[rudder-users] LDAP issue

Prestasit01 prestasit01 at ouest-france.fr
Mon Mar 3 14:20:37 CET 2014


Hi François ,

Current Slapd.log and ldapsearch seems normal.

But I found that information in slapd.log-20140303 :

Mar  3 11:10:08 p2rudder01 slapd[1345]: [OK] OpenLDAP started on port 389 and 636
Mar  3 11:11:47 p2rudder01 slapd[1340]: bdb(cn=rudder-configuration): id2entry.bdb page 91 is on free list with type 7
Mar  3 11:11:47 p2rudder01 slapd[1340]: bdb(cn=rudder-configuration): PANIC: Invalid argument
Mar  3 11:13:22 p2rudder01 slapd[2430]: [INFO] Using /etc/default/slapd for configuration
Mar  3 11:13:22 p2rudder01 slapd[2435]: [INFO] Halting OpenLDAP...
Mar  3 11:13:22 p2rudder01 slapd[2437]: [OK] OpenLDAP stopped after 0 seconds
Mar  3 11:13:22 p2rudder01 slapd[2438]: [INFO] Launching OpenLDAP database backup...
Mar  3 11:13:22 p2rudder01 slapd[2455]: [ALERT] OpenLDAP database backup failed
Mar  3 11:13:22 p2rudder01 slapd[2469]: [INFO] Using /etc/default/slapd for configuration
Mar  3 11:13:22 p2rudder01 slapd[2474]: [INFO] Launching OpenLDAP configuration test...
Mar  3 11:13:22 p2rudder01 slapd[2476]: [OK] OpenLDAP configuration test successful
Mar  3 11:13:22 p2rudder01 slapd[2477]: [INFO] Launching OpenLDAP replication...
Mar  3 11:13:22 p2rudder01 slapd[2478]: [INFO] no replica found in configuration, aborting lauching slurpd
Mar  3 11:13:22 p2rudder01 slapd[2479]: [INFO] no db_recover done
Mar  3 11:13:22 p2rudder01 slapd[2480]: [INFO] Launching OpenLDAP...
Mar  3 11:13:22 p2rudder01 slapd[2481]: [OK] file descriptor limit set to 1024
Mar  3 11:13:22 p2rudder01 slapd[2482]: @(#) $OpenLDAP: slapd 2.4.30 (Jan 15 2014 21:29:11) $
        root at centos-builder-6-64.labo.normation.com:/usr/src/redhat/BUILD/openldap-source/servers/slapd
Mar  3 11:13:22 p2rudder01 slapd[2483]: hdb_db_open: database "cn=rudder-configuration": unclean shutdown detected; attempting recovery.
Mar  3 11:13:23 p2rudder01 slapd[2483]: slapd starting
Mar  3 11:13:24 p2rudder01 slapd[2488]: [OK] OpenLDAP started on port 389 and 636

Is that talking to you ?

BR
Cédric



De : Francois Armand [mailto:francois.armand at normation.com]
Envoyé : lundi 3 mars 2014 12:15
À : Prestasit01; 'Nicolas Charles'
Cc : rudder-users at lists.rudder-project.org
Objet : Re: [rudder-users] LDAP issue

On 03/03/2014 11:55, Prestasit01 wrote:
Hi all,

[...]


[2014-03-03 11:49:04] ERROR com.normation.ldap.sdk.ROPooledSimpleAuthConnectionProvider - Can't get a new LDAP connection
com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to connect to server localhost:389:  java.io.IOException: An error occurred while attempting to establish a connection to server localhost:389:  java.net.ConnectException: Connection refused
        at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:741) ~[unboundid-ldapsdk-2.3.1.jar:2.3.1]
Caused by: java.io.IOException: An error occurred while attempting to establish a connection to server localhost:389:  java.net.ConnectException: Connection refused
        at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:142) ~[unboundid-ldapsdk-2.3.1.jar:2.3.1]




It seems that their is problem between Rudder and the LDAP server used to store policy configurations. A connection may be refused because:
1/ there is a problem with the server,
2/ there is an authentication problem,
3/ something else.

Let alone 3/ for now.

Let's check 1/ :

  *   could you please check that the LDAP server is up & running ?
     *   restart it (/etc/init.d/slapd restart),
     *   and check the logs

If this is OK, let's check 2/

Could you run that command on the Rudder server (change XXX by the value of RUDDER_OPENLDAP_BIND_PASSWORD in /opt/rudder/etc/rudder-passwords.conf):

       ldapsearch -h localhost -p 389 -D "cn=manager,cn=rudder-configuration" -w 'XXX' -b "cn=rudder-configuration" -s one '(objectclass=*)'

You should see something like (with perhaps one less numResponses/numEntries):
.....
[..several entries: ou=Nodes ; ou=Rudder, etc...]
....
# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4

If this is also OK, we will try to look for 3/.

Thanks,
--
________________________________

[cid:image002.png at 01CF36E9.F45191A0]François ARMAND
Directeur de la R&D
Normation<http://www.normation.com>

________________________________

87 rue de Turbigo, 75003 Paris, France

Telephone:

+33 (0)1 83 62 99 23

Mobile:

+33 (0)6 63 37 60 55

________________________________



-------------------------------------------------------------------------<br>
Les informations ou pieces jointes contenues dans ce message sont
confidentielles. Seul le destinataire expressement vise peut en prendre
connaissance. Toute autre personne qui en divulguera, diffusera ou prendra des copies sera passible de poursuites. La societe Ouest-France decline en outre, toute responsabilite de quelque nature que ce soit au titre de ce message s'il a ete altere, deforme ou falsifie.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20140303/a1532287/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3503 bytes
Desc: image001.png
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20140303/a1532287/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 4097 bytes
Desc: image002.png
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20140303/a1532287/attachment-0003.png>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ldapsearch.txt
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20140303/a1532287/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: slapd.log
Type: application/octet-stream
Size: 1804 bytes
Desc: slapd.log
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20140303/a1532287/attachment-0001.obj>


More information about the rudder-users mailing list