[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems administering OL2.3.4 via cn=config



Hi list,

I'm having some problems administering the OL2.3.4 server in our 
testenvironment.

Untill adding the olcRootPW attribute manually to cn=config.ldif I wasn't 
able to access cn=config at all with any kind of LDAP Browser (like 
JXPlorer or LDAP Administrator). After doing so I could finally 
authenticate to the LDAP Server and list the contens of cn=config. Maybe 
this should be added to the docs or maybe what I did here is totally wrong 
in the first place. In that case please direct me to some doc/faq that 
describes the proper procedure.

Now to my real problem:
When i try to delete an entry from cn=config, lets say cn=include{3}, 
which is the one with the highest index I get the following slapd debug 
output:
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 116 contents:
ber_dump: buf=0x0a136138 ptr=0x0a136138 end=0x0a1361ac len=116
  0000:  02 02 00 84 63 84 00 00  00 40 04 17 63 6e 3d 69 ....c....@..cn=i 
 
  0010:  6e 63 6c 75 64 65 7b 33  7d 2c 63 6e 3d 63 6f 6e nclude{3},cn=con 
 
  0020:  66 69 67 0a 01 01 0a 01  00 02 01 00 02 01 00 01 fig............. 
 
  0030:  01 ff 87 0b 4f 62 6a 65  63 74 43 6c 61 73 73 30 ....ObjectClass0 
 
  0040:  84 00 00 00 05 04 03 31  2e 31 a0 84 00 00 00 24 .......1.1.....$ 
 
  0050:  30 84 00 00 00 1e 04 17  32 2e 31 36 2e 38 34 30 0.......2.16.840 
 
  0060:  2e 31 2e 31 31 33 37 33  30 2e 33 2e 34 2e 32 01 .1.113730.3.4.2. 
 
  0070:  01 00 04 00                                        ....  
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x0a136138 ptr=0x0a13613c end=0x0a1361ac len=112
  0000:  63 84 00 00 00 40 04 17  63 6e 3d 69 6e 63 6c 75 c....@..cn=inclu 
 
  0010:  64 65 7b 33 7d 2c 63 6e  3d 63 6f 6e 66 69 67 0a de{3},cn=config. 
 
  0020:  01 01 0a 01 00 02 01 00  02 01 00 01 01 ff 87 0b ................ 
 
  0030:  4f 62 6a 65 63 74 43 6c  61 73 73 30 84 00 00 00 ObjectClass0.... 
 
  0040:  05 04 03 31 2e 31 a0 84  00 00 00 24 30 84 00 00 ...1.1.....$0... 
 
  0050:  00 1e 04 17 32 2e 31 36  2e 38 34 30 2e 31 2e 31 ....2.16.840.1.1 
 
  0060:  31 33 37 33 30 2e 33 2e  34 2e 32 01 01 00 04 00 13730.3.4.2..... 
 
>>> dnPrettyNormal: <cn=include{3},cn=config>
=> ldap_bv2dn(cn=include{3},cn=config,0)
ldap_err2string
<= ldap_bv2dn(cn=include{3},cn=config)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=include{3},cn=config)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=include{3},cn=config)=0 Success
<<< dnPrettyNormal: <cn=include{3},cn=config>, <cn=include{3},cn=config>
SRCH "cn=include{3},cn=config" 1 0    0 0 -1
ber_scanf fmt (m) ber:
ber_dump: buf=0x0a136138 ptr=0x0a13616a end=0x0a1361ac len=66
  0000:  87 0b 4f 62 6a 65 63 74  43 6c 61 73 73 30 84 00 ..ObjectClass0.. 
 
  0010:  00 00 05 04 03 31 2e 31  a0 84 00 00 00 24 30 84 .....1.1.....$0. 
 
  0020:  00 00 00 1e 04 17 32 2e  31 36 2e 38 34 30 2e 31 ......2.16.840.1 
 
  0030:  2e 31 31 33 37 33 30 2e  33 2e 34 2e 32 01 01 00 .113730.3.4.2... 
 
  0040:  04 00                                              ..  
    filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x0a136138 ptr=0x0a136177 end=0x0a1361ac len=53
  0000:  00 84 00 00 00 05 04 03  31 2e 31 a0 84 00 00 00 ........1.1..... 
 
  0010:  24 30 84 00 00 00 1e 04  17 32 2e 31 36 2e 38 34 $0.......2.16.84 
 
  0020:  30 2e 31 2e 31 31 33 37  33 30 2e 33 2e 34 2e 32 0.1.113730.3.4.2 
 
  0030:  01 01 00 04 00                                     .....  
=> get_ctrls
ber_scanf fmt ({m) ber:
ber_dump: buf=0x0a136138 ptr=0x0a136188 end=0x0a1361ac len=36
  0000:  30 84 00 00 00 1e 04 17  32 2e 31 36 2e 38 34 30 0.......2.16.840 
 
  0010:  2e 31 2e 31 31 33 37 33  30 2e 33 2e 34 2e 32 01 .1.113730.3.4.2. 
 
  0020:  01 00 04 00                                        ....  
ber_scanf fmt (b) ber:
ber_dump: buf=0x0a136138 ptr=0x0a1361a7 end=0x0a1361ac len=5
  0000:  00 01 00 04 00                                     .....  
ber_scanf fmt (m) ber:
ber_dump: buf=0x0a136138 ptr=0x0a1361aa end=0x0a1361ac len=2
  0000:  04 00                                              ..  
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
    attrs: 1.1
conn=0 op=31 SRCH base="cn=include{3},cn=config" scope=1 deref=0 
filter="(objectClass=*)"
conn=0 op=31 SRCH attr=1.1
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
send_ldap_result: conn=0 op=31 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=132 tag=101 err=0
ber_flush: 15 bytes to sd 10
conn=0 op=31 SEARCH RESULT tag=101 err=0 nentries=0 text=
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 71 contents:
ber_dump: buf=0x0a134fd8 ptr=0x0a134fd8 end=0x0a13501f len=71
  0000:  02 02 00 85 4a 17 63 6e  3d 69 6e 63 6c 75 64 65 ....J.cn=include 
 
  0010:  7b 33 7d 2c 63 6e 3d 63  6f 6e 66 69 67 a0 84 00 {3},cn=config... 
 
  0020:  00 00 24 30 84 00 00 00  1e 04 17 32 2e 31 36 2e ..$0.......2.16. 
 
  0030:  38 34 30 2e 31 2e 31 31  33 37 33 30 2e 33 2e 34 840.1.113730.3.4 
 
  0040:  2e 32 01 01 00 04 00                               .2.....  
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
do_delete
ber_scanf fmt (m) ber:
ber_dump: buf=0x0a134fd8 ptr=0x0a134fdc end=0x0a13501f len=67
  0000:  4a 17 63 6e 3d 69 6e 63  6c 75 64 65 7b 33 7d 2c J.cn=include{3}, 
 
  0010:  63 6e 3d 63 6f 6e 66 69  67 a0 84 00 00 00 24 30 cn=config.....$0 
 
  0020:  84 00 00 00 1e 04 17 32  2e 31 36 2e 38 34 30 2e .......2.16.840. 
 
  0030:  31 2e 31 31 33 37 33 30  2e 33 2e 34 2e 32 01 01 1.113730.3.4.2.. 
 
  0040:  00 04 00                                           ...  
=> get_ctrls
ber_scanf fmt ({m) ber:
ber_dump: buf=0x0a134fd8 ptr=0x0a134ffb end=0x0a13501f len=36
  0000:  30 84 00 00 00 1e 04 17  32 2e 31 36 2e 38 34 30 0.......2.16.840 
 
  0010:  2e 31 2e 31 31 33 37 33  30 2e 33 2e 34 2e 32 01 .1.113730.3.4.2. 
 
  0020:  01 00 04 00                                        ....  
ber_scanf fmt (b) ber:
ber_dump: buf=0x0a134fd8 ptr=0x0a13501a end=0x0a13501f len=5
  0000:  00 01 00 04 00                                     .....  
ber_scanf fmt (m) ber:
ber_dump: buf=0x0a134fd8 ptr=0x0a13501d end=0x0a13501f len=2
  0000:  04 00                                              ..  
=> get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical)
<= get_ctrls: n=1 rc=0 err=""
>>> dnPrettyNormal: <cn=include{3},cn=config>
=> ldap_bv2dn(cn=include{3},cn=config,0)
ldap_err2string
<= ldap_bv2dn(cn=include{3},cn=config)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=include{3},cn=config)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=include{3},cn=config)=0 Success
<<< dnPrettyNormal: <cn=include{3},cn=config>, <cn=include{3},cn=config>
conn=0 op=32 DEL dn="cn=include{3},cn=config"
slap_global_control: unavailable control: 2.16.840.1.113730.3.4.2
send_ldap_result: conn=0 op=32 p=3
send_ldap_result: err=53 matched="" text="operation not supported within 
namingContext"
send_ldap_response: msgid=133 tag=107 err=53
ber_flush: 59 bytes to sd 10
conn=0 op=32 RESULT tag=107 err=53 text=operation not supported within 
namingContext

Similar things happen when i try to delete attributes under cn=confige, 
for example my olcTLS* attributes.

Another strange behaviour accured when trying to modify attributes in 
cn=config: When I tried to modify the value of olcTLSCACertificateFile the 
operation is supposedly successfull, but after that the cn=config.ldif 
file is garbled:
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigDir: /etc/openldap/slapd.d
olcArgsFile: /var/lib/ldap/slapd.args
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcLocalSSF: 71
olcLogLevel: Stats
olcPidFile: /var/lib/ldap/slapd.pid
olcReadOnly: FALSE
olcReplicationInterval: 0
olcRootPW:: e1NTSEF9NzJxZWFVcEYvOGxMZ2hvakJWRGlsQzNVd2JRQ280Z0U=
olcSaslSecProps: noplain,noanonymous
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
structuralObjectClass: olcGlobal
olcTLSCertificateFile: /etc/openldap/ssl/sgmldap01.cert
olcTLSCertificateKeyFile: /etc/openldap/ssl/sgmldap01.key
olcTLSVerifyClient: never
olcTLSCipherSuite: HIGH:SSLv3
olcTLSCACertificateFile: /etc/openldap/ssl/ca.cert
entryCSN: 20050624091640Z#000001#00#000000
modifiersName: cn=config
modifyTimestamp: 20050624091640Z
071404Z

As you can see that last line containing "071404Z" makes the file 
syntactically incorrect. Sometimes also just a "Z" is appended to the 
file.

I hope someone is able to help me out here, since we'd love to use the 2.3 
branch and be able to administer the Servers on the fly through cn=config.


Kind regards
Michael Heep