7827 – Typo in slapacl can causes unclean database

Issue 7827 - Typo in slapacl can causes unclean database

Summary: Typo in slapacl can causes unclean database

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-25 19:05 UTC by Quanah Gibson-Mount
Modified:	2014-10-23 07:31 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Quanah Gibson-Mount 2014-03-25 12:07:28 UTC

moved from Incoming to Software Bugs

Comment 1 Howard Chu 2014-03-25 15:22:30 UTC

changed notes
changed state Open to Test

Comment 2 Quanah Gibson-Mount 2014-03-25 19:05:54 UTC

Full_Name: Quanah Gibson-Mount
Version: openldap master
OS: Linux 2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.58.125)


As reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741248, slapacl
when used with a base that is not contained in the OpenLDAP configuration can
cause unclean DB messages.

To reproduce, I had to disable the monitor database in my configuration, so that
there was only the cn=config db and a primary BDB based backend.  It also does
not occur if the suffix for the database is "" (as that contains everything).

If the suffix of the DB is specific(such as "cn=zimbra"), then you can cause the
unclean shutdown status to trigger by running slapacl against a suffix that is
not contained in the slapd configuration:

zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbraaaaa" -D
"uid=zimbra,cn=admins,cn=zimbra" entry
5331d242 hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
5331d242 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
attempting recovery.
5331d242 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
Run manual recovery if errors are encountered.
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
cn=zimbraaaaa: no target database has been found for baseDN="slapacl"; you may
try with "-u" (dry run).
zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
entry
5331d258 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
attempting recovery.
5331d258 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
Run manual recovery if errors are encountered.
5331d258 hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
entry: write(=wrscxd)
zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
entry
5331d262 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
attempting recovery.
5331d262 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
Run manual recovery if errors are encountered.
5331d262 hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
entry: write(=wrscxd)

Even running db_recover does not fix it:

zimbra@zre-ldap001:~/data/ldap/hdb/db$ db_recover
zimbra@zre-ldap001:~/data/ldap/hdb/db$ cd
zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
entry
5331d350 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
attempting recovery.
5331d350 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
Run manual recovery if errors are encountered.
5331d350 hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
entry: write(=wrscxd)

After starting slapd, the db is properly cleaned up:

zimbra@zre-ldap001:~$ ps -eaf | grep slapd
zimbra    1655     1  3 12:05 ?        00:00:00 /opt/zimbra/openldap/sbin/slapd
-l LOCAL0 -u zimbra -h ldap://zre-ldap001.eng.zimbra.com:389 ldapi:/// -F
/opt/zimbra/data/ldap/config

zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
entry
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
entry: write(=wrscxd)

Comment 3 Howard Chu 2014-03-25 22:19:05 UTC

quanah@OpenLDAP.org wrote:
> Full_Name: Quanah Gibson-Mount
> Version: openldap master
> OS: Linux 2.6
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (75.111.58.125)
>
>
> As reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741248, slapacl
> when used with a base that is not contained in the OpenLDAP configuration can
> cause unclean DB messages.

Fixed now in master
>
> To reproduce, I had to disable the monitor database in my configuration, so that
> there was only the cn=config db and a primary BDB based backend.  It also does
> not occur if the suffix for the database is "" (as that contains everything).
>
> If the suffix of the DB is specific(such as "cn=zimbra"), then you can cause the
> unclean shutdown status to trigger by running slapacl against a suffix that is
> not contained in the slapd configuration:
>
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbraaaaa" -D
> "uid=zimbra,cn=admins,cn=zimbra" entry
> 5331d242 hdb_monitor_db_open: monitoring disabled; configure monitor database to
> enable
> 5331d242 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
> attempting recovery.
> 5331d242 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
> Run manual recovery if errors are encountered.
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> cn=zimbraaaaa: no target database has been found for baseDN="slapacl"; you may
> try with "-u" (dry run).
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
> entry
> 5331d258 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
> attempting recovery.
> 5331d258 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
> Run manual recovery if errors are encountered.
> 5331d258 hdb_monitor_db_open: monitoring disabled; configure monitor database to
> enable
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> entry: write(=wrscxd)
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
> entry
> 5331d262 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
> attempting recovery.
> 5331d262 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
> Run manual recovery if errors are encountered.
> 5331d262 hdb_monitor_db_open: monitoring disabled; configure monitor database to
> enable
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> entry: write(=wrscxd)
>
> Even running db_recover does not fix it:
>
> zimbra@zre-ldap001:~/data/ldap/hdb/db$ db_recover
> zimbra@zre-ldap001:~/data/ldap/hdb/db$ cd
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
> entry
> 5331d350 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
> attempting recovery.
> 5331d350 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
> Run manual recovery if errors are encountered.
> 5331d350 hdb_monitor_db_open: monitoring disabled; configure monitor database to
> enable
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> entry: write(=wrscxd)
>
> After starting slapd, the db is properly cleaned up:
>
> zimbra@zre-ldap001:~$ ps -eaf | grep slapd
> zimbra    1655     1  3 12:05 ?        00:00:00 /opt/zimbra/openldap/sbin/slapd
> -l LOCAL0 -u zimbra -h ldap://zre-ldap001.eng.zimbra.com:389 ldapi:/// -F
> /opt/zimbra/data/ldap/config
>
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
> entry
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> entry: write(=wrscxd)
>
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 4 Quanah Gibson-Mount 2014-04-01 17:00:09 UTC

changed notes
changed state Test to Release

Comment 5 OpenLDAP project 2014-10-23 07:31:14 UTC

fixed in master
fixed in RE25
fixed in RE24

Comment 6 Quanah Gibson-Mount 2014-10-23 07:31:14 UTC

changed notes
changed state Release to Closed