Red Hat Bugzilla – Bug 476488
OpenLDAP's bdb doesn not support F10 supplied Berkely DB
Last modified: 2009-01-15 09:26:08 EST
Description of problem:
Upgrade from FC8 to FC10.
Was using LDBM in FC8 but this is no longer supported.
Changed to bdb in slapd.conf.
LDAP refuses to start wiht following error :
bdb(dc=nneos,dc=com): Program version 4.6 doesn't match environment version 4.4
I believe bdb shipped with FC10 upgrade is bdb-v4.4 where the OpenLDAP shipped expects bdb-4.6
Version-Release number of selected component (if applicable):OpenLDAP 2.4.12
How reproducible: upgrade to 2.4.12 from 2.3.x
Steps to Reproduce:
1. Have OpenLDAP 2.3.x
2. Upgrade to 2.4.12
Actual results: bdb(dc=nneos,dc=com): Program version 4.6 doesn't match environment version 4.4
Expected results: start normally
Additional info: Found no workaround so far. Obviously, workaround would be to remove OpenLDAP completely but I will be filing a bug against yum remove as that wants to remove everything on my system in that case.
Obvious workaround would be to remove OpenLDAP and bdb and reinstall earlier version. However, doing that would break my system (what I though was a bug of yum is actually not a bug it seems).
This means ldap authentication using bdb does not work in FC10.
There must be something wrong in your environment... LDAP server (/usr/sbin/slapd) comes with its own db4 library to prevent exactly the errors you see.
Please post result of following commands:
rpm -qf /usr/sbin/slapd
ldd -r /usr/sbin/slapd
rpm -qa | egrep "ldap|db4"
The openldap-servers rpm package tries to update BDB database in /var/lib/ldap to the current version, but since you used ldbm instead of bdb backend, you must convert the database on your own. The script can't work in all possible OpenLDAP usage scenarios and works only in the default one.
Below the output of the commands as per your request.
Understand what you are saying about ldbm to dbd conversion, but :
- this conversion is only possible by exporting ldbm to ldif and then importing into bdb (at least to my knowledge - have been looking for a tool that does it without going through ldif)
- this means you have to be able to start up bdb before importing the ldif, which I am unable to do.
rpm -qf /usr/sbin/slapd :
ldd -r /usr/sbin/slapd:
linux-gate.so.1 => (0x00130000)
libltdl.so.3 => /usr/lib/libltdl.so.3 (0x00133000)
libdl.so.2 => /lib/libdl.so.2 (0x0013a000)
libslapd_db-4.6.so => /usr/lib/libslapd_db-4.6.so (0x0013f000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00273000)
libssl.so.7 => /lib/libssl.so.7 (0x0028c000)
libcrypto.so.7 => /lib/libcrypto.so.7 (0x002d7000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00425000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00458000)
libpthread.so.0 => /lib/libpthread.so.0 (0x0046f000)
libwrap.so.0 => /lib/libwrap.so.0 (0x00489000)
libc.so.6 => /lib/libc.so.6 (0x00492000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00606000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00635000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x006d4000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x006d7000)
libz.so.1 => /lib/libz.so.1 (0x006fc000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00710000)
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x0072a000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00734000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00737000)
rpm -qa | egrep "ldap|db4" :
The packages seem to be correct, so are the libraries. Does the slapd start if you use the default config file, which comes with the rpm and with empty /var/lib/ldap? If so, could you post your config file?
And you can probably erase content of /var/lib/ldap anyway (AFTER you convert it to ldif format!), maybe some files there confuse slapd.
Regarding the import/export - yes, you need to export the database from ldbm to ldif. Best with Fedora 8 (I know it's not much helpful, when you have F10 now).
Removing the ldbm files indeed got rid of the above error.
When starting ldap now (with the new conf file from the rpm as well as with my own conf file) got me the below error :
bdb_db_open: database "dc=nneos,dc=com": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
I see a number of db files have been created but not the above.
For completeness sake, the below files have been created :
ls -l /var/lib/ldap
-rw-r--r-- 1 ldap root 2048 2008-12-15 15:24 alock
-rw------- 1 ldap root 24576 2008-12-15 15:24 __db.001
-rw------- 1 ldap root 147456 2008-12-15 15:24 __db.002
-rw------- 1 ldap root 270336 2008-12-15 15:24 __db.003
-rw------- 1 ldap root 98304 2008-12-15 15:24 __db.004
-rw------- 1 ldap root 475136 2008-12-15 15:24 __db.005
-rw------- 1 ldap root 32768 2008-12-15 15:24 __db.006
Afer googling, I solved that problem by loading a small intial ldif file :
slapadd -f /etc/openldap/slapd.conf -l base.ldif
Now I can run slaptest without errors but slapd still fails to start.
Finally solved the problem.
The slapd logfile returned :
slapd: daemon: bind(7) failed errno=98 (Address already in use)
So I did :
lsof -i :389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ns-slapd 18487 nobody 7u IPv6 585761 0t0 TCP *:ldap (LISTEN)
I killed this process, and lo, it worked.
Thanks for pointing me in the right direction.
However, I am not convinced this should not be called a bug. I don't think the release notes of FC10 warn that if you are on LDBM you should export to LDIF, erase the /var/lib/ldap directory, or probably better, convert to BDB before you start the upgrade process.
I am sorry, we cannot provide upgrade instructions for every package Fedora ships. There is nice description at OpenLDAP site, saying how to upgrade the database, backups is one of the first steps:
I try to make the upgrade as painless as possible and it should not delete any your data. I know, I should have added some note about end of ldbm to release notes, but now it's too late. There are many changes between releases and this important one slipped through the cracks.