Bug 476488
Summary: | OpenLDAP's bdb doesn not support F10 supplied Berkely DB | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Wilfried Spillemaeckers <wilfried> |
Component: | openldap | Assignee: | Jan Safranek <jsafrane> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | low | ||
Version: | 10 | CC: | jsafrane |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-01-15 14:26:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Wilfried Spillemaeckers
2008-12-15 08:31:58 UTC
Obvious workaround would be to remove OpenLDAP and bdb and reinstall earlier version. However, doing that would break my system (what I though was a bug of yum is actually not a bug it seems). This means ldap authentication using bdb does not work in FC10. There must be something wrong in your environment... LDAP server (/usr/sbin/slapd) comes with its own db4 library to prevent exactly the errors you see. Please post result of following commands: rpm -qf /usr/sbin/slapd ldd -r /usr/sbin/slapd rpm -qa | egrep "ldap|db4" The openldap-servers rpm package tries to update BDB database in /var/lib/ldap to the current version, but since you used ldbm instead of bdb backend, you must convert the database on your own. The script can't work in all possible OpenLDAP usage scenarios and works only in the default one. Below the output of the commands as per your request. Understand what you are saying about ldbm to dbd conversion, but : - this conversion is only possible by exporting ldbm to ldif and then importing into bdb (at least to my knowledge - have been looking for a tool that does it without going through ldif) - this means you have to be able to start up bdb before importing the ldif, which I am unable to do. rpm -qf /usr/sbin/slapd : openldap-servers-2.4.12-1.fc10.i386 ldd -r /usr/sbin/slapd: linux-gate.so.1 => (0x00130000) libltdl.so.3 => /usr/lib/libltdl.so.3 (0x00133000) libdl.so.2 => /lib/libdl.so.2 (0x0013a000) libslapd_db-4.6.so => /usr/lib/libslapd_db-4.6.so (0x0013f000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00273000) libssl.so.7 => /lib/libssl.so.7 (0x0028c000) libcrypto.so.7 => /lib/libcrypto.so.7 (0x002d7000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00425000) libresolv.so.2 => /lib/libresolv.so.2 (0x00458000) libpthread.so.0 => /lib/libpthread.so.0 (0x0046f000) libwrap.so.0 => /lib/libwrap.so.0 (0x00489000) libc.so.6 => /lib/libc.so.6 (0x00492000) /lib/ld-linux.so.2 (0x00110000) libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00606000) libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00635000) libcom_err.so.2 => /lib/libcom_err.so.2 (0x006d4000) libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x006d7000) libz.so.1 => /lib/libz.so.1 (0x006fc000) libnsl.so.1 => /lib/libnsl.so.1 (0x00710000) libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x0072a000) libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00734000) libselinux.so.1 => /lib/libselinux.so.1 (0x00737000) rpm -qa | egrep "ldap|db4" : compat-db45-4.5.20-5.fc10.i386 mozldap-6.0.5-4.fc10.i386 smbldap-tools-0.9.5-2.fc10.noarch mozldap-tools-6.0.5-4.fc10.i386 openldap-devel-2.4.12-1.fc10.i386 nss_ldap-261-4.fc10.i386 python-ldap-2.3.5-1.fc10.i386 db4-4.7.25-6.fc10.i386 php-ldap-5.2.6-5.i386 phpldapadmin-1.1.0.5-2.fc10.noarch ldapjdk-javadoc-4.18-1.fc9.i386 db4-devel-4.7.25-6.fc10.i386 openldap-clients-2.4.12-1.fc10.i386 gpg-pubkey-db42a60e-37ea5438 openldap-2.4.12-1.fc10.i386 ldapjdk-4.18-1.fc9.i386 db4-cxx-4.7.25-6.fc10.i386 openldap-servers-2.4.12-1.fc10.i386 compat-db46-4.6.21-5.fc10.i386 The packages seem to be correct, so are the libraries. Does the slapd start if you use the default config file, which comes with the rpm and with empty /var/lib/ldap? If so, could you post your config file? And you can probably erase content of /var/lib/ldap anyway (AFTER you convert it to ldif format!), maybe some files there confuse slapd. Regarding the import/export - yes, you need to export the database from ldbm to ldif. Best with Fedora 8 (I know it's not much helpful, when you have F10 now). Removing the ldbm files indeed got rid of the above error. When starting ldap now (with the new conf file from the rpm as well as with my own conf file) got me the below error : bdb_db_open: database "dc=nneos,dc=com": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2). I see a number of db files have been created but not the above. For completeness sake, the below files have been created : ls -l /var/lib/ldap total 576 -rw-r--r-- 1 ldap root 2048 2008-12-15 15:24 alock -rw------- 1 ldap root 24576 2008-12-15 15:24 __db.001 -rw------- 1 ldap root 147456 2008-12-15 15:24 __db.002 -rw------- 1 ldap root 270336 2008-12-15 15:24 __db.003 -rw------- 1 ldap root 98304 2008-12-15 15:24 __db.004 -rw------- 1 ldap root 475136 2008-12-15 15:24 __db.005 -rw------- 1 ldap root 32768 2008-12-15 15:24 __db.006 Afer googling, I solved that problem by loading a small intial ldif file : slapadd -f /etc/openldap/slapd.conf -l base.ldif Now I can run slaptest without errors but slapd still fails to start. Finally solved the problem. The slapd logfile returned : slapd[24492]: daemon: bind(7) failed errno=98 (Address already in use) So I did : lsof -i :389 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ns-slapd 18487 nobody 7u IPv6 585761 0t0 TCP *:ldap (LISTEN) I killed this process, and lo, it worked. Thanks for pointing me in the right direction. However, I am not convinced this should not be called a bug. I don't think the release notes of FC10 warn that if you are on LDBM you should export to LDIF, erase the /var/lib/ldap directory, or probably better, convert to BDB before you start the upgrade process. I am sorry, we cannot provide upgrade instructions for every package Fedora ships. There is nice description at OpenLDAP site, saying how to upgrade the database, backups is one of the first steps: http://www.openldap.org/faq/data/cache/842.html I try to make the upgrade as painless as possible and it should not delete any your data. I know, I should have added some note about end of ldbm to release notes, but now it's too late. There are many changes between releases and this important one slipped through the cracks. |