View previous topic :: View next topic |
Author |
Message |
binro l33t
Joined: 06 May 2005 Posts: 724 Location: Bangkok, Thailand
|
Posted: Fri Oct 12, 2007 10:31 am Post subject: Cannot start slapd after upgrade |
|
|
In my recent upgrade openldap was updated from 2.3.33 to 2.3.38, which doesn't look very dramatic but now it won't start. Th error messges are:
Oct 12 17:13:42 opal slapd[22322]: @(#) $OpenLDAP: slapd 2.3.38 (Oct 10 2007 18:44:17) $ root@opal:/var/tmp/portage/net-nds/openldap-2.3.38/work/openldap-2.3.38/servers/slapd
Oct 12 17:13:42 opal slapd[22323]: bdb(dc=binro,dc=org): Program version 4.5 doesn't match environment version 0.11
Oct 12 17:13:42 opal slapd[22323]: bdb_db_open: Database cannot be opened, err -30972. Restore from backup!
Oct 12 17:13:42 opal slapd[22323]: bdb(dc=binro,dc=org): DB_ENV->lock_id_free interface requires an environment configured for the locking subsystem
Oct 12 17:13:42 opal slapd[22323]: bdb(dc=binro,dc=org): txn_checkpoint interface requires an environment configured for the transaction subsystem
Oct 12 17:13:42 opal slapd[22323]: bdb_db_close: txn_checkpoint failed: Invalid argument (22)
Oct 12 17:13:42 opal slapd[22323]: backend_startup_one: bi_db_open failed! (-30972)
Oct 12 17:13:42 opal slapd[22323]: bdb_db_close: alock_close failed
Oct 12 17:13:42 opal slapd[22323]: slapd stopped.
Oct 12 17:13:42 opal slapd[22323]: connections_destroy: nothing to destroy.
I have the openldap-data directory backed up but when I restored it and tried a slapcat, I got similar messages. I know little about LDAP, can anyone shed some light on what has happened? _________________ "Ship me somewheres east of Suez, where the best is like the worst,
Where there ain't no Ten Commandments an' a man can raise a thirst"
from "Mandalay" by Rudyard Kipling |
|
Back to top |
|
|
binro l33t
Joined: 06 May 2005 Posts: 724 Location: Bangkok, Thailand
|
Posted: Fri Oct 12, 2007 1:45 pm Post subject: |
|
|
I found an old slapcat dump file and deleted the databases and reload from the ldif. Not very satisfactory but at least it's running with slightly old data. Always take a slapcat backup before upgrading openldap! _________________ "Ship me somewheres east of Suez, where the best is like the worst,
Where there ain't no Ten Commandments an' a man can raise a thirst"
from "Mandalay" by Rudyard Kipling |
|
Back to top |
|
|
MatchboxOscar n00b
Joined: 15 Feb 2004 Posts: 24
|
Posted: Sun Oct 28, 2007 3:06 pm Post subject: |
|
|
I had the exact same experience, but now I cannot start openldap from init. I can start it from the command line with the --exec portion of the init script.
Code: | stu log # /etc/init.d/slapd start
* Starting ldap-server ... [ !! ]
stu log # ps ax |grep slapd
16315 pts/0 S+ 0:00 grep --colour=auto slapd
stu log # /usr/lib/openldap/slapd -- -u ldap -g ldap
stu log # ps ax |grep slapd
16341 ? Ssl 0:00 /usr/lib/openldap/slapd -- -u ldap -g ldap
16345 pts/0 S+ 0:00 grep --colour=auto slapd |
Where is the log for openldap? I have had a hard time finding any debug output for the init failure.
Any ideas? |
|
Back to top |
|
|
MatchboxOscar n00b
Joined: 15 Feb 2004 Posts: 24
|
Posted: Sun Oct 28, 2007 3:14 pm Post subject: |
|
|
Nevermind, fixed this. I ran /etc/init.d/slapd --debug start which gave me a lot of output but while combing through it I realized that I restored using slapadd as root, so the db was owned by root. I changed the ownership of the files inside my data directory and I'm good to go. |
|
Back to top |
|
|
dahoste Tux's lil' helper
Joined: 01 Dec 2005 Posts: 138 Location: Maryland, USA
|
Posted: Wed Nov 07, 2007 5:39 am Post subject: |
|
|
I just ran into the same problem (can't start slapd after updating open-ldap). I've had to recover ldap before, and know how to delete the db and restore it from an ldif dump, but this time I can't even run 'ldapdelete...' to clear the db. The attempt produces the following:
Code: | ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 127.0.0.1:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_close_socket: 3
ldap_perror
ldap_bind: Can't contact LDAP server (-1)
|
Is there something else perhaps that I need to kick before I can attempt the ldapdelete command? The openldap update came on the heels of the recent PAM update, if that matters. I'm always a little leary of rebooting when this kind of thing happens because I'm never sure I'll be able to get into the system again after the reboot if things are *really* off-kilter. |
|
Back to top |
|
|
dahoste Tux's lil' helper
Joined: 01 Dec 2005 Posts: 138 Location: Maryland, USA
|
Posted: Wed Nov 07, 2007 7:36 am Post subject: |
|
|
Update: I'm fairly well hosed at this point. I can't start slapd and I can't get ldapdelete to bind so that I can attempt to clear (and then restore) the database (on the assumption that the original message about the db being broken was correct).
Here's the output from the attempt to run slapd:
Code: | bdb_db_open: dbenv_open(/var/lib/openldap-data)
bdb_db_open: Database cannot be opened, err 22. Restore from backup!
====> bdb_cache_release_all
bdb(dc=NEGATIVESUM,dc=NET): DB_ENV->lock_id_free interface requires an environment configured for the locking subsystem
bdb(dc=NEGATIVESUM,dc=NET): txn_checkpoint interface requires an environment configured for the transaction subsystem
bdb_db_close: txn_checkpoint failed: Invalid argument (22)
backend_startup_one: bi_db_open failed! (22)
slapd shutdown: initiated
====> bdb_cache_release_all
bdb_db_close: alock_close failed
slapd destroy: freeing system resources.
slapd stopped. |
The output from ldapdelete is in the previous post. Basically it just keeps saying: "ldap_bind: Can't contact LDAP server (-1)". I've re-emerged openldap, nss_ldap, openssl. I rebooted, which made no difference.
I don't know what to try at this point. Having the db wedged and requiring a recovery from ldif file was the worst I've had to deal with prior to this, so I don't have any tricks to use. |
|
Back to top |
|
|
dahoste Tux's lil' helper
Joined: 01 Dec 2005 Posts: 138 Location: Maryland, USA
|
Posted: Wed Nov 07, 2007 11:45 pm Post subject: |
|
|
(note: I'm double-posting this from another thread that had a nearly identical ldap problem)
[SOLVED] well... if completely deleting the bdb folder and reconstructing the ldap db is 'solving' the problem.
I couldn't get any of the berkely tools to behave or apparently do anything constructive, so I just wiped the /var/lib/openldap-data folder, re-emerged openldap (just for good measure), and used slapadd to do a full repopulation of the ldap db from a nightly slapcat dump (ldif file).
Had this been a higher traffic production system, I'd probably be pissed. Though I now officially hate ldap. This is like the 4th or 5th time I've wasted hours recovering from some arcane breakage of what is proving to be an annoyingly fragile tool.
Oh well. Sally forth. |
|
Back to top |
|
|
bobcatt n00b
Joined: 21 Jan 2006 Posts: 6
|
Posted: Sun Nov 11, 2007 2:54 pm Post subject: [solved] another way to correct the problem |
|
|
Hello
You can read this post as an alternative if you don't have the right ldif file. |
|
Back to top |
|
|
fmouse Tux's lil' helper
Joined: 28 Jul 2003 Posts: 101
|
Posted: Mon Nov 19, 2007 5:18 pm Post subject: |
|
|
This appears to be a common problem, which manifests in a couple of different ways. See https://bugs.gentoo.org/show_bug.cgi?id=190748 .
Although I didn't try it, it's very possible that if slapd is hosed, slapcat won't work to produce a proper ldif file either and the only solution would be to build openldap against a previous bdb version, dump, rebuild openldap against the current bdb version, and import. Otherwise, a bdb dump would have to be done, either as per Robin Johnson's comment in the cited bug, or as per the instructions at https://forums.gentoo.org/viewtopic-p-4487066.html#4487066 .
I used db4.2_dump to dump the db data and then db4.5load to reconstitute it. This seemed to work OK. |
|
Back to top |
|
|
dahoste Tux's lil' helper
Joined: 01 Dec 2005 Posts: 138 Location: Maryland, USA
|
Posted: Mon Nov 19, 2007 5:36 pm Post subject: |
|
|
That was exactly the situation I was in -- slapd was totally inoperable. Clearly that prevents the creation of a new ldif dump using slapcat. Had I not already possessed nightly snapshots of the ldap db (in ldif format) I'd have been forced to pursue the db_dump/load approach described by bobcatt and fmouse.
Thanks for the pointer to the bug entry. That's good info. |
|
Back to top |
|
|
|