[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP + SASL + BDB + Heimdal = BDB errors?

To: openldap-software@OpenLDAP.org
Subject: OpenLDAP + SASL + BDB + Heimdal = BDB errors?
From: Adam Morley <adam-openldap-software@gmi.com>
Date: Sat, 22 Jan 2005 16:25:49 -0800
Content-disposition: inline
User-agent: Mutt/1.3.28i

Hi,

(I did google.  I apologize in advance if I missed something that google
turns up)

I have installed:

OpenSSL 0.9.7e
Heimdal 0.6.3
Berkeley DB 4.2.52 (w/crypto) + 2 patches for locking issues
Cyrus-SASL 2.1.20
OpenLDAP 2.2.20 + standford patches (from CVS HEAD)

on RedHat enterprise linux 3 ES.  I was surprised RedHat's packages
didn't work straight up, so I built it.  I was also suprised at how much
of a PITA SASL can be.  Esp. when trying to run LDAP on an alias
interface (eth0:0).  I couldn't get that to work, so I'm just using a
CNAME for master.ldap-> app0.prod.  It works with kerberos and I stopped 
getting GSSAPI error messages, so I suppose that's a good thing.

Anyways, I have the kerberos, SASL, etc. issues worked out.  But I think
I have BDB problems.  I run:

$ ldapsearch -ZZ '(objectClass=*)' -Y GSSAPI

which yields:

SASL/GSSAPI authentication started
SASL username: adam@GMI.COM
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectClass=*)
# requesting: ALL
#

# search result
search: 5
result: 80 Internal (implementation specific) error
text: internal error

# numResponses: 1

In my logs for slapd (w/ -d 256.  btw, figuring out debugging flags was
harder than it should be, or perhaps I missed something):

2005-01-22 15:58:39.114978500 @(#) $OpenLDAP: slapd 2.2.20 (Jan 20 2005 14:36:49) $
2005-01-22 15:58:39.114982500 root@app0.prod:/export/ldap/src/openldap-2.2.20/servers/slapd
2005-01-22 15:58:39.126200500 bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
2005-01-22 15:58:39.126322500 bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
2005-01-22 15:58:39.133535500 bdb_db_init: Initializing BDB database 2005-01-22 15:58:39.145038500 slapd starting
2005-01-22 15:58:44.129224500 conn=0 fd=10 ACCEPT from IP=10.1.1.118:32999 (IP=10.1.1.118:389)
2005-01-22 15:58:44.151426500 conn=0 op=1 BIND dn="" method=163
2005-01-22 15:58:44.152745500 conn=0 op=2 BIND dn="" method=163
2005-01-22 15:58:44.153256500 conn=0 op=3 BIND dn="" method=163
2005-01-22 15:58:44.153699500 conn=0 op=3 BIND authcid="adam@GMI.COM"
2005-01-22 15:58:44.153842500 conn=0 op=3 BIND dn="uid=adam,cn=gmi.com,ou=people,dc=gmi,dc=com" mech=GSSAPI ssf=56
2005-01-22 15:58:44.154537500 conn=0 op=4 SRCH base="dc=gmi,dc=com" scope=2 deref=0 filter="(objectClass=*)"
2005-01-22 15:58:44.154731500 bdb(dc=gmi,dc=com): illegal flag specified to txn_begin
2005-01-22 15:58:44.154777500 bdb(dc=gmi,dc=com): illegal flag specified to txn_begin
2005-01-22 15:58:44.154819500 bdb(dc=gmi,dc=com): illegal flag specified to txn_begin
2005-01-22 15:58:44.154860500 bdb(dc=gmi,dc=com): illegal flag specified to txn_begin
2005-01-22 15:58:44.155084500 conn=0 op=4 SEARCH RESULT tag=101 err=80 nentries=0 text=internal error
2005-01-22 15:58:44.155761500 conn=0 op=5 UNBIND
2005-01-22 15:58:44.155932500 conn=0 fd=10 closed

So I'm getting a bunch of "illegal flag specified to txn_begin."  I
think this means BDB is "wacky."  So now you want to know what version
I'm running (see above), and then you wonder what patches I'm running.  
Just the two patches from Sleepycat that they recommend for 4.2.52.  For
OpenLDAP, I'm using four patches mentioned on the ITS pages at Stanford
(which is a great page!):

http://www.stanford.edu/services/directory/openldap/configuration/patches/openldap/transactions.diff
http://www.stanford.edu/services/directory/openldap/configuration/patches/openldap/sl_malloc.diff
http://www.stanford.edu/services/directory/openldap/configuration/patches/openldap/str2entry2.diff
http://www.stanford.edu/services/directory/openldap/configuration/patches/openldap/schemacache.diff

Now, I should mention I'm running OpenLDAP non-root.  But I have
configured SASL to point slapd to a keytab it can read:

# cat sasl2/slapd.conf 
# 2005-01-21 ADM
[snip comments]
#
keytab:         /export/ldap/etc/ldap.keytab

So...what stupid thing am I missing that is causing my txn_begin errors?
I can do things like:

[adam@app0 tmp]$ ldapsearch -ZZ -x -L -s "base" -b ""
supportedSASLMechanisms
version: 1

#
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms 
#

#
dn:
supportedSASLMechanisms: GSSAPI

# search result

# numResponses: 2
# numEntries: 1

thanks in advance!!!



-- 
adam

Follow-Ups:
- Re: OpenLDAP + SASL + BDB + Heimdal = BDB errors?
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: ldap meta + activedirectory
Next by Date: Re: OpenLDAP + SASL + BDB + Heimdal = BDB errors?
Index(es):
- Chronological
- Thread