[Date Prev][Date Next] [Chronological] [Thread] [Top]
adding new databases and olc*dbconfig must attributes

To: openldap-technical@openldap.org
Subject: adding new databases and olc*dbconfig must attributes
From: ben thielsen <btb@bitrate.net>
Date: Tue, 21 Feb 2012 20:02:54 -0500
i was experimenting a bit with adding new databases to the config, and found that if the olcsuffix attribute was not provided, it would fail:

>cat db.ldif 
dn: olcDatabase=hdb,cn=config
changetype: add
objectClass: olcHdbConfig
olcDatabase: hdb
olcDbDirectory: /var/lib/ldap/example.org

>ldapadd -xWZZH 'ldap://dsa.example.com/' -D 'uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=com' -f db.ldif
Enter LDAP Password: 
adding new entry "olcDatabase=hdb,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
	additional info: <olcDbDirectory> failed startup

>tail -F slapd.log

Feb 21 19:39:41 flip slapd[19134]: conn=1535 fd=64 ACCEPT from IP=192.168.1.1:36891 (IP=0.0.0.0:389)
Feb 21 19:39:41 flip slapd[19134]: conn=1535 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Feb 21 19:39:41 flip slapd[19134]: conn=1535 op=0 STARTTLS
Feb 21 19:39:41 flip slapd[19134]: conn=1535 op=0 RESULT oid= err=0 text=
Feb 21 19:39:41 flip slapd[19134]: conn=1535 fd=64 TLS established tls_ssf=128 ssf=128
Feb 21 19:39:43 flip slapd[19134]: conn=1535 op=1 BIND dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=com" method=128
Feb 21 19:39:43 flip slapd[19134]: conn=1535 op=1 BIND dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=com" mech=SIMPLE ssf=0
Feb 21 19:39:43 flip slapd[19134]: conn=1535 op=1 RESULT tag=97 err=0 text=
Feb 21 19:39:43 flip slapd[19134]: conn=1535 op=2 ADD dn="olcDatabase=hdb,cn=config"
Feb 21 19:39:43 flip slapd[19134]: hdb_db_open: need suffix.
Feb 21 19:39:43 flip slapd[19134]: backend_startup_one (type=hdb, suffix="(null)"): bi_db_open failed! (-1)
Feb 21 19:39:43 flip slapd[19134]: olcDbDirectory: value #0: <olcDbDirectory> failed startup (0?:?X#024c?/ldap/example.org)!
Feb 21 19:39:43 flip slapd[19134]: conn=1535 op=2 RESULT tag=105 err=80 text=<olcDbDirectory> failed startup
Feb 21 19:39:43 flip slapd[19134]: conn=1535 op=3 UNBIND
Feb 21 19:39:43 flip slapd[19134]: conn=1535 fd=64 closed

providing an olcSuffix attribute in the ldif allowed the new database to be added without error:

>ldapadd -xWZZH 'ldap://dsa.example.com/' -D 'uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=com' -f db.ldif
Enter LDAP Password: 
adding new entry "olcDatabase=hdb,cn=config"

>tail -F slapd.log

Feb 21 19:43:21 flip slapd[19134]: conn=1537 fd=44 ACCEPT from IP=192.168.1.1:36900 (IP=0.0.0.0:389)
Feb 21 19:43:21 flip slapd[19134]: conn=1537 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Feb 21 19:43:21 flip slapd[19134]: conn=1537 op=0 STARTTLS
Feb 21 19:43:21 flip slapd[19134]: conn=1537 op=0 RESULT oid= err=0 text=
Feb 21 19:43:21 flip slapd[19134]: conn=1537 fd=44 TLS established tls_ssf=128 ssf=128
Feb 21 19:43:23 flip slapd[19134]: conn=1537 op=1 BIND dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=com" method=128
Feb 21 19:43:23 flip slapd[19134]: conn=1537 op=1 BIND dn="uid=dit_admin,ou=role_accounts,ou=accounts,dc=example,dc=com" mech=SIMPLE ssf=0
Feb 21 19:43:23 flip slapd[19134]: conn=1537 op=1 RESULT tag=97 err=0 text=
Feb 21 19:43:23 flip slapd[19134]: conn=1537 op=2 ADD dn="olcDatabase=hdb,cn=config"
Feb 21 19:43:24 flip slapd[19134]: conn=1537 op=2 RESULT tag=105 err=0 text=
Feb 21 19:43:24 flip slapd[19134]: conn=1537 op=3 UNBIND

this behavior wasn't really all that surprising to me, as i don't really know in what capacity there might be a database without a suffix defined, even if it were just "", but what i am curious about is the schema definition for the olcHdbConfig object class.  the best i can tell, only olcDatabase and olcDbDirectory are MUST attributes, while olcSuffix is not:

>ldapsearch -xH 'ldap://dsa.example.com/' -s base -b 'cn=subschema' '*' '+' | grep -iFA 5 "NAME 'olcHdbConfig'"
objectClasses: ( 1.3.6.1.4.1.4203.1.12.2.4.2.1.2 NAME 'olcHdbConfig' DESC 'HDB
  backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory 
 MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDb
 CryptKey $ olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ ol
 cDbLinearIndex $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey
  $ olcDbCacheFree $ olcDbDNcacheSize $ olcDbPageSize ) )

>ldapsearch -xH 'ldap://dsa.example.com/' -s base -b 'cn=subschema' '*' '+' | grep -iFA 7 "NAME 'olcDatabaseConfig'"
objectClasses: ( 1.3.6.1.4.1.4203.1.12.2.4.0.4 NAME 'olcDatabaseConfig' DESC '
 OpenLDAP Database-specific options' SUP olcConfig STRUCTURAL MUST olcDatabase
  MAY ( olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ olcAddContentAcl 
 $ olcLastMod $ olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcRe
 plica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ olc
 ReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN 
 $ olcSecurity $ olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimi
 t $ olcUpdateDN $ olcUpdateRef $ olcMirrorMode $ olcMonitoring ) )

why is olcSuffix not a MUST attribute if the database can't be added without it?  are there cases different than my exercise where a database might be added without the need for a suffix?  it's not anything that's causing an insurmountable hurdle, just mostly curious if this was intended.

-ben
Follow-Ups:
- Re: adding new databases and olc*dbconfig must attributes
  - From: Howard Chu <hyc@symas.com>
Prev by Date: Re: DEL don't get synced
Next by Date: Re: adding new databases and olc*dbconfig must attributes
Index(es):
- Chronological
- Thread