[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6948) slaptest fails a converting a working cn=config from a .conf with a pcache configuration



Thanks Howard, it working perfectly again. This also resolves my other
ITS, #6891.

On 06/05/2011 04:36 PM, Howard Chu wrote:
> tgates81@gmail.com wrote:
>> Full_Name: Tyler Gates
>> Version: 2.4.25
>> OS: Ubuntu 10.04 LTS
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (65.184.61.44)
>>
>>
>> I've been fighting with a strange issue related to a backend database
>> using a
>> pcache configuration since upgrading from 2.4.24 to 2.4.25. Assuming
>> there was
>> just something wrong with my cn=config I decided to start back fresh
>> using
>> slapd.conf instead.
>> Once I got the config working just fine I used slaptest to convert
>> the config to
>> a new cn=config. Unfortunately when I tried using -F cn=config
>> instead of my -f
>> slapd.conf, slapd failed with the same old message:
>
> Looks like this was broken by the patch for ITS#6837. Working on a new
> fix.
>>
>> May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup: warning,
>> database 0 (hdb) has no suffix
>> May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup_one:
>> starting
>> "(unknown)"
>> May 22 09:15:58 directory-proxy2 slapd[25055]: hdb_db_open: need suffix.
>> May 22 09:15:58 directory-proxy2 slapd[25055]: backend_startup_one
>> (type=hdb,
>> suffix="(null)"): bi_db_open failed! (-1)
>> May 22 09:15:58 directory-proxy2 slapd[25055]: slapd shutdown: initiated
>>
>>
>> The backend database has never required me specify a suffix since it
>> is already
>> specified in the ldap overlay and when I try to add it in I get slapd
>> trying to
>> open the database twice which results in the second instance having
>> access
>> issues thus rendering all of the database inaccessible to queries.
>>
>> I'm assuming there has been a configuration change in cn=config for this
>> particular layout but slaptest has not been updated. Below is a copy
>> of the flat
>> file I used that worked fine but failed once converted to cn=config
>> using
>> slaptest -f slapd.conf -F /etc/ldap/slapd.d/
>>
>> root@directory-proxy:~# grep "^[^#]"
>> /etc/ldap/slapd.conf.back_ldap_ppcache
>> include    /etc/ldap/schema/core.schema
>> include    /etc/ldap/schema/cosine.schema
>> include    /etc/ldap/schema/nis.schema
>> include    /etc/ldap/schema/inetorgperson.schema
>> include    /etc/ldap/schema/openldap.schema
>> include /etc/ldap/schema/sudo.schema
>> include /etc/ldap/schema/autofs.schema
>> include /etc/ldap/schema/ppolicy.schema
>> include /etc/ldap/schema/qmail.schema
>> include /etc/ldap/schema/puppet.schema
>> pidfile        /var/run/slapd/slapd.pid
>> argsfile    /var/run/slapd/slapd.args
>> modulepath    /usr/lib/ldap
>> moduleload      back_ldap
>> moduleload      back_hdb
>> moduleload     pcache
>> moduleload     ppolicy
>> TLSCertificateFile /etc/ldap/ssl/slapd.crt
>> TLSCertificateKeyFile /etc/ldap/ssl/slapd.key
>> TLSCACertificateFile /etc/ssl/certs/ca.castlebranch.com.crt
>> loglevel -1
>> allow bind_anon_dn
>> database config
>> rootdn cn=admin,cn=config
>> rootpw secret
>> access to * by
>> dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>> manage by * break
>> database    ldap
>> suffix        "dc=domain,dc=com"
>> rootdn        "cn=Manager,dc=domain,dc=com"
>> rootpw        secret
>> uri         "ldaps://directory1.domain.com
>> ldaps://directory2.domain.com"
>> overlay pcache
>> proxycache    hdb 100000 3 1000 100
>> proxyAttrset    0 uid userPassword uidNumber gidNumber cn homeDirectory
>> loginShell gecos description memberUid uniqueMember objectClass
>> proxyAttrset    1 cn automountInformation
>> proxyAttrset    2 cn mail
>> proxyTemplate   (&(objectClass=)(|(memberUid=)(uniqueMember=))) 0 1800
>> proxyTemplate   (&(objectClass=)(uid=)) 0 1800
>> proxyTemplate   (&(objectClass=)(cn=)) 0 1800
>> proxyTemplate   (&(objectClass=)) 0 1800
>> proxyTemplate   (objectClass=) 0 1800
>> proxyTemplate   (&(objectClass=)(memberUid=)) 0 1800 900
>> proxyTemplate   (&(objectClass=)(uniqueMember=)) 0 1800 900
>> proxyTemplate   (&(objectClass=)(uidNumber=)) 0 1800
>> proxyTemplate   (&(objectClass=)(gidNumber=)) 0 1800
>> proxyTemplate   (&(objectClass=)(|(cn=)(gidNumber=))) 1 3600 600
>> proxyTemplate   (&(objectClass=)(|(cn=)(cn=))) 1 3600 600
>> proxyTemplate   (&(objectClass=)(|(cn=)(cn=)(cn=))) 1 3600 600
>> proxyTemplate   (|(cn=)(mail=)(sn=)) 2 7200
>> directory    /var/lib/ldap
>> cachesize 1000
>> idletimeout 600
>> idlcachesize 3000
>> index    objectClass                        eq
>> index    cn,mail,surname,givenname                eq,subinitial
>> index    uidNumber,gidNumber,memberuid,member,uniqueMember    eq
>> index   uid                                             eq,subinitial
>> index   nisMapName,automountInformation                         eq
>> index userPassword,homeDirectory,loginShell,gecos,description   eq
>> index pcacheQueryID                        eq
>>
>>
>
>