite an existind database.
Additionally, you still appear to be using either the depcreated back-bdb
or back-hdb database backend. As I noted in my very first response you
should be using back-mdb.
Overally, I would advise reading the man pages for the slapcat and slapadd
utilities, as you're clearly missing options (such as -b) as well.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
1818
days inactive
1825
days old
openldap-technical@openldap.org
6 comments
3 participants
participants (3)
-
Eggo why -
Michael Ströder -
Quanah Gibson-Mount