[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: chain-overlay question



Zitat von Pierangelo Masarati <ando@sys-net.it>:

Markus Krause wrote:
Hi list!

i have several consumer and one provider (lets call them ldapconX and
ldapprov). syncrepl works fine, but i actually do not want any clients
to contact the provider directly (and i have in addition some clients
which would not understand referrals anyway), so reading through the
admin guide and man pages i thought slapo-chain would be the solution!
(correct me if i am wrong ;-))
But somehow a can not get it working...

the slapd.conf of the provider is untouched, the consumer have
(simplified in some places; please tell me if you need it in more details):


slapo-chain must be global (i.e. before any database) since referrals
are returned by the frontend, as soon as it discovers that the database
that is candidate for a modification is shadow.  See example in consumer
 slapd.conf in test018.
thanks for your answer!
i assume you are referring to slapd-chain1.conf, as in slapd-chain2.conf the overlay chain is after the database definition (which i used after the success following your hint in my acl problem thread).
but i am still doing something wrong... just to be sure i ran all tests again (make test) which all were finished ok.


now my slapd.conf is like:
--- slapd.conf (simplified)
...
acl
overlay chain
chain-rebind-as-user    FALSE
chain-uri       "ldaps://ldapprov"
chain-rebind-as-user    TRUE
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=manager,o=test"
                        credentials="secret"
                        mode="self"
                        flags=non-prescriptive
database bdb
...
overlay smbk5pwd
syncrepl ....
updateref ldaps://ldapprov
---- end of slapd.conf

using "ldappasswd -x <...>" i get:
  Re-enter new password:
  Enter LDAP Password:
  ldappasswd: ldap_result: Can't contact LDAP server (-1)

and the ldap consumer segfaults.
last messages from slapd -d 65535 was:
--- slapd -d 65535
....
conn=0 op=1 PASSMOD id="uid=testuser,ou=people,o=test" new
dnPrettyNormal: <uid=testuser,ou=people,o=test>
=> ldap_bv2dn(uid=testuser,ou=people,o=test,0)
<= ldap_bv2dn(uid=testuser,ou=people,o=test)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=testuser,ou=people,o=test)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=testuser,ou=people,o=test)=0
<<< dnPrettyNormal: <uid=testuser,ou=people,o=test>, <uid=testuser,ou=people,o=test>
bdb_dn2entry("uid=testuser,ou=people,o=test")
=> bdb_dn2id("uid=testuser,ou=people,o=test")
<= bdb_dn2id: got id=0x0000284c
=> bdb_dn2id("uid=testuser,ou=people,o=test")
<= bdb_dn2id: got id=0x00002861
=> bdb_dn2id("uid=testuser,ou=people,o=test")
<= bdb_dn2id: got id=0x0000337f
entry_decode: "uid=testuser,ou=people,o=test"
<= entry_decode(uid=uid=testuser,ou=people,o=test)
ldap_url_parse_ext(ldaps://ldapprov)
send_ldap_extended: err=10 oid= len=0
ldap_url_parse_ext(ldaps://ldapprov)
----


the strace backlog says:
--- strace (only last ~130 lines ... tell me if you want to read the whole 2500+!)
[snip]
read(13, "B\223l\0008\0\0\0007\376\205V8\0\0\0.\0\0\200\22\0\0\0"..., 32768) = 32768
_llseek(13, 7146591, [7146591], SEEK_SET) = 0
read(13, "\0\0\0\0\0\0\0\0\0\0\0\0", 12) = 12
close(13) = 0
stat64("/var/lib/ldap/__db.004", 0xbfd23b2c) = -1 ENOENT (No such file or directory)
open("/var/lib/ldap/__db.004", O_RDWR|O_CREAT|O_LARGEFILE, 0600) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
_llseek(13, 0, [0], SEEK_END) = 0
_llseek(13, 442368, [442368], SEEK_CUR) = 0
write(13, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 8192) = 8192
mmap2(NULL, 450560, PROT_READ|PROT_WRITE, MAP_SHARED, 13, 0) = 0xb647d000
close(13) = 0
stat64("/var/lib/ldap/__db.005", 0xbfd23b6c) = -1 ENOENT (No such file or directory)
open("/var/lib/ldap/__db.005", O_RDWR|O_CREAT|O_LARGEFILE, 0600) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
_llseek(13, 0, [0], SEEK_END) = 0
_llseek(13, 16384, [16384], SEEK_CUR) = 0
write(13, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 8192) = 8192
mmap2(NULL, 24576, PROT_READ|PROT_WRITE, MAP_SHARED, 13, 0) = 0xb6477000
close(13) = 0
time(NULL) = 1179177532
time(NULL) = 1179177532
stat64("/var/lib/ldap/log.0000000018", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0
open("/var/lib/ldap/log.0000000018", O_RDONLY|O_LARGEFILE) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
fstat64(13, {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0
_llseek(13, 7146535, [7146535], SEEK_SET) = 0
read(13, "\316\vm\0008\0\0\0\376\346\315~", 12) = 12
_llseek(13, 7113823, [7113823], SEEK_SET) = 0
read(13, "\0\0\0\30\0\0\0\317\2\0\0\220\1\0\0\10\0\0\0\10\0\0\0\4"..., 32768) = 32768
stat64("/var/lib/ldap/log.0000000001", 0xbfd2386c) = -1 ENOENT (No such file or directory)
open("/var/lib/ldap", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 14
fstat64(14, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
fcntl64(14, F_SETFD, FD_CLOEXEC) = 0
getdents64(14, /* 33 entries */, 4096) = 1176
getdents64(14, /* 0 entries */, 4096) = 0
close(14) = 0
stat64("/var/lib/ldap/log.0000000018", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0
open("/var/lib/ldap/log.0000000018", O_RDONLY|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC) = 0
read(14, "\330\354\237\0\34\0\0\0\0!\301\205\210\t\4\0\n\0\0\0\0"..., 28) = 28
close(14) = 0
stat64("/var/lib/ldap/log.0000000017", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0
open("/var/lib/ldap/log.0000000017", O_RDONLY|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC) = 0
read(14, "\236\377\237\0\34\0\0\0\0!\301\205\210\t\4\0\n\0\0\0\0"..., 28) = 28
close(14) = 0
close(13) = 0
stat64("/var/lib/ldap/log.0000000017", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0
open("/var/lib/ldap/log.0000000017", O_RDONLY|O_LARGEFILE) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
fstat64(13, {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0
_llseek(13, 0, [0], SEEK_SET) = 0
read(13, "\236\377\237\0\34\0\0\0\0!\301\205", 12) = 12
_llseek(13, 0, [0], SEEK_SET) = 0
read(13, "\236\377\237\0\34\0\0\0\0!\301\205\210\t\4\0\n\0\0\0\0"..., 32768) = 32768
close(13) = 0
stat64("/var/lib/ldap/log.0000000018", {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0
open("/var/lib/ldap/log.0000000018", O_RDONLY|O_LARGEFILE) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
fstat64(13, {st_mode=S_IFREG|0600, st_size=10485760, ...}) = 0
_llseek(13, 7146535, [7146535], SEEK_SET) = 0
read(13, "\316\vm\0008\0\0\0\376\346\315~", 12) = 12
_llseek(13, 7113823, [7113823], SEEK_SET) = 0
read(13, "\0\0\0\30\0\0\0\317\2\0\0\220\1\0\0\10\0\0\0\10\0\0\0\4"..., 32768) = 32768
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC) = 0
read(14, "\22\0\0\0\212^i\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0"..., 512) = 512
close(14) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC) = 0
fstat64(14, {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
pread64(14, "\22\0\0\0\212^i\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0"..., 16384, 0) = 16384
close(14) = 0
time(NULL) = 1179177532
time(NULL) = 1179177532
close(13) = 0
lseek(12, 0, SEEK_SET) = 0
fcntl64(12, F_SETLKW, {type=F_WRLCK, whence=SEEK_CUR, start=0, len=1024}) = 0
fstat64(12, {st_mode=S_IFREG|0644, st_size=4096, ...}) = 0
lseek(12, 2048, SEEK_SET) = 2048
read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0\20\322HF\0\0\0\0\271v\0"..., 1024) = 1024
lseek(12, 2048, SEEK_SET) = 2048
fcntl64(12, F_GETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024, pid=0}) = 0
lseek(12, 2048, SEEK_SET) = 2048
read(12, "xV4\22\0\0\0\0\2\0\0\0\0\0\0\0\20\322HF\0\0\0\0\271v\0"..., 1024) = 1024
lseek(12, 2048, SEEK_SET) = 2048
write(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0\20\322HF\0\0\0\0\271v\0"..., 1024) = 1024
lseek(12, 3072, SEEK_SET) = 3072
read(12, "xV4\22\0\0\0\0\0\0\0\0\0\0\0\0 yHF\0\0\0\0\242q\0\0\0\0"..., 1024) = 1024
lseek(12, 0, SEEK_SET) = 0
fcntl64(12, F_SETLK, {type=F_UNLCK, whence=SEEK_CUR, start=0, len=1024}) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
read(13, "\22\0\0\0\212^i\0\0\0\0\0b1\5\0\t\0\0\0\0@\0\0\0\t\0\0"..., 512) = 512
close(13) = 0
stat64("/var/lib/ldap/id2entry.bdb", {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
open("/var/lib/ldap/id2entry.bdb", O_RDWR|O_LARGEFILE) = 13
fcntl64(13, F_SETFD, FD_CLOEXEC) = 0
fstat64(13, {st_mode=S_IFREG|0600, st_size=15826944, ...}) = 0
time(NULL) = 1179177532
stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0
stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0
open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC) = 0
read(14, "\22\0\0\0\tEQ\0\0\0\0\0b1\5\0\t\0\0\0\0\20\0\0\0\t\0\0"..., 512) = 512
close(14) = 0
stat64("/var/lib/ldap/dn2id.bdb", {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0
open("/var/lib/ldap/dn2id.bdb", O_RDWR|O_LARGEFILE) = 14
fcntl64(14, F_SETFD, FD_CLOEXEC) = 0
fstat64(14, {st_mode=S_IFREG|0600, st_size=5132288, ...}) = 0
pread64(14, "\22\0\0\0\tEQ\0\0\0\0\0b1\5\0\t\0\0\0\0\20\0\0\0\t\0\0"..., 4096, 0) = 4096
time(NULL) = 1179177532
pread64(13, "\20\0\0\0008\fY\0\1\0\0\0\0\0\0\0\0\0\0\0\2\0\344?\3\3"..., 16384, 16384) = 16384
pread64(13, "\22\0\0\0:^i\0\220\3\0\0\0\0\0\0\0\0\0\0\335\0010\"\2\3"..., 16384, 14942208) = 16384
pread64(13, "\22\0\0\0\235\0m\0W\3\0\0O\3\0\0\0\0\0\0\20\0\270!\1\5"..., 16384, 14008320) = 16384
write(2, "slapd starting\n", 15) = 15
mmap2(NULL, 385024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6419000
mmap2(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb5c18000
mprotect(0xb5c18000, 4096, PROT_NONE) = 0
clone(child_stack=0xb64184d4, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0xb6418be8, {entry_number:6, base_addr:0xb6418ba0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0xb6418be8) = 30400
futex(0xb6418be8, FUTEX_WAIT, 30400, NULL) = -1 EINTR (Interrupted system call)
+++ killed by SIGSEGV +++
----------------


what i find odd is the error "stat64("/var/lib/ldap/__db.004", 0xbfd23b2c) = -1 ENOENT (No such file or directory)" (just at the beginning of the post) because the file actually is there and accessable:

[host]: ls -l /var/lib/ldap/__db.004
-rw------- 1 ldap ldap 450560 May 12 22:45 /var/lib/ldap/__db.004

now if i change the settings in slapd.conf on the consumer and remove the line "updateref" (as in slapd-chain1.conf is no such line) the server (consumer) stays alive but on running "ldappasswd -x <...>" i get:
----
ldappasswd -x <...>
New password:
Re-enter new password:
Enter LDAP Password:
Result: Server is unwilling to perform (53)
Additional info: shadow context; no update referral
----


is the line "updateref" needed? but it crashes the server with my config?!

what am i doing wrong?

thanks in advance for your help and patience (and sorry for the long post ...)

regards
   markus


+-----------------------------------------------------------------+ | Markus Krause, Mogli-Soft | | Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL | | by order of the | | Computing Center of the Max-Planck-Institute of Biochemistry | +--------------------------------+--------------------------------+ | E-Mail: krause@biochem.mpg.de | Tel.: 089 - 89 40 85 99 | | markus.krause@mac.com | Fax.: 089 - 89 40 85 98 | | Skype: markus.krause | iChat: markus.krause@mac.com | +--------------------------------+--------------------------------+

----------------------------------------------------------------------
     This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux@biochem.mpg.de