[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Probelm of OpenLDAP/PostgreSQL



> Dear,
>
> I found the "OpenLDAP/PostgreSQL HOWTO" from OpenLDAP mailing list.
> Referred this "HOWTO" I installed OpenLDAP2.1.16 and PostgreSQL7.3. Now
> they can be started satisfactorily, no any error.
>
> But ...
>
> I defined the slapd.conf like this
> --------------------------------------------------------------------------------
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23 2002/02/02
> 05:23:12 kurt E xp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /usr/local/etc/openldap/schema/core.schema
> include         /usr/local/etc/openldap/schema/cosine.schema
> include         /usr/local/etc/openldap/schema/inetorgperson.schema
>
> # Define global ACLs to disable default read access.
> access to *
>         by * write
>         by * read
> access to * by dn="cn=Admin,o=fjh,c=jp" write
> #defaultaccess none
>
> # Do not enable referrals until AFTER you have a working directory #
> service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
>
> pidfile         /usr/local/var/slapd.pid
> argsfile        /usr/local/var/slapd.args
>
> #######################################################################
> # sql database definitions
> #######################################################################
>
> database        sql
> suffix          "o=fjh,c=jp"
> rootdn          "cn=Admin,o=fjh,c=jp"
> rootpw          secret
> allow bind_v2
>
> dbname          PgSQL
> dbuser          test
> dbpasswd        test
> subtree_cond    "upper(ldap_entries.dn) LIKE '%'||?"
> insentry_query  "insert into ldap_entries
> (id,dn,oc_map_id,parent,keyval) values
>  ((select max(id)+1 from ldap_entries),?,?,?,?)"
> upper_func      "upper"
> strcast_func    "text"
> concat_pattern  "?||?"
> has_ldapinfo_dn_ru      no
> --------------------------------------------------------------------------------
>
>
> When I run "ldapsearch -h mickey -p 40389 -b "o=fjh,c=jp"
> "(objectClass=*)" ", I got:
> --------------------------------------------------------------------------------
> daemon: new connection on 8
> conn=1 fd=8 ACCEPT from IP=10.131.201.143:35267
> (IP=10.131.201.143:40389) daemon: added 8r
> daemon: activity on:
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 8r
> daemon: read activity on 8
> connection_get(8)
> connection_get(8): got connid=1
> connection_read(8): checking for input on id=1
> ber_get_next
> ldap_read: want=9, got=9
>   0000:  30 2f 02 01 01 63 2a 04  0a                        0/...c*..
> ldap_read: want=40, got=40
>   0000:  6f 3d 66 6a 68 2c 63 3d  6a 70 0a 01 02 0a 01 00
> o=fjh,c=jp...... 0010:  02 01 00 02 01 00 01 01  00 87 0b 6f 62 6a 65
> 63   ...........objec 0020:  74 43 6c 61 73 73 30 00
>          tClass0.
> ber_get_next: tag 0x30 len 47 contents:
> ber_dump: buf=0x000f3140 ptr=0x000f3140 end=0x000f316f len=47
>   0000:  02 01 01 63 2a 04 0a 6f  3d 66 6a 68 2c 63 3d 6a
> ...c*..o=fjh,c=j 0010:  70 0a 01 02 0a 01 00 02  01 00 02 01 00 01 01
> 00   p............... 0020:  87 0b 6f 62 6a 65 63 74  43 6c 61 73 73
> 30 00      ..objectClass0.
> ber_get_next
> ldap_read: want=9 error=Resource temporarily unavailable
> ber_get_next on fd 8 failed errno=11 (Resource temporarily unavailable)
> do_search
> ber_scanf fmt ({miiiib) ber:
> ber_dump: buf=0x000f3140 ptr=0x000f3143 end=0x000f316f len=44
>   0000:  63 2a 04 0a 6f 3d 66 6a  68 2c 63 3d 6a 70 0a 01
> c*..o=fjh,c=jp.. 0010:  02 0a 01 00 02 01 00 02  01 00 01 01 00 87 0b
> 6f   ...............o 0020:  62 6a 65 63 74 43 6c 61  73 73 30 00
>          bjectClass0.
>>>> dnPrettyNormal: <o=fjh,c=jp>
> => ldap_bv2dn(o=fjh,c=jp,0)
> <= ldap_bv2dn(o=fjh,c=jp,0)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(o=fjh,c=jp,272)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(o=fjh,c=jp,272)=0
> <<< dnPrettyNormal: <o=fjh,c=jp>, <o=fjh,c=jp>
> SRCH "o=fjh,c=jp" 2 0    0 0 0
> begin get_filter
> PRESENT
> ber_scanf fmt (m) ber:
> ber_dump: buf=0x000f3140 ptr=0x000f3160 end=0x000f316f len=15
>   0000:  87 0b 6f 62 6a 65 63 74  43 6c 61 73 73 30 00
> ..objectClass0.
> end get_filter 0
>     filter: (objectClass=*)
> ber_scanf fmt ({M}}) ber:
> ber_dump: buf=0x000f3140 ptr=0x000f316d end=0x000f316f len=2
>   0000:  00 00                                              ..
>     attrs:
> conn=1 op=0 SRCH base="o=fjh,c=jp" scope=2 filter="(objectClass=*)"
> ==>backsql_search(): base='o=fjh,c=jp', filter='(objectClass=*)',
> scope=2, deref =0, attrsonly=0, attributes to load: all
> ==>backsql_get_db_conn()
> ==>backsql_open_db_conn()
> daemon: select: listen=7 active_threads=1 tvp=NULL
> backsql_open_db_conn(): connected, adding to tree
> <==backsql_open_db_conn()
> <==backsql_get_db_conn()
> ==>backsql_oc_get_candidates(): oc='organization'
> ==>backsql_srch_query()
> ==>backsql_process_filter()
> <==backsql_process_filter()
> <==backsql_srch_query()
> Constructed query: SELECT DISTINCT
> ldap_entries.id,institutes.id,text('organizat ion') AS
> objectClass,ldap_entries.dn AS dn FROM ldap_entries,institutes WHERE in
> stitutes.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND
> upper(ldap_entr ies.dn) LIKE upper(?) AND NOT ('organization' IS NULL)
> dn '%O=FJH,C=JP'
> <==backsql_oc_get_candidates()
> ==>backsql_oc_get_candidates(): oc='document'
> ==>backsql_srch_query()
> ==>backsql_process_filter()
> <==backsql_process_filter()
> <==backsql_srch_query()
> Constructed query: SELECT DISTINCT
> ldap_entries.id,documents.id,text('document')
>  AS objectClass,ldap_entries.dn AS dn FROM ldap_entries,documents WHERE
> document
> s.id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND
> upper(ldap_entries.dn)
>  LIKE upper(?) AND NOT ('document' IS NULL)
> dn '%O=FJH,C=JP'
> <==backsql_oc_get_candidates()
> ==>backsql_oc_get_candidates(): oc='inetOrgPerson'
> ==>backsql_srch_query()
> ==>backsql_process_filter()
> <==backsql_process_filter()
> <==backsql_srch_query()
> Constructed query: SELECT DISTINCT
> ldap_entries.id,persons.id,text('inetOrgPerso n') AS
> objectClass,ldap_entries.dn AS dn FROM ldap_entries,persons WHERE
> persons .id=ldap_entries.keyval AND ldap_entries.oc_map_id=? AND
> upper(ldap_entries.dn) LIKE upper(?) AND NOT ('inetOrgPerson' IS NULL)
> dn '%O=FJH,C=JP'
> <==backsql_oc_get_candidates()
> send_ldap_result: conn=1 op=0 p=3
> send_ldap_result: err=0 matched="" text=""
> send_ldap_response: msgid=1 tag=101 err=0
> ber_flush: 14 bytes to sd 8
>   0000:  30 0c 02 01 01 65 07 0a  01 00 04 00 04 00
> 0....e........
> daemon: activity on 1 descriptors
> daemon: activity on: 8r
> daemon: read activity on 8
> connection_get(8)
> ldap_write: want=14, written=14
>   0000:  30 0c 02 01 01 65 07 0a  01 00 04 00 04 00
> 0....e........
> connection_get(8): got connid=1
> connection_read(8): checking for input on id=1
> ber_get_next
> ldap_read: want=9, got=7
>   0000:  30 05 02 01 02 42 00                               0....B.
> ber_get_next: tag 0x30 len 5 contents:
> ber_dump: buf=0x000b44b8 ptr=0x000b44b8 end=0x000b44bd len=5
>   0000:  02 01 02 42 00                                     ...B.
> do_unbind
> conn=1 op=1 UNBIND
> ==>backsql_unbind()
> send_ldap_result: conn=1 op=1 p=3
> send_ldap_result: err=0 matched="" text=""
> send_ldap_response: msgid=0 tag=48 err=0
> ber_get_next
> ldap_read: want=9, got=0
>
> ber_get_next on fd 8 failed errno=0 (Error 0)
> connection_read(8): input error=-2 id=1, closing.
> connection_closing: readying conn=1 sd=8 for close
> connection_close: deferring conn=1 sd=8
> daemon: select: listen=7 active_threads=2 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: select: listen=7 active_threads=2 tvp=NULL
> conn=1 op=1 RESULT tag=48 err=0 text=
> <==backsql_unbind()
> connection_resched: attempting closing conn=1 sd=8
> connection_close: deferring conn=1 sd=8
> conn=1 op=0 RESULT tag=101 err=0 text=
> <==backsql_search()
> connection_resched: attempting closing conn=1 sd=8
> connection_close: conn=1 sd=8
> ==>backsql_connection_destroy()
> ==>backsql_free_db_conn()
> backsql_free_db_conn(): closing db connection
> ==>backsql_close_db_conn()
> <==backsql_close_db_conn()
> <==backsql_free_db_conn()
> <==backsql_connection_destroy()
> daemon: removing 8
> conn=1 fd=8 closed

Are you sure there's any data in your db?
2.1.16 has a bug in back-sql that prevents
entries being returned because they
erroneously fail schema checks, but it
seems you don't even hit this bug since
your query does not find any candidates.

After you populated your db, you may want
to try to check out software from the
CVS repository with tag OPENLDAP_REL_ENG_2_1

> --------------------------------------------------------------------------------
>
>
> Or I run the command like "ldapadd -h mickey -p 40389 -D
> "cn=Admin,o=fjh,c=jp" -w
>  secret -f ./b.ldif", I got:
>
> # ldapadd -h mickey -p 40389 -D "cn=Admin,o=fjh,c=jp" -w secret -f
> ./b.ldif adding new entry o=fjh,c=jp
> ldap_add_s: DSA is unwilling to perform
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> (I don't know what does it mean)
> And the log is:
> --------------------------------------------------------------------------------
> daemon: activity on 1 descriptors
> daemon: new connection on 8
> conn=2 fd=8 ACCEPT from IP=10.131.201.143:35269
> (IP=10.131.201.143:40389) daemon: added 8r
> daemon: activity on:
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 8r
> daemon: read activity on 8
> connection_get(8)
> connection_get(8): got connid=2
> connection_read(8): checking for input on id=2
> ber_get_next
> ldap_read: want=9, got=9
>   0000:  30 25 02 01 01 60 20 02  01                        0%...` ..
> ldap_read: want=30, got=30
>   0000:  03 04 13 63 6e 3d 41 64  6d 69 6e 2c 6f 3d 66 6a
> ...cn=Admin,o=fj 0010:  68 2c 63 3d 6a 70 80 06  73 65 63 72 65 74
>     h,c=jp..secret
> ber_get_next: tag 0x30 len 37 contents:
> ber_dump: buf=0x000ed078 ptr=0x000ed078 end=0x000ed09d len=37
>   0000:  02 01 01 60 20 02 01 03  04 13 63 6e 3d 41 64 6d   ...`
> .....cn=Adm 0010:  69 6e 2c 6f 3d 66 6a 68  2c 63 3d 6a 70 80 06 73
> in,o=fjh,c=jp..s 0020:  65 63 72 65 74
>     ecret
> do_bind
> ber_get_next
> ldap_read: want=9 error=Resource temporarily unavailable
> ber_get_next on fd 8 failed errno=11 (Resource temporarily unavailable)
> ber_scanf fmt ({imt) ber:
> ber_dump: buf=0x000ed078 ptr=0x000ed07b end=0x000ed09d len=34
>   0000:  60 20 02 01 03 04 13 63  6e 3d 41 64 6d 69 6e 2c   `
> .....cn=Admin, 0010:  6f 3d 66 6a 68 2c 63 3d  6a 70 80 06 73 65 63 72
>   o=fjh,c=jp..secr 0020:  65 74
>       et
> ber_scanf fmt (m}) ber:
> ber_dump: buf=0x000ed078 ptr=0x000ed095 end=0x000ed09d len=8
>   0000:  00 06 73 65 63 72 65 74                            ..secret
>>>> dnPrettyNormal: <cn=Admin,o=fjh,c=jp>
> => ldap_bv2dn(cn=Admin,o=fjh,c=jp,0)
> <= ldap_bv2dn(cn=Admin,o=fjh,c=jp,0)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(cn=Admin,o=fjh,c=jp,272)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(cn=admin,o=fjh,c=jp,272)=0
> <<< dnPrettyNormal: <cn=Admin,o=fjh,c=jp>, <cn=admin,o=fjh,c=jp>
> do_bind: version=3 dn="cn=Admin,o=fjh,c=jp" method=128
> conn=2 op=0 BIND dn="cn=Admin,o=fjh,c=jp" method=128
> ==>backsql_bind()
> <==backsql_bind() root bind
> conn=2 op=0 BIND dn="cn=Admin,o=fjh,c=jp" mech=simple ssf=0
> do_bind: v3 bind: "cn=Admin,o=fjh,c=jp" to "cn=Admin,o=fjh,c=jp"
> send_ldap_result: conn=2 op=0 p=3
> send_ldap_result: err=0 matched="" text=""
> send_ldap_response: msgid=1 tag=97 err=0
> ber_flush: 14 bytes to sd 8
>   0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00
> 0....a........
> ldap_write: want=14, written=14
>   0000:  30 0c 02 01 01 61 07 0a  01 00 04 00 04 00
> 0....a........
> conn=2 op=0 RESULT tag=97 err=0 text=
> daemon: select: listen=7 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 8r
> daemon: read activity on 8
> connection_get(8)
> connection_get(8): got connid=2
> connection_read(8): checking for input on id=2
> ber_get_next
> ldap_read: want=9, got=9
>   0000:  30 43 02 01 02 68 3e 04  0a                        0C...h>..
> ldap_read: want=60, got=60
>   0000:  6f 3d 66 6a 68 2c 63 3d  6a 70 30 30 30 22 04 0b
> o=fjh,c=jp000".. 0010:  6f 62 6a 65 63 74 43 6c  61 73 73 31 13 04 03
> 74   objectClass1...t 0020:  6f 70 04 0c 6f 72 67 61  6e 69 7a 61 74
> 69 6f 6e   op..organization 0030:  30 0a 04 01 6f 31 05 04  03 66 6a
> 68               0...o1...fjh
> ber_get_next: tag 0x30 len 67 contents:
> ber_dump: buf=0x000def48 ptr=0x000def48 end=0x000def8b len=67
>   0000:  02 01 02 68 3e 04 0a 6f  3d 66 6a 68 2c 63 3d 6a
> ...h>..o=fjh,c=j 0010:  70 30 30 30 22 04 0b 6f  62 6a 65 63 74 43 6c
> 61   p000"..objectCla 0020:  73 73 31 13 04 03 74 6f  70 04 0c 6f 72
> 67 61 6e   ss1...top..organ 0030:  69 7a 61 74 69 6f 6e 30  0a 04 01
> 6f 31 05 04 03   ization0...o1... 0040:  66 6a 68
>                      fjh
> ber_get_next
> ldap_read: want=9 error=Resource temporarily unavailable
> ber_get_next on fd 8 failed errno=11 (Resource temporarily unavailable)
> daemon: select: listen=7 active_threads=1 tvp=NULL
> do_add
> ber_scanf fmt ({m) ber:
> ber_dump: buf=0x000def48 ptr=0x000def4b end=0x000def8b len=64
>   0000:  68 3e 04 0a 6f 3d 66 6a  68 2c 63 3d 6a 70 30 30
> h>..o=fjh,c=jp00 0010:  30 22 04 0b 6f 62 6a 65  63 74 43 6c 61 73 73
> 31   0"..objectClass1 0020:  13 04 03 74 6f 70 04 0c  6f 72 67 61 6e
> 69 7a 61   ...top..organiza 0030:  74 69 6f 6e 30 0a 04 01  6f 31 05
> 04 03 66 6a 68   tion0...o1...fjh
>>>> dnPrettyNormal: <o=fjh,c=jp>
> => ldap_bv2dn(o=fjh,c=jp,0)
> <= ldap_bv2dn(o=fjh,c=jp,0)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(o=fjh,c=jp,272)=0
> => ldap_dn2bv(272)
> <= ldap_dn2bv(o=fjh,c=jp,272)=0
> <<< dnPrettyNormal: <o=fjh,c=jp>, <o=fjh,c=jp>
> do_add: dn (o=fjh,c=jp)
> ber_scanf fmt ({m{W}}) ber:
> ber_dump: buf=0x000def48 ptr=0x000def5b end=0x000def8b len=48
>   0000:  30 22 04 0b 6f 62 6a 65  63 74 43 6c 61 73 73 31
> 0"..objectClass1 0010:  13 04 03 74 6f 70 04 0c  6f 72 67 61 6e 69 7a
> 61   ...top..organiza 0020:  74 69 6f 6e 30 0a 04 01  6f 31 05 04 03
> 66 6a 68   tion0...o1...fjh
> ber_scanf fmt ({m{W}}) ber:
> ber_dump: buf=0x000def48 ptr=0x000def7f end=0x000def8b len=12
>   0000:  30 0a 04 01 6f 31 05 04  03 66 6a 68               0...o1...fjh
> ber_scanf fmt (}) ber:
> ber_dump: buf=0x000def48 ptr=0x000def8b end=0x000def8b len=0
>
> conn=2 op=1 ADD dn="o=fjh,c=jp"
> ==>backsql_add(): adding entry 'o=fjh,c=jp'
> oc_check_required entry (o=fjh,c=jp), objectClass "organization"
> oc_check_allowed type "objectClass"
> oc_check_allowed type "o"
> oc_check_allowed type "structuralObjectClass"
> oc_check_allowed type "entryUUID"
> oc_check_allowed type "creatorsName"
> oc_check_allowed type "createTimestamp"
> oc_check_allowed type "entryCSN"
> oc_check_allowed type "modifiersName"
> oc_check_allowed type "modifyTimestamp"
> backsql_add(): create procedure is not defined for this objectclass -

This message should be self explanatory: your metadata
does not contain any organization objectClass create
procedure.  Don't ask software to do things it desn't
know how to do.

> aborting send_ldap_result: conn=2 op=1 p=3
> send_ldap_result: err=53 matched="" text="operation not permitted within
> namingC ontext"
> send_ldap_response: msgid=2 tag=105 err=53
> ber_flush: 58 bytes to sd 8
>   0000:  30 38 02 01 02 69 33 0a  01 35 04 00 04 2c 6f 70
> 08...i3..5...,op 0010:  65 72 61 74 69 6f 6e 20  6e 6f 74 20 70 65 72
> 6d   eration not perm 0020:  69 74 74 65 64 20 77 69  74 68 69 6e 20
> 6e 61 6d   itted within nam 0030:  69 6e 67 43 6f 6e 74 65  78 74
>                ingContext
> daemon: activity on 1 descriptors
> daemon: activity on: 8r
> daemon: read activity on 8
> connection_get(8)
> ldap_write: want=58, written=58
>   0000:  30 38 02 01 02 69 33 0a  01 35 04 00 04 2c 6f 70
> 08...i3..5...,op 0010:  65 72 61 74 69 6f 6e 20  6e 6f 74 20 70 65 72
> 6d   eration not perm 0020:  69 74 74 65 64 20 77 69  74 68 69 6e 20
> 6e 61 6d   itted within nam 0030:  69 6e 67 43 6f 6e 74 65  78 74
>                ingContext
> connection_get(8): got connid=2
> connection_read(8): checking for input on id=2
> ber_get_next
> ldap_read: want=9, got=7
>   0000:  30 05 02 01 03 42 00                               0....B.
> ber_get_next: tag 0x30 len 5 contents:
> ber_dump: buf=0x000b4458 ptr=0x000b4458 end=0x000b445d len=5
>   0000:  02 01 03 42 00                                     ...B.
> do_unbind
> conn=2 op=2 UNBIND
> ==>backsql_unbind()
> send_ldap_result: conn=2 op=2 p=3
> send_ldap_result: err=0 matched="" text=""
> send_ldap_response: msgid=0 tag=48 err=0
> ber_get_next
> ldap_read: want=9, got=0
>
> ber_get_next on fd 8 failed errno=0 (Error 0)
> connection_read(8): input error=-2 id=2, closing.
> connection_closing: readying conn=2 sd=8 for close
> connection_close: deferring conn=2 sd=8
> daemon: select: listen=7 active_threads=2 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: select: listen=7 active_threads=2 tvp=NULL
> conn=2 op=2 RESULT tag=48 err=0 text=
> <==backsql_unbind()
> connection_resched: attempting closing conn=2 sd=8
> connection_close: deferring conn=2 sd=8
> conn=2 op=1 RESULT tag=105 err=53 text=operation not permitted within
> namingCont ext
> connection_resched: attempting closing conn=2 sd=8
> connection_close: conn=2 sd=8
> ==>backsql_connection_destroy()
> ==>backsql_free_db_conn()
> <==backsql_free_db_conn()
> <==backsql_connection_destroy()
> daemon: removing 8
> conn=2 fd=8 closed
> --------------------------------------------------------------------------------
>
> Can someone give me suggestions?
> Thank you.
>
> Best regards.
>
> Zhang
> zhang@fjh.fujitsu.com

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it