openldap and samba 4
grimstone
office at adaptcom.ro
Tue May 19 19:48:11 GMT 2009
Hello,
Andrew, Chu great news and bad news:
I recomnpiled everithing :
berkeley db:
applied patch 1, 2,3 and 4 to db-4.7.25
configured with:
../dist/configure --enable-mutex --enable-debug --enable-diagnostic
cyrus-sasl and heimdal specifing the berkeley db location
got latest cvs and git for openldap and samba4
compiled openldap with:
./configure CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include/"
LDFLAGS="-L/usr/local/BerkeleyDB.4.7/lib/" --enable-debug --enable-dynamic
--enable-slapd --enable-modules --enable-slapi --enable-bdb --enable-hdb
--enable-ldap --enable-overlays --enable-monitor --enable-accesslog
--enable-deref --enable-memberof --enable-refint --enable-translucent
--enable-syncprov
compiled samba4
did privision-backend and all went well.
started slapd
and server starts this way:
backend_startup_one: starting "cn=Schema,cn=Configuration,dc=adaptcom,dc=ro"
hdb_db_open: "cn=Schema,cn=Configuration,dc=adaptcom,dc=ro"
hdb_db_open: database "cn=Schema,cn=Configuration,dc=adaptcom,dc=ro":
dbenv_open(/usr/local/samba/private/ldap/db/schema).
hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
=> bdb_entry_get: ndn: "cn=schema,cn=configuration,dc=adaptcom,dc=ro"
=> bdb_entry_get: oc: "(null)", at: "contextCSN"
bdb_dn2entry("cn=schema,cn=configuration,dc=adaptcom,dc=ro")
=> hdb_dn2id("cn=schema,cn=configuration,dc=adaptcom,dc=ro")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)
=> bdb_entry_get: cannot find entry:
"cn=schema,cn=configuration,dc=adaptcom,dc=ro"
backend_startup_one: starting "cn=Configuration,dc=adaptcom,dc=ro"
hdb_db_open: "cn=Configuration,dc=adaptcom,dc=ro"
hdb_db_open: database "cn=Configuration,dc=adaptcom,dc=ro":
dbenv_open(/usr/local/samba/private/ldap/db/config).
=> bdb_entry_get: ndn: "cn=configuration,dc=adaptcom,dc=ro"
=> bdb_entry_get: oc: "(null)", at: "contextCSN"
bdb_dn2entry("cn=configuration,dc=adaptcom,dc=ro")
=> hdb_dn2id("cn=configuration,dc=adaptcom,dc=ro")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)
=> bdb_entry_get: cannot find entry: "cn=configuration,dc=adaptcom,dc=ro"
backend_startup_one: starting "dc=adaptcom,dc=ro"
hdb_db_open: "dc=adaptcom,dc=ro"
hdb_db_open: database "dc=adaptcom,dc=ro":
dbenv_open(/usr/local/samba/private/ldap/db/user).
=> bdb_entry_get: ndn: "dc=adaptcom,dc=ro"
=> bdb_entry_get: oc: "(null)", at: "contextCSN"
bdb_dn2entry("dc=adaptcom,dc=ro")
=> hdb_dn2id("dc=adaptcom,dc=ro")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)
=> bdb_entry_get: cannot find entry: "dc=adaptcom,dc=ro"
slapd starting
daemon: added 4r listener=(nil)
daemon: added 7r listener=0x825a2b0
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
and when I try to finaly provision:
root at r1:/usr/local/src/samba-master/source4# setup/provision
--realm=adaptcom.ro --domain=adaptcom --server-role='domain controller'
--ldap-backend=ldapi --ldap-backend-type=openldap --username=samba-admin
--password=adaptro
Setting up secrets.ldb
Setting up the registry
Setting up templates db
Setting up idmap db
and after a long long wait when in slapd shows this:
===================================================================
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
conn=1 op=1 BIND dn="" method=163
do_bind: dn () SASL mech DIGEST-MD5
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=274
SASL [conn=1] Debug: DIGEST-MD5 server step 1
send_ldap_sasl: err=14 len=184
send_ldap_response: msgid=2 tag=97 err=14
ber_flush2: 231 bytes to sd 19
0000: 30 81 e4 02 01 02 61 81 de 0a 01 0e 04 00 04 1c 0.....a.........
0010: 53 41 53 4c 28 30 29 3a 20 73 75 63 63 65 73 73 SASL(0): success
0020: 66 75 6c 20 72 65 73 75 6c 74 3a 20 87 81 b8 6e ful result: ...n
0030: 6f 6e 63 65 3d 22 63 4c 73 54 4e 62 70 4c 71 4e once="cLsTNbpLqN
0040: 4c 4d 75 73 42 33 59 6b 4b 48 67 74 64 50 4b 73 LMusB3YkKHgtdPKs
0050: 35 5a 62 32 72 62 32 33 32 64 5a 73 44 48 76 44 5Zb2rb232dZsDHvD
0060: 30 3d 22 2c 72 65 61 6c 6d 3d 22 61 64 61 70 74 0=",realm="adapt
0070: 63 6f 6d 2e 72 6f 22 2c 71 6f 70 3d 22 61 75 74 com.ro",qop="aut
0080: 68 2c 61 75 74 68 2d 69 6e 74 2c 61 75 74 68 2d h,auth-int,auth-
0090: 63 6f 6e 66 22 2c 63 69 70 68 65 72 3d 22 72 63 conf",cipher="rc
00a0: 34 2d 34 30 2c 72 63 34 2d 35 36 2c 72 63 34 2c 4-40,rc4-56,rc4,
00b0: 64 65 73 2c 33 64 65 73 22 2c 6d 61 78 62 75 66 des,3des",maxbuf
00c0: 3d 36 35 35 33 36 2c 63 68 61 72 73 65 74 3d 75 =65536,charset=u
00d0: 74 66 2d 38 2c 61 6c 67 6f 72 69 74 68 6d 3d 6d tf-8,algorithm=m
00e0: 64 35 2d 73 65 73 73 d5-sess
ldap_write: want=231, written=231
0000: 30 81 e4 02 01 02 61 81 de 0a 01 0e 04 00 04 1c 0.....a.........
0010: 53 41 53 4c 28 30 29 3a 20 73 75 63 63 65 73 73 SASL(0): success
0020: 66 75 6c 20 72 65 73 75 6c 74 3a 20 87 81 b8 6e ful result: ...n
0030: 6f 6e 63 65 3d 22 63 4c 73 54 4e 62 70 4c 71 4e once="cLsTNbpLqN
0040: 4c 4d 75 73 42 33 59 6b 4b 48 67 74 64 50 4b 73 LMusB3YkKHgtdPKs
0050: 35 5a 62 32 72 62 32 33 32 64 5a 73 44 48 76 44 5Zb2rb232dZsDHvD
0060: 30 3d 22 2c 72 65 61 6c 6d 3d 22 61 64 61 70 74 0=",realm="adapt
0070: 63 6f 6d 2e 72 6f 22 2c 71 6f 70 3d 22 61 75 74 com.ro",qop="aut
0080: 68 2c 61 75 74 68 2d 69 6e 74 2c 61 75 74 68 2d h,auth-int,auth-
0090: 63 6f 6e 66 22 2c 63 69 70 68 65 72 3d 22 72 63 conf",cipher="rc
00a0: 34 2d 34 30 2c 72 63 34 2d 35 36 2c 72 63 34 2c 4-40,rc4-56,rc4,
00b0: 64 65 73 2c 33 64 65 73 22 2c 6d 61 78 62 75 66 des,3des",maxbuf
00c0: 3d 36 35 35 33 36 2c 63 68 61 72 73 65 74 3d 75 =65536,charset=u
00d0: 74 66 2d 38 2c 61 6c 67 6f 72 69 74 68 6d 3d 6d tf-8,algorithm=m
00e0: 64 35 2d 73 65 73 73 d5-sess
conn=1 op=1 RESULT tag=97 err=14 text=SASL(0): successful result:
<== slap_sasl_bind: rc=14
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
===================================================================
it hangs with the following error:
Failed to bind - LDAP client internal error: NT_STATUS_IO_TIMEOUT
Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
module partition initialization failed
module show_deleted initialization failed
module extended_dn_out_dereference initialization failed
module operational initialization failed
module kludge_acl initialization failed
module samldb initialization failed
module asq initialization failed
module server_sort initialization failed
module paged_results initialization failed
module rootdse initialization failed
Unable to load modules for /usr/local/samba/private/sam.ldb: (null)
Failed to bind - LDAP client internal error: NT_STATUS_IO_TIMEOUT
Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
module partition initialization failed
module show_deleted initialization failed
module extended_dn_out_dereference initialization failed
module operational initialization failed
module kludge_acl initialization failed
module samldb initialization failed
module asq initialization failed
module server_sort initialization failed
module paged_results initialization failed
module rootdse initialization failed
Unable to load modules for /usr/local/samba/private/sam.ldb: (null)
Traceback (most recent call last):
File "setup/provision", line 192, in <module>
ldap_backend_type=opts.ldap_backend_type)
File "bin/python/samba/provision.py", line 1052, in provision
ldap_backend_type=ldap_backend_type)
File "bin/python/samba/provision.py", line 775, in setup_samdb
ldap_backend_type=ldap_backend_type, erase=erase)
File "bin/python/samba/provision.py", line 564, in setup_samdb_partitions
credentials=credentials, lp=lp)
File "bin/python/samba/samdb.py", line 49, in __init__
self.connect(url)
File "bin/python/samba/samdb.py", line 54, in connect
super(SamDB, self).connect(self.lp.private_path(url))
_ldb.LdbError: (80, None)
Andrew is there a way to staticly load this modules who are in error or the
problem is somewhere else?
Expect some opinions to start again tommorow :)
Best regards,
Theodor
Howard Chu wrote:
>
>> grimstone wrote:
>>> > I ran "TEST_LDAP=yes OPENLDAP_ROOT=/usr/local make test" is the source
>>> > directory of OpenLDAp and when come sto the following test:
>>> >
>>>>>>>> >>>>>> Starting test001-slapadd ...
>>> > running defines.sh
>>> > Running slapadd to build slapd database...
>> This is OpenLDAP's make test suite.
>>
>>> > It stays here
>>> >
>>> > processes on the system are:
>>> >
>>> > root at r1:~# ps -elf
>>> > 0 S root 1445 1007 0 80 0 - 551 - 13:14 pts/0
>>> 00:00:00
>>> > make test
>>> > 0 S root 1446 1445 0 80 0 - 680 - 13:14 pts/0
>>> 00:00:00
>>> > /bin/sh -c cd tests; make test
>>> > 0 S root 1447 1446 0 80 0 - 551 - 13:14 pts/0
>>> 00:00:00
>>> > make test
>>> > 0 S root 1448 1447 0 80 0 - 551 - 13:14 pts/0
>>> 00:00:00
>>> > make bdb
>>> > 0 S root 1450 1448 0 80 0 - 706 - 13:14 pts/0
>>> 00:00:00
>>> > /bin/sh ./run -b bdb all
>>> > 0 S root 1467 1450 0 80 0 - 706 - 13:14 pts/0
>>> 00:00:00
>>> > /bin/sh ./scripts/all
>>> > 0 S root 1769 1467 1 80 0 - 710 - 13:14 pts/0
>>> 00:00:00
>>> > /bin/sh ./scripts/test001-slapadd
>>> > 0 S root 1785 1769 2 80 0 - 2391 - 13:14 pts/0
>>> 00:00:00
>>> > /usr/local/src/openldap/servers/slapd/.libs/lt-slapd -Ta -d 0 -f
>>> > /usr/local/src
>>> >
>>> > and a strace on pid 1785 gives this:
>>> >
>>> > root at r1:~# strace -p 1785
>>> > Process 1785 attached - interrupt to quit
>>> > futex(0x4052ed14, FUTEX_WAIT, 1, NULL
>> I think slapd should under no circumstances lock up no matter what the
>> smbd does. How about attaching to slapd with gdb and obtain a stack
>> trace?
>>
> Particularly on test001. Sounds like you've got a mutex bug. If you're
> using
> BerkeleyDB 4.7 on a single-core machine, then this is a known issue and
> you
> need to patch your BerkeleyDB source.
>
> https://www.openldap.org/its/index.cgi/Incoming?id=5707
>
> Aka patch#2 here:
>
> http://www.oracle.com/technology/products/berkeley-db/db/update/4.7.25/patch.4.7.25.html
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
>
--
View this message in context: http://www.nabble.com/openldap-and-samba-4-tp23565343p23623163.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.
More information about the samba-technical
mailing list