https://bugs.openldap.org/show_bug.cgi?id=10031
Issue ID: 10031
Summary: Conversion of slapd.conf fails using pcache
Product: OpenLDAP
Version: 2.6.0
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: overlays
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I've got the following working slapd.conf:
--------------------
include /opt/symas/etc/openldap/schema/core.schema
include /opt/symas/etc/openldap/schema/cosine.schema
include /opt/symas/etc/openldap/schema/inetorgperson.schema
include /opt/symas/etc/openldap/schema/misc.schema
include /opt/symas/etc/openldap/schema/nis.schema
include /opt/symas/etc/openldap/schema/msuser.schema
modulepath /opt/symas/lib/openldap
moduleload back_ldap
moduleload back_mdb
moduleload rwm.la
moduleload memberof.la
moduleload pcache.la
loglevel any
pidfile /var/symas/run/slapd.pid
argsfile /var/symas/run/slapd.args
database ldap
readonly yes
protocol-version 3
rebind-as-user yes
uri "ldap://192.168.56.201:389";
suffix "dc=example1,dc=net"
rootdn "cn=admin,dc=example1,dc=net"
idassert-bind bindmethod=simple
mode=none
binddn="CN=Administrator,cn=users,dc=example1,dc=net"
credentials=Passw0rd
tls_cacertdir=/opt/symas/etc/openldap
tls_reqcert=never
idassert-authzFrom "*"
overlay rwm
rwm-map attribute uid sAMAccountName
rwm-map objectClass posixAccount person
overlay memberof
memberof-group-oc groupOfuniqueNames
memberof-member-ad uniquemember
memberof-dangling error
overlay pcache
pcache mdb 100000 6 1000 100
pcachePersist TRUE
directory "/var/symas/pcache"
pcacheAttrset 0 1.1
pcacheTemplate (uid=) 0 3600
pcacheTemplate (&(|(objectClass=))) 0 3600
pcacheAttrset 1 employeetype givenName cn sn uid mail
pcacheTemplate (uid=) 1 3600
pcacheBind (uid=) 1 3600 sub dc=de
pcacheAttrset 2 givenName cn sn uid mail uidNumber
pcacheTemplate (objectClass=) 2 3600
pcacheAttrset 3 userPassword
pcacheTemplate (uid=) 3 3600
pcacheTemplate (objectClass=) 2 3600
pcacheAttrset 4 employeetype givenName cn sn uid mail
pcacheTemplate (uid=) 1 3600
pcacheAttrset 5 memberOf
pcacheTemplate (objectClass=*) 2 3600
--------------------
Search for an entry in AD is working:
----------------------
root@ldap-proxy01:~/server-setup/proxy# ldapsearch -x -b dc=example1,dc=net
cn=administrator -LLL dn
dn: cn=Administrator,cn=Users,dc=example1,dc=net
----------------------
Now I want convert it to cn=config but I'm getting the following error:
--------------------
root@ldap-proxy01:/opt/symas/etc/openldap# slaptest -F ./my-slapd.d/ -f
slapd.conf
Entry (olcDatabase={0}mdb,olcOverlay={2}pcache,olcDatabase={1}ldap,cn=config):
object class 'olcMdbBkConfig' requires attribute 'olcBackend'
config_build_entry: build "olcDatabase={0}mdb" failed: "(null)"
config file testing succeeded
mdb_opinfo_get: err Permission denied(13)
--------------------
When I comment out all the settings for the overlay pcache, converting
slapd.conf is working, but starting slapd gives me the following error:
--------------
Mär 27 20:02:03 ldap-proxy01 slapd[2042]: olcAttributeTypes: value #741
olcAttributeTypes: Duplicate attributeType: ""
Mär 27 20:02:03 ldap-proxy01 slapd[2042]: config error processing
cn={5}msuser,cn=schema,cn=config: olcAttributeTypes: Duplicate attributeType:
""
Mär 27 20:02:03 ldap-proxy01 slapd[2042]: send_ldap_result: conn=-1 op=0 p=0
Mär 27 20:02:03 ldap-proxy01 slapd[2042]: send_ldap_result: err=80 matched=""
text=""
--------------
slapcat -n0 tells me:
--------------
root@ldap-proxy01:/opt/symas/etc/openldap# slapcat -n0
olcAttributeTypes: value #741 olcAttributeTypes: Duplicate attributeType:
"�p�:V"
config error processing cn={5}msuser,cn=schema,cn=config: olcAttributeTypes:
Duplicate attributeType: "�p�:V"
slapcat: bad configuration file!
--------------
But switching back to slapd.conf the msuser.schema makes no problems.
Creating my own LDIF (without converting):
--------------------------
dn: cn=config
objectClass: olcGlobal
cn: config
olcLogLevel: any
olcPidFile: /var/symas/run/slapd.pid
olcArgsFile: /var/symas/run/slapd.args
olcToolThreads: 1
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /opt/symas/lib/openldap
olcModuleLoad: back_mdb
olcModuleLoad: back_ldap
olcModuleLoad: back_monitor
olcModuleLoad: argon2
include: file:///opt/symas/etc/openldap/schema/core.ldif
include: file:///opt/symas/etc/openldap/schema/cosine.ldif
include: file:///opt/symas/etc/openldap/schema/nis.ldif
include: file:///opt/symas/etc/openldap/schema/inetorgperson.ldif
include: file:///opt/symas/etc/openldap/schema/msuser.ldif
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcSizeLimit: 500
olcAccess: {0}to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by * break
olcAccess: {1}to dn="" by * read
olcAccess: {2}to dn.base="cn=subschema" by * read
passwordHash: {ARGON2}
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootDN: cn=admin,cn=config
olcRootPW:
{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$cXdlcnJ0enV6dWlvMTIz$G/l0lynf7ygdz0tG+E7S1fBibsFs/L80AUSisiGl/v4
olcAccess: {0}to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
dn: olcDatabase={1}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to dn.subtree="cn=monitor"
by dn.exact=cn=admin,cn=config read
by dn.exact=cn=admin,dc=example,dc=net read
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth read
dn: olcDatabase={2}ldap,cn=config
objectClass: olcDatabaseConfig
objectClass: olcLDAPConfig
olcDatabase: {2}ldap
olcSuffix: dc=example1,dc=net
olcAddContentAcl: FALSE
olcLastMod: FALSE
olcLastBind: FALSE
olcLastBindPrecision: 0
olcMaxDerefDepth: 15
olcReadOnly: TRUE
olcRootDN: cn=admin,dc=example1,dc=net
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
olcDbURI: "ldap://dc-net01.example.net:389";
olcDbStartTLS: none starttls=no
olcDbIDAssertBind: mode=none flags=prescriptive,proxy-authz-non-critical bindm
ethod=simple timeout=0 network-timeout=0 binddn="cn=administrator,cn=users,dc
=example1,dc=net" credentials="Passw0rd" keepalive=0:0:0 tcp-user-timeout=0 t
ls_cacertdir="/opt/symas/etc/openldap" tls_reqcert=never tls_reqsan=allow tls
_crlcheck=none
olcDbIDAssertAuthzFrom: *
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: FALSE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbSessionTrackingRequest: FALSE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbOnErr: continue
olcDbKeepalive: 0:0:0
--------------------------
msuser is working, no error about duplicate attributeType.
System ist Debian 11 with symas-packages OpenLDAP 2.6
--
You are receiving this mail because:
You are on the CC list for the issue.
