[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7827) Typo in slapacl can causes unclean database



Full_Name: Quanah Gibson-Mount
Version: openldap master
OS: Linux 2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.58.125)


As reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741248, slapacl
when used with a base that is not contained in the OpenLDAP configuration can
cause unclean DB messages.

To reproduce, I had to disable the monitor database in my configuration, so that
there was only the cn=config db and a primary BDB based backend.  It also does
not occur if the suffix for the database is "" (as that contains everything).

If the suffix of the DB is specific(such as "cn=zimbra"), then you can cause the
unclean shutdown status to trigger by running slapacl against a suffix that is
not contained in the slapd configuration:

zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbraaaaa" -D
"uid=zimbra,cn=admins,cn=zimbra" entry
5331d242 hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
5331d242 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
attempting recovery.
5331d242 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
Run manual recovery if errors are encountered.
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
cn=zimbraaaaa: no target database has been found for baseDN="slapacl"; you may
try with "-u" (dry run).
zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
entry
5331d258 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
attempting recovery.
5331d258 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
Run manual recovery if errors are encountered.
5331d258 hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
entry: write(=wrscxd)
zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
entry
5331d262 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
attempting recovery.
5331d262 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
Run manual recovery if errors are encountered.
5331d262 hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
entry: write(=wrscxd)

Even running db_recover does not fix it:

zimbra@zre-ldap001:~/data/ldap/hdb/db$ db_recover
zimbra@zre-ldap001:~/data/ldap/hdb/db$ cd
zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
entry
5331d350 hdb_db_open: database "cn=zimbra": unclean shutdown detected;
attempting recovery.
5331d350 hdb_db_open: database "cn=zimbra": recovery skipped in read-only mode.
Run manual recovery if errors are encountered.
5331d350 hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
entry: write(=wrscxd)

After starting slapd, the db is properly cleaned up:

zimbra@zre-ldap001:~$ ps -eaf | grep slapd
zimbra    1655     1  3 12:05 ?        00:00:00 /opt/zimbra/openldap/sbin/slapd
-l LOCAL0 -u zimbra -h ldap://zre-ldap001.eng.zimbra.com:389 ldapi:/// -F
/opt/zimbra/data/ldap/config

zimbra@zre-ldap001:~$ /opt/zimbra/openldap/sbin/slapacl -F
/opt/zimbra/data/ldap/config -b "cn=zimbra" -D "uid=zimbra,cn=admins,cn=zimbra"
entry
authcDN: "uid=zimbra,cn=admins,cn=zimbra"
entry: write(=wrscxd)