Sergey Ivanov wrote:
> Richard Megginson wrote:
>
>> Sergey Ivanov wrote:
>>
>>> For me it was a problem with ownership of directories in
>>> /opt/fedora-ds/slapd-<name>/ tree. logs, locks and config ownership was
>>> changed by upgrade process to root. So the ns-slpad process was unable
>>> to start. Also the file
>>> /opt/fedora-ds/slapd-<name>/config/dse.ldif.startOK was there in the
>>> way, being unable to deleted, - lack of permissions.
>>>
>>>
>> Very odd. It doesn't appear that setup does this, the chown is done in
>> the server itself:
>> main.c:
>> fix_ownership()
>> {
>> struct passwd* pw=NULL;
>> char dirname[MAXPATHLEN + 1];
>>
>> slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
>>
>>
>> if ( slapdFrontendConfig->localuser != NULL ) {
>> if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL )
>> return;
>> localuser should be "nobody" or the uid of the server user. So one
>> possible problem is that if this is set to "root" for some reason.
>> }
>> else {
>> return;
>> }
>>
>> /* The instance directory needs to be owned by the local user */
>> slapd_chown_if_not_owner( slapdFrontendConfig->instancedir,
>> pw->pw_uid, -1 );
>> instancedir is "/opt/fedora-ds/slapd-instance"
>>
>> PR_snprintf(dirname,sizeof(dirname),"%s/config",slapdFrontendConfig->instancedir);
>>
>> chown_dir_files(dirname, pw, PR_FALSE); /* config directory */
>> chown_dir_files(slapdFrontendConfig->accesslog, pw, PR_TRUE); /* do
>> access log directory */
>> chown_dir_files(slapdFrontendConfig->auditlog, pw, PR_TRUE); /* do
>> audit log directory */
>> chown_dir_files(slapdFrontendConfig->errorlog, pw, PR_TRUE); /* do
>> error log directory */
>>
>> chown_dir_files chowns the directory and all of the files in it (does
>> not recurse). If given a file name, it will strip off the file name
>> (PR_TRUE).
>>
>> It would appear that the only way this can happen is if either
>> slapdFrontendConfig->localuser is "root" or getpwnam(
>> slapdFrontendConfig->localuser ) returns uid 0. If someone can come up
>> with a reproducible test case, please let me know. So far, I've just
>> done simple fds102 install followed by upgrade to fds103 on RHEL4 using
>> the default values. I cannot reproduce this problem.
>>
>> }
>>
>>
>>
> Hi Richard,
> I have upgraded yesterday the last of my ldap servers. The most
> difficult problem there is described in
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213626
> And this problem with ownership and permission denied was reproduced
> once more. I have screenlog of the session, and logs of admin and ldap
> servers. Also I see a file /opt/fedora-ds/setup/myinstall.inf with the
> following contents:
> ---
> [General]
> FullMachineName= <hostname>
> SuiteSpotUserID= root
> SuitespotGroup= root
>
This is a great clue. The setup script uses the following command to
determine these values:
suitespotuser=`ls -l
/opt/fedora-ds/slapd-instance/config/dse.ldif | awk '{print $3}'`
suitespotgroup=`ls -l
/opt/fedora-ds/slapd-instance/config/dse.ldif | awk '{print $4}'`
So somehow the ownership of dse.ldif was changed from nobody:nobody to
root:root. Either that, or the above command is not working. Is it
possible that it is not using /bin/ls?
> ServerRoot= /opt/fedora-ds
> ConfigDirectoryLdapURL= \ ldap://<hostname>.<domainname>:389/o=NetscapeRoot
> ConfigDirectoryAdminID= admin
> AdminDomain= <domainname>
> ConfigDirectoryAdminPwd= <password>
>
> [admin]
> ServerAdminID= admin
> ServerAdminPwd= <password>
> SysUser= root
> Port= 18080
> ServerIpAddress=
> ---
> Is this 'root' in [admin] part of this file connected to the problem?
>
> I also attach a snippet from screen session log, with ip addresses,
> passwords and host/domain names replaced.
>
> ------------------------------------------------------------------------
>
> [root@<hostname> fedora-ds]# netstat -tlpn |grep 636
> tcp 0 0 ::ffff:10.0.0.<ip>:636 :::* LISTEN 15481/ns-slapd
> [root@<hostname> fedora-ds]# netstat -tlpn |grep 389
> tcp 0 0 ::ffff:10.0.0.<ip>:389 :::* LISTEN 15481/ns-slapd
> [root@<hostname> opt]# rpm -Uvh /data/users/seriv/fedora-ds/downloads/fedora-ds-1.0.3-1.RHEL4.x86_64.opt.rpm
> Preparing... ########################################### [100%]
> package fedora-ds-1.0.3-1.RHEL4 is already installed
> [root@<hostname> opt]# rpm -Uvh /data/users/seriv/fedora-ds/downloads/fedora-ds-1.0.3-1.RHEL4.x86_64.opt.rpm --force
> Preparing... ########################################### [100%]
> 1:fedora-ds ########################################### [100%]
>
> Upgrade finished. Please run /opt/fedora-ds/setup/setup to complete the upgrade.
> [root@<hostname> opt]# netstat -tlpn |grep 636
> [root@<hostname> opt]# netstat -tlpn |grep 389
> [root@<hostname> opt]# pwd
> /opt
> [root@<hostname> opt]# cd fedora-ds
> [root@<hostname> fedora-ds]# setup/setup
> INFO Begin Setup . . .
>
>
>
> LICENSE AGREEMENT AND LIMITED PRODUCT WARRANTY
> FEDORA(TM) DIRECTORY SERVER
> [contents skipped]
>
> Do you accept the license terms? (yes/no) yes
> =======================================================================
> Fedora Directory Server 1.0.3
> =======================================================================
>
> The Fedora Directory Server is subject to the terms detailed in the
> license agreement file called LICENSE.txt.
>
> Late-breaking news and information on the Fedora Directory Server is
> available at the following location:
>
> http://directory.fedora.redhat.com
>
> Continue? (yes/no) yes
> No ns-slapd PID file found. Server is probably not running
> /opt/fedora-ds/slapd-<hostname>/config/dse.ldif: SSL off ...
> In order to reconfigure your installation, the Configuration Directory
> Administrator password is required. Here is your current information:
>
> Configuration Directory: ldap://<hostname>.<domainname>:389/o=NetscapeRoot
> Configuration Administrator ID: admin
>
> At the prompt, please enter the password for the Configuration Administrator.
>
> administrator ID: admin
> Password: <password>
> Converting slapd-<hostname> to new format password file . . .
> Copying new schema ldiffiles . . .
> Starting slapd-<hostname> . . .
>
> [slapd-<hostname>]: starting up server ...
> [slapd-<hostname>]: [01/Nov/2006:22:36:26 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
> [slapd-<hostname>]: [01/Nov/2006:22:36:26 -0500] NSMMReplicationPlugin - agmt="cn=ballexta" (<hostname>:389): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error -5961 (TCP connection reset by peer.)
> [slapd-<hostname>]: [01/Nov/2006:22:36:26 -0500] - slapd started. Listening on 10.0.0.<ip> port 389 for LDAP requests
>
> NMC_Status: 0
> NMC_Description: Success! The server has been started.
>
> Start Slapd Starting Slapd server reconfiguration.
> Fatal Slapd ERROR: Could not find Directory Server Configuration
> URL ldap://<hostname>.<domainname>:389/o=NetscapeRoot user id admin DN cn=<hostname>.<domainname>, ou=<domainname>, o=NetscapeRoot (153:Unknown error)
> Configuring Administration Server...
> InstallInfo: Apache Directory "ApacheDir" is missing.
> /opt/fedora-ds/slapd-<hostname>/config/dse.ldif: SSL on ...
> Restarting Directory Server: /opt/fedora-ds/slapd-<hostname>/start-slapd
> Server failed to start !!! Please check errors log for problems
>
> You can now use the console. Here is the command to use to start the console:
> cd /opt/fedora-ds
> ./startconsole -u admin -a http://<hostname>.<domainname>:18080/
>
> INFO Finished with setup, logfile is setup/setup.log
> [root@<hostname> fedora-ds]# netstat -tlpn |grep 636
> [root@<hostname> fedora-ds]# netstat -tlpn |grep 389
> [root@<hostname> fedora-ds]# slapd-<hostname>/restart-slapd
> No ns-slapd PID file found. Server is probably not running
> Server failed to start !!! Please check errors log for problems
> [root@<hostname> fedora-ds]# tail -n 22 slapd-<hostname>/logs/errors
> [01/Nov/2006:22:34:31 -0500] - slapd shutting down - closing down internal subsystems and plugins
> [01/Nov/2006:22:34:35 -0500] - Waiting for 4 database threads to stop
> [01/Nov/2006:22:34:36 -0500] - All database threads now stopped
> [01/Nov/2006:22:34:38 -0500] - slapd stopped.
> [01/Nov/2006:22:36:26 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
> [01/Nov/2006:22:36:26 -0500] NSMMReplicationPlugin - agmt="cn=ballexta" (<hostname>:389): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Net
> scape Portable Runtime error -5961 (TCP connection reset by peer.)
> [01/Nov/2006:22:36:26 -0500] - slapd started. Listening on 10.0.0.<ip> port 389 for LDAP requests
> [01/Nov/2006:22:36:27 -0500] - slapd shutting down - signaling operation threads
> [01/Nov/2006:22:36:27 -0500] - slapd shutting down - waiting for 29 threads to terminate
> [01/Nov/2006:22:36:27 -0500] - slapd shutting down - closing down internal subsystems and plugins
> [01/Nov/2006:22:36:27 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:28 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:29 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:30 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:31 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:32 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:32 -0500] - Waiting for 4 database threads to stop
> [01/Nov/2006:22:36:33 -0500] - All database threads now stopped
> [01/Nov/2006:22:36:33 -0500] - slapd stopped.
> [01/Nov/2006:22:36:34 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
> [01/Nov/2006:22:36:34 -0500] dse - Cannot copy DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif" to "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.startOK" OS
> error 17 (File exists)
> [01/Nov/2006:22:37:08 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
> [01/Nov/2006:22:37:08 -0500] dse - Cannot copy DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif" to "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.startOK" OS
> error 17 (File exists)
> [root@<hostname> fedora-ds]# ls -al slapd-<hostname>/config/
> total 424
> drwxr-xr-x 4 root root 4096 Nov 1 22:37 .
> drwxr-xr-x 12 nobody root 4096 Nov 1 22:37 ..
> -rw-r--r-- 1 nobody root 57967 Nov 1 22:36 dse.ldif
> -rw-r--r-- 2 nobody root 57969 Nov 1 22:36 dse.ldif.bak
> -rw-r--r-- 2 nobody root 57969 Nov 1 22:36 dse.ldif.startOK
> -rw------- 1 nobody root 33781 Aug 29 11:17 dse_original.ldif
> drwxr-xr-x 2 nobody root 4096 Nov 1 22:37 schema
> drwxr-xr-x 2 nobody root 4096 Nov 1 01:43 schema-bak
> -rw-r--r-- 1 nobody root 5400 Aug 29 11:17 slapd-collations.conf
> [root@<hostname> fedora-ds]# chown nobody slapd-<hostname>/config
> [root@<hostname> fedora-ds]# mv slapd-<hostname>/config/dse.ldif.startOK .
> [root@<hostname> fedora-ds]# slapd-<hostname>/restart-slapd
> No ns-slapd PID file found. Server is probably not running
> Server failed to start !!! Please check errors log for problems
> [root@<hostname> fedora-ds]# tail -n 22 slapd-<hostname>/logs/errors
> [01/Nov/2006:22:36:26 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
> [01/Nov/2006:22:36:26 -0500] NSMMReplicationPlugin - agmt="cn=ballexta" (<hostname>:389): Simple bind failed, LDAP sdk error 91 (Can't connect to the LDAP server), Net
> scape Portable Runtime error -5961 (TCP connection reset by peer.)
> [01/Nov/2006:22:36:26 -0500] - slapd started. Listening on 10.0.0.<ip> port 389 for LDAP requests
> [01/Nov/2006:22:36:27 -0500] - slapd shutting down - signaling operation threads
> [01/Nov/2006:22:36:27 -0500] - slapd shutting down - waiting for 29 threads to terminate
> [01/Nov/2006:22:36:27 -0500] - slapd shutting down - closing down internal subsystems and plugins
> [01/Nov/2006:22:36:27 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:28 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:29 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:30 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:31 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:32 -0500] dse - Cannot open temporary DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.tmp" for update: OS error 13 (Permission denied)
> [01/Nov/2006:22:36:32 -0500] - Waiting for 4 database threads to stop
> [01/Nov/2006:22:36:33 -0500] - All database threads now stopped
> [01/Nov/2006:22:36:33 -0500] - slapd stopped.
> [01/Nov/2006:22:36:34 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
> [01/Nov/2006:22:36:34 -0500] dse - Cannot copy DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif" to "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.startOK" OS
> error 17 (File exists)
> [01/Nov/2006:22:37:08 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
> [01/Nov/2006:22:37:08 -0500] dse - Cannot copy DSE file "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif" to "/opt/fedora-ds/slapd-<hostname>/config/dse.ldif.startOK" OS
> error 17 (File exists)
> [01/Nov/2006:22:38:49 -0500] - Fedora-Directory/1.0.3 B2006.303.1845 starting up
> [root@<hostname> fedora-ds]# netstat -tlpn |grep 389
> [root@<hostname> fedora-ds]# netstat -tlpn |grep 636
> [root@<hostname> fedora-ds]# ls -al slapd-<hostname>/logs/
> total 32468
> drwx------ 2 root root 4096 Nov 1 22:36 .
> drwxr-xr-x 12 nobody root 4096 Nov 1 22:38 ..
> -rw------- 1 nobody root 33124743 Nov 1 22:36 access
> -rw------- 1 nobody root 63 Oct 31 23:40 access.rotationinfo
> -rw------- 1 nobody root 0 Oct 31 23:40 audit
> -rw------- 1 nobody root 63 Oct 31 23:40 audit.rotationinfo
> -rw------- 1 nobody root 18211 Nov 1 22:38 errors
> -rw------- 1 nobody root 63 Oct 31 23:40 errors.rotationinfo
> -rw-r--r-- 1 nobody nobody 1952 Nov 1 22:36 slapd.stats
> [root@<hostname> fedora-ds]# chown nobody:nobody slapd-<hostname>/logs
> [root@<hostname> fedora-ds]# chown nobody:nobody slapd-<hostname>/logs/*
> [root@<hostname> fedora-ds]# slapd-<hostname>/restart-slapd
> No ns-slapd PID file found. Server is probably not running
> [root@<hostname> fedora-ds]# netstat -tlpn |grep 636
> tcp 0 0 ::ffff:10.0.0.<ip>:636 :::* LISTEN 15481/ns-slapd
> [root@<hostname> fedora-ds]# netstat -tlpn |grep 389
> tcp 0 0 ::ffff:10.0.0.<ip>:389 :::* LISTEN 15481/ns-slapd
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061102/2d52441c/attachment.bin
