Discussion:
Can not modify cn=conf - openldap 2.4.15
Mathew Rowley
2009-03-02 21:18:35 UTC
Permalink
I am trying to configure an n-way multi master following the tutorial in the
admin guide (18.3.3 in
http://www.openldap.org/doc/admin24/replication.html). When trying to
add/modify anything in the cn=config, I get the following error:

atlantis:~/comcast/authentication/ldif $ ldapadd -v -x -W -h 10.252.152.78
-D 'cn=Manager,dc=comcast,dc=com'
ldap_initialize( ldap://10.252.152.78 )
Enter LDAP Password:
dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 1

add objectClass:
olcGlobal
add cn:
config
add olcServerID:
1
adding new entry "cn=config"
modify complete
ldap_add: Insufficient access (50)


After looking through the test050 script, I see that this is done using the
slapd ­Ta instead of a slapadd. I tried doing this, and get this error:

[***@kdc01 scripts]# slapd -Ta
bdb_db_open: warning - no DB_CONFIG file found in directory
/usr/var/openldap-data: (2).
Expect poor performance for suffix "dc=comcast,dc=com".
bdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 1

slapadd: line 1: database (dc=comcast,dc=com) not configured to hold
"cn=config"
slapadd: line 1: database (dc=comcast,dc=com) not configured to hold
"cn=config"


I am using 2.4.15 built from source, with the only config option of changing
the prefix directory. Any ideas on whats going on? Thanks.
--
MAT
Quanah Gibson-Mount
2009-03-02 21:47:34 UTC
Permalink
--On Monday, March 02, 2009 2:18 PM -0700 Mathew Rowley
Post by Mathew Rowley
slapadd: line 1: database (dc=comcast,dc=com) not configured to hold
"cn=config"
slapadd: line 1: database (dc=comcast,dc=com) not configured to hold
"cn=config"
You need to specify that you want to use the config db (-n 0) with your
slapadd command.


--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
Mathew Rowley
2009-03-03 14:53:25 UTC
Permalink
When using the Œ-n 0¹ option I get the following error:

slapadd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
slapadd: could not open database.


MAT
Post by Quanah Gibson-Mount
--On Monday, March 02, 2009 2:18 PM -0700 Mathew Rowley
Post by Mathew Rowley
slapadd: line 1: database (dc=comcast,dc=com) not configured to hold
"cn=config"
slapadd: line 1: database (dc=comcast,dc=com) not configured to hold
"cn=config"
You need to specify that you want to use the config db (-n 0) with your
slapadd command.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
MAT
Quanah Gibson-Mount
2009-03-03 18:51:55 UTC
Permalink
--On Tuesday, March 03, 2009 7:53 AM -0700 Mathew Rowley
Post by Mathew Rowley
slapadd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
slapadd: could not open database.
Hi Mathew,

Are you using slapd.conf or a config directory? Something doesn't seem
quite right at this point with your configuration.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
Mathew Rowley
2009-03-03 18:56:48 UTC
Permalink
The command I was using did not define a file or a directory, so I assume it
was using my default slapd.conf.

When using Œslapd¹ in tool mode, does it spawn the slapd server then perform
the command, then kill the server? Meaning, should I have ldap stopped when
using slapd in tool mode?


MAT
Post by Quanah Gibson-Mount
--On Tuesday, March 03, 2009 7:53 AM -0700 Mathew Rowley
Post by Mathew Rowley
slapadd startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}bdb"
slapadd: could not open database.
Hi Mathew,
Are you using slapd.conf or a config directory? Something doesn't seem
quite right at this point with your configuration.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
MAT
Quanah Gibson-Mount
2009-03-03 19:02:35 UTC
Permalink
--On Tuesday, March 03, 2009 11:56 AM -0700 Mathew Rowley
Post by Mathew Rowley
The command I was using did not define a file or a directory, so I assume
it was using my default slapd.conf.
When using 'slapd' in tool mode, does it spawn the slapd server then
perform the command, then kill the server? Meaning, should I have ldap
stopped when using slapd in tool mode?
Ok, to do what you are doing, you need to be using the new cn=config
format, and not slapd.conf

Second, slap* tools are all offline functions. So yes, slapd should not be
running when you use them. (slapcat is the general exception, with some
caveats, read the documentation on it).

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
Mathew Rowley
2009-03-03 22:49:00 UTC
Permalink
I am reading the man page for slapd as well as the admin guide, but I cannot
find anywhere that says how to use a directory vs a .conf file...

MAT
Post by Quanah Gibson-Mount
--On Tuesday, March 03, 2009 11:56 AM -0700 Mathew Rowley
Post by Mathew Rowley
The command I was using did not define a file or a directory, so I assume
it was using my default slapd.conf.
When using 'slapd' in tool mode, does it spawn the slapd server then
perform the command, then kill the server? Meaning, should I have ldap
stopped when using slapd in tool mode?
Ok, to do what you are doing, you need to be using the new cn=config
format, and not slapd.conf
Second, slap* tools are all offline functions. So yes, slapd should not be
running when you use them. (slapcat is the general exception, with some
caveats, read the documentation on it).
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
MAT
DESK: 720.267.7767
Quanah Gibson-Mount
2009-03-03 22:59:34 UTC
Permalink
--On Tuesday, March 03, 2009 3:49 PM -0700 Mathew Rowley
Post by Mathew Rowley
I am reading the man page for slapd as well as the admin guide, but I
cannot find anywhere that says how to use a directory vs a .conf file...
Chapter 5 of the 2.4 admin guide:

<http://www.openldap.org/doc/admin24/slapdconf2.html>

and

<http://www.openldap.org/software/man.cgi?query=slapd&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html>

See the "-F" option

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount
2009-03-03 23:01:54 UTC
Permalink
--On Tuesday, March 03, 2009 2:59 PM -0800 Quanah Gibson-Mount
Post by Quanah Gibson-Mount
--On Tuesday, March 03, 2009 3:49 PM -0700 Mathew Rowley
Post by Mathew Rowley
I am reading the man page for slapd as well as the admin guide, but I
cannot find anywhere that says how to use a directory vs a .conf file...
<http://www.openldap.org/doc/admin24/slapdconf2.html>
and
<http://www.openldap.org/software/man.cgi?query=slapd&apropos=0&sektion=0
&manpath=OpenLDAP+2.4-Release&format=html>
See the "-F" option
Also, you can use the slapdtest command to convert a slapd.conf file to a
cn=config tree.

slaptest -f <conf file> -F <destination directory>

and then remove slapd.conf and just use slapd with the -F option.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
Mathew Rowley
2009-03-03 23:04:33 UTC
Permalink
Ok ­ I was getting confused with the:

Specifies the slapd configuration directory. The default is
/usr/etc/openldap/slapd.d.

By default ­ I thought it meant you didn¹t not need to specify the Œ-F¹ and
it would use that directory.

MAT
Post by Quanah Gibson-Mount
--On Tuesday, March 03, 2009 2:59 PM -0800 Quanah Gibson-Mount
Post by Quanah Gibson-Mount
--On Tuesday, March 03, 2009 3:49 PM -0700 Mathew Rowley
Post by Mathew Rowley
I am reading the man page for slapd as well as the admin guide, but I
cannot find anywhere that says how to use a directory vs a .conf file...
<http://www.openldap.org/doc/admin24/slapdconf2.html>
and
<http://www.openldap.org/software/man.cgi?query=slapd&apropos=0&sektion=0
&manpath=OpenLDAP+2.4-Release&format=html>
See the "-F" option
Also, you can use the slapdtest command to convert a slapd.conf file to a
cn=config tree.
slaptest -f <conf file> -F <destination directory>
and then remove slapd.conf and just use slapd with the -F option.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
MAT
Loading...