[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: chain-overlay question



Markus Krause wrote:

No. I'm referring to slapd.4.conf as generated by the test018 script.
ah ok, sorry for that. i could not find it at first, had ro stop "make test" at test018 to get it ... now i used it (and slapd.1.conf) as template for my config.

I assumed you knew that you can tun a single test by issuing

	./run test018

from the tests/ directory.  Sorry about that.


i am really sorry about still bothering you with my problems but i still have no success... :-(
my slapd.conf now looks like (now in more detail, just cleaned up):
--- slapd.conf
...
modulepath /usr/lib/openldap/modules
moduleload smbk5pwd.so
sizelimit unlimited
acl ...
TLSstuff ...
#### chain overlay definition
overlay chain
chain-rebind-as-user FALSE
chain-uri "ldaps://ldapprov"
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod="simple"
binddn="cn=manager,o=test"
credentials="secret"
mode="self"


database bdb
suffix "o=test"
directory /var/lib/ldap/
rootdn "cn=manager,o=test"
rootpw "secret"
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index entryCSN,entryUUID eq
index dhcpHWAddress eq,pres
index relativeDomainName eq,pres
index ipHostNumber eq,pres
index zoneName eq,pres
index radiusGroupName eq,pres

syncrepl rid=13
        provider=ldaps://ldapprov
        type=refreshAndPersist
        retry=1,5,5,6,30,+
        interval=00:00:00:30
        searchbase="o=test"
        filter="(objectclass=*)"
        scope=sub
        attrs="*"
        schemachecking=off
        binddn="cn=manager,o=test"
        bindmethod=simple
        credentials="secret"
        sizelimit=unlimited
updateref ldaps://ldapprov

overlay syncprov
overlay smbk5pwd
smbk5pwd-enable samba
--- end of slapd.conf

To me, it looks just fine.



Please rearrange the configuration as instructed and retry.  In general,
never intermix database and overlay directives.  Order matters (as it
always did; but now violations are no longer harmless).
i hope i did understand how which order the entries should have ... (see above)

but the last lines before the consumer dies after running "ldappasswd .." show:
--- slapd -d 65535 output
...
=> bdb_dn2id("uid=user,o=test")
<= bdb_dn2id: got id=0x0000337f
entry_decode: "uid=user,o=test"
<= entry_decode(uid=user,o=test)
ldap_url_parse_ext(ldaps://ldapprov)
send_ldap_extended: err=10 oid= len=0
ldap_url_parse_ext(ldaps://ldapprov)
Segmentation fault
--- end of slapd -d 65535 output

That's another issue. You may send a stack backtrace after this crash.

In any case, you didn't specify you were trying to perform an extended operation (ldap passwd); there might be some bg in how extended operations are handled by slapo-chain(5). I'd narrow this down by running ldappasswd within a simpler configuration setup. In case, please file an ITS.

In the meanwhile, I'd check your configuration by using a less challenging write operation (like a modify).

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------