Re: ldap auth does not works after openldap upgrade

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Mon, Feb 14, 2011 at 12:37:24PM -0200, Leonardo Carneiro wrote:

> I upgraded my debian machine from lenny to squeeze (the new stable)
> that comes with samba 3.5.6 and openldap 2.4.23. this machines works
> primarily as a PDC.

> these services do bind to the server, but it cannot find the users.
> also, i cannot execute ldapsearchs via CLI.

It sounds as if there is no data in the LDAP server.

Debian Lenny seems to use OpenLDAP 2.4.11 with db4.2
I suspect that Squeeze uses later versions of both, so it is very
unlikely to be able to read the original database files.
I do not know what the Lenny->Squeeze update process does with LDAP
data - I would hope that it creates an LDIF and re-imports it, but in
your case something has obviously gone wrong.

You should look in the logs for complaints at startup time which might
give some clues. If you do not find any logs, try adding '-d 768' to the
slapd startup command to make it log to stdout.

As your server appears to be running, you could check that it has your
suffix configured:

ldapsearch -x -LLL -b '' -s base '(objectclass=*)' namingcontexts

If my guess about DB files is right, you will need to re-load the data
from an LDIF backup file. Something like this:

	Stop the server
	Preserve the existing database files somewhere safe
	Create a new empty database (i.e. an empty DB directory,
		possibly with a DB_CONFIG file in it)
	Load the LDIF file using slapadd (do this as the openldap user)
	Start the server

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------