Community Forum

Resolved
0 votes
It looks like overnight there was a massive update to the server. 6.8.0 final. I walked into it this morning to find out that LDAP stopped working, which brought me down to my knees.

After i was done cursing at myself for allowing automated updates, having learned from Windoze never to update, i decided to go back to Baremetal backup to restore version from a few days ago. But clearOS found a way to 1-Up Windoze - i cannot restore because there is a ClearOS version mismatch. With the flood of updates, ClearOS apparently bumped-up version number which makes my backup useless, short of wiping down and reinstalling, which is an absurd act equal Monty Python solution.

So, what gives? Is this a known? How do i restore LDAP?

Knowns:

- Passwords did not expire.
- I know that the issue is with the server since everything worked yesterday, and I know it is not the clients
- nobody touched the server for days, nor any processes, leaving the update as the only culprit.

Maybe it's the russians? Or maybe someone pushed untested update? Hmmm,
Thursday, May 11 2017, 04:39 PM
Share this post:

Accepted Answer

Thursday, May 11 2017, 09:40 PM - #Permalink
Resolved
0 votes
Hey Andreja,

Sorry to hear you have a problem. You know, i was thinking about the issue you have, and i have noticed that some files, like slpad, are overwritten by the update automatically. Your changes are nuked. It may take you a whole day to realize which changes got nuked. But it's worth it. You should be happy that you got automatic update that moved you from 6.8 to 6.9, so now you can have .1 better experience.

Anyway, i digressed, please check out this other link that you had - you spent a whole day on that issue as well. It is all worth it.

https://www.clearos.com/clearfoundation/social/community/ldap-connection-refused#COM_EASYDISCUSS_REPLY_PERMALINK-165891

Oh, and remember to turn off automatic updates.

Good luck! You'll need it
The reply is currently minimized Show
Responses (4)
  • Accepted Answer

    Thursday, May 11 2017, 07:20 PM - #Permalink
    Resolved
    0 votes
    Thanks Dave. I saw that link as well. I ran the commands as suggested.

    /usr/sbin/slapd -h 'ldap://127.0.0.1/ ldaps://127.0.0.1/' -u ldap did not start the service as you can see below


    [root@fridge /]# service slapd stop
    Stopping slapd: slapd
    [root@fridge /]# /usr/sbin/slapd -h 'ldap://127.0.0.1/ ldaps://127.0.0.1/' -u ldap
    [root@fridge /]# service slapd status
    slapd is stopped
    [root@fridge /]#


    Restoring DBs 'reads' ok to my untrained eye


    [root@fridge /]# db_recover -v -h /var/lib/ldap/
    Finding last valid log LSN: file: 49 offset 10327085
    Recovery starting from [49][10326940]
    Recovery complete at Thu May 11 13:55:41 2017
    Maximum transaction ID 80000021 Recovery checkpoint [49][10327085]

    [root@fridge /]# db_recover -v -h /var/lib/ldap/accesslog/
    Finding last valid log LSN: file: 1 offset 66121
    Recovery starting from [1][65976]
    Recovery complete at Thu May 11 13:56:09 2017
    Maximum transaction ID 80000008 Recovery checkpoint [1][66121]


    and if i just restart it, using

    service slapd start

    it shows it as working

    [root@fridge /]# service slapd start
    Starting slapd: slapd
    [root@fridge /]# service slapd status
    slapd (pid 2022) is running...


    however, if i go to any tools that relay on LDAP like my Wiki page, i get:

    LDAP: couldn't connect to LDAP server
    Sorry, username or password was wrong.

    I know that u/p are not wrong......
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 11 2017, 06:37 PM - #Permalink
    Resolved
    0 votes
    Andreja,

    Backup your ldap database files and then run a repair and see if that helps. If you had some corruption in the existing database then it could have presented itself as a non-tenable situation upon update:

    https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_troubleshooting_openldap_fails_to_start
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 11 2017, 05:50 PM - #Permalink
    Resolved
    0 votes
    i saw Tim's response from few years back

    Title

    and i ran the ldap with debug. Turns out it is parse error 3...no idea what that means, and google has been unhelpful at the moment

    [root@pppttt /]# slapd -h "ldap:127.0.0.1" -u ldap -f "/etc/openldap/slapd.conf" -d 256
    5914a326 @(#) $OpenLDAP: slapd 2.4.40 (Apr 4 2017 20:51:57) $
    mockbuild@build64-1.clearsdn.local:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
    5914a326 daemon: listen URL "ldap:127.0.0.1" parse error=3
    5914a326 slapd stopped.
    5914a326 connections_destroy: nothing to destroy.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 11 2017, 05:35 PM - #Permalink
    Resolved
    0 votes
    I have confirmed that on may 11, at 4am, a whole bunch of changes in /usr/sbin/ around slap***. So, it looks like the update broke me. Sigh.
    The reply is currently minimized Show
Your Reply