Instructions for setting up OpenLDAP are not working

Asked by Mike Edwards

I am following OpenLDAP documentation (https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html) and when it comes to the point of creating a backend LDIF, I create a file as directed, but when loading it I get this output:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
        additional info: <olcModuleLoad> handler exited with 1

This first happened on a virgin 10.04.3 install, so I purged all slapd packages and tried again with the same result. I am not well-versed in LDAP, which is why I'm trying to follow instructions. From what I can find, the error indicates an attempt to load directory entries that already exist, but since it is a fresh install, I don't understand how that could be true--unless the instructions themselves are wrong.

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu openldap Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Jacobsallan (jacobsallan) said :
#1

http://ubuntuforums.org/showthread.php?p=8185917 and http://ubuntuforums.org/showthread.php?p=8161118
mentions the error(80) message. They both say that

ldap_add: Other (e.g., implementation specific) error (80)
additional info: <olcModuleLoad> handler exited with 1

is caused by trying to load the same module twice, e.g. you already ran ldapadd on db.ldif once and now you're doing it again.

Does this make sense?

Revision history for this message
Jacobsallan (jacobsallan) said :
#2

More to the point is an entry http://ubuntuforums.org/archive/index.php/t-1594138.html. I seem to have recommended a fix the ldif file in 2010. The line "olcModuleload: back_hdb" should read "olcModuleload: back_hdb.la".

Got it. Adding an extension to the filename value fixes the LDIF file used to load database modules (backend.example.com.ldif).

% cat backend.dlinkddns.com.ldif
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb.la
...

There is still a problem with frontend.example.com.ldif; it seems to be either attempting to reload an entry for 'dc=example,dc=com' or to be invalid. The existence of the node is confirmed by using the ldapsearch utility to list nodes.

% ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=dlinkddns,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1

My guess is that the front end LDIF should start with something like

# Create top-level object in domain
dn: ou=orgs,dc=example,dc=com
objectClass: top
objectClass: dcObject
objectclass: organizationalUnit
ou: orgs

dn: o=Example Organization,ou=orgs,dc=example,dc=com
objectClass: organization
o: Example Organization

o: Example Organization
description: LDAP Example

Does this help?

In 2010, I seem to have found other mistakes in the documentation that you will hit in later steps. I wish I had a memory...

Revision history for this message
Mike Edwards (mike-edwards) said :
#3

I again purged slapd and started over:

$ sudo apt-get purge slapd
$ sudo apt-get install slapd
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

Everything is fine to there. I then edited my backend file as you suggest: olcModuleload: back_hdb.la.

Now it seems to get past adding "cn=module,cn=config" but now it is tripped up with the same "duplicate entry" error as before when it apparently hits the next line:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"
adding new entry "olcDatabase=hdb,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
        additional info: <olcAccess> handler exited with 1

I am going to keep reading...

Revision history for this message
Mike Edwards (mike-edwards) said :
#4

Finding different information in the Community Documentation (https://help.ubuntu.com/community/OpenLDAPServer). It's backend ldif is different in a few ways, but now it is throwing a syntax error. Grrr... So many different documents. I have half a mind to pay for Mandriva Directory Server.

Revision history for this message
Mike Edwards (mike-edwards) said :
#5

I guess I should post the new error:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "olcDatabase=hdb,cn=config"
ldap_add: Invalid syntax (21)
  additional info: objectClass: value #1 invalid per syntax

From what I have read, the syntax error can point to trailing whitespace, but my ldif has none. The fact that it points to one of the objectClass lines leads me to believe that either olcDatabaseConfig or olcHdbConfig is unrecognized.

When I run "sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config", I get 8 entries, not the 15 I am apparently supposed to get, so maybe something is wrong there.

Revision history for this message
Mike Edwards (mike-edwards) said :
#6

I guess that Community doc, which claims to apply to 10.04, is not working as I expected it would. It's backend ldif does not include the preamble about loading the dynamic backend modules, but once I added those in as above, the backend loaded fine. I will try not to comment much further unless I get really tripped up.

Revision history for this message
Launchpad Janitor (janitor) said :
#7

This question was expired because it remained in the 'Open' state without activity for the last 15 days.