RE: [gentoo-user] Cannot start Slapd (OpenLDAP) - gentoo-user

From:	Christopher Kurtis Koeber <ckoeber@×××××.com>
To:	gentoo-user@l.g.o
Subject:	RE: [gentoo-user] Cannot start Slapd (OpenLDAP)
Date:	Wed, 26 May 2010 17:52:31
Message-Id:	`020e01cafcfc$29963b30$7cc2b190$@gmail.com`
In Reply to:	Re: [gentoo-user] Cannot start Slapd (OpenLDAP) by Christopher Koeber

1

OK, I have tried everything and while I made some progress I still can't get

2

the Open-LDAP server to start.

3

4

I loaded the initial entry, I believe and ran slaptest, which came back

5

clean.

6

7

However, I STILL can't get the server to start. And now I don't know what

8

may be the issue, as slaptest is coming back OK. Any ideas?

9

10

Here is the output for "slaptest -d 25":

11

12

----Begin Output----

13

14

slaptest -d 25

15

slaptest init: initiated tool.

16

bdb_back_initialize: initialize BDB backend

17

bdb_back_initialize: Berkeley DB 4.7.25: (2010-05-20)

18

hdb_back_initialize: initialize HDB backend

19

hdb_back_initialize: Berkeley DB 4.7.25: (2010-05-20)

20

>>> dnNormalize: <>

21

<<< dnNormalize: <>

22

>>> dnNormalize: <cn=Subschema>

23

<<< dnNormalize: <cn=subschema>

24

hdb_db_init: Initializing HDB database

25

>>> dnPrettyNormal: <dc=wesleyseminary,dc=edu>

26

<<< dnPrettyNormal: <dc=wesleyseminary,dc=edu>, <dc=wesleyseminary,dc=edu>

27

>>> dnPrettyNormal: <cn=Manager,dc=wesleyseminary,dc=edu>

28

<<< dnPrettyNormal: <cn=Manager,dc=wesleyseminary,dc=edu>,

29

<cn=manager,dc=wesleyseminary,dc=edu>

30

>>> dnNormalize: <cn=Subschema>

31

<<< dnNormalize: <cn=subschema>

32

matching_rule_use_init

33

    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (

34

1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (

35

supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $

36

olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $

37

olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $

38

olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $

39

olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $

40

olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $

41

olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $

42

olcDbShmKey $ olcSpSessionlog $ olcChainMaxReferralDepth $

43

olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $

44

shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $

45

shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber

46

) )

47

    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (

48

1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (

49

supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $

50

olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $

51

olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $

52

olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $

53

olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $

54

olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $

55

olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $

56

olcDbShmKey $ olcSpSessionlog $ olcChainMaxReferralDepth $

57

olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $

58

shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $

59

shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber

60

) )

61

    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (

62

1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $

63

olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord

64

$ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $

65

homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $

66

ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )

67

    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (

68

1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $

69

olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord

70

$ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $

71

homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $

72

ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )

73

    2.5.13.39 (certificateListMatch):     2.5.13.38

74

(certificateListExactMatch): matchingRuleUse: ( 2.5.13.38 NAME

75

'certificateListExactMatch' APPLIES ( authorityRevocationList $

76

certificateRevocationList $ deltaRevocationList ) )

77

    2.5.13.35 (certificateMatch):     2.5.13.34 (certificateExactMatch):

78

matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES (

79

userCertificate $ cACertificate ) )

80

    2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (

81

2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (

82

supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $

83

supportedApplicationContext ) )

84

    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29

85

NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl

86

$ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $

87

olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $

88

olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $

89

olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $

90

olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $

91

olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $

92

olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $

93

olcSpSessionlog $ olcChainMaxReferralDepth $ olcDbProtocolVersion $

94

olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin

95

$ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $

96

ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )

97

    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME

98

'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )

99

    2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME

100

'protocolInformationMatch' APPLIES protocolInformation )

101

    2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME

102

'uniqueMemberMatch' APPLIES uniqueMember )

103

    2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME

104

'presentationAddressMatch' APPLIES presentationAddress )

105

    2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME

106

'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $

107

pager ) )

108

    2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME

109

'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) )

110

    2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME

111

'bitStringMatch' APPLIES x500UniqueIdentifier )

112

    2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME

113

'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $

114

gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $

115

olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $

116

olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF

117

$ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $

118

olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $

119

olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $

120

olcDbSearchStack $ olcDbShmKey $ olcSpSessionlog $ olcChainMaxReferralDepth

121

$ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $

122

shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $

123

shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber

124

) )

125

    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME

126

'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $

127

olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $

128

olcReverseLookup $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $

129

olcDbLinearIndex $ olcSpNoPresent $ olcSpReloadHint $ olcChainCacheURI $

130

olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $

131

olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $

132

olcDbNoUndefFilter ) )

133

    2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME

134

'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $

135

homePostalAddress ) )

136

    2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME

137

'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )

138

    2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME

139

'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $

140

dnQualifier ) )

141

    2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME

142

'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $

143

dnQualifier ) )

144

    2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME

145

'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $

146

vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $

147

olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $

148

olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy

149

$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $

150

olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $

151

olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $

152

olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $

153

olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $

154

olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $

155

olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $

156

olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $

157

olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $

158

olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $

159

olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $

160

olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $

161

olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $

162

olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $

163

olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ olcChainingBehavior $

164

olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $

165

olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $

166

olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $

167

olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $

168

knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $

169

title $ businessCategory $ postalCode $ postOfficeBox $

170

physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $

171

generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $

172

textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $

173

documentIdentifier $ documentTitle $ documentVersion $ documentLocation $

174

personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName

175

$ documentPublisher $ carLicense $ departmentNumber $ displayName $

176

employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $

177

nisMapName ) )

178

    2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME

179

'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $

180

dnQualifier ) )

181

    2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME

182

'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $

183

dnQualifier ) )

184

    2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME

185

'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $

186

vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $

187

olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $

188

olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy

189

$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $

190

olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $

191

olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $

192

olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $

193

olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $

194

olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $

195

olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $

196

olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $

197

olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $

198

olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $

199

olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $

200

olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $

201

olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $

202

olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $

203

olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ olcChainingBehavior $

204

olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $

205

olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $

206

olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $

207

olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $

208

knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $

209

title $ businessCategory $ postalCode $ postOfficeBox $

210

physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $

211

generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $

212

textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $

213

documentIdentifier $ documentTitle $ documentVersion $ documentLocation $

214

personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName

215

$ documentPublisher $ carLicense $ departmentNumber $ displayName $

216

employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $

217

nisMapName ) )

218

    1.2.36.79672281.1.13.3 (rdnMatch):     2.5.13.1

219

(distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME

220

'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $

221

subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $

222

dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $

223

olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $

224

olcDbIDAssertAuthcDn $ member $ owner $ roleOccupant $ manager $

225

documentAuthor $ secretary $ associatedName $ dITRedirect ) )

226

227

    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME

228

'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $

229

supportedFeatures $ supportedApplicationContext ) )

230

slaptest startup: initiated.

231

backend_startup_one: starting "cn=config"

232

config_back_db_open

233

config_build_entry: "cn=config"

234

config_build_entry: "cn=module{0}"

235

config_build_entry: "cn=schema"

236

config_build_entry: "cn={0}core"

237

config_build_entry: "cn={1}cosine"

238

config_build_entry: "cn={2}inetorgperson"

239

config_build_entry: "cn={3}nis"

240

config_build_entry: "olcDatabase={-1}frontend"

241

config_build_entry: "olcDatabase={0}config"

242

config_build_entry: "olcDatabase={1}hdb"

243

backend_startup_one: starting "dc=wesleyseminary,dc=edu"

244

hdb_db_open: database "dc=wesleyseminary,dc=edu":

245

dbenv_open(/var/lib/openldap-data).

246

config file testing succeeded

247

slaptest shutdown: initiated

248

====> bdb_cache_release_all

249

slaptest destroy: freeing system resources.

250

251

---End Output---

252

253

Regards,

254

255

Christopher Kurtis Koeber

256

(W): (202) 885-8654

257

(C): (301) 467-8417

258

http://www.chriskoeber.com

259

260

-----Original Message-----

261

From: Christopher Koeber [mailto:ckoeber@×××××.com] 

262

Sent: Monday, May 24, 2010 11:49 AM

263

To: gentoo-user@l.g.o

264

Subject: Re: [gentoo-user] Cannot start Slapd (OpenLDAP)

265

266

On 5/22/10, Ward Poelmans <wpoely86@×××××.com> wrote:

267

> On Sat, May 22, 2010 at 21:26, Christopher Kurtis Koeber

268

> <ckoeber@×××××.com> wrote:

269

>

270

>> XXXXXXXXXX~ # slaptest

271

>>

272

>> hdb_db_open: warning - no DB_CONFIG file found in directory

273

>> /var/lib/openldap-data: (2).

274

>>

275

>> Expect poor performance for suffix "dc= XXXXXXXXXXXX,dc=XXX".

276

>>

277

>> hdb_db_open: database "dc= XXXXXXXXXXXX,dc=XXX":

278

>> db_open(/var/lib/openldap-data/id2entry.bdb) failed: No such file or

279

>> directory (2).

280

>>

281

>> backend_startup_one (type=hdb, suffix="dc=XXXXXXXXXXXX,dc=XXX"):

282

>> bi_db_open

283

>> failed! (2)

284

>>

285

>> slap_startup failed (test would succeed using the -u switch)

286

>>

287

>> So, I am guessing I need to initialize somehow? Is that right?

288

>

289

> Normally, if the directory /var/lib/openldap-data/ exists and is

290

> read-writeable for the user under which slapd is running, slapd

291

> creates the database for you. But you beter copy a DB_CONFIG to there

292

> for good perfomance.

293

>

294

> Ward

295

>

296

>

297

298

I tried running the service as root with the same results below, so I don't

299

think this is a permissions issue, especially since I am attempting to run

300

this straight from a standard emerge with no customizations beyond what was

301

given in the guide.

302

303

Here is the latest:

304

305

hdb_db_open: warning - no DB_CONFIG file found in directory

306

/var/lib/openldap-data: (2).

307

Expect poor performance for suffix "dc=XXXXXXXXX,dc=XXX".

308

hdb_db_open: database "dc=XXXXXXXXX,dc=XXX":

309

db_open(/var/lib/openldap-data/id2entry.bdb) failed: No such file or

310

directory (2).

311

backend_startup_one (type=hdb, suffix="dc=XXXXXXXXX,dc=XXX"):

312

bi_db_open failed! (2)

313

slap_startup failed (test would succeed using the -u switch)

314

315

--

316

Regards,

317

Christopher Koeber

Gentoo Archives: gentoo-user

Replies

1	OK, I have tried everything and while I made some progress I still can't get
2	the Open-LDAP server to start.
3
4	I loaded the initial entry, I believe and ran slaptest, which came back
5	clean.
6
7	However, I STILL can't get the server to start. And now I don't know what
8	may be the issue, as slaptest is coming back OK. Any ideas?
9
10	Here is the output for "slaptest -d 25":
11
12	----Begin Output----
13
14	slaptest -d 25
15	slaptest init: initiated tool.
16	bdb_back_initialize: initialize BDB backend
17	bdb_back_initialize: Berkeley DB 4.7.25: (2010-05-20)
18	hdb_back_initialize: initialize HDB backend
19	hdb_back_initialize: Berkeley DB 4.7.25: (2010-05-20)
20	>>> dnNormalize: <>
21	<<< dnNormalize: <>
22	>>> dnNormalize: <cn=Subschema>
23	<<< dnNormalize: <cn=subschema>
24	hdb_db_init: Initializing HDB database
25	>>> dnPrettyNormal: <dc=wesleyseminary,dc=edu>
26	<<< dnPrettyNormal: <dc=wesleyseminary,dc=edu>, <dc=wesleyseminary,dc=edu>
27	>>> dnPrettyNormal: <cn=Manager,dc=wesleyseminary,dc=edu>
28	<<< dnPrettyNormal: <cn=Manager,dc=wesleyseminary,dc=edu>,
29	<cn=manager,dc=wesleyseminary,dc=edu>
30	>>> dnNormalize: <cn=Subschema>
31	<<< dnNormalize: <cn=subschema>
32	matching_rule_use_init
33	1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
34	1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
35	supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $
36	olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
37	olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
38	olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $
39	olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
40	olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $
41	olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $
42	olcDbShmKey $ olcSpSessionlog $ olcChainMaxReferralDepth $
43	olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $
44	shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $
45	shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber
46	) )
47	1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
48	1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
49	supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $
50	olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
51	olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
52	olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $
53	olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
54	olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $
55	olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $
56	olcDbShmKey $ olcSpSessionlog $ olcChainMaxReferralDepth $
57	olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $
58	shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $
59	shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber
60	) )
61	1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
62	1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $
63	olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord
64	$ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $
65	homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $
66	ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
67	1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
68	1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $
69	olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord
70	$ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $
71	homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $
72	ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
73	2.5.13.39 (certificateListMatch): 2.5.13.38
74	(certificateListExactMatch): matchingRuleUse: ( 2.5.13.38 NAME
75	'certificateListExactMatch' APPLIES ( authorityRevocationList $
76	certificateRevocationList $ deltaRevocationList ) )
77	2.5.13.35 (certificateMatch): 2.5.13.34 (certificateExactMatch):
78	matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES (
79	userCertificate $ cACertificate ) )
80	2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
81	2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
82	supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $
83	supportedApplicationContext ) )
84	2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29
85	NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl
86	$ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $
87	olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $
88	olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $
89	olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
90	olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $
91	olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $
92	olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $
93	olcSpSessionlog $ olcChainMaxReferralDepth $ olcDbProtocolVersion $
94	olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin
95	$ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
96	ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
97	2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
98	'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
99	2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME
100	'protocolInformationMatch' APPLIES protocolInformation )
101	2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
102	'uniqueMemberMatch' APPLIES uniqueMember )
103	2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
104	'presentationAddressMatch' APPLIES presentationAddress )
105	2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
106	'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $
107	pager ) )
108	2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
109	'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) )
110	2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
111	'bitStringMatch' APPLIES x500UniqueIdentifier )
112	2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME
113	'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $
114	gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
115	olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
116	olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF
117	$ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $
118	olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $
119	olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $
120	olcDbSearchStack $ olcDbShmKey $ olcSpSessionlog $ olcChainMaxReferralDepth
121	$ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $
122	shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $
123	shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber
124	) )
125	2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME
126	'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $
127	olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $
128	olcReverseLookup $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $
129	olcDbLinearIndex $ olcSpNoPresent $ olcSpReloadHint $ olcChainCacheURI $
130	olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $
131	olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $
132	olcDbNoUndefFilter ) )
133	2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
134	'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $
135	homePostalAddress ) )
136	2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
137	'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
138	2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME
139	'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
140	dnQualifier ) )
141	2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
142	'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
143	dnQualifier ) )
144	2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME
145	'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
146	vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
147	olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
148	olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
149	$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
150	olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $
151	olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $
152	olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $
153	olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $
154	olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
155	olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $
156	olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $
157	olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $
158	olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $
159	olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $
160	olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $
161	olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $
162	olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $
163	olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ olcChainingBehavior $
164	olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $
165	olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $
166	olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $
167	olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $
168	knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $
169	title $ businessCategory $ postalCode $ postOfficeBox $
170	physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $
171	generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $
172	textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $
173	documentIdentifier $ documentTitle $ documentVersion $ documentLocation $
174	personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName
175	$ documentPublisher $ carLicense $ departmentNumber $ displayName $
176	employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $
177	nisMapName ) )
178	2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME
179	'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
180	dnQualifier ) )
181	2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME
182	'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
183	dnQualifier ) )
184	2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
185	'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
186	vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
187	olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
188	olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
189	$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
190	olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $
191	olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $
192	olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $
193	olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $
194	olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
195	olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $
196	olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $
197	olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $
198	olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $
199	olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $
200	olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $
201	olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $
202	olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $
203	olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ olcChainingBehavior $
204	olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $
205	olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $
206	olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $
207	olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $
208	knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $
209	title $ businessCategory $ postalCode $ postOfficeBox $
210	physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $
211	generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $
212	textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $
213	documentIdentifier $ documentTitle $ documentVersion $ documentLocation $
214	personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName
215	$ documentPublisher $ carLicense $ departmentNumber $ displayName $
216	employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $
217	nisMapName ) )
218	1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1
219	(distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME
220	'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $
221	subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $
222	dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $
223	olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $
224	olcDbIDAssertAuthcDn $ member $ owner $ roleOccupant $ manager $
225	documentAuthor $ secretary $ associatedName $ dITRedirect ) )
226
227	2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
228	'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
229	supportedFeatures $ supportedApplicationContext ) )
230	slaptest startup: initiated.
231	backend_startup_one: starting "cn=config"
232	config_back_db_open
233	config_build_entry: "cn=config"
234	config_build_entry: "cn=module{0}"
235	config_build_entry: "cn=schema"
236	config_build_entry: "cn={0}core"
237	config_build_entry: "cn={1}cosine"
238	config_build_entry: "cn={2}inetorgperson"
239	config_build_entry: "cn={3}nis"
240	config_build_entry: "olcDatabase={-1}frontend"
241	config_build_entry: "olcDatabase={0}config"
242	config_build_entry: "olcDatabase={1}hdb"
243	backend_startup_one: starting "dc=wesleyseminary,dc=edu"
244	hdb_db_open: database "dc=wesleyseminary,dc=edu":
245	dbenv_open(/var/lib/openldap-data).
246	config file testing succeeded
247	slaptest shutdown: initiated
248	====> bdb_cache_release_all
249	slaptest destroy: freeing system resources.
250
251	---End Output---
252
253	Regards,
254
255	Christopher Kurtis Koeber
256	(W): (202) 885-8654
257	(C): (301) 467-8417
258	http://www.chriskoeber.com
259
260	-----Original Message-----
261	From: Christopher Koeber [mailto:ckoeber@×××××.com]
262	Sent: Monday, May 24, 2010 11:49 AM
263	To: gentoo-user@l.g.o
264	Subject: Re: [gentoo-user] Cannot start Slapd (OpenLDAP)
265
266	On 5/22/10, Ward Poelmans <wpoely86@×××××.com> wrote:
267	> On Sat, May 22, 2010 at 21:26, Christopher Kurtis Koeber
268	> <ckoeber@×××××.com> wrote:
269	>
270	>> XXXXXXXXXX~ # slaptest
271	>>
272	>> hdb_db_open: warning - no DB_CONFIG file found in directory
273	>> /var/lib/openldap-data: (2).
274	>>
275	>> Expect poor performance for suffix "dc= XXXXXXXXXXXX,dc=XXX".
276	>>
277	>> hdb_db_open: database "dc= XXXXXXXXXXXX,dc=XXX":
278	>> db_open(/var/lib/openldap-data/id2entry.bdb) failed: No such file or
279	>> directory (2).
280	>>
281	>> backend_startup_one (type=hdb, suffix="dc=XXXXXXXXXXXX,dc=XXX"):
282	>> bi_db_open
283	>> failed! (2)
284	>>
285	>> slap_startup failed (test would succeed using the -u switch)
286	>>
287	>> So, I am guessing I need to initialize somehow? Is that right?
288	>
289	> Normally, if the directory /var/lib/openldap-data/ exists and is
290	> read-writeable for the user under which slapd is running, slapd
291	> creates the database for you. But you beter copy a DB_CONFIG to there
292	> for good perfomance.
293	>
294	> Ward
295	>
296	>
297
298	I tried running the service as root with the same results below, so I don't
299	think this is a permissions issue, especially since I am attempting to run
300	this straight from a standard emerge with no customizations beyond what was
301	given in the guide.
302
303	Here is the latest:
304
305	hdb_db_open: warning - no DB_CONFIG file found in directory
306	/var/lib/openldap-data: (2).
307	Expect poor performance for suffix "dc=XXXXXXXXX,dc=XXX".
308	hdb_db_open: database "dc=XXXXXXXXX,dc=XXX":
309	db_open(/var/lib/openldap-data/id2entry.bdb) failed: No such file or
310	directory (2).
311	backend_startup_one (type=hdb, suffix="dc=XXXXXXXXX,dc=XXX"):
312	bi_db_open failed! (2)
313	slap_startup failed (test would succeed using the -u switch)
314
315	--
316	Regards,
317	Christopher Koeber