And of course if I had read (and understood) the man page correctly before now, I would have realized I could easily run slapcat with the -F flag like so:
slapcat -F /var/symas/openldap-data/slapd.d/ -n0 ... which works like a charm. Not sure why it's not picking that directory up by default, but problem (mostly) solved. Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, January 5th, 2022 at 10:57 AM, David White <[email protected]> wrote: > I'm starting a new thread on a different topic, as my current issue is > veering way off topic from my original thread (c/f > https://lists.openldap.org/hyperkitty/list/[email protected]/thread/32D2GPXUTLKAXBE5AIQEIEUJJAQLJ5NS/ > and c/f > https://lists.openldap.org/hyperkitty/list/[email protected]/thread/UDTYKW6AEDR2ALY43V2DQZSL7AVTG5GB/). > > Thanks to Ulrich's suggestion to run slapcat -n0 with debug (-d -1). That did > indeed get me some more information, but I still cannot pinpoint why slapcat > keeps telling me that it "could not open database". > > To recap: I'm currently running the Symas-provided openldap package v2.6, and > my ultimate goal is to build a push-based proxy with syncrepl. But this > thread is about the cn=config database. > > As part of my troubleshooting, I found this quite old thread about the > different ways to start slapd: > https://openldap-technical.openldap.narkive.com/Y1yq9Qd1/can-not-modify-cn-conf-openldap-2-4-15 > > I stopped slapd with: > > systemctl stop slapd > > I then manually started it like so, in order to force it to use the ldif > directory instead of the slapd.conf file: > > /opt/symas/lib/slapd -F /var/symas/openldap-data/slapd.d/ > > This started right up, and I can confirm slapd is running. > > I'm able to run a ldapsearch against: -b "cn=config" like so, where we see > all of the various databases, frontend, and Overlays configured. I have > redacted the password, and changed the domain to "example" in the following > stdout. Given this information, I'm still very confused why slapcat can't > open the cn=config database for its own processing. Any help on this would be > appreciated. > > root@ldap-provider:~# ldapsearch -x -LLL -D cn=config -W -s sub -b > "cn=config" "(olcDatabase=)" '' '+' -v > > ldap_initialize( <DEFAULT> ) > > Enter LDAP Password: > > filter: (olcDatabase=*) > > requesting: * + > > dn: olcDatabase={-1}frontend,cn=config > > objectClass: olcDatabaseConfig > > objectClass: olcFrontendConfig > > olcDatabase: {-1}frontend > > olcAddContentAcl: FALSE > > olcLastMod: TRUE > > olcLastBind: TRUE > > olcLastBindPrecision: 0 > > olcMaxDerefDepth: 0 > > olcReadOnly: FALSE > > olcSchemaDN: cn=Subschema > > olcSyncUseSubentry: FALSE > > olcMonitoring: FALSE > > structuralObjectClass: olcDatabaseConfig > > entryUUID: 047a4d82-01dd-103c-8345-d3830b8ac76f > > creatorsName: cn=config > > createTimestamp: 20220104190525Z > > entryCSN: 20220104190525.214003Z#000000#000#000000 > > modifiersName: cn=config > > modifyTimestamp: 20220104190525Z > > entryDN: olcDatabase={-1}frontend,cn=config > > subschemaSubentry: cn=Subschema > > dn: olcDatabase={0}config,cn=config > > objectClass: olcDatabaseConfig > > olcDatabase: {0}config > > olcAccess: {0}to * by * none > > olcAddContentAcl: TRUE > > olcLastMod: TRUE > > olcLastBind: TRUE > > olcLastBindPrecision: 0 > > olcMaxDerefDepth: 15 > > olcReadOnly: FALSE > > olcRootDN: cn=config > > olcRootPW: secret > > olcSyncUseSubentry: FALSE > > olcMonitoring: FALSE > > structuralObjectClass: olcDatabaseConfig > > entryUUID: 047a4fda-01dd-103c-8346-d3830b8ac76f > > creatorsName: cn=config > > createTimestamp: 20220104190525Z > > entryCSN: 20220104190525.214003Z#000000#000#000000 > > modifiersName: cn=config > > modifyTimestamp: 20220104190525Z > > entryDN: olcDatabase={0}config,cn=config > > subschemaSubentry: cn=Subschema > > dn: olcDatabase={1}mdb,cn=config > > objectClass: olcDatabaseConfig > > objectClass: olcMdbConfig > > olcDatabase: {1}mdb > > olcDbDirectory: /var/symas/openldap-data > > olcSuffix: dc=example,dc=com > > olcAddContentAcl: FALSE > > olcLastMod: TRUE > > olcLastBind: TRUE > > olcLastBindPrecision: 0 > > olcMaxDerefDepth: 15 > > olcReadOnly: FALSE > > olcRootDN: cn=admin,dc=example,dc=com > > olcRootPW: secret > > olcSyncUseSubentry: FALSE > > olcMonitoring: TRUE > > olcDbNoSync: FALSE > > olcDbIndex: objectClass eq > > olcDbIndex: entryUUID eq > > olcDbIndex: entryCSN eq > > olcDbMaxReaders: 0 > > olcDbMaxSize: 10485760 > > olcDbMode: 0600 > > olcDbSearchStack: 16 > > olcDbMaxEntrySize: 0 > > olcDbRtxnSize: 10000 > > structuralObjectClass: olcMdbConfig > > entryUUID: 047a52be-01dd-103c-8347-d3830b8ac76f > > creatorsName: cn=config > > createTimestamp: 20220104190525Z > > entryCSN: 20220104190525.214003Z#000000#000#000000 > > modifiersName: cn=config > > modifyTimestamp: 20220104190525Z > > entryDN: olcDatabase={1}mdb,cn=config > > subschemaSubentry: cn=Subschema > > dn: olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config > > objectClass: olcOverlayConfig > > objectClass: olcSyncProvConfig > > olcOverlay: {0}syncprov > > olcSpCheckpoint: 100 10 > > olcSpSessionlog: 100 > > structuralObjectClass: olcSyncProvConfig > > entryUUID: 047a54da-01dd-103c-8348-d3830b8ac76f > > creatorsName: cn=config > > createTimestamp: 20220104190525Z > > entryCSN: 20220104190525.214003Z#000000#000#000000 > > modifiersName: cn=config > > modifyTimestamp: 20220104190525Z > > entryDN: olcOverlay={0}syncprov,olcDatabase={1}mdb,cn=config > > subschemaSubentry: cn=Subschema > > Sent with ProtonMail Secure Email. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > On Wednesday, January 5th, 2022 at 9:40 AM, Ulrich Windl > [email protected] wrote: > > > Hi! > > > I meant: The debug output is useless when you leave out "-n0" (the case that > > > doesn't work for you). > > > > > > David White [email protected] schrieb am 05.01.2022 um 15:14 > > > > > in > > > Nachricht > > > [email protected]>: > > > > That's the thing. > > > > -n0 always returns "unknown database". > > > > Only -n1 returns data. > > > > Thanks for the suggestion, though. :) > > > > Sent with ProtonMail Secure Email. > > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > > > On Wednesday, January 5th, 2022 at 8:11 AM, Ulrich Windl > > > > [email protected] wrote: > > > > > It seems you missed "-n0" for slapcat.
publickey - [email protected] - 0x320CD582.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
