[Kolab-devel] [issue1484] Warnings using openldap = 2.3.27-2.20061018_kolab

Jørgen H. Fjeld jhf at linpro.no
Tue Nov 21 10:17:22 CET 2006 

Mandag 13 november 2006 14:04, skrev Bernhard Reiter:
> This is an installation where I have upgraded from
> Server 2.1beta2's openldap to  openldap = 2.3.27-2.20061018_kolab
>
So you have changed from 2.2 series to 2.3 series, and there are some  config 
file syntax changes.

> /kolab/etc/openldap/slapd.conf: line 91: "attr" is deprecated (and
> undocumented)
> ; use "attrs" instead.
>
Quite simply, the keyword "attr" is deprecated, you should use "attrs" 
instead.
Use an editor, or do something like:
sed -i -e 's/ attr / attrs /' /kolab/etc/openldap/slapd.conf

> The first database does not allow slapcat; using the first available one
>
From slapd.conf, you can see two database stanzas:
database        monitor
database        bdb
The monitor database creates a "magic" ldap tree that hooks into the health of 
slapd, allowing you to monitor the situation. (A tiny bit like the /proc 
filesystem)
The second declares a Berkeley DataBase (bdb) ldap storage.
The monitor database can not be slapcat'ed, slapcat only works on berkeley 
based databases (bdb)

Monitor should be the first database declared in slapd.conf, but you can 
instruct slapcat to use the second one:
/kolab/sbin/slapcat -n 2

> (2) bdb_db_open: DB_CONFIG for suffix dc=intra,dc=bos,dc=de has changed.
> Performing database recovery to activate new settings.
> bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if
> errors a
> re encountered.
>
So you have done an upgrade, and probably the version of bdb has changed, at 
least the settings for bdb. DB_CONFIG instructs the bdb library how to handle 
the database, such as when opened by slapd or slapcat.
If something goes wrong with bdb, and slapd hangs on start or slapcat hangs on 
print, it is almost always a good idea to stop slapd and do a db-recovery:
cd /kolab/var/openldap/openldap-data/ ; /kolab/bin/db_recover

> Stopping and starting openldap gets rid of the DB_CONFIG things,
> but the rest remains. What does it mean?
>
I hope it is clear now :-)

I got OpenPKG to accept a change in the openldap package, such that overlays 
can be activated.
Overlays (in OpenLDAP 2.3) allows us to place further integrity restrictions 
on the ldap database, such as enforcing globally unique both mail and uid, 
and to enforce that all ldap references are valid, such as the member 
attribute in the kolabGroupOfNames.

I requested the change to improve validation in Kolab, but I have not pursued 
it yet, since Kolab didn't seem to move to openldap 2.3 yet. If you do, 
please have this goal of better data integrity in mind.

-- 
MVH
Jørgen H. Fjeld
Systemleveranser
Linpro AS

More information about the devel mailing list