[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6948) slaptest fails a converting a working cn=config from a .conf with a pcache configuration

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6948) slaptest fails a converting a working cn=config from a .conf with a pcache configuration
From: hyc@symas.com
Date: Sun, 5 Jun 2011 20:37:16 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

tgates81@gmail.com wrote:
> Full_Name: Tyler Gates
> Version: 2.4.25
> OS: Ubuntu 10.04 LTS
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (65.184.61.44)
>
>
> I've been fighting with a strange issue related to a backend database using a
> pcache configuration since upgrading from 2.4.24 to 2.4.25. Assuming there was
> just something wrong with my cn=config I decided to start back fresh using
> slapd.conf instead.
> Once I got the config working just fine I used slaptest to convert the config to
> a new cn=config. Unfortunately when I tried using -F cn=config instead of my -f
> slapd.conf, slapd failed with the same old message:

Looks like this was broken by the patch for ITS#6837. Working on a new fix.
>
> May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup: warning,
> database 0 (hdb) has no suffix
> May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup_one: starting
> "(unknown)"
> May 22 09:15:58 directory-proxy2 slapd[25055]: hdb_db_open: need suffix.
> May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup_one (type=hdb,
> suffix="(null)"): bi_db_open failed! (-1)
> May 22 09:15:58 directory-proxy2 slapd[25055]: slapd shutdown: initiated
>
>
> The backend database has never required me specify a suffix since it is already
> specified in the ldap overlay and when I try to add it in I get slapd trying to
> open the database twice which results in the second instance having access
> issues thus rendering all of the database inaccessible to queries.
>
> I'm assuming there has been a configuration change in cn=config for this
> particular layout but slaptest has not been updated. Below is a copy of the flat
> file I used that worked fine but failed once converted to cn=config using
> slaptest -f slapd.conf -F /etc/ldap/slapd.d/
>
> root@directory-proxy:~# grep "^[^#]" /etc/ldap/slapd.conf.back_ldap_ppcache
> include	/etc/ldap/schema/core.schema
> include	/etc/ldap/schema/cosine.schema
> include	/etc/ldap/schema/nis.schema
> include	/etc/ldap/schema/inetorgperson.schema
> include	/etc/ldap/schema/openldap.schema
> include /etc/ldap/schema/sudo.schema
> include /etc/ldap/schema/autofs.schema
> include /etc/ldap/schema/ppolicy.schema
> include /etc/ldap/schema/qmail.schema
> include /etc/ldap/schema/puppet.schema
> pidfile		/var/run/slapd/slapd.pid
> argsfile	/var/run/slapd/slapd.args
> modulepath	/usr/lib/ldap
> moduleload      back_ldap
> moduleload      back_hdb
> moduleload     pcache
> moduleload     ppolicy
> TLSCertificateFile /etc/ldap/ssl/slapd.crt
> TLSCertificateKeyFile /etc/ldap/ssl/slapd.key
> TLSCACertificateFile /etc/ssl/certs/ca.castlebranch.com.crt
> loglevel -1
> allow bind_anon_dn
> database config
> rootdn cn=admin,cn=config
> rootpw secret
> access to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> manage by * break
> database	ldap
> suffix		"dc=domain,dc=com"
> rootdn		"cn=Manager,dc=domain,dc=com"
> rootpw		secret
> uri         "ldaps://directory1.domain.com ldaps://directory2.domain.com"
> overlay pcache
> proxycache    hdb 100000 3 1000 100
> proxyAttrset    0 uid userPassword uidNumber gidNumber cn homeDirectory
> loginShell gecos description memberUid uniqueMember objectClass
> proxyAttrset    1 cn automountInformation
> proxyAttrset    2 cn mail
> proxyTemplate   (&(objectClass=)(|(memberUid=)(uniqueMember=))) 0 1800
> proxyTemplate   (&(objectClass=)(uid=)) 0 1800
> proxyTemplate   (&(objectClass=)(cn=)) 0 1800
> proxyTemplate   (&(objectClass=)) 0 1800
> proxyTemplate   (objectClass=) 0 1800
> proxyTemplate   (&(objectClass=)(memberUid=)) 0 1800 900
> proxyTemplate   (&(objectClass=)(uniqueMember=)) 0 1800 900
> proxyTemplate   (&(objectClass=)(uidNumber=)) 0 1800
> proxyTemplate   (&(objectClass=)(gidNumber=)) 0 1800
> proxyTemplate   (&(objectClass=)(|(cn=)(gidNumber=))) 1 3600 600
> proxyTemplate   (&(objectClass=)(|(cn=)(cn=))) 1 3600 600
> proxyTemplate   (&(objectClass=)(|(cn=)(cn=)(cn=))) 1 3600 600
> proxyTemplate   (|(cn=)(mail=)(sn=)) 2 7200
> directory	/var/lib/ldap
> cachesize 1000
> idletimeout 600
> idlcachesize 3000
> index	objectClass						eq
> index	cn,mail,surname,givenname				eq,subinitial
> index	uidNumber,gidNumber,memberuid,member,uniqueMember	eq
> index   uid                                     		eq,subinitial
> index   nisMapName,automountInformation                         eq
> index userPassword,homeDirectory,loginShell,gecos,description   eq
> index pcacheQueryID						eq
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6916) slapo-unique returns operations error when assertion control is used
Next by Date: Re: (ITS#6891)
Index(es):
- Chronological
- Thread