# help! my openldap has died!

## lkraav

openldap-2.1.30-r4

it's in the middle of the night, from what i can tell i think the problem started with updating db-4.1.25 package.

there are no permission problems, all /var/lib/openldap* are owned by ldap:ldap. everything was working smoothly  :Sad: 

May 11 03:31:11 box slapd[10795]: daemon: socket() failed errno=97 (Address family not supported by protocol)

May 11 03:31:11 box slapd[10795]: sql_select option missing

May 11 03:31:11 box slapd[10795]: auxpropfunc error no mechanism available

May 11 03:31:11 box slapd[10795]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

May 11 03:31:11 box slapd[10795]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002)

May 11 03:31:12 box slapd[10795]: bdb_db_init: Initializing BDB database

May 11 03:31:30 box slapd[10802]: bdb(dc=vmr45,dc=dataring.ee): unable to join the environment

May 11 03:31:30 box slapd[10802]: bdb_db_open: dbenv_open failed: Resource temporarily unavailable (11)

May 11 03:31:30 box slapd[10802]: backend_startup: bi_db_open(0) failed! (11)

May 11 03:31:30 box slapd[10802]: bdb(dc=vmr45,dc=dataring.ee): txn_checkpoint interface requires an environment conf

May 11 03:31:30 box slapd[10802]: bdb_db_destroy: txn_checkpoint failed: Invalid argument (22)

May 11 03:31:30 box slapd[10802]: slapd stopped.

May 11 03:31:30 box slapd[10802]: connections_destroy: nothing to destroy.

i been through and through google and groups, only a few people seem to have ever had this, and nobody has a solution..

anyone?

----------

## ikaro

you say that the problem started after the upgrade of the db package - do you really need that newer version ? 

can you downgrade the db package ?

----------

## Cadorna

did you re emerged openldap to relink to the new db??

----------

## lkraav

recompiled both, db4, openldap, does not help. i think it goes beyond this, a few people on google mentioned about db4 problems with threading on redhat9, maybe nptl...?

----------

## totopo

Has someone solved this problem?, after an upgrade of the system openldap stopped to work, I ran this to know what is going on:

```
/usr/lib/openldap/slapd -4 -d 5 -f /etc/openldap/slapd.conf
```

And the output is this:

```

@(#) $OpenLDAP: slapd 2.1.30 (Jul 17 2005 21:39:07) $

        root@marco:/var/tmp/portage/openldap-2.1.30-r5/work/openldap-2.1.30/servers/slapd

daemon_init: <null>

daemon_init: listen on ldap:///

daemon_init: 1 listeners to open...

ldap_url_parse_ext(ldap:///)

daemon: initialized ldap:///

daemon_init: 1 listeners opened

slapd init: initiated server.

bdb_initialize: initialize BDB backend

bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)

perl backend open

>>> dnNormalize: <cn=Subschema>

=> ldap_bv2dn(cn=Subschema,0)

<= ldap_bv2dn(cn=Subschema,0)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(cn=subschema,272)=0

<<< dnNormalize: <cn=subschema>

bdb_db_init: Initializing BDB database

>>> dnPrettyNormal: <dc=my-domain,dc=com>

=> ldap_bv2dn(dc=my-domain,dc=com,0)

<= ldap_bv2dn(dc=my-domain,dc=com,0)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(dc=my-domain,dc=com,272)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(dc=my-domain,dc=com,272)=0

<<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com>

>>> dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>

=> ldap_bv2dn(cn=Manager,dc=my-domain,dc=com,0)

<= ldap_bv2dn(cn=Manager,dc=my-domain,dc=com,0)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(cn=Manager,dc=my-domain,dc=com,272)=0

=> ldap_dn2bv(272)

<= ldap_dn2bv(cn=manager,dc=my-domain,dc=com,272)=0

<<< dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>, <cn=manager,dc=my-domain,dc=com>

matching_rule_use_init

    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: ( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES supportedLDAPVersion )

    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: ( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES supportedLDAPVersion )

    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( email $ associatedDomain $ dc $ mail $ altServer ) )

    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( email $ associatedDomain $ dc $ mail $ altServer ) )

    2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( cACertificate $ userCertificate ) )

    2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: ( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedApplicationContext $ ldapSyntaxes $ matchingRuleUse $ objectClasses $ attributeTypes $ matchingRules $ supportedFeatures $ supportedExtension $ supportedControl $ structuralObjectClass $ objectClass ) )

    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES supportedLDAPVersion )

    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp ) )

    2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )

    2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )

    2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )

    2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES telephoneNumber )

    2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME 'octetStringMatch' APPLIES userPassword )

    2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )

    2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch' APPLIES supportedLDAPVersion )

    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch' APPLIES hasSubordinates )

    2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( registeredAddress $ postalAddress ) )

    2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( internationaliSDNNumber $ x121Address ) )

    2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber ) )

    2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber ) )

    2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( uid $ labeledURI $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier $ initials $ givenName $ destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $ postalCode $ businessCategory $ description $ title $ ou $ o $ street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) )

    2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $ serialNumber ) )

    2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( uid $ labeledURI $ dmdName $ houseIdentifier $ dnQualifier $ generationQualifier $ initials $ givenName $ destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $ postalCode $ businessCategory $ description $ title $ ou $ o $ street $ st $ l $ c $ serialNumber $ sn $ knowledgeInformation $ cn $ name $ ref $ vendorVersion $ vendorName $ supportedSASLMechanisms ) )

    2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( seeAlso $ roleOccupant $ owner $ member $ distinguishedName $ aliasedObjectName $ namingContexts $ subschemaSubentry $ modifiersName $ creatorsName ) )

    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedApplicationContext $ supportedFeatures $ supportedExtension $ supportedControl $ structuralObjectClass $ objectClass ) )

slapd startup: initiated.

bdb_db_open: dc=my-domain,dc=com

bdb_db_open: dbenv_open(/var/lib/openldap-data)

bdb(dc=my-domain,dc=com): Program version 4.2 doesn't match environment version

bdb_db_open: dbenv_open failed: Invalid argument (22)

backend_startup: bi_db_open(0) failed! (22)

slapd shutdown: initiated

====> bdb_cache_release_all

slapd shutdown: freeing system resources.

bdb(dc=my-domain,dc=com): txn_checkpoint interface requires an environment configured for the transaction subsystem

bdb_db_destroy: txn_checkpoint failed: Invalid argument (22)

====> bdb_cache_release_all

slapd stopped.

connections_destroy: nothing to destroy.

```

Ok, seems that the the versions do not match, these are my packages:

openldap : 2.1.30-r5

Berkeley DB: 4.2.52_p2

Does someone know which is the combination of version to make openldap work?, or any other thing I could do?

Regards

----------

## daeghrefn

Just out of curiosity, do you use UDEV, and have you upgraded UDEV any time recently?  I know that I broke my LDAP with a re-emerge of UDEV, which broke permissions on /dev/null

Here's some threads to check out:

https://forums.gentoo.org/viewtopic-t-336492-highlight-udev.html

https://forums.gentoo.org/viewtopic-t-352647-highlight-ldap+db.html

Using these two threads I was able to fix udev and fix the DB problems from the upgrade, and get LDAP back online.   Hope this helps!

-Bob

----------

## totopo

Hello, I was not using udev, I migrated yesterday to udev, but the result is still the same, also the db_recover/db_upgrade didn't work....

----------

