[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: moving ldap database and upgrading


On Wed, Jul 18, 2007 at 05:45:06PM -0700, Maria McKinley wrote:
> Augh. scratch that last email. That isn't what i meant to do. Here is
> what I did (and meant it. ;-))
> I stopped slapd, and tried to put stuff in the database:
> maude:/etc/ldap# slapadd -v -l ldif
> got no error messages, restarted slapd, tried to search on something
> that should be there, but couldn't find it:
> maude:/etc/ldap# ldapsearch -x "uid=ichbin"
> # search result
> search: 2
> result: 32 No such object
> # numResponses: 1
> Any ideas why I can't put stuff in the database? And any ideas why I
> have to start slapd using slapd instead of /etc/init.d/slapd start?
> I'm still pretty new at this stuff obviously...

A possible reason for the first point is that you have declared an index
on "uid". If you have any indices declared and slapadd a database
then you have to slapindex it as well. OpenLDAP will not regenerate a
missing index on its own.

The log lines before those you posted in your first mail would hint at
an index miss if I'm barking up the right tree here. Anyway,
slapindex'ing the cold(!) database cannot hurt.

The second point sounds like a file permission problem to me, especially
since the error occurs during TLS context(?) initialization(?). Makes me
think of a private key that "root" is allowed to read but "openldap",
which is the user that slapd runs under in the default Debian
installation, is not. I suggest that you take a look at the
certificate / CA certificate / private key file permissions. You may end
up having to use ACLs on the key file to permit slapd reading it.

I don't know how familiar you are with strace but you might just
syscall trace the startup skript and watch out for the deadly EACCESS.

   Ralph Rößner