errors with s4-git and ol-2.4.21 (mmr)

Oliver Liebel oliver at itc.li
Thu Mar 4 11:54:25 MST 2010


i think its the best to make up a new thread on this:

as i told, with s4 git  and ol-2.4.21 backend in mmr-setup
there are several points (2 of them belonging together)
to keep an eye on:


mmr-provision wont work anymore with ol > 2.4.20 according to
ITS#6394 (Fixed slapd RID range to be decimal only);
means in short: ol > 2.4.20 only allows rids with 3 digits to prevent 
buffer overflows.
since we had calculated the rids during mmr-prov with 4 digits (starting 
from 1000),
it will fail when temporary slapd.conf is checked before olc-conversion:

---
/usr/local/samba/private/ldap/slapd.conf: line 433: Error: 
parse_syncrepl_line: syncrepl id 1001 is out of range [0..999].
failed to add syncinfo
slaptest: bad configuration directory!
Traceback (most recent call last):
   File "setup/provision", line 245, in <module>
     nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,useeadb=eadb)
   File "bin/python/samba/provision.py", line 1266, in provision
     provision_backend.init()
   File "bin/python/samba/provisionbackend.py", line 213, in init
     self.provision()
   File "bin/python/samba/provisionbackend.py", line 531, in provision
     raise ProvisioningError("conversion from slapd.conf to cn=config 
failed")
samba.provisionexceptions.ProvisioningError: conversion from slapd.conf 
to cn=config failed
---

i have temporarily adjusted the rids in  provisionbackend.py  to 500+  
to test it again.
if --ol-mmr-urls are commited during provision, slapd  2.4.21  fails to 
startup:

---
#> setup/provision --realm=ldap.local.site --domain=LDAP 
--server-role='domain controller' --ldap-backend-type=openldap 
--username=samba-admin --password=linux --adminpass=linux 
--ldapadminpass=linux --slapd-path='/usr/local/libexec/slapd' 
--domain-sid=S-1-5-4444  
--ol-mmr-urls="ldap://samba4dc1.ldap.local.site:9000 
ldap://samba4dc2.ldap.local.site:9000"

slap_startup failed (test would succeed using the -u switch)
Failed to bind - LDAP client internal error: 
NT_STATUS_UNEXPECTED_NETWORK_ERROR
Failed to connect to 
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
Traceback (most recent call last):
   File "setup/provision", line 245, in <module>
     nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,useeadb=eadb)
   File "bin/python/samba/provision.py", line 1267, in provision
     provision_backend.start()
   File "bin/python/samba/provisionbackend.py", line 238, in start
     raise ProvisioningError("slapd died before we could make a 
connection to it")
samba.provisionexceptions.ProvisioningError: slapd died before we could 
make a connection to it
----

if more than 1 ldap-url (with whitespace inbetween) is provided in 
"-ol-mmr-urls=",  the urls
seemed to be not properly parsed by provisionbackend.py :
 >url_list=filter(None,self.ol_mmr_urls.split(' '))
 >            if (len(url_list) == 1):
 >                url_list=filter(None,self.ol_mmr_urls.split(','))
and therefore they wont be substituted in olc_serverid.conf / slapd.conf,
leaving the mmr-section in temporary slapd.conf empty.

2 comma separated urls work, but the error above stays.  starting slapd 
manual
in debug mode with the generated slapd.d, the raised error shows that the
built and provided string to start slapd is wrong (must be slapd.d 
instead of slapd.conf):
---
 > ldif_read_file: Not a directory for 
"/usr/local/samba/private/ldap/slapd.conf/cn=config.ldif"
---


one last thing: the displayed helpline after mmr-provision (how to start 
slapd
from commandline) only shows ldapi for mmr. we should
append a notice to use the matching  of the provided "external" ldap-urls,
as ol-mmr wont work with ol and ldapi only.


thanks,
oliver





More information about the samba-technical mailing list