[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6948) slaptest fails a converting a working cn=config from a .conf with a pcache configuration
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6948) slaptest fails a converting a working cn=config from a .conf with a pcache configuration
- From: hyc@symas.com
- Date: Tue, 7 Jun 2011 20:52:40 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Tyler Gates wrote:
> Howard,
> Does the most recent patch to ITS #6948 'ITS#6948 partial revert
> of #6837, unnecessary' replace the first patch 'ITS#6948 fix ITS#6837
> patch' ?
No.
> On Sun, Jun 5, 2011 at 10:04 PM, Tyler Gates<tgates81@gmail.com> wrote:
>> Thanks Howard, it working perfectly again. This also resolves my other
>> ITS, #6891.
>>
>> On 06/05/2011 04:36 PM, Howard Chu wrote:
>>> tgates81@gmail.com wrote:
>>>> Full_Name: Tyler Gates
>>>> Version: 2.4.25
>>>> OS: Ubuntu 10.04 LTS
>>>> URL: ftp://ftp.openldap.org/incoming/
>>>> Submission from: (NULL) (65.184.61.44)
>>>>
>>>>
>>>> I've been fighting with a strange issue related to a backend database
>>>> using a
>>>> pcache configuration since upgrading from 2.4.24 to 2.4.25. Assuming
>>>> there was
>>>> just something wrong with my cn=config I decided to start back fresh
>>>> using
>>>> slapd.conf instead.
>>>> Once I got the config working just fine I used slaptest to convert
>>>> the config to
>>>> a new cn=config. Unfortunately when I tried using -F cn=config
>>>> instead of my -f
>>>> slapd.conf, slapd failed with the same old message:
>>>
>>> Looks like this was broken by the patch for ITS#6837. Working on a new
>>> fix.
>>>>
>>>> May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup: warning,
>>>> database 0 (hdb) has no suffix
>>>> May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup_one:
>>>> starting
>>>> "(unknown)"
>>>> May 22 09:15:58 directory-proxy2 slapd[25055]: hdb_db_open: need suffix.
>>>> May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup_one
>>>> (type=hdb,
>>>> suffix="(null)"): bi_db_open failed! (-1)
>>>> May 22 09:15:58 directory-proxy2 slapd[25055]: slapd shutdown: initiated
>>>>
>>>>
>>>> The backend database has never required me specify a suffix since it
>>>> is already
>>>> specified in the ldap overlay and when I try to add it in I get slapd
>>>> trying to
>>>> open the database twice which results in the second instance having
>>>> access
>>>> issues thus rendering all of the database inaccessible to queries.
>>>>
>>>> I'm assuming there has been a configuration change in cn=config for this
>>>> particular layout but slaptest has not been updated. Below is a copy
>>>> of the flat
>>>> file I used that worked fine but failed once converted to cn=config
>>>> using
>>>> slaptest -f slapd.conf -F /etc/ldap/slapd.d/
>>>>
>>>> root@directory-proxy:~# grep "^[^#]"
>>>> /etc/ldap/slapd.conf.back_ldap_ppcache
>>>> include /etc/ldap/schema/core.schema
>>>> include /etc/ldap/schema/cosine.schema
>>>> include /etc/ldap/schema/nis.schema
>>>> include /etc/ldap/schema/inetorgperson.schema
>>>> include /etc/ldap/schema/openldap.schema
>>>> include /etc/ldap/schema/sudo.schema
>>>> include /etc/ldap/schema/autofs.schema
>>>> include /etc/ldap/schema/ppolicy.schema
>>>> include /etc/ldap/schema/qmail.schema
>>>> include /etc/ldap/schema/puppet.schema
>>>> pidfile /var/run/slapd/slapd.pid
>>>> argsfile /var/run/slapd/slapd.args
>>>> modulepath /usr/lib/ldap
>>>> moduleload back_ldap
>>>> moduleload back_hdb
>>>> moduleload pcache
>>>> moduleload ppolicy
>>>> TLSCertificateFile /etc/ldap/ssl/slapd.crt
>>>> TLSCertificateKeyFile /etc/ldap/ssl/slapd.key
>>>> TLSCACertificateFile /etc/ssl/certs/ca.castlebranch.com.crt
>>>> loglevel -1
>>>> allow bind_anon_dn
>>>> database config
>>>> rootdn cn=admin,cn=config
>>>> rootpw secret
>>>> access to * by
>>>> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>>>> manage by * break
>>>> database ldap
>>>> suffix "dc=domain,dc=com"
>>>> rootdn "cn=Manager,dc=domain,dc=com"
>>>> rootpw secret
>>>> uri "ldaps://directory1.domain.com
>>>> ldaps://directory2.domain.com"
>>>> overlay pcache
>>>> proxycache hdb 100000 3 1000 100
>>>> proxyAttrset 0 uid userPassword uidNumber gidNumber cn homeDirectory
>>>> loginShell gecos description memberUid uniqueMember objectClass
>>>> proxyAttrset 1 cn automountInformation
>>>> proxyAttrset 2 cn mail
>>>> proxyTemplate (&(objectClass=)(|(memberUid=)(uniqueMember=))) 0 1800
>>>> proxyTemplate (&(objectClass=)(uid=)) 0 1800
>>>> proxyTemplate (&(objectClass=)(cn=)) 0 1800
>>>> proxyTemplate (&(objectClass=)) 0 1800
>>>> proxyTemplate (objectClass=) 0 1800
>>>> proxyTemplate (&(objectClass=)(memberUid=)) 0 1800 900
>>>> proxyTemplate (&(objectClass=)(uniqueMember=)) 0 1800 900
>>>> proxyTemplate (&(objectClass=)(uidNumber=)) 0 1800
>>>> proxyTemplate (&(objectClass=)(gidNumber=)) 0 1800
>>>> proxyTemplate (&(objectClass=)(|(cn=)(gidNumber=))) 1 3600 600
>>>> proxyTemplate (&(objectClass=)(|(cn=)(cn=))) 1 3600 600
>>>> proxyTemplate (&(objectClass=)(|(cn=)(cn=)(cn=))) 1 3600 600
>>>> proxyTemplate (|(cn=)(mail=)(sn=)) 2 7200
>>>> directory /var/lib/ldap
>>>> cachesize 1000
>>>> idletimeout 600
>>>> idlcachesize 3000
>>>> index objectClass eq
>>>> index cn,mail,surname,givenname eq,subinitial
>>>> index uidNumber,gidNumber,memberuid,member,uniqueMember eq
>>>> index uid eq,subinitial
>>>> index nisMapName,automountInformation eq
>>>> index userPassword,homeDirectory,loginShell,gecos,description eq
>>>> index pcacheQueryID eq
>>>>
>>>>
>>>
>>>
>>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/