enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #03473
[Bug 1325446] [NEW] Database corrupted during ldapadd
Public bug reported:
When I install slapd I see a complaint about an apparmor denial. When I
try to set up my ldap setup, I see database corruption messages. After
this slapd is unusable.
The same setup (as far as I can see) worked in 12.04.
$ lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04
$ apt-cache policy slapd
slapd:
Installed: 2.4.31-1+nmu2ubuntu8
Candidate: 2.4.31-1+nmu2ubuntu8
Version table:
*** 2.4.31-1+nmu2ubuntu8 0
500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
100 /var/lib/dpkg/status
$ sudo apt-get purge slapd
<snip>
$ sudo rm -rf /var/lib/ldap/
$ sudo rm -rf /var/lib/slapd/
$ sudo apt-get install slapd
<snip>
$ tail /var/log/syslog
Jun 2 02:31:10 fitpc slapd[15569]: @(#) $OpenLDAP: slapd (Ubuntu) (Mar 17 2014 21:20:08) $#012#011buildd@aatxe:/build/buildd/openldap-2.4.31/debian/build/servers/slapd
Jun 2 02:31:10 fitpc kernel: [10269.219731] type=1400 audit(1401672670.552:184): apparmor="DENIED" operation="open" profile="/usr/sbin/slapd" name="/usr/share/p11-kit/modules/" pid=15569 comm="slapd" requested_mask="r" denied_mask="r" fsuid=119 ouid=0
Jun 2 02:31:10 fitpc slapd[15570]: slapd starting
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/db.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcDatabase={1}hdb,cn=config"
modifying entry "olcDatabase={-1}frontend,cn=config"
modifying entry "olcDatabase={0}config,cn=config"
modifying entry "olcDatabase={0}config,cn=config"
$ tail /var/log/syslog
Jun 2 02:32:28 fitpc slapd[15570]: hdb_db_open: database "dc=balaam,dc=com": unclean shutdown detected; attempting recovery.
$ cat /etc/ldap/db.ldif
###########################################################
# DATABASE SETUP
###########################################################
# Create directory database
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=balaam,dc=com
olcRootDN: cn=admin,dc=balaam,dc=com
olcRootPW: <snip>
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=balaam,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=admin,dc=balaam,dc=com" write by * read
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: uid pres,eq
olcDbIndex: cn,sn,mail pres,eq,approx,sub
olcDbIndex: objectClass eq
###########################################################
# DEFAULTS MODIFICATION
###########################################################
# Some of the defaults need to be modified in order to allow
# remote access to the LDAP config. Otherwise only root
# will have administrative access.
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {CRYPT}7hzU8RaZxaGi2
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1325446
Title:
Database corrupted during ldapadd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1325446/+subscriptions
Follow ups
References