Re: ldif_back_add: err: 68 text:

[Maxim Vetrov <muxas@mail.ru>]

Buchan Milne пишет:
> On Tuesday, 3 January 2012 03:33:42 Maxim Vetrov wrote:
>
> > Hi!
> >
> > Trying to start test server (openldap 2.4.25) on my home box (FreeBSD
> > 8.2 i386) I get this error:
> Can you provide the commandline invocation that provided this error message?
>
>
> > ...
> > ldif_back_add: "olcDatabase={0}config,cn=config"
> > oc_check_required entry (olcDatabase={0}config,cn=config), objectClass
> > "olcDatabaseConfig"
> > oc_check_allowed type "objectClass"
> > oc_check_allowed type "olcDatabase"
> > oc_check_allowed type "olcAddContentAcl"
> > oc_check_allowed type "olcLastMod"
> > oc_check_allowed type "olcMaxDerefDepth"
> > oc_check_allowed type "olcReadOnly"
> > oc_check_allowed type "olcRootDN"
> > oc_check_allowed type "olcSyncUseSubentry"
> > oc_check_allowed type "olcMonitoring"
> > oc_check_allowed type "structuralObjectClass"
> > oc_check_allowed type "entryUUID"
> > oc_check_allowed type "creatorsName"
> > oc_check_allowed type "createTimestamp"
> > oc_check_allowed type "entryCSN"
> > oc_check_allowed type "modifiersName"
> > oc_check_allowed type "modifyTimestamp"
> > ldif_back_add: err: 68 text:
> > send_ldap_result: conn=-1 op=0 p=0
> > send_ldap_result: err=68 matched="" text=""
> > slapd destroy: freeing system resources.
> > slapd stopped.
> > connections_destroy: nothing to destroy.
> >
> > Config I use:
> >
> > # global configuration entry
> > dn: cn=config
> > objectClass: olcGlobal
> > cn: config
> > olcAttributeOptions: x-hidden lang-
> > olcLogLevel: conns config acl
> >
> > # internal schema
> > dn: cn=schema,cn=config
> > objectClass: olcSchemaConfig
> > cn: schema
> >
> > include: file:///usr/local/etc/openldap/schema/core.ldif
> > include: file:///usr/local/etc/openldap/schema/cosine.ldif
> > include: file:///usr/local/etc/openldap/schema/inetorgperson.ldif
> > #include: file:///usr/local/etc/openldap/schema/collective.ldif
> > include: file:///usr/local/etc/openldap/schema/nis.ldif
> It looks as if you are treating the back-ldif database as if it is a text-
> based configuration file, which in fact it is not. You should not be starting
> slapd with this configuration file, but rather be running 'slapadd -n0' (or
> similar) on this ldif to import an initial configuration. Further
> administration of the configuration should be done over the LDAP protocol
> (e.g. with ldapmodify, or a GUI LDAP tool).
>
> While the documentation may not necessarily be explicit enough in this regard,
> please read the notes at the beginning of the 'Configuring slapd' section of
> the administrator guide, such as:
>
> "Note: Although the slapd-config(5) system stores its configuration as (text-
> based) LDIF files, you should never edit any of the LDIF files directly.
> Configuration changes should be performed via LDAP operations, e.g.
> ldapadd(1), ldapdelete(1), or ldapmodify(1). "
>
>
> Regards,
> Buchan
Thank you for answer!

Actually, I'm trying to apply recommendation from the the slapd-config 
where simple config.ldif is listed and the imported into the db with 
slapadd command. Anyway here is command sequence

Save the config in <slapd-template.ldif>, create 
/usr/local/etc/openldap/slapd.d/ dir, set appropriate user&mode for it. 
Then, as root:
# sudo -u ldap slapadd -F /usr/local/etc/openldap/slapd.d/ -n 0 -l 
/home/muxas/projects/ldap-server/slapd-template.ldif
# /usr/local/libexec/slapd -h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ 
ldap://127.0.0.1/"; -u ldap -g ldap -F /usr/local/etc/openldap/slapd.d/ 
-d any

Slapadd runs without complains. But slapd does not start.

Maxim