[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problems administering OL2.3.4 via cn=config
Hi list,
I'm having some problems administering the OL2.3.4 server in our
testenvironment.
Untill adding the olcRootPW attribute manually to cn=config.ldif I wasn't
able to access cn=config at all with any kind of LDAP Browser (like
JXPlorer or LDAP Administrator). After doing so I could finally
authenticate to the LDAP Server and list the contens of cn=config. Maybe
this should be added to the docs or maybe what I did here is totally wrong
in the first place. In that case please direct me to some doc/faq that
describes the proper procedure.
Now to my real problem:
When i try to delete an entry from cn=config, lets say cn=include{3},
which is the one with the highest index I get the following slapd debug
output:
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 116 contents:
ber_dump: buf=0x0a136138 ptr=0x0a136138 end=0x0a1361ac len=116
0000: 02 02 00 84 63 84 00 00 00 40 04 17 63 6e 3d 69 ....c....@..cn=i
0010: 6e 63 6c 75 64 65 7b 33 7d 2c 63 6e 3d 63 6f 6e nclude{3},cn=con
0020: 66 69 67 0a 01 01 0a 01 00 02 01 00 02 01 00 01 fig.............
0030: 01 ff 87 0b 4f 62 6a 65 63 74 43 6c 61 73 73 30 ....ObjectClass0
0040: 84 00 00 00 05 04 03 31 2e 31 a0 84 00 00 00 24 .......1.1.....$
0050: 30 84 00 00 00 1e 04 17 32 2e 31 36 2e 38 34 30 0.......2.16.840
0060: 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 01 .1.113730.3.4.2.
0070: 01 00 04 00 ....
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x0a136138 ptr=0x0a13613c end=0x0a1361ac len=112
0000: 63 84 00 00 00 40 04 17 63 6e 3d 69 6e 63 6c 75 c....@..cn=inclu
0010: 64 65 7b 33 7d 2c 63 6e 3d 63 6f 6e 66 69 67 0a de{3},cn=config.
0020: 01 01 0a 01 00 02 01 00 02 01 00 01 01 ff 87 0b ................
0030: 4f 62 6a 65 63 74 43 6c 61 73 73 30 84 00 00 00 ObjectClass0....
0040: 05 04 03 31 2e 31 a0 84 00 00 00 24 30 84 00 00 ...1.1.....$0...
0050: 00 1e 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 ....2.16.840.1.1
0060: 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 00 04 00 13730.3.4.2.....
>>> dnPrettyNormal: <cn=include{3},cn=config>
=> ldap_bv2dn(cn=include{3},cn=config,0)
ldap_err2string
<= ldap_bv2dn(cn=include{3},cn=config)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=include{3},cn=config)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=include{3},cn=config)=0 Success
<<< dnPrettyNormal: <cn=include{3},cn=config>, <cn=include{3},cn=config>
SRCH "cn=include{3},cn=config" 1 0 0 0 -1
ber_scanf fmt (m) ber:
ber_dump: buf=0x0a136138 ptr=0x0a13616a end=0x0a1361ac len=66
0000: 87 0b 4f 62 6a 65 63 74 43 6c 61 73 73 30 84 00 ..ObjectClass0..
0010: 00 00 05 04 03 31 2e 31 a0 84 00 00 00 24 30 84 .....1.1.....$0.
0020: 00 00 00 1e 04 17 32 2e 31 36 2e 38 34 30 2e 31 ......2.16.840.1
0030: 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 00 .113730.3.4.2...
0040: 04 00 ..
filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x0a136138 ptr=0x0a136177 end=0x0a1361ac len=53
0000: 00 84 00 00 00 05 04 03 31 2e 31 a0 84 00 00 00 ........1.1.....
0010: 24 30 84 00 00 00 1e 04 17 32 2e 31 36 2e 38 34 $0.......2.16.84
0020: 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 0.1.113730.3.4.2
0030: 01 01 00 04 00 .....
=> get_ctrls
ber_scanf fmt ({m) ber:
ber_dump: buf=0x0a136138 ptr=0x0a136188 end=0x0a1361ac len=36
0000: 30 84 00 00 00 1e 04 17 32 2e 31 36 2e 38 34 30 0.......2.16.840
0010: 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 01 .1.113730.3.4.2.
0020: 01 00 04 00 ....
ber_scanf fmt (b) ber:
ber_dump: buf=0x0a136138 ptr=0x0a1361a7 end=0x0a1361ac len=5
0000: 00 01 00 04 00 .....
ber_scanf fmt (m) ber:
ber_dump: buf=0x0a136138 ptr=0x0a1361aa end=0x0a1361ac len=2
0000: 04 00 ..
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
attrs: 1.1
conn=0 op=31 SRCH base="cn=include{3},cn=config" scope=1 deref=0
filter="(objectClass=*)"
conn=0 op=31 SRCH attr=1.1
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
send_ldap_result: conn=0 op=31 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=132 tag=101 err=0
ber_flush: 15 bytes to sd 10
conn=0 op=31 SEARCH RESULT tag=101 err=0 nentries=0 text=
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 71 contents:
ber_dump: buf=0x0a134fd8 ptr=0x0a134fd8 end=0x0a13501f len=71
0000: 02 02 00 85 4a 17 63 6e 3d 69 6e 63 6c 75 64 65 ....J.cn=include
0010: 7b 33 7d 2c 63 6e 3d 63 6f 6e 66 69 67 a0 84 00 {3},cn=config...
0020: 00 00 24 30 84 00 00 00 1e 04 17 32 2e 31 36 2e ..$0.......2.16.
0030: 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 840.1.113730.3.4
0040: 2e 32 01 01 00 04 00 .2.....
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
do_delete
ber_scanf fmt (m) ber:
ber_dump: buf=0x0a134fd8 ptr=0x0a134fdc end=0x0a13501f len=67
0000: 4a 17 63 6e 3d 69 6e 63 6c 75 64 65 7b 33 7d 2c J.cn=include{3},
0010: 63 6e 3d 63 6f 6e 66 69 67 a0 84 00 00 00 24 30 cn=config.....$0
0020: 84 00 00 00 1e 04 17 32 2e 31 36 2e 38 34 30 2e .......2.16.840.
0030: 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 01 01 1.113730.3.4.2..
0040: 00 04 00 ...
=> get_ctrls
ber_scanf fmt ({m) ber:
ber_dump: buf=0x0a134fd8 ptr=0x0a134ffb end=0x0a13501f len=36
0000: 30 84 00 00 00 1e 04 17 32 2e 31 36 2e 38 34 30 0.......2.16.840
0010: 2e 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 32 01 .1.113730.3.4.2.
0020: 01 00 04 00 ....
ber_scanf fmt (b) ber:
ber_dump: buf=0x0a134fd8 ptr=0x0a13501a end=0x0a13501f len=5
0000: 00 01 00 04 00 .....
ber_scanf fmt (m) ber:
ber_dump: buf=0x0a134fd8 ptr=0x0a13501d end=0x0a13501f len=2
0000: 04 00 ..
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
>>> dnPrettyNormal: <cn=include{3},cn=config>
=> ldap_bv2dn(cn=include{3},cn=config,0)
ldap_err2string
<= ldap_bv2dn(cn=include{3},cn=config)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=include{3},cn=config)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=include{3},cn=config)=0 Success
<<< dnPrettyNormal: <cn=include{3},cn=config>, <cn=include{3},cn=config>
conn=0 op=32 DEL dn="cn=include{3},cn=config"
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
send_ldap_result: conn=0 op=32 p=3
send_ldap_result: err=53 matched="" text="operation not supported within
namingContext"
send_ldap_response: msgid=133 tag=107 err=53
ber_flush: 59 bytes to sd 10
conn=0 op=32 RESULT tag=107 err=53 text=operation not supported within
namingContext
Similar things happen when i try to delete attributes under cn=confige,
for example my olcTLS* attributes.
Another strange behaviour accured when trying to modify attributes in
cn=config: When I tried to modify the value of olcTLSCACertificateFile the
operation is supposedly successfull, but after that the cn=config.ldif
file is garbled:
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigDir: /etc/openldap/slapd.d
olcArgsFile: /var/lib/ldap/slapd.args
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcLocalSSF: 71
olcLogLevel: Stats
olcPidFile: /var/lib/ldap/slapd.pid
olcReadOnly: FALSE
olcReplicationInterval: 0
olcRootPW:: e1NTSEF9NzJxZWFVcEYvOGxMZ2hvakJWRGlsQzNVd2JRQ280Z0U=
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
structuralObjectClass: olcGlobal
olcTLSCertificateFile: /etc/openldap/ssl/sgmldap01.cert
olcTLSCertificateKeyFile: /etc/openldap/ssl/sgmldap01.key
olcTLSVerifyClient: never
olcTLSCipherSuite: HIGH:SSLv3
olcTLSCACertificateFile: /etc/openldap/ssl/ca.cert
entryCSN: 20050624091640Z#000001#00#000000
modifiersName: cn=config
modifyTimestamp: 20050624091640Z
071404Z
As you can see that last line containing "071404Z" makes the file
syntactically incorrect. Sometimes also just a "Z" is appended to the
file.
I hope someone is able to help me out here, since we'd love to use the 2.3
branch and be able to administer the Servers on the fly through cn=config.
Kind regards
Michael Heep