It looks like overnight there was a massive update to the server. 6.8.0 final. I walked into it this morning to find out that LDAP stopped working, which brought me down to my knees.
After i was done cursing at myself for allowing automated updates, having learned from Windoze never to update, i decided to go back to Baremetal backup to restore version from a few days ago. But clearOS found a way to 1-Up Windoze - i cannot restore because there is a ClearOS version mismatch. With the flood of updates, ClearOS apparently bumped-up version number which makes my backup useless, short of wiping down and reinstalling, which is an absurd act equal Monty Python solution.
So, what gives? Is this a known? How do i restore LDAP?
Knowns:
- Passwords did not expire.
- I know that the issue is with the server since everything worked yesterday, and I know it is not the clients
- nobody touched the server for days, nor any processes, leaving the update as the only culprit.
Maybe it's the russians? Or maybe someone pushed untested update? Hmmm,
After i was done cursing at myself for allowing automated updates, having learned from Windoze never to update, i decided to go back to Baremetal backup to restore version from a few days ago. But clearOS found a way to 1-Up Windoze - i cannot restore because there is a ClearOS version mismatch. With the flood of updates, ClearOS apparently bumped-up version number which makes my backup useless, short of wiping down and reinstalling, which is an absurd act equal Monty Python solution.
So, what gives? Is this a known? How do i restore LDAP?
Knowns:
- Passwords did not expire.
- I know that the issue is with the server since everything worked yesterday, and I know it is not the clients
- nobody touched the server for days, nor any processes, leaving the update as the only culprit.
Maybe it's the russians? Or maybe someone pushed untested update? Hmmm,
Share this post:
Accepted Answer
Hey Andreja,
Sorry to hear you have a problem. You know, i was thinking about the issue you have, and i have noticed that some files, like slpad, are overwritten by the update automatically. Your changes are nuked. It may take you a whole day to realize which changes got nuked. But it's worth it. You should be happy that you got automatic update that moved you from 6.8 to 6.9, so now you can have .1 better experience.
Anyway, i digressed, please check out this other link that you had - you spent a whole day on that issue as well. It is all worth it.
https://www.clearos.com/clearfoundation/social/community/ldap-connection-refused#COM_EASYDISCUSS_REPLY_PERMALINK-165891
Oh, and remember to turn off automatic updates.
Good luck! You'll need it
Sorry to hear you have a problem. You know, i was thinking about the issue you have, and i have noticed that some files, like slpad, are overwritten by the update automatically. Your changes are nuked. It may take you a whole day to realize which changes got nuked. But it's worth it. You should be happy that you got automatic update that moved you from 6.8 to 6.9, so now you can have .1 better experience.
Anyway, i digressed, please check out this other link that you had - you spent a whole day on that issue as well. It is all worth it.
https://www.clearos.com/clearfoundation/social/community/ldap-connection-refused#COM_EASYDISCUSS_REPLY_PERMALINK-165891
Oh, and remember to turn off automatic updates.
Good luck! You'll need it
Responses (4)
-
Accepted Answer
-
Accepted Answer
i saw Tim's response from few years back
Title
and i ran the ldap with debug. Turns out it is parse error 3...no idea what that means, and google has been unhelpful at the moment
[root@pppttt /]# slapd -h "ldap:127.0.0.1" -u ldap -f "/etc/openldap/slapd.conf" -d 256
5914a326 @(#) $OpenLDAP: slapd 2.4.40 (Apr 4 2017 20:51:57) $
mockbuild@build64-1.clearsdn.local:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
5914a326 daemon: listen URL "ldap:127.0.0.1" parse error=3
5914a326 slapd stopped.
5914a326 connections_destroy: nothing to destroy. -
Accepted Answer
Andreja,
Backup your ldap database files and then run a repair and see if that helps. If you had some corruption in the existing database then it could have presented itself as a non-tenable situation upon update:
https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_troubleshooting_openldap_fails_to_start -
Accepted Answer
Thanks Dave. I saw that link as well. I ran the commands as suggested.
/usr/sbin/slapd -h 'ldap://127.0.0.1/ ldaps://127.0.0.1/' -u ldap did not start the service as you can see below
[root@fridge /]# service slapd stop
Stopping slapd: slapd
[root@fridge /]# /usr/sbin/slapd -h 'ldap://127.0.0.1/ ldaps://127.0.0.1/' -u ldap
[root@fridge /]# service slapd status
slapd is stopped
[root@fridge /]#
Restoring DBs 'reads' ok to my untrained eye
[root@fridge /]# db_recover -v -h /var/lib/ldap/
Finding last valid log LSN: file: 49 offset 10327085
Recovery starting from [49][10326940]
Recovery complete at Thu May 11 13:55:41 2017
Maximum transaction ID 80000021 Recovery checkpoint [49][10327085]
[root@fridge /]# db_recover -v -h /var/lib/ldap/accesslog/
Finding last valid log LSN: file: 1 offset 66121
Recovery starting from [1][65976]
Recovery complete at Thu May 11 13:56:09 2017
Maximum transaction ID 80000008 Recovery checkpoint [1][66121]
and if i just restart it, using
service slapd start
it shows it as working
[root@fridge /]# service slapd start
Starting slapd: slapd
[root@fridge /]# service slapd status
slapd (pid 2022) is running...
however, if i go to any tools that relay on LDAP like my Wiki page, i get:
LDAP: couldn't connect to LDAP server
Sorry, username or password was wrong.
I know that u/p are not wrong......
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »