[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5783) Possible DB corruption

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5783) Possible DB corruption
From: ando@sys-net.it
Date: Tue, 4 Nov 2008 19:21:14 GMT

moya@latertulia.org wrote:
> Full_Name: Maykel Moya
> Version: 2.4.11
> OS: Debian Lenny
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (200.55.135.211)
> 
> 
> It's second time that I have bitten by this:
> 
> Oct 31 07:49:24 swage slapd[4308]: PROXIED attributeDescription "DC" inserted.
> 
> After that I'm unable to bind against the DSA. The problem has arise in two
> independent systems.
> 
> Steps to reproduce:
> 
> 1. Create a minor db (like Debian does), a dc=foo,dc=org node and a
> cn=admin,rootdn node
> 2. Migrate to cn=config
> 3. Edit cn=config
>    I've added olcTLSCACertificateFile / olcTLSCertificateFile /
> olcTLSCertificateKeyFiel attributes
> 4. Restart the server
> 
> After restarting I see the PROXIED error. I'd wrote to the list before [1][2]
> but the same thing has come in another system.

This does not look like a db corruption.  It looks like you restarted 
slapd with back-config in a compromised state, since it is now missing 
the definition of "dc", which is in core.schema.  You don't specify how 
you edited cn=config; did you manually edited the corresponding ldif 
files?  You're supposed to modify them only via operations using the 
LDAP protocol while the server is running.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

Prev by Date: Re: (ITS#5640) slapd scans too many objects at startup
Next by Date: Re: (ITS#5764) addpartial patch
Index(es):
- Chronological
- Thread