Samba4 OpenLDAP backend

nitin bhadauria bhadauria.nitin at gmail.com
Tue Apr 27 22:57:18 MDT 2010 

I have just updated openldap from cvs reposetry and i end up with a new
error...


/usr/local/bin/python setup/provision
--realm=SAMBA.DOMAIN.COM<http://samba.domain.com/>--domain=
DOMAIN.COM <http://samba.domain.com/> --server-role='domain controller'
--ldap-backend-type=openldap --slapd-path="/usr/local/libexec/slapd"
--adminpass=passw0rd
Failed to bind - LDAP client internal error:
NT_STATUS_UNEXPECTED_NETWORK_ERROR
Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=SAMBA,DC=DOMAIN,DC=COM
pdc_fsmo_init: no domain object present: (skip loading of domain details)

Adding configuration container
naming_fsmo_init: no partitions dn present: (skip loading of naming contexts
details)

Setting up sam.ldb schema

Traceback (most recent call last):
  File "setup/provision", line 249, in <module>
    nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,useeadb=eadb)
  File "bin/python/samba/provision.py", line 1328, in provision
    dom_for_fun_level=dom_for_fun_level)
  File "bin/python/samba/provision.py", line 952, in setup_samdb
    samdb.add_ldif(schema.schema_data, controls=["relax:0"])
  File "bin/python/samba/__init__.py", line 251, in add_ldif
    self.add(msg,controls)
_ldb.LdbError: (3, 'error in module acl: Time limit exceeded (3)')
A transaction is still active in ldb context [0xa1e32b0] on
/usr/local/samba/private/secrets.ldb






On Wed, Apr 28, 2010 at 6:29 AM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Wed, 2010-04-28 at 10:32 +1000, Andrew Bartlett wrote:
> > On Tue, 2010-04-27 at 18:12 +0530, nitin bhadauria wrote:
> > > Hi Andrew,
> > >
> > > Now i have recompiled openldap with sasl support ..
> > >
> > > ldd /usr/local/libexec/slapd
> > >     linux-gate.so.1 =>  (0x00c5e000)
> > >     libltdl.so.3 => /usr/lib/libltdl.so.3 (0x04ace000)
> > >     libdl.so.2 => /lib/libdl.so.2 (0x00d36000)
> > >     libuuid.so.1 => /lib/libuuid.so.1 (0x00110000)
> > >     libdb-4.7.so => /usr/lib/libdb-4.7.so (0x00de9000)
> > >     libpthread.so.0 => /lib/libpthread.so.0 (0x00d3c000)
> > >     libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x001e6000)
> > >     libssl.so.6 => /lib/libssl.so.6 (0x04879000)
> > >
> > >
> > > Now when i try to configure it i get the following error..
> > >
> > > ./setup/provision --realm=SAMBA.DOMAIN.COM --domain=DOMAIN.COM
> > > --adminpass=passw0rd --ldap-backend-type=openldap
> > > --slapd-path="/usr/local/libexec/slapd" --server-role='domain
> > > controller'
> >
> > > Failed to bind - LDAP client internal error:
> > > NT_STATUS_INVALID_PARAMETER
> > > Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%
> > > 2Fldapi'
> > >
> > >
> > > Am i supposed to configure a running ldap server on some other port
> > > and then run provision script.
> > > If so how will i define ldap port with the  provision script.
> >
> > No, the idea here is that OpenLDAP will be started by Samba4's provision
> > script.  That way, we control the settings it is started with.
> >
> > It seems that OpenLDAP has started, but not accepted any connections.
>
> If you grab the current tree, I've improved the error message.  It will
> now tell you if the OpenLDAP slapd has taken more than 15 seconds to
> accept a connection, and then list the command it tried to use to start
> it.
>
> It seems likely that some interesting OpenLDAP bug has stalled the slapd
> during startup, but you will be able to tell this when you re-run that
> command manually.  Adding the '-d-1' option to the slapd command will
> give a lot of debug, and potentially point to the issue.
>
> A potential future improvement to the scripts may be to automatically
> start OpenLDAP with -d-1 when it fails to operate correctly.
>
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/<http://samba.org/%7Eabartlet/>
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.
>

More information about the samba-technical mailing list