Package: slapd Version: 2.2.23-8 Severity: grave Justification: renders package unusable
currently running with my master openldap from rh9 and 5 slaves running sarge. Trying to put the master on sarge. First problem was startup of slurpd gives the folowing slurpd -d 0 Error: : directory specified in "replogfile" slapd.conf directive does not exist Adding SLURPD_OPTIONS="-r /var/lib/ldap/replog" to /etc/default/slurpd fixed that but still did not work. Running slapd with debug at 255 give no error as far as I can tell and showed the replicas being setup. Modifying the the master produces no relica log and no error messages. After a lot of experimenting found that this setting in slapd.conf seems to work: replogfile /var/spool/slurpd/replica.log Looks like it's trying to replicate now. Need to do some dns changes so the certificates work. I'm guessing replogfile must be someware in /var/spool/slurpd If so changing the replogfile in the default slapd.conf should do it. It seems odd that I'm the first to run into this. I assume replicated ldap servers are the common. John /etc/default/slapd : # Default location of the slapd.conf file SLAPD_CONF= # System account to run the slapd server under. If empty the server # will run as root. SLAPD_USER= # System group to run the slapd server under. If empty the server will # run in the primary group of its user. SLAPD_GROUP= # Path to the pid file of the slapd server. If not set the init.d script # will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf) SLAPD_PIDFILE= # Configure if db_recover should be called before starting slapd TRY_BDB_RECOVERY=yes # Configure if the slurpd daemon should be started. Possible values: # - yes: Always start slurpd # - no: Never start slurpd # - auto: Start slurpd if a replica option is found in slapd.conf (default) SLURPD_START=auto # slapd normally serves ldap only on all TCP-ports 389. slapd can also # service requests on TCP-port 636 (ldaps) and requests via unix # sockets. # Example usage: # SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///" # Additional options to pass to slapd and slurpd SLAPD_OPTIONS="" SLURPD_OPTIONS="-r /var/lib/ldap/replog" slapd.conf: # Allow LDAPv2 binds allow bind_v2 # This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ####################################################################### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # advocap added include /etc/ldap/schema/misc.schema include /etc/ldap/schema/core-krb.schema include /etc/ldap/schema/samba3.schema # if I really use kerberios many want to get new schema include /etc/ldap/schema/kerberosobject.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd.args # Read slapd.conf(5) for possible values loglevel 255 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb TLSCertificateFile /etc/ldap/mstldapcrt.pem TLSCertificateKeyFile /etc/ldap/mstldapkey.pem TLSCACertificateFile /etc/ldap/cacert.pem TLSVerifyClient never ####################################################################### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend bdb checkpoint 512 30 ####################################################################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend <other> ####################################################################### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database bdb # The base of your directory in database #1 suffix "dc=advocap,dc=org" # Where the database file are physically stored for database #1 directory "/var/lib/ldap" # Indexing options for database #1 index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName pres,sub,eq index memberUid,mail,givenname eq,subinitial index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq rootdn "cn=Manager,dc=advocap,dc=org" rootpw {SSHA}removed # Save the time that the entry gets modified, for database #1 lastmod on # Where to store the replica logs for database #1 replogfile /var/lib/ldap/replog #new acl stuff # users can authenticate and change their password access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange by dn="cn=samba,ou=DSA,dc=advocap,dc=org" write by dn="cn=smbldap-tools,ou=DSA,dc=advocap,dc=org" write by dn="cn=nssldap,ou=DSA,dc=advocap,dc=org" write by self write by anonymous auth by * none # some attributes need to be readable anonymously so that 'id user' can answer correctly access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid,mail by dn="cn=samba,ou=DSA,dc=advocap,dc=org" write by dn="cn=smbldap-tools,ou=DSA,dc=advocap,dc=org" write by * read # somme attributes can be writable by users themselves access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname by dn="cn=samba,ou=DSA,dc=advocap,dc=org" write by dn="cn=smbldap-tools,ou=DSA,dc=advocap,dc=org" write by self write by * read # some attributes need to be writable for samba access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption,sambaPrivilegeList by dn="cn=samba,ou=DSA,dc=advocap,dc=org" write by dn="cn=smbldap-tools,ou=DSA,dc=advocap,dc=org" write by self read by * none # Chech this one out! #access to dn.base="cn=Subschema" # by dn="cn=samba,ou=DSA,dc=advocap,dc=org" read # by dn="cn=smbldap-tools,ou=DSA,dc=advocap,dc=org" read # by * read # samba need to be able to create the samba domain account access to dn.base="dc=advocap,dc=org" by dn="cn=samba,ou=DSA,dc=advocap,dc=org" write by dn="cn=smbldap-tools,ou=DSA,dc=advocap,dc=org" write by * none # samba need to be able to create new users account access to dn="ou=People,dc=advocap,dc=org" by dn="cn=samba,ou=DSA,dc=advocap,dc=org" write by dn="cn=smbldap-tools,ou=DSA,dc=advocap,dc=org" write by * none # samba need to be able to create new groups account access to dn="ou=Groups,dc=advocap,dc=org" by dn="cn=samba,ou=DSA,dc=advocap,dc=org" write by dn="cn=smbldap-tools,ou=DSA,dc=advocap,dc=org" write by * none # samba need to be able to create new computers account access to dn="ou=machines,dc=advocap,dc=org" by dn="cn=samba,ou=DSA,dc=advocap,dc=org" write by dn="cn=smbldap-tools,ou=DSA,dc=advocap,dc=org" write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily. access to dn.base="" by * read replica host=oshldap.advocap.org tls=critical binddn="cn=replica,dc=advocap,dc=org" credentials=removed bindmethod=simple replica host=fonldap.advocap.org tls=critical binddn="cn=replica,dc=advocap,dc=org" credentials=removed bindmethod=simple replica host=neeldap.advocap.org tls=critical binddn="cn=replica,dc=advocap,dc=org" credentials=removed bindmethod=simple replica host=berldap.advocap.org tls=critical binddn="cn=replica,dc=advocap,dc=org" credentials=removed bindmethod=simple replica host=prvldap.advocap.org tls=critical binddn="cn=replica,dc=advocap,dc=org" credentials=removed bindmethod=simple #replica host=debiantest.advocap.org # tls=critical # binddn="cn=replica,dc=advocap,dc=org" # credentials=removed # bindmethod=simple -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages slapd depends on: ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii debconf 1.4.30.13 Debian configuration management sy ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libiodbc2 3.52.2-3 iODBC Driver Manager ii libldap-2.2-7 2.2.23-8 OpenLDAP libraries ii libltdl3 1.5.6-6 A system independent dlopen wrappe ii libperl5.8 5.8.4-8 Shared Perl library ii libsasl2 2.1.19-1.5 Authentication abstraction library ii libslp1 1.0.11a-2 OpenSLP libraries ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii perl [libmime-base64-perl 5.8.4-8 Larry Wall's Practical Extraction ii psmisc 21.5-1 Utilities that use the proc filesy -- debconf information: slapd/internal/adminpw: (password omitted) * slapd/password1: (password omitted) * slapd/password2: (password omitted) slapd/password_mismatch: slapd/fix_directory: true slapd/invalid_config: true * shared/organization: advocap.org slapd/upgrade_slapcat_failure: slapd/upgrade_slapadd_failure: slapd/backend: BDB slapd/dump_database: when needed * slapd/allow_ldap_v2: true slapd/no_configuration: false slapd/migrate_ldbm_to_bdb: true slapd/move_old_database: true slapd/suffix_change: false slapd/slave_databases_require_updateref: slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/autoconf_modules: true slapd/purge_database: false * slapd/domain: advocap.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
