Re: unable to add DB DIT , getting value #0 invalid per syntax error in alpine Linux.

[govid]

Hi,

Thanks for your suggestion.
was able to load backend modules after adding following lines to slapd.conf file

# Load dynamic backend modules:
modulepath/usr/lib/openldap
#moduleloadback_mdb.la
#moduleloadback_ldap.la
moduleload  back_mdb
moduleload  back_ldap

After making this change, my slaptest passed which was failing earlier.

/opt/hpe/nns/NVME-OF-Server/open-ldap/initial_config # slaptest -f 
/etc/openldap/slapd.conf -F /etc/ldap/sns/slapd.d -d 256 -u
config file testing succeeded
/opt/hpe/nns/NVME-OF-Server/open-ldap/initial_config #

but the original issue still persists, as below:

/opt/hpe/nns/NVME-OF-Server/open-ldap/initial_config # ldapadd -x -D 
'cn=config' -w secret -f create_sns_db.ldif
adding new entry "olcDatabase=mdb,cn=config"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax

/opt/hpe/nns/NVME-OF-Server/open-ldap/initial_config #

Re: hdb to mdb

[Dave Macias]

Thank you very much for the kind help!

Much appreciated

Best,
Dave
On Jun 3, 2021, 5:51 PM -0400, Quanah Gibson-Mount , wrote:
>
>
> --On Thursday, June 3, 2021 6:02 PM -0400 Dave Macias 
> wrote:
>
> >
> >
> > So therefore i dont need to worry about back_mdb since it's already
> > loaded.
> > Yes?
>
> Right.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> 

Re: hdb to mdb

[Quanah Gibson-Mount]

--On Thursday, June 3, 2021 6:02 PM -0400 Dave Macias  
wrote:





So therefore i dont need to worry about back_mdb since it's already
loaded. 
Yes?


Right.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: hdb to mdb

[Dave Macias]

So therefore i dont need to worry about back_mdb since it’s already loaded.
Yes?
On Jun 3, 2021, 4:50 PM -0400, Quanah Gibson-Mount , wrote:
>
>
> --On Thursday, June 3, 2021 5:43 PM -0400 Dave Macias 
> wrote:
>
> >
> > > slapd -VVV
> > @(#) $OpenLDAP: slapd 2.4.58 (Mar 16 2021 19:13:56) $
> > build@c7rpm:/home/build/git/rheldap/RHEL7_x86_64/BUILD/symas-openldap-2.4
> > .58/openldap-2.4.58/servers/slapd
> >
> > Included static backends:
> >     config
> >     ldif
> >     monitor
> >     bdb
> >     hdb
> >     mdb
> >
> >
> >
> > Not sure what to look for... "mdb" is that is?
>
> Yes, that indicates mdb was built statically.
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> 

Re: hdb to mdb

[Quanah Gibson-Mount]

--On Thursday, June 3, 2021 5:43 PM -0400 Dave Macias  
wrote:





slapd -VVV

@(#) $OpenLDAP: slapd 2.4.58 (Mar 16 2021 19:13:56) $
build@c7rpm:/home/build/git/rheldap/RHEL7_x86_64/BUILD/symas-openldap-2.4
.58/openldap-2.4.58/servers/slapd

Included static backends:
    config
    ldif
    monitor
    bdb
    hdb
    mdb



Not sure what to look for... "mdb" is that is?


Yes, that indicates mdb was built statically.

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: hdb to mdb

[Dave Macias]

> slapd -VVV
@(#) $OpenLDAP: slapd 2.4.58 (Mar 16 2021 19:13:56) $
build@c7rpm
:/home/build/git/rheldap/RHEL7_x86_64/BUILD/symas-openldap-2.4.58/openldap-2.4.58/servers/slapd

Included static backends:
config
ldif
monitor
bdb
hdb
mdb

Not sure what to look for... "mdb" is that is?

On Thu, Jun 3, 2021 at 1:38 PM Dieter Klünter  wrote:

> Quanah Gibson-Mount  writes:
>
> > --On Thursday, June 3, 2021 12:49 AM -0400 Dave Macias
> >wrote:
> >
> >>
> >>
> >> Hello,
> >>
> >> Saw this link in a recent mail to this list.
> >> https://www.openldap.org/doc/admin25/appendix-upgrading.html
> >>
> >> Looks like hdb would no longer be supported.
> >> I googled a bit to see what it would take to move over to mdb and
> >> stumbled on this post.
> >>
> https://www.mail-archive.com/openldap-technical@openldap.org/msg25484.html
> >>
> >> My question is:
> >> Is it really that easy?
> >
> > yes.  Make sure that you have back_mdb moduleloaded as well if it's
> > built as a module.  You do have to export your DB via slapcat and then
> > reimport with slapadd as well.
>
> In order to check for static built-in modules run ./slapd -VVV
>
> -Dieter
>
> --
> Dieter Klünter | Systemberatung
> http://sys4.de
> GPG Key ID: E9ED159B
> 53°37'09,95"N
> 10°08'02,42"E
>

Re: hdb to mdb

[Dieter Klünter]

Quanah Gibson-Mount  writes:

> --On Thursday, June 3, 2021 12:49 AM -0400 Dave Macias
>wrote:
>
>>
>>
>> Hello,
>>
>> Saw this link in a recent mail to this list.
>> https://www.openldap.org/doc/admin25/appendix-upgrading.html
>>
>> Looks like hdb would no longer be supported.
>> I googled a bit to see what it would take to move over to mdb and
>> stumbled on this post.
>> https://www.mail-archive.com/openldap-technical@openldap.org/msg25484.html
>>
>> My question is:
>> Is it really that easy?
>
> yes.  Make sure that you have back_mdb moduleloaded as well if it's
> built as a module.  You do have to export your DB via slapcat and then
> reimport with slapadd as well.

In order to check for static built-in modules run ./slapd -VVV

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Re: hdb to mdb

[Dave Macias]

Thank you for the reply


> > My question is:
> > Is it really that easy?
>
> yes.  Make sure that you have back_mdb moduleloaded as well if it's built
> as a module.  You do have to export your DB via slapcat and then reimport
> with slapadd as well.
>

I dont have back_mdb built as a module... so i'm assuming I dont need to
worry about it, yes??

Yes, slapcat/add POST hdb > mdb conversion.

Thanks!

Re: hdb to mdb

[Quanah Gibson-Mount]

--On Thursday, June 3, 2021 12:49 AM -0400 Dave Macias  
wrote:





Hello,

Saw this link in a recent mail to this list.
https://www.openldap.org/doc/admin25/appendix-upgrading.html

Looks like hdb would no longer be supported.
I googled a bit to see what it would take to move over to mdb and
stumbled on this post.
https://www.mail-archive.com/openldap-technical@openldap.org/msg25484.html

My question is:
Is it really that easy?


yes.  Make sure that you have back_mdb moduleloaded as well if it's built 
as a module.  You do have to export your DB via slapcat and then reimport 
with slapadd as well.


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: unable to add DB DIT , getting value #0 invalid per syntax error in alpine Linux.

[Quanah Gibson-Mount]

--On Thursday, June 3, 2021 5:04 AM + govid   
wrote:



Hi,
I am trying to do this in Apline OS.
the same command "ldapadd -x -D 'cn=config' -w secret -f
create_sns_db.ldif" works fine in centos but fails in Alpine. content of
create_sns_db.ldif is:
dn: olcDatabase=mdb,cn=config
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbMaxSize: 1073741824
olcSuffix: dc=smartsan
olcDbDirectory: /usr/local/var/openldap-data/sns_db
olcRootDN: cn=admin,dc=smartsan
olcRootPW: secret2
olcDbIndex: objectClass eq



# Load dynamic backend modules:
# modulepath/usr/local/libexec/openldap
# moduleloadback_mdb.la
# moduleloadback_ldap.la


Looks like you failed to moduleload back_mdb.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: Question regarding dnattr for auth

[cyril . stoll]

Michael Ströder wrote:
> This won't work.

Thank you very much for the clarification/explanations!

Best,
Cyril

Re: unable to add DB DIT , getting value #0 invalid per syntax error in alpine Linux.

[govid]

Hi,
I am trying to do this in Apline OS. 
the same command "ldapadd -x -D 'cn=config' -w secret -f create_sns_db.ldif" 
works fine in centos but fails in Alpine.
content of create_sns_db.ldif is:
dn: olcDatabase=mdb,cn=config
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbMaxSize: 1073741824
olcSuffix: dc=smartsan
olcDbDirectory: /usr/local/var/openldap-data/sns_db
olcRootDN: cn=admin,dc=smartsan
olcRootPW: secret2
olcDbIndex: objectClass eq

*

content of slapd.conf file in working OS (centos) is as below:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral   ldap://root.openldap.org

pidfile /usr/local/var/run/slapd.pid
argsfile/usr/local/var/run/slapd.args

# Load dynamic backend modules:
# modulepath/usr/local/libexec/openldap
# moduleloadback_mdb.la
# moduleloadback_ldap.la

# Sample security restrictions
#   Require integrity protection (prevent hijacking)
#   Require 112-bit (3DES or better) encryption for updates
#   Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#   Root DSE: allow anyone to read it
#   Subschema (sub)entry DSE: allow anyone to read it
#   Other DSEs:
#   Allow self write access
#   Allow authenticated users read access
#   Allow anonymous users to authenticate
#   Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#   by self write
#   by users read
#   by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

###
# MDB database definitions
###

databasemdb
maxsize 1073741824
suffix  "dc=my-domain,dc=com"
rootdn  "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw  secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory   /usr/local/var/openldap-data
# Indices to maintain
index   objectClass eq

both files have same contents except default openldap paths, the slapd.conf 
filefor Alpine OS is below:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral   ldap://root.openldap.org

pidfile /var/lib/run/slapd.pid
argsfile/var/lib/run/slapd.args

# Load dynamic backend modules:
#modulepath/usr/lib/openldap
#moduleloadback_mdb.la
#moduleloadback_ldap.la

# Sample security restrictions
#   Require integrity protection (prevent hijacking)
#   Require 112-bit (3DES or better) encryption for updates
#   Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#   Root DSE: allow anyone to read it
#   Subschema (sub)entry DSE: allow anyone to read it
#   Other DSEs:
#   Allow self write access
#   Allow authenticated users read access
#   Allow anonymous users to authenticate
#   Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#   by self write
#   by users read
#   by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

###
# MDB database definitions
###
#

databasemdb
maxsize 1073741824
suffix  "dc=my-domain,dc=com"
rootdn  "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See