[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Finiky old OpenLDAP Server: To be or not to be...


On 28/07/2010 19:26, Kendall Gifford wrote:
Sorry for the somewhat vague email title but it is actually somewhat
descriptive of a problem I'm having. I also apologize if this is the
incorrect list for this question (I first subscribed to
openldap-software@... but upon subscription the "welcome" message said
it had been shut down and to use this list instead). I'm pretty new to
the whole OpenLDAP (and LDAP in general) thing.

I'm running an old OpenLDAP server (2.2.29) in a production
environment. I recently needed to add some extra schema definitions
for my postfix email server (attached as postfix.schema). I edited my
slapd.conf file and included my schema file, then restarted the
server. All is good so far...

Skipping ahead in my story, to test things out I created the following
LDIF below:

dn: mailDomain=example.com,ou=Email,dc=EXAMPLE,dc=COM
mailDomain: example.com
objectClass: top
objectClass: mailDomainEntry
mailDomainVirtual: FALSE

The "organization unit" named "Email" already existed. I then ran sladadd:

$ sudo slapadd -v -l data.ldif
added: "mailDomain=example.com,ou=Email,dc=EXAMPLE,dc=COM" (0000023e)

I then ran ldapsearch to dump everything at or under my "Email" ou:

$ ldapsearch -x -b "ou=Email,dc=EXAMPLE,dc=COM"

This dumped the Email organization unit entry and nothing else. So, on
a whim I re-ran the above slapadd command to retry adding a sub-entry
beneath my "Email" entry. This time I got the following error:

slapadd: could not add entry
dn="mailDomain=example.com,ou=Email,dc=EXAMPLE,dc=COM" (line=6):
txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996)

So, apparently it DID get added as this says it "already exists". Hmm,
so I'll try to delete it:

$ sudo ldapdelete -vx -D "cn=root,dc=EXAMPLE,dc=COM" \
         -W "mailDomain=example.com,dc=EXAMPLE,dc=COM"
ldap_initialize(<DEFAULT>  )
Enter LDAP Password: ********
deleting entry "mailDomain=example.com,dc=EXAMPLE,dc=COM"
Delete Result: No such object (32)
Matched DN: dc=EXAMPLE,dc=COM

So, now it doesn't exist? "To be or not to be?" Hmm.

Anyhow, I've tried many search queries and used tools like
phpLDAPadmin and JXplorer and cannot find this entry I've
created/added. The only command/tool that claims it exists is slapadd
when I try to add the same entry again.

I know my server version is very very old (2005-ish?) but does anyone
have any ideas or recommendations (besides the obvious "save/export
your data and upgrade your server" kind which isn't an immediate

Thanks in advance. I'm hoping I'm just doing something obviously stupid.

Well, I think you expect this answer, so I'll play the part: 2.2 is *very* old now, and you really should consider upgrading to the latest and greatest (2.4.23 at this time). Many features and bugs (including security holes) have been implemented/corrected...

But, anyway, regarding your problem. slapadd is a tool that you would usually only use to load a database offline. Certainly not just to add an entry. Don't do that. Use ldapadd instead (like you use ldapsearch and ldapdelete).

However, given the situation you're in, it's likely that after your slapadd, you just need to reindex the database. Stop slapd and run slapindex, making sure owners/permissions on the database files are identical before and after.

Hope this helps,
Jonathan Clarke - jonathan@phillipoux.net
Ldap Synchronization Connector (LSC) - http://lsc-project.org