Solved OpenLDAP: slapcat fails

NuLL3rr0r · Aug 3, 2015

Hello,

I've been going crazy over this, but I could not find any reason for this:

I have a backup script which uses slapcat to backup OpenLDAP objects and directories. But, after rebooting any one of my servers, it faces the following error:

Code:

55bf0d2c mdb_db_open: database "dc=domain,dc=net" cannot be opened: No such file or directory (2). Restore from backup!
55bf0d2c backend_startup_one (type=mdb, suffix="dc=domain,dc=net"): bi_db_open failed! (2)
slap_startup failed

The only solution is to restart slapd service once, then slapcat works fine after that.
Note that querying LDAP directories work just fine even when slapcat doesn't.

I did not have this problem with bdb backend. This problem appeared after replacing it with mdb since it was deprecated.

Any ideas or experience on this?

w5plt · Aug 4, 2015

Perhaps it could be a permissions issue on the directory or database file. Additionally, you don't mentioned whether or not your backup script is running as a cron job since, if you are, it is should be running as the same user as slapd.

Regards,

Scott

NuLL3rr0r · Aug 4, 2015

Thanks for the answer.

My script runs as a cron job. But, in my estimation it does not have anything to do with the script or cron. Even if I run slapcat directly as ldap user and ldap group I get the same result:

Code:

$ sudo -u ldap -g ldap -H slapcat
55c115a8 mdb_db_open: database "dc=denavas,dc=net" cannot be opened: No such file or directory (2). Restore from backup!
55c115a8 backend_startup_one (type=mdb, suffix="dc=denavas,dc=net"): bi_db_open failed! (2)
slap_startup failed

I checked the permissions they look fine too. /var/db/openldap-data and all its data blong to user and group ldap.

w5plt · Aug 4, 2015

I found this thread on the OpenLDAP Mailing List that maybe relevant to your issue - http://www.openldap.org/lists/openldap-technical/201411/msg00176.html

Out of curiosity and relative to the above URL, are there any processes cleaning/removing the /tmp files either as a cron(8) job or on boot?

What are the results if you run slapcat -v -f /your location of slapd.conf

What are the result if you run slaptest

NuLL3rr0r · Aug 5, 2015

Right now, I do not have access to any of my servers which are running OpenLDAP. But, based on your suggestion I'm sure I have the following inside /etc/rc.conf:

Code:

clear_tmp_enable="YES"
clear_tmp_X="YES"

Good hint I'll check them out as soon as I'll get my hands on those servers.

w5plt · Aug 5, 2015

Once you gain access to your servers, please report back your findings.

Regards,

Scott

NuLL3rr0r · Aug 6, 2015

w5plt Thank you so much. You nailed it!

I removed those two lines from /etc/rc.conf, restarted slapd service and rebooted the system. Now, slapcat works as expected. I did a few reboots and it's still fine.

Anyway, before I reboot I ran your commands with the following results:

Code:

$ slaptest
55c3707c mdb_db_open: database "dc=denavas,dc=net" cannot be opened: No such file or directory (2). Restore from backup!
55c3707c backend_startup_one (type=mdb, suffix="dc=denavas,dc=net"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

$ slaptest -u
config file testing succeeded

$ slapcat -v -f /usr/local/etc/openldap/slapd.conf
55c370dc mdb_db_open: database "dc=denavas,dc=net" cannot be opened: No such file or directory (2). Restore from backup!
55c370dc backend_startup_one (type=mdb, suffix="dc=denavas,dc=net"): bi_db_open failed! (2)
slap_startup failed

w5plt · Aug 6, 2015

I'm glad I was able to point you in the right direction! Hopefully, someone else can benefit from this information as well.

Regards,

Scott

NuLL3rr0r · Aug 7, 2015

Thanks Scott, that's very kind of you