search

ltb-project / openldap-deb

Debian packages for OpenLDAP
http://ltb-project.org/wiki/documentation/openldap-deb
GNU General Public License v3.0
14 stars 13 forks source link

if DATA_ADMIN_XXX_MAIL is missing provisioning might fail with (65) object class 'groupOfNames' requires attribute 'member' #97

Closed artlog closed 2 years ago

artlog commented 2 years ago

due to a typo in slapd-cli.conf i had no DATA_ADMIN_XXX_MAIL corresponding to other DATA_ADMIN_XXX_YYY values.

When launching slapd-cli importdatatemplate

Admin is not created and full provisionning fails short since $MEMBER was not set.

A simple warning that some values (here mail) are missing could save some time here.

As seen in following (redacted) trace , there is no WARN or ERROR before ALERT.

root@extpiserver:/usr/local/openldap/etc/openldap# slapd-cli importdatatemplate 
slapd-cli: [INFO] Using /usr/local/openldap/etc/openldap/slapd-cli.conf for configuration
slapd-cli: [INFO] Launching OpenLDAP database backup...
slapd-cli: [INFO] No data in /usr/local/openldap/var/openldap-data, don't do any backup
slapd-cli: [INFO] Halting OpenLDAP...
slapd-cli: [INFO] Can't read PID file, to stop OpenLDAP try: /usr/local/openldap/sbin/slapd-cli forcestop
slapd-cli: [INFO] Import test data...
slapd-cli: [INFO] Using /usr/local/openldap/etc/openldap/data-template-2.6.ldif as template
slapd-cli: [INFO] Adding organization Famille
slapd-cli: [INFO] Adding user ZZZZZZ: uid=zZZZZZ, gn=ZZZZZZ, sn=ZZZZZZZ, mail=ZZZZ@ZZZZZZZZZZZZZ, pass={ARGON2}$argon2id$v=19$m=65536,t=2,p=1$ZZZZZZZZZZZZZZZZZZZZZZZZZZZ
slapd-cli: [INFO] Using suffix dc=ZZZZZZ,dc=ZZZZZZZZ
slapd-cli: [INFO] Adding service account service
slapd-cli: [INFO] Delete data in /usr/local/openldap/var/openldap-data associated to suffix dc=artisanlogiciel,dc=net
slapd-cli: [INFO] Importing data from /usr/local/openldap/etc/openldap/data-template-2.6-filled.ldif
Entry (cn=adminn,ou=groups,ou=Famille,dc=ZZZZZZZZ,dc=ZZZZZ): object class 'groupOfNames' requires attribute 'member'
slapadd: dn="cn=admin,ou=groups,ou=Famille,dc=ZZZZZZZZ,dc=ZZZZZ" (line=125): (65) object class 'groupOfNames' requires attribute 'member'
Closing DB...
slapd-cli: [ALERT] OpenLDAP database restore failed for ZZZZZZ.ZZZZZZ
artlog commented 2 years ago

might be moved in slapd-ci project.

davidcoutadeur commented 2 years ago

Thanks for the report. Indeed, this issue should be moved in slapd-cli project. @artlog : could you move the issue and propose a minimal patch showing what's wrong and what improvement you would propose?