[Ltb-users] Recommended version of BDB package --- Low Sensitivity/Aerospace Internal Use Only

Warron S French Warron.S.French at aero.org
Tue Feb 11 16:46:35 CET 2014


Low Sensitivity/Aerospace Internal Use Only

The latest in the saga to install OpenLDAP.

I did not remove any packages this time.

I did wipe out all the of alock and db.00* files.

I thought it was odd that I noticed [today] that those files were all 
owned by root  under the /usr/local/openldap/var/openldap-data.  So, I 
decided for the first time ever while installing and configuring OpenLDAP 
to switchuser (su - ldap) to ldap.

I also went back and wiped out the 
/usr/local/openldap/etc/openldap/slapd.d directory.

Then I performed another slaptest with the -v  -u  -f  & -F options.  The 
command completed successfully (like it did for root). 

Then after that completed successfully, executed the command a second 
time, but dropped the -u switch.  So I ran the following command:
slaptest -v -f  <path-to>/slap.conf   -F  <path-to./slapd.d     --SUCCESS, 
again!

Then I executed the command to startup slapd:
I exited as ldap; typed exit at the shell prompt.
Then typed:     service slapd start

Amazing, I got it running again for the first time in 2 weeks.

Now I need to go back and add my records again.

Oh, I can't because the slapd.conf that defined the cn=Manager for my 
domain, and the cn=admin for cn=config didn't get recreated in the 
database after running the slaptest command.



I give up, no decent documentation.  A lot of people with tons of 
questions, but none that I am seeing, but no real support.  How does Open 
Source Software get adopted exactly?

I'm done.

Warron French, MBA, SCSA



From:   Warron S French <Warron.S.French at aero.org>
To:     Clément OUDOT <clem.oudot at gmail.com>, 
Cc:     "ltb-users at lists.ltb-project.org" 
<ltb-users at lists.ltb-project.org>
Date:   02/11/2014 10:11 AM
Subject:        [WARNING: SPOOFED E-MAIL--Non-Aerospace Sender] Re: 
[Ltb-users] Recommended version of BDB package --- Low 
Sensitivity/Aerospace Internal Use Only
Sent by:        ltb-users-bounces at lists.ltb-project.org



Low Sensitivity/Aerospace Internal Use Only

Clément I did as you directed. 

Command to test: 
ldd   /usr/local/openldap/libexec/slapd 

My results show that libdb-4.6.so => 
/usr/local/berkeleydb/lib64/libdb-4.6.so (and a hex-string). 

Unfortunately, I do not have a backup as I only do/did have 2 records in 
my DIT. 

For learning purposes, does a package upgrade require me to backup my DIT 
to and LDIF?  Or is it just a precautionary measure and in this case I 
needed it? 

Also, is there anything else I can do, or what steps do you suggest I take 
next? 

Remove all packages?  Deleted all directories?  Then start all over again? 




Warron French, MBA, SCSA 



From:        Clément OUDOT <clem.oudot at gmail.com> 
To:        Warron S French <Warron.S.French at aero.org>, 
Cc:        "ltb-users at lists.ltb-project.org" 
<ltb-users at lists.ltb-project.org> 
Date:        02/11/2014 10:00 AM 
Subject:        Re: Recommended version of BDB package --- Low 
Sensitivity/Aerospace Internal Use Only 






2014-02-11 14:36 GMT+01:00 Warron S French <Warron.S.French at aero.org>: 
Low Sensitivity/Aerospace Internal Use Only

After removing all LTB packages with rpm --erase (to include the 
berkeleydb-ltb-4.6.21.NC-4.el6.patch4.x86_64 RPM) I still have a problem. 

All of the new packages I used were: 
openldap-ltb-2.4.39-2.el6.x86_64.rpm 
openldap-ltb-check-password-1.1-8.el6.x86_64.rpm 
openldap-ltb-contrib-overlays-2.4.39-2.el6.x86_64.rpm 
openldap-ltb-debuginfo-2.4.39-2.el6.x86_64.rpm 
openldap-ltb-mdb-utils-2.4.39-2.el6.x86_64.rpm 

I installed these packages as opposed to updating||upgrading them. 

After installing them and discovering that my original slapd.d was still 
intact I used the following command to attempt to start up LDAP: 
service slapd start 

The following were the outputs: 
slapd: [INFO] Using /etc/default/slapd for configuration 
slapd: [INFO] Launching OpenLDAP configuration test... 
slapd: [OK] OpenLDAP configuration test successful 
slapd: [INFO] No db_recover done 
slapd: [INFO] Launching OpenLDAP... 
slapd: [OK] File descriptor limit set to 1024 
52fa2547 @(#) $OpenLDAP: slapd 2.4.39 (Feb 10 2014 15:19:42) $ 
 
clement at localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.39/servers/slapd 

52fa2547 bdb(dc=lab,dc=aero,dc=org): Program version 4.6 doesn't match 
environment version 4.7 
52fa2548 bdb_db_open: database "dc=lab,dc=aero,dc=org" cannot be opened, 
err -30972. Restore from backup! 
52fa2548 bdb(dc=lab,dc=aero,dc=org): txn_checkpoint interface requires an 
environment configured for the transaction subsystem 
52fa2548 bdb_db_close: database "dc=lab,dc=aero,dc=org": txn_checkpoint 
failed: Invalid argument (22). 
52fa2548 backend_startup_one (type=bdb, suffix="dc=lab,dc=aero,dc=org"): 
bi_db_open failed! (-30972) 
52fa2548 bdb_db_close: database "dc=lab,dc=aero,dc=org": alock_close 
failed 
52fa2548 slapd stopped. 
slapd: [ALERT] No PID file for OpenLDAP 

How can I have a PID file before I start the daemon?  This was the same 
problem I had with the last revision of openldap-ltb packages. 

This code appears to require berkeleydb-4.7.  Is that correct? 

If so, where do I get the appropriate RPM since the only berkeleydb 
package available is 4.6.21? 

Was I supposed to run the slaptest command again after modifying the 
slapd.conf file again (or copying my other original back into place that I 
backed up)?  Or is there some other reason this is failing? 


This is the last day I can mess with OpenLDAP, OpenLDAP-LTB or any other 
revision or brand of OpenLDAP.  Otherwise I have to make CentOS-6 machines 
use a Windows AD machine for authentication instead, because time has 
become more pressing. 




You can check that the newest packages are built for BDB 4.6 with this 
command:

 ldd /usr/local/openldap/libexec/slapd 

Result on my VM is:


[root at localhost ~]# ldd /usr/local/openldap/libexec/slapd 
        linux-vdso.so.1 =>  (0x00007fff42dff000)
        libdb-4.6.so => /usr/local/berkeleydb/lib64/libdb-4.6.so 
(0x00007f7070f0f000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f7070cf2000)
        libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f7070ad7000)
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f707086c000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f707048c000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f7070254000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f707003a000)
        libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007f706fe31000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f706fa9c000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f7071245000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f706f898000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 
(0x00007f706f654000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f706f36d000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f706f169000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f706ef3d000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f706ed26000)
        libfreebl3.so => /lib64/libfreebl3.so (0x00007f706eaaf000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 
(0x00007f706e8a3000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f706e6a0000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f706e480000)


So your db must use  BDB 4.6. If not you will have an error. Do you have 
any LDIF backup of your data? If yes, remove all files from your 
openldap-data directory, and slapadd your LDIF (with 
/usr/local/openldap/sbin/slapadd)

Clément. 


Low Sensitivity/Aerospace Internal Use Only
_______________________________________________
ltb-users mailing list
ltb-users at lists.ltb-project.org
http://lists.ltb-project.org/listinfo/ltb-users



Low Sensitivity/Aerospace Internal Use Only
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20140211/e8c3f4ee/attachment.htm>


More information about the ltb-users mailing list