Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 105065 - openldap server always say "invalid credential" after updating from 2.1.30-r5 to 2.2.28
Summary: openldap server always say "invalid credential" after updating from 2.1.30-r5...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: x86 Linux
: High blocker (vote)
Assignee: Robin Johnson
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-09-06 14:29 UTC by Mathieu ALORENT
Modified: 2006-01-13 09:59 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mathieu ALORENT 2005-09-06 14:29:17 UTC 
after upgrading from net-nds/openldap-2.1.30-r5 to net-nds/openldap-2.2.28, I
can't connect anymore to the server.

nmap 127.0.0.1 show me that port 389 is open.... but unable to connect to it !


Downgraded to the previous version solved the problem...

Reproducible: Didn't try
Steps to Reproduce:
1. emerge openldap
2. /etc/init.d/slapd restart  (failed)
3. vi /var/log/messages +

Actual Results:  
I can read in the log :

Sep  6 22:46:14 neutron slapd[1967]: daemon: activity on 1 descriptors
Sep  6 22:46:14 neutron slapd[1967]: daemon: new connection on 63
Sep  6 22:46:14 neutron slapd[1967]: daemon: added 63r
Sep  6 22:46:14 neutron slapd[1967]: daemon: activity on:
Sep  6 22:46:14 neutron slapd[1967]:
Sep  6 22:46:14 neutron slapd[1967]: daemon: select: listen=6 active_threads=0
tvp=NULL
Sep  6 22:46:14 neutron slapd[1967]: daemon: activity on 1 descriptors
Sep  6 22:46:14 neutron slapd[1967]: daemon: activity on:
Sep  6 22:46:14 neutron slapd[1967]:  63r
Sep  6 22:46:14 neutron slapd[1967]:
Sep  6 22:46:14 neutron slapd[1967]: daemon: read activity on 63
Sep  6 22:46:14 neutron slapd[1967]: connection_get(63)
Sep  6 22:46:14 neutron slapd[1967]: connection_get(63): got connid=56
Sep  6 22:46:14 neutron slapd[1967]: connection_read(63): checking for input on
id=56
Sep  6 22:46:14 neutron slapd[1967]: ber_get_next on fd 63 failed errno=11
(Resource temporarily unavailable)
Sep  6 22:46:14 neutron slapd[1967]: daemon: select: listen=6 active_threads=0
tvp=NULL
Sep  6 22:46:14 neutron slapd[1973]: do_bind
Sep  6 22:46:14 neutron slapd[1973]: >>> dnPrettyNormal:
<cn=postfix,ou=system,o=tryskel>
Sep  6 22:46:14 neutron slapd[1973]: <<< dnPrettyNormal:
<cn=postfix,ou=system,o=tryskel>, <cn=postfix,ou=system,o=tryskel>
Sep  6 22:46:14 neutron slapd[1973]: do_bind: version=3
dn="cn=postfix,ou=system,o=tryskel" method=128
Sep  6 22:46:14 neutron slapd[1973]: ==> bdb_bind: dn:
cn=postfix,ou=system,o=tryskel
Sep  6 22:46:14 neutron slapd[1973]: bdb_dn2entry("cn=postfix,ou=system,o=tryskel")
Sep  6 22:46:14 neutron slapd[1973]:
is_entry_objectclass("cn=postfix,ou=system,o=tryskel", "2.5.17.0") no
objectClass attribute
Sep  6 22:46:14 neutron slapd[1973]:
is_entry_objectclass("cn=postfix,ou=system,o=tryskel", "2.5.6.1") no objectClass
attribute
Sep  6 22:46:14 neutron slapd[1973]:
is_entry_objectclass("cn=postfix,ou=system,o=tryskel",
"2.16.840.1.113730.3.2.6") no objectClass attribute
Sep  6 22:46:14 neutron slapd[1973]: => access_allowed: auth access to
"cn=postfix,ou=system,o=tryskel" "userPassword" requested
Sep  6 22:46:14 neutron slapd[1973]: => access_allowed: backend default auth
access granted to "(anonymous)"
Sep  6 22:46:14 neutron slapd[1973]: send_ldap_result: conn=56 op=0 p=3
Sep  6 22:46:14 neutron slapd[1973]: send_ldap_result: err=49 matched="" text=""
Sep  6 22:46:14 neutron slapd[1973]: send_ldap_response: msgid=1 tag=97 err=49
Sep  6 22:46:14 neutron postfix/cleanup[1826]: warning: dict_ldap_connect:
Unable to bind to server ldap://127.0.0.1:389 as cn=postfix,ou=system,o=tryskel:
49 (Invalid crede
ntials)

and

Sep  6 22:53:19 neutron authdaemond: ldap_simple_bind_s failed: Invalid credentials

and 

Sep  6 22:45:03 neutron saslauthd[1889]: Authentication failed for
kumy/tryskel.com: Bind to ldap server failed (invalid user/password or
insufficient access) (-7)
Sep  6 22:45:03 neutron saslauthd[1889]: do_auth         : auth failure:
[user=kumy] [service=smtp] [realm=tryskel.com] [mech=ldap] [reason=Unknown]
Sep  6 22:45:03 neutron postfix/smtpd[1805]: warning: unknown[10.0.9.40]: SASL
LOGIN authentication failed


Expected Results:  
Should allow the connection....
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-09-06 17:56:03 UTC 
err the ebuild should have thrown an error and given you instructions for 
upgrading.

Did you follow them?
Comment 2 Mathieu ALORENT 2005-09-06 23:42:52 UTC 
(In reply to comment #1)
> err the ebuild should have thrown an error and given you instructions for 
> upgrading.
> 
> Did you follow them?

nope !

because the real command I used for emeging was emerge -Du world... and other
packages were compiled after, not letting me see this instructions...

Is it possible to have portage summarize all the instructions and warnings at
the end of the process ? So we don't miss them...

Regards
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-09-07 00:18:39 UTC 
then something is weird, because it's supposed to die at that point, but it 
looks like a portage change neutered that code.

Anyway, see the ebuild for upgrade instructions.
Comment 4 Mathieu ALORENT 2005-09-07 04:00:18 UTC 
I've tried to upgrade on an other machine running <openldap-2.2, and portage
didn't show & stop on the error in the pkg_setup() function (seen in the ebuild)

I don't why,
- I have openldap-2.1.30-r5
- I have files in /var/lib/openldap-data containing 'db' in their names
Comment 5 Felipe Massia Pereira 2005-09-26 20:42:57 UTC 
Check the /var/lib/openldap-data permissions. Should be owned by the user slapd
is running.
Comment 6 Markus Ullmann (RETIRED) gentoo-dev 2005-12-18 15:37:13 UTC 
Try this:
USE=
Comment 7 Markus Ullmann (RETIRED) gentoo-dev 2005-12-18 15:37:13 UTC 
Try this:
USE=-sasl emerge openldap
Comment 8 Benjamin Smee (strerror) (RETIRED) gentoo-dev 2006-01-13 09:59:10 UTC 
fixed in cvs