openldap and samba 4

grimstone office at adaptcom.ro
Tue May 19 19:48:11 GMT 2009 

Hello,

Andrew, Chu great news and bad news:

I recomnpiled everithing : 

berkeley db:

applied patch 1, 2,3 and 4 to db-4.7.25

 configured with:

../dist/configure --enable-mutex --enable-debug --enable-diagnostic

cyrus-sasl and heimdal specifing the berkeley db location

got latest cvs and git for openldap and samba4

compiled openldap with:

./configure CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include/"
LDFLAGS="-L/usr/local/BerkeleyDB.4.7/lib/" --enable-debug --enable-dynamic
--enable-slapd --enable-modules --enable-slapi --enable-bdb --enable-hdb
--enable-ldap --enable-overlays --enable-monitor --enable-accesslog
--enable-deref --enable-memberof --enable-refint --enable-translucent
--enable-syncprov

compiled samba4 

did privision-backend and all went well.

started slapd

and server starts this way:

backend_startup_one: starting "cn=Schema,cn=Configuration,dc=adaptcom,dc=ro"
hdb_db_open: "cn=Schema,cn=Configuration,dc=adaptcom,dc=ro"
hdb_db_open: database "cn=Schema,cn=Configuration,dc=adaptcom,dc=ro":
dbenv_open(/usr/local/samba/private/ldap/db/schema).
hdb_monitor_db_open: monitoring disabled; configure monitor database to
enable
=> bdb_entry_get: ndn: "cn=schema,cn=configuration,dc=adaptcom,dc=ro"
=> bdb_entry_get: oc: "(null)", at: "contextCSN"
bdb_dn2entry("cn=schema,cn=configuration,dc=adaptcom,dc=ro")
=> hdb_dn2id("cn=schema,cn=configuration,dc=adaptcom,dc=ro")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)
=> bdb_entry_get: cannot find entry:
"cn=schema,cn=configuration,dc=adaptcom,dc=ro"
backend_startup_one: starting "cn=Configuration,dc=adaptcom,dc=ro"
hdb_db_open: "cn=Configuration,dc=adaptcom,dc=ro"
hdb_db_open: database "cn=Configuration,dc=adaptcom,dc=ro":
dbenv_open(/usr/local/samba/private/ldap/db/config).
=> bdb_entry_get: ndn: "cn=configuration,dc=adaptcom,dc=ro"
=> bdb_entry_get: oc: "(null)", at: "contextCSN"
bdb_dn2entry("cn=configuration,dc=adaptcom,dc=ro")
=> hdb_dn2id("cn=configuration,dc=adaptcom,dc=ro")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)
=> bdb_entry_get: cannot find entry: "cn=configuration,dc=adaptcom,dc=ro"
backend_startup_one: starting "dc=adaptcom,dc=ro"
hdb_db_open: "dc=adaptcom,dc=ro"
hdb_db_open: database "dc=adaptcom,dc=ro":
dbenv_open(/usr/local/samba/private/ldap/db/user).
=> bdb_entry_get: ndn: "dc=adaptcom,dc=ro"
=> bdb_entry_get: oc: "(null)", at: "contextCSN"
bdb_dn2entry("dc=adaptcom,dc=ro")
=> hdb_dn2id("dc=adaptcom,dc=ro")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30988)
=> bdb_entry_get: cannot find entry: "dc=adaptcom,dc=ro"
slapd starting
daemon: added 4r listener=(nil)
daemon: added 7r listener=0x825a2b0
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL

and when I try to finaly provision:

root at r1:/usr/local/src/samba-master/source4# setup/provision
--realm=adaptcom.ro --domain=adaptcom --server-role='domain controller'
--ldap-backend=ldapi --ldap-backend-type=openldap --username=samba-admin
--password=adaptro
Setting up secrets.ldb
Setting up the registry
Setting up templates db
Setting up idmap db

and after a long long wait when in slapd shows this:

===================================================================
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
conn=1 op=1 BIND dn="" method=163
do_bind: dn () SASL mech DIGEST-MD5
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=274
SASL [conn=1] Debug: DIGEST-MD5 server step 1
send_ldap_sasl: err=14 len=184
send_ldap_response: msgid=2 tag=97 err=14
ber_flush2: 231 bytes to sd 19
  0000:  30 81 e4 02 01 02 61 81  de 0a 01 0e 04 00 04 1c   0.....a.........
  0010:  53 41 53 4c 28 30 29 3a  20 73 75 63 63 65 73 73   SASL(0): success
  0020:  66 75 6c 20 72 65 73 75  6c 74 3a 20 87 81 b8 6e   ful result: ...n
  0030:  6f 6e 63 65 3d 22 63 4c  73 54 4e 62 70 4c 71 4e   once="cLsTNbpLqN
  0040:  4c 4d 75 73 42 33 59 6b  4b 48 67 74 64 50 4b 73   LMusB3YkKHgtdPKs
  0050:  35 5a 62 32 72 62 32 33  32 64 5a 73 44 48 76 44   5Zb2rb232dZsDHvD
  0060:  30 3d 22 2c 72 65 61 6c  6d 3d 22 61 64 61 70 74   0=",realm="adapt
  0070:  63 6f 6d 2e 72 6f 22 2c  71 6f 70 3d 22 61 75 74   com.ro",qop="aut
  0080:  68 2c 61 75 74 68 2d 69  6e 74 2c 61 75 74 68 2d   h,auth-int,auth-
  0090:  63 6f 6e 66 22 2c 63 69  70 68 65 72 3d 22 72 63   conf",cipher="rc
  00a0:  34 2d 34 30 2c 72 63 34  2d 35 36 2c 72 63 34 2c   4-40,rc4-56,rc4,
  00b0:  64 65 73 2c 33 64 65 73  22 2c 6d 61 78 62 75 66   des,3des",maxbuf
  00c0:  3d 36 35 35 33 36 2c 63  68 61 72 73 65 74 3d 75   =65536,charset=u
  00d0:  74 66 2d 38 2c 61 6c 67  6f 72 69 74 68 6d 3d 6d   tf-8,algorithm=m
  00e0:  64 35 2d 73 65 73 73                               d5-sess
ldap_write: want=231, written=231
  0000:  30 81 e4 02 01 02 61 81  de 0a 01 0e 04 00 04 1c   0.....a.........
  0010:  53 41 53 4c 28 30 29 3a  20 73 75 63 63 65 73 73   SASL(0): success
  0020:  66 75 6c 20 72 65 73 75  6c 74 3a 20 87 81 b8 6e   ful result: ...n
  0030:  6f 6e 63 65 3d 22 63 4c  73 54 4e 62 70 4c 71 4e   once="cLsTNbpLqN
  0040:  4c 4d 75 73 42 33 59 6b  4b 48 67 74 64 50 4b 73   LMusB3YkKHgtdPKs
  0050:  35 5a 62 32 72 62 32 33  32 64 5a 73 44 48 76 44   5Zb2rb232dZsDHvD
  0060:  30 3d 22 2c 72 65 61 6c  6d 3d 22 61 64 61 70 74   0=",realm="adapt
  0070:  63 6f 6d 2e 72 6f 22 2c  71 6f 70 3d 22 61 75 74   com.ro",qop="aut
  0080:  68 2c 61 75 74 68 2d 69  6e 74 2c 61 75 74 68 2d   h,auth-int,auth-
  0090:  63 6f 6e 66 22 2c 63 69  70 68 65 72 3d 22 72 63   conf",cipher="rc
  00a0:  34 2d 34 30 2c 72 63 34  2d 35 36 2c 72 63 34 2c   4-40,rc4-56,rc4,
  00b0:  64 65 73 2c 33 64 65 73  22 2c 6d 61 78 62 75 66   des,3des",maxbuf
  00c0:  3d 36 35 35 33 36 2c 63  68 61 72 73 65 74 3d 75   =65536,charset=u
  00d0:  74 66 2d 38 2c 61 6c 67  6f 72 69 74 68 6d 3d 6d   tf-8,algorithm=m
  00e0:  64 35 2d 73 65 73 73                               d5-sess
conn=1 op=1 RESULT tag=97 err=14 text=SASL(0): successful result:
<== slap_sasl_bind: rc=14
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
===================================================================

it hangs with the following error:

Failed to bind - LDAP client internal error: NT_STATUS_IO_TIMEOUT
Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
module partition initialization failed
module show_deleted initialization failed
module extended_dn_out_dereference initialization failed
module operational initialization failed
module kludge_acl initialization failed
module samldb initialization failed
module asq initialization failed
module server_sort initialization failed
module paged_results initialization failed
module rootdse initialization failed
Unable to load modules for /usr/local/samba/private/sam.ldb: (null)
Failed to bind - LDAP client internal error: NT_STATUS_IO_TIMEOUT
Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
module partition initialization failed
module show_deleted initialization failed
module extended_dn_out_dereference initialization failed
module operational initialization failed
module kludge_acl initialization failed
module samldb initialization failed
module asq initialization failed
module server_sort initialization failed
module paged_results initialization failed
module rootdse initialization failed
Unable to load modules for /usr/local/samba/private/sam.ldb: (null)
Traceback (most recent call last):
  File "setup/provision", line 192, in <module>
    ldap_backend_type=opts.ldap_backend_type)
  File "bin/python/samba/provision.py", line 1052, in provision
    ldap_backend_type=ldap_backend_type)
  File "bin/python/samba/provision.py", line 775, in setup_samdb
    ldap_backend_type=ldap_backend_type, erase=erase)
  File "bin/python/samba/provision.py", line 564, in setup_samdb_partitions
    credentials=credentials, lp=lp)
  File "bin/python/samba/samdb.py", line 49, in __init__
    self.connect(url)
  File "bin/python/samba/samdb.py", line 54, in connect
    super(SamDB, self).connect(self.lp.private_path(url))
_ldb.LdbError: (80, None)

Andrew is there a way to staticly load this modules who are in error or the
problem is somewhere else?

Expect some opinions to start again tommorow :)

Best regards,
Theodor


Howard Chu wrote:
> 
>> grimstone wrote:
>>> > I ran "TEST_LDAP=yes OPENLDAP_ROOT=/usr/local make test" is the source
>>> > directory of OpenLDAp and when come sto the following test:
>>> >
>>>>>>>> >>>>>> Starting test001-slapadd ...
>>> > running defines.sh
>>> > Running slapadd to build slapd database...
>> This is OpenLDAP's make test suite.
>>
>>> > It stays here
>>> >
>>> > processes on the system are:
>>> >
>>> > root at r1:~# ps -elf
>>> > 0 S root      1445  1007  0  80   0 -   551 -      13:14 pts/0   
>>> 00:00:00
>>> > make test
>>> > 0 S root      1446  1445  0  80   0 -   680 -      13:14 pts/0   
>>> 00:00:00
>>> > /bin/sh -c cd tests; make test
>>> > 0 S root      1447  1446  0  80   0 -   551 -      13:14 pts/0   
>>> 00:00:00
>>> > make test
>>> > 0 S root      1448  1447  0  80   0 -   551 -      13:14 pts/0   
>>> 00:00:00
>>> > make bdb
>>> > 0 S root      1450  1448  0  80   0 -   706 -      13:14 pts/0   
>>> 00:00:00
>>> > /bin/sh ./run -b bdb all
>>> > 0 S root      1467  1450  0  80   0 -   706 -      13:14 pts/0   
>>> 00:00:00
>>> > /bin/sh ./scripts/all
>>> > 0 S root      1769  1467  1  80   0 -   710 -      13:14 pts/0   
>>> 00:00:00
>>> > /bin/sh ./scripts/test001-slapadd
>>> > 0 S root      1785  1769  2  80   0 -  2391 -      13:14 pts/0   
>>> 00:00:00
>>> > /usr/local/src/openldap/servers/slapd/.libs/lt-slapd -Ta -d 0 -f
>>> > /usr/local/src
>>> >
>>> > and a strace on pid 1785 gives this:
>>> >
>>> > root at r1:~# strace -p 1785
>>> > Process 1785 attached - interrupt to quit
>>> > futex(0x4052ed14, FUTEX_WAIT, 1, NULL
>> I think slapd should under no circumstances lock up no matter what the
>> smbd does. How about attaching to slapd with gdb and obtain a stack
>> trace?
>>
> Particularly on test001. Sounds like you've got a mutex bug. If you're
> using 
> BerkeleyDB 4.7 on a single-core machine, then this is a known issue and
> you 
> need to patch your BerkeleyDB source.
> 
> https://www.openldap.org/its/index.cgi/Incoming?id=5707
> 
> Aka patch#2 here:
> 
> http://www.oracle.com/technology/products/berkeley-db/db/update/4.7.25/patch.4.7.25.html
> 
> -- 
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com
>    Director, Highland Sun     http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/
> 
> 

-- 
View this message in context: http://www.nabble.com/openldap-and-samba-4-tp23565343p23623163.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.

More information about the samba-technical mailing list