[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-relay



Douglas B. Jones wrote:
> I am on 2.3.33 and I am trying to fix it so that people with an
> old base of o=gpc,c=us will automatically be given the results
> from the base dc=employee,dc=gpc,dc=edu. From the slapd-relay doc.,
> I first tried:
> 
> database	relay
> suffix	"o=gpc,c=us"
> relay		"dc=employee,dc=gpc,dc=edu"

slapd-relay doesn't rewrite things for you unless you instruct it to do
so, e.g. by adding the "massage" keyword after the relayed naming
context, e.g.

database	relay
suffix	"o=gpc,c=us"
relay		"dc=employee,dc=gpc,dc=edu" massage

as clearly indicated in the documentation.


> and tried a lookup with the command:
> 
> ldapsearch -b o=gpc,c=us uid=someone cn
> 
> and I get:
> 
> result: 53 Server is unwilling to perform
> 
> If I change the config. file to:
> 
> database        relay
> suffix          "o=gpc,c=us"
> overlay         rwm     
> suffixmessage   "dc=employee,dc=gpc,dc=edu"

"suffixmessage" is an invalid statement (2.4 would throw you out;
unfortunately 2.3 only complains if you enable "-d config" and that's
it).  Try "suffixmassage" instead, as clearly suggested in the
documentation.

> 
> and try the same command, the slapd process disappears and no core
> file is found (I did a find on the whole system for anything with
> '*core*' in it.

You likely need to "ulimit -c unlimited" to remove core size limitations
in your shell.

> The output to the terminal is:
> 
> ldap_result: Can't contact LDAP server (-1)
> 
> and the logs have:
> 
> Jan 26 09:38:37 mldap slapd[19110]: conn=0 op=1 SRCH base="o=gpc,c=us" scope=2 d
> eref=0 filter="(uid=someone)" 
> Jan 26 09:38:37 mldap slapd[19110]: conn=0 op=1 SRCH attr=cn
> 
> When I start slapd back up, it says in the logs:
> 
> Jan 26 09:42:55 mldap slapd[19149]: bdb_db_open: unclean shutdown detected; atte
> mpting recovery. 
> 
> and works fine otherwise. I can stop and restart and the warning does
> not appear again - as expected (unless of course I do the same experiment
> again).
> 
> I am sort of new to the linux (RHEL4) environment, so I am not really
> sure where I should go from here. On tru64, I can attach to a process,
> slapd in this case, I am not sure how to do that in linux.
> 
> The two examples I used above came from the slapd-relay man page,
> as far as I can tell, with just what they had. Thanks for any help!

You can't just take a fraction of the examples, ignore essential bits
and just complain they don't work.  There were two examples in
slapd-relay(5), they both work, as tested in test030 (which I hope is
passing in your build, and you could have taken as a guideline in
configuring your system), and you were able to screw both.  The fact
they don't get bounced at startup is not directly related to
slapd-relay(5) itself, but rather to the way slapd up to 2.3 included
handles syntax errors (actually, doesn't handle stale incorrect
statements).  Fortunately this changed in 2.4 (and we fear the number of
complains about incorrect slapd.conf which used to work besides being
incorrect, and do not work any more...).

p.