Re: (ITS#7827) Typo in slapacl can causes unclean database

[hyc@symas.com]

quanah@OpenLDAP.org wrote:
> Full_Name: Quanah Gibson-Mount
> Version: openldap master
> OS: Linux 2.6
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (75.111.58.125)
>
>
> As reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741248, slapacl
> when used with a base that is not contained in the OpenLDAP configuration can
> cause unclean DB messages.

Fixed now in master
>
> To reproduce, I had to disable the monitor database in my configuration, so that
> there was only the cn=config db and a primary BDB based backend.  It also does
> not occur if the suffix for the database is "" (as that contains everything).
>
> If the suffix of the DB is specific(such as "cn=zimbra"), then you can cause the
> unclean shutdown status to trigger by running slapacl against a suffix that is
> not contained in the slapd configuration:
>
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbraaaaa" -D
> "uid=zimbra,cn=admins,cn=zimbra" entry
> 5331d242 hdb_monitor_db_open: monitoring disabled; configure monitor database to
> enable
> 5331d242 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
> attempting recovery.
> 5331d242 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
> Run manual recovery if errors are encountered.
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> cn=zimbraaaaa: no target database has been found for baseDN="slapacl"; you may
> try with "-u" (dry run).
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
> entry
> 5331d258 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
> attempting recovery.
> 5331d258 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
> Run manual recovery if errors are encountered.
> 5331d258 hdb_monitor_db_open: monitoring disabled; configure monitor database to
> enable
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> entry: write(=wrscxd)
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
> entry
> 5331d262 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
> attempting recovery.
> 5331d262 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
> Run manual recovery if errors are encountered.
> 5331d262 hdb_monitor_db_open: monitoring disabled; configure monitor database to
> enable
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> entry: write(=wrscxd)
>
> Even running db_recover does not fix it:
>
> zimbra@zre-ldap001:~/data/ldap/hdb/db$ db_recover
> zimbra@zre-ldap001:~/data/ldap/hdb/db$ cd
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
> entry
> 5331d350 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
> attempting recovery.
> 5331d350 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
> Run manual recovery if errors are encountered.
> 5331d350 hdb_monitor_db_open: monitoring disabled; configure monitor database to
> enable
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> entry: write(=wrscxd)
>
> After starting slapd, the db is properly cleaned up:
>
> zimbra@zre-ldap001:~$ ps -eaf | grep slapd
> zimbra    1655     1  3 12:05 ?        00:00:00 /opt/zimbra/openldap/sbin/slapd
> -l LOCAL0 -u zimbra -h ldap://zre-ldap001.eng.zimbra.com:389 ldapi:/// -F
> /opt/zimbra/data/ldap/config
>
> zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
> /opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
> entry
> authcDN: "uid=zimbra,cn=admins,cn=zimbra"
> entry: write(=wrscxd)
>
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/