Cannot upgrade Openldap to 2.4.19-r1 [solved]

[eXess]

Hi there,

I have to upgrade LDAP, it seems...

Code: Select all

# emerge -auDv world
These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild     U ] net-nds/openldap-2.4.19-r1 [2.3.43] USE="berkdb crypt perl samba ssl tcpd -cxx% -debug -experimental% -gnutls% -icu% -iodbc% -ipv6 -kerberos -minimal -odbc -overlays -sasl (-selinux) -slp -smbkrb5passwd -syslog% (-gdbm%*)" 0 kB
(etc)

But I can't. When I emerge, I've got the infamous error message :

Code: Select all

* Messages for package net-nds/openldap-2.4.19-r1:

 *    Versiontag doesn't match current major release!
 *    Versiontag doesn't match current major release!
 * 	Your existing version of OpenLDAP was built against
 * 	sys-libs/db:4.5, but the new one will build against
 * 	4.7 and your database would be inaccessible.
 * 
 * A (possible old) installation of OpenLDAP was detected,
 * installation will not proceed for now.
 * 
 * As major version upgrades can corrupt your database,
 * you need to dump your database and re-create it afterwards.
 * 
 * Additionally, rebuilding against different major versions of the
 * sys-libs/db libraries will cause your database to be inaccessible.
 * 
 *  1. /etc/init.d/slurpd stop ; /etc/init.d/slapd stop
 *  2. slapcat -l /root/ldapdump.1259518397.raw
 *  3. egrep -v '^entryCSN:' </root/ldapdump.1259518397.raw >/root/ldapdump.1259518397
 *  4. mv /var/lib/openldap-data/ /var/lib/openldap-data-backup/
 *  5. emerge --update \=net-nds/openldap-2.4.19-r1
 *  6. etc-update, and ensure that you apply the changes
 *  7. slapadd -l /root/ldapdump.1259518397
 *  8. chown ldap:ldap /var/lib/openldap-data/*
 *  9. /etc/init.d/slapd start
 * 10. check that your data is intact.
 * 11. set up the new replication system.

Alas, it also seems that slapcat is broken :

Code: Select all

# slapcat -l /root/ldapdump.1259518397.raw
Unrecognized database type (hdb)
/etc/openldap/slapd.conf: line 59: <database> failed init (hdb)!
slapcat: bad configuration file!

Line 59 in /etc/slapcat.conf reads : database hdb (which seems correct, as openldap is emerged with berkdb and without gdbm...)
And I don't know how to go around this, as I'm *really* not much into LDAP...

Could anyone please help? OpenLDAP is at the top of the updates list, and if I want to go around it, I have to manually emerge everything else. Not really practical...

Thanks in advance !

[eXess]

Now, I tried a couple things...

1. trying to start slapd did give me an "unrecognized database type" error too, so I enabled (un-commented) the "moduleload back_hdb.so" directive in slapd.conf. Then slapd still wouldn't start, but without any comment.

2. Trying to start slurpd gave this :

Code: Select all

# /etc/init.d/slurpd start
 * Starting slurpd ...
No replicas in slapd.conf file "/etc/openldap/slapd.conf"!
Error: : directory specified in "replogfile" slapd.conf directive does not exist  

Strange, as there is no replogfile directive in slapd.conf...

Well, what can I say ? HELP !

[eXess]

Really no one ?
Not even for a hint on how to investigate ?

[marens]

Enable debugging with "loglevel int-value_you_like" and hdb in slapd.conf and see /var/log/yourldaplog for more infos when you try to start ldap.

[Mike Hunt]

You can also start slapd from the command line with full debugging on and see where it errors, and why

Code: Select all

/usr/lib/openldap/slapd -u ldap -g ldap -d 65535

You can always add a replogfile directive to slapd.conf something like this:

Code: Select all

replica uri=ldap://127.0.0.1:9999
        binddn="cn=replicator"
        bindmethod=simple
        credentials=secret

replogfile /var/lib/openldap-slurp/replog

[eXess]

Thanks for the hints. Here are the results...

1. Added "loglevel 255" to /etc/openldap/slapd.conf, then :

Code: Select all

# /etc/init.d/slapd start
 * Starting ldap-server ...                                                                                [ !! ]
# tail /var/log/messages -n 80
Nov 30 17:37:52 gandalf slapd[9599]: @(#) $OpenLDAP: slapd 2.3.43 (Sep 22 2009 09:36:21) $
Nov 30 17:37:52 gandalf 	root@gandalf: /var/tmp/portage/net-nds/openldap-2.3.43/work/openldap-2.3.43/servers/slapd
Nov 30 17:37:52 gandalf slapd[9599]: >>> dnNormalize: <cn=Subschema>
Nov 30 17:37:52 gandalf slapd[9599]: <<< dnNormalize: <cn=subschema>
Nov 30 17:37:52 gandalf slapd[9599]: matching_rule_use_init
Nov 30 17:37:52 gandalf slapd[9599]:     1.2.840.113556.1.4.804 (integerBitOrMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcProxyCacheQueries $ olcSpSessionlog ) )
Nov 30 17:37:52 gandalf slapd[9599]:     1.2.840.113556.1.4.803 (integerBitAndMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcProxyCacheQueries $ olcSpSessionlog ) )
Nov 30 17:37:52 gandalf slapd[9599]:     1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email ) )
Nov 30 17:37:52 gandalf slapd[9599]:     1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ mail $ dc $ associatedDomain $ email ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.35 (certificateMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.35 NAME 'certificateMatch' APPLIES ( userCertificate $ cACertificate ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.34 (certificateExactMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.30 (objectIdentifierFirstComponentMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.29 (integerFirstComponentMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcProxyCacheQueries $ olcSpSessionlog ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.27 (generalizedTimeMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.24 (protocolInformationMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.23 (uniqueMemberMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.22 (presentationAddressMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.20 (telephoneNumberMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES telephoneNumber )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.17 (octetStringMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ queryid ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.16 (bitStringMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.14 (integerMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcDbCacheFree $ olcDbCacheSize $ olcDbIDLcacheSize $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcChainMaxReferralDepth $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcProxyCacheQueries $ olcSpSessionlog ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.13 (booleanMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcGentleHUP $ olcLastMod $ olcReadOnly $ olcReverseLookup $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcChainCacheURI $ olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcSpNoPresent $ olcSpReloadHint ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.11 (caseIgnoreListMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.8 (numericStringMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.7 (caseExactSubstringsMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.6 (caseExactOrderingMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.5 (caseExactMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $ olcDbLockDetect $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.4 (caseIgnoreSubstringsMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.3 (caseIgnoreOrderingMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.2 (caseIgnoreMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcInclude $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSrvtab $ olcSubordinate $ olcSyncrepl $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbConfig $ olcDbIndex $ olcDbLockDetect $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcProxyCache $ olcProxyAttrset $ olcProxyTemplate $ olcProxyResponseCB $ olcSpCheckpoint $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym ) )
Nov 30 17:37:52 gandalf slapd[9599]:     1.2.36.79672281.1.13.3 (rdnMatch): 
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.1 (distinguishedNameMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ namingContexts $ aliasedObjectName $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ member $ owner $ roleOccupant ) )
Nov 30 17:37:52 gandalf slapd[9599]:     2.5.13.0 (objectIdentifierMatch): 
Nov 30 17:37:52 gandalf slapd[9599]: matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) )
Nov 30 17:37:52 gandalf slapd[9600]: slapd startup: initiated.
Nov 30 17:37:52 gandalf slapd[9600]: backend_startup_one: starting "cn=config"
Nov 30 17:37:52 gandalf slapd[9600]: config_back_db_open
Nov 30 17:37:52 gandalf slapd[9600]: config_build_entry: "cn=config"
Nov 30 17:37:52 gandalf slapd[9600]: config_build_entry: "cn=include{0}"
Nov 30 17:37:52 gandalf slapd[9600]: config_build_entry: "cn=module{0}"
Nov 30 17:37:52 gandalf slapd[9600]: config_build_entry: "cn=schema"
Nov 30 17:37:52 gandalf slapd[9600]: config_build_entry: "cn={0}core"
Nov 30 17:37:52 gandalf slapd[9600]: config_build_entry: "olcDatabase={-1}frontend"
Nov 30 17:37:52 gandalf slapd[9600]: config_build_entry: "olcDatabase={0}config"
Nov 30 17:37:52 gandalf slapd[9600]: config_build_entry: "olcDatabase={1}hdb"
Nov 30 17:37:52 gandalf slapd[9600]: backend_startup_one: starting "dc=my-domain,dc=com"
Nov 30 17:37:52 gandalf slapd[9600]: hdb_db_open: dc=my-domain,dc=com
Nov 30 17:37:52 gandalf slapd[9600]: hdb_db_open: alock package is unstable
Nov 30 17:37:52 gandalf slapd[9600]: backend_startup_one: bi_db_open failed! (-1)
Nov 30 17:37:52 gandalf slapd[9600]: slapd shutdown: initiated
Nov 30 17:37:52 gandalf slapd[9600]: ====> bdb_cache_release_all
Nov 30 17:37:52 gandalf slapd[9600]: slapd destroy: freeing system resources.
Nov 30 17:37:52 gandalf slapd[9600]: slapd stopped.
Nov 30 17:37:52 gandalf slapd[9600]: connections_destroy: nothing to destroy.

(sorry, because of loglevel there are many lines!)
There's no specific log configures for openldap, so everything should be here...
I'd say this line indicates the problem : hdb_db_open: alock package is unstable (but I don't know what it is!)
-> slapd and slurpd still stopped.

Loglevel values are here, if you want a reminder :
http://www.zytrax.com/books/ldap/ch6/#loglevel

2. Starting slapd manually gives the same messages (as far as I could check, at least)

3. Having added the lines given by Mike Hunt, slurpd starts allright (but I still can't start slappd).

Does anyone have an idea what's going on? I really don't know what LDAP is used for on my system. I only know that…

Code: Select all

# equery depends openldap
[ Searching for packages depending on openldap... ]
app-admin/sudo-1.7.2_p1 (ldap? >=net-nds/openldap-2.1.30-r1)
dev-lang/php-5.2.11 (ldap & !oci8? >=net-nds/openldap-1.2.11)
                    (ldap-sasl&!oci8? >=net-nds/openldap-1.2.11)
dev-libs/apr-util-1.3.9 (ldap? =net-nds/openldap-2*)
mail-mta/postfix-2.5.7 (ldap? >=net-nds/openldap-1.2)
net-ftp/proftpd-1.3.2-r2 (ldap? >=net-nds/openldap-1.2.11)
net-misc/curl-7.19.6 (ldap? net-nds/openldap)
net-misc/openssh-5.2_p1-r3 (ldap? net-nds/openldap)
sys-auth/nss_ldap-258 (>=net-nds/openldap-2.1.30-r5)
sys-fs/quota-3.17 (ldap? >=net-nds/openldap-2.3.35)
www-servers/apache-2.2.11-r2 (ldap? =net-nds/openldap-2*)

[edit]
Well, now that I'm looking more toroughly at the logfile...
It says at the beginning : bdb_back_initialize: Berkeley DB 4.5.20: (October 13, 2008)
But my installed version of DB is db-4.7.25_p4 ! How come ?

[marens]

If you don't use openldap as a server just add the minimal useflag, so you get only the client part of openldap. That should work for you. Use=minimal is standard for desktop pcs that don't have to run a ldap server.

[eXess]

ok. Added minimal as a package useflag in /etc/portage/package.use
Then tried to emerge openldap again, but without any luck.

Then tried this :

Code: Select all

# emerge -av --newuse world

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] sys-process/procps-3.2.8  USE="unicode%* (-n32)" 0 kB
[ebuild   R   ] sys-devel/binutils-2.18-r3  USE="nls -gold% -multislot -multitarget -test -vanilla" 17 kB
[ebuild   R   ] net-misc/rsync-3.0.6  USE="acl iconv -ipv6 -static -xattr (-xinetd%)" 0 kB
[ebuild     U ] app-admin/apache-tools-2.2.14 [2.2.11] USE="ssl" 0 kB
[ebuild     U ] net-nds/openldap-2.4.19-r1 [2.3.43] USE="berkdb crypt minimal* perl samba ssl tcpd -cxx% -debug -experimental% -gnutls% -icu% -iodbc% -ipv6 -kerberos -odbc -overlays -sasl (-selinux) -slp -smbkrb5passwd -syslog% (-gdbm%*)" 0 kB
[ebuild     U ] dev-db/mysql-5.0.84-r1 [5.0.70-r1] USE="berkdb community%* perl ssl -big-tables -cluster -debug -embedded -extraengine -latin1 -max-idx-128 -minimal -profiling% (-selinux) -static" 0 kB
[ebuild     U ] www-servers/apache-2.2.14-r1 [2.2.11-r2] USE="ssl -debug -doc -ldap (-selinux) -static -suexec -threads (-sni%)" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif speling status unique_id userdir usertrack vhost_alias -asis -authn_alias -cern_meta -charset_lite -dumpio -log_forensic -proxy_ftp -substitute -version" APACHE2_MPMS="-event -itk -peruser -prefork -worker" 0 kB
[ebuild     U ] mail-mta/postfix-2.6.5 [2.5.7] USE="mysql pam ssl -cdb -dovecot-sasl -hardened -ipv6 -ldap -mbox -nis -postgres -sasl (-selinux) -vda (-mailwrapper%)" 0 kB
[ebuild     U ] net-ftp/proftpd-1.3.2b [1.3.2-r2] USE="acl mysql ncurses nls pam ssl tcpd -authfile -ban -case -clamav -deflate -hardened -ifsession -ipv6 -kerberos -ldap -noauthunix -opensslcrypt -postgres -radius -rewrite (-selinux) -shaper -sitemisc -softquota -vroot -xinetd" 0 kB
[ebuild     U ] dev-lang/php-5.2.11-r1 [5.2.11] USE="apache2 berkdb bzip2 cli crypt ctype curl gd gdbm iconv mysql mysqli ncurses nls pcre pdo readline reflection session spl ssl unicode xml xsl zlib -adabas -bcmath -birdstep -calendar -cdb -cgi -cjk -concurrentmodphp -curlwrappers -db2 -dbase -dbmaker -debug -discard-path -doc -empress -empress-bcs -esoob -exif -fastbuild -fdftk -filter -firebird -flatfile -force-cgi-redirect -frontbase -ftp -gd-external -gmp -hash -imap -inifile -interbase -iodbc -ipv6 (-java-external) -json -kerberos -kolab -ldap -ldap-sasl -libedit -mcve -mhash -msql -mssql -oci8 -oci8-instant-client -odbc -pcntl -pic -posix -postgres -qdbm -recode -sapdb -sharedext -sharedmem -simplexml -snmp -soap -sockets -solid -spell -sqlite -suhosin -sybase -sybase-ct -sysvipc -threads -tidy -tokenizer -truetype -wddx -xmlreader -xmlrpc -xmlwriter -xpm -yaz -zip" 0 kB
[ebuild     U ] sys-libs/e2fsprogs-libs-1.41.9 [1.41.3-r1] USE="nls" 0 kB
[ebuild     U ] sys-apps/util-linux-2.16.1 [2.14.2] USE="crypt loop-aes nls perl%* unicode -old-linux (-selinux) -slang (-uclibc)" 0 kB
[ebuild     U ] sys-fs/e2fsprogs-1.41.9 [1.41.3-r1] USE="nls" 0 kB
[blocks b     ] <sys-fs/e2fsprogs-1.41.8 ("<sys-fs/e2fsprogs-1.41.8" is blocking sys-libs/e2fsprogs-libs-1.41.9, sys-apps/util-linux-2.16.1)
[ebuild     U ] sys-fs/udev-146-r1 [141] USE="devfs-compat%* -extras% (-selinux)" 0 kB

First 4 packages emerge fine, but openldap fails with same error.

ok - here's a practical question :

Would it be safe to unmerge openldap, then emerge it, then revdep-rebuild ?
I can't afford to break a running system, of course, but I could have a few hours to work on it before tomorrow...

Thanks...

[Mike Hunt]

You can unmerge openldap and re-emerge it right away, no problem.

Of course if you aren't using it you don't even need to start it, or even configure it at all. Of course there is absolutely no reason to start slurpd.

The reason minimal openldap is required is because some packages need the libraries that it provides. It all works by itself. No need to do anything. Except revdep-rebuild.

Of course you wouldn't need sys-auth/nss_ldap and sys-auth/pam_ldap either, nor the ldap lines in /etc/pam.d/system-auth.

So just emerge openldap with the minimal flag and forget about any configuring and starting and so on...

The minimal flag should normally be included in your profile, it is in the desktop profile.

If the build breaks, post the topmost error on downwards please.

[eXess]

Hi there.

I'll tag the post as [solved] as soon as I have finished writing this.

What worked :

Code: Select all

# emerge -C openldap
(blah)
>>> Unmerging net-nds/openldap-2.3.43...
 * GNU info directory index is up-to-date.
# emerge -av openldap

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N    ] net-nds/openldap-2.4.19-r1  USE="berkdb crypt minimal perl samba ssl tcpd -cxx -debug -experimental -gnutls -icu -iodbc -ipv6 -kerberos -odbc -overlays -sasl (-selinux) -slp -smbkrb5passwd -syslog" 0 kB

(and compiling)

So Thanks, all, and most of all you, Mike Hunt, I really was afraid to break something. And btw minimal is not included in my profile, because it's the generic profile, not the desktop one :

Code: Select all

# eselect profile list
Available profile symlink targets:
  [1]   default/linux/x86/10.0 *
  [2]   default/linux/x86/10.0/desktop
  [3]   default/linux/x86/10.0/developer
  [4]   default/linux/x86/10.0/server
(etc)

I do think that minimal should be enabled for all profiles except server-specific ones, though. Yet again, the only reason I'm not using the "server" profile is because Portage keeps complaining that 10.0/server is deprecated and I should use a hardened profile instead, which I don't want to.

Anyway, solved, thanks all !

[edit]
Oh ! And I un-emerged sys-auth/nss_ldap, and sys-auth/pam_ldap was not (yet) installed, nor was there any ldap option in /etc/pam.d/system-auth.

[Mike Hunt]

Ok cool, glad that all worked out.