When emerging openldap from recent portage tree, the following occurs: -e 's%RELEASEDATE%2003-04-15%' \ ./$page > $page.tmp; \ done make[3]: Leaving directory `/var/tmp/portage/openldap-2.1.30/work/openldap-2.1.30/doc/man/man8' make[2]: Leaving directory `/var/tmp/portage/openldap-2.1.30/work/openldap-2.1.30/doc/man' make[1]: Leaving directory `/var/tmp/portage/openldap-2.1.30/work/openldap-2.1.30/doc' ln: `./data': cannot overwrite directory make: [test-bdb] Error 1 (ignored) Initiating LDAP tests for BDB... >>>>> Executing all LDAP tests... >>>>> Test Directory: . >>>>> Backend: bdb >>>>> Starting test000-rootdse ... running defines.sh Datadir is ./data Cleaning up in ./test-db... Starting slapd on TCP/IP port 9009... Using ldapsearch to retrieve the root DSE... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... ldap_bind: Can't contact LDAP server (81) >>>>> Test failed >>>>> ./scripts/test000-rootdse failed (exit 1) make: *** [test-bdb] Error 1 !!! ERROR: net-nds/openldap-2.1.30 failed. !!! Function src_compile, Line 137, Exitcode 2 !!! make tests failed The emerge cannot get past this point. I am not sure why yet. Reproducible: Always Steps to Reproduce: 1.emerge openldap 2. 3. Actual Results: emerge failure. The "make test" phase fails to contact an existing ldap server. I am not sure why it does this. Expected Results: build and install.
could you please go and look in the tests manually, and try to start the slapd server (the server component of openldap)? it should start on port 9009. I'd suggest turning on debugging '-d 65535' and capturing the output to see why it's not starting properly.
same problem here ...
nobody find a trick ? I cannot update my distro automatically because of that package ...
Pol/Blenderman: given that the original bug reporter has not provided the additional information I asked for, could you please provide it?
Starting slapd manually appears to work fine for me, but even when I do the tests still fail, waiting for it to start (even though ps shows its already running)
i'd like to make myself clear here after it fails, go to /var/tmp/portage/openldap-2.1.30*/work/openldap-2.1.30*/ look at the first test yourself and run it manually with all of the debug output turned on to see what the problem is.
The slapd does start up fine, and the ldapsearch tries to connect. But slapd reports this: ... <= str2entry(cn=Current,cn=Time,cn=Monitor) -> 0x8186590 slapd starting fd=12 DENIED from unknown (127.0.0.1) fd=12 DENIED from unknown (127.0.0.1) So, it seems, the slapd is denying access for some reason. I am also trying to figure out why, but perhaps Robin might know what this is.
The problem occurs when USE=tcpd is enabled. That means use tcpwrapper library. As a workaround I but the following line: slapd: ALL in my /etc/hosts.allow file. That enables all clients to connect. However, I already had this line in my /etc/hosts.allow file: ALL: localhost which SHOULD have also enabled it to work (but it didn't). So I think there is also something going on with the reverse lookup feature (which the ebuild implicitly enables). The reverse lookup seems to fail, returning "unknown" as the host name (should be "localhost").
please attach your /etc/hosts?
could you attach your complete hosts.{allow,deny} as well. I've got my openldap compiled with USE=tcpd, but no ALL or slapd rules in my hosts.{allow,deny}.
'USE="-tcpd" emerge openldap' solved the problem over here... enough for my needs.
USE=-tcpd isn't a solution, it's a workaround only, not suitable for when you need TCP wrappers.
It is not a general solution, but at least people that might visit this bug report and don't need tcp wrappers, will have a workaround. :) BTW, could it be that something is missconfigured?
i'm suspecting a misconfiguration yes, hence my asking for somebodies /etc/hosts{,.allow,.deny} files to see if I can reproduce it myself to fix it.
My whole /etc/hosts.* will probably not be useful to you. Basically, I have this: /etc/hosts.deny --------------- ALL:ALL /etc/hosts.allow ---------------- smtp: ALL ALL: mydomain.com ALL: localhost ---------------- That's basically it. I hope you can reproduce it from that. Another workaround was to temporarily add the following line to hosts.allow: slapd: ALL
It seems that the following directive doesn't work: ALL: mydomain.com ALL: localhost
I have noticed that there is a hosts.allow and a hosts.deny, but don't they exclude one each other? AFAIK if you have a hosts.allow, anything that does not appear there has access denied. In the other hand, if you have hosts.deny, anything that is not there has access granted. Also notice, in the case that both can coexists (strange?), it could be that the hosts.deny rule overrides the hosts.allow. In conclussion, ALL:ALL is the only working rule.
Lastly... how do I correct those typos?
For me the problem is resolved. It was because I had ALL: Localhost in hosts.deny because of portsentry ... Sometimes I try to go on http://localhost/ when the apache server is not started and portsentry consider my computer as a foreign computer and block the IP via hosts.deny ... Sorry for the 'noobishness' Cya
Regarding comment 17: both hosts.allow and hosts.deny are used. The hosts.allow is checked first, then the hosts.deny. This allows a broad range of "denies", and specific overrides in hosts.allow. A typical "safe" scenario is to put ALL:ALL in hosts.deny, and explicitly enable what you want to be available in hosts.allow. See: man 5 hosts_access
In reply to comment #20: You have proved once again that some university teachers have no idea of what they teach... thanks :) anb welcome to the club :D
I don't have a hosts.allow or a hosts.deny and the make test still fails. cd /var/tmp/portage/openldap-2.1.30/work/openldap-2.1.30/ and running make test still gives a failure. Running netstat -tan | grep 9009 shows nothing
Haroon: could you post the output from the failed test please? as for everybody else: I'm trying to find a solution for the hosts.* stuff that will work without requiring the files to be changed.
Hi Robin, Identical to comment 0, (incidentally make test and env SLAPD_DEBUG=6 make test give the same identical output): cd tests; make test make[1]: Entering directory `/var/tmp/portage/openldap-2.1.30/work/openldap-2.1.30/tests' ln: `./data': cannot overwrite directory make[1]: [test-bdb] Error 1 (ignored) ln: `./schema': File exists make[1]: [test-bdb] Error 1 (ignored) Initiating LDAP tests for BDB... >>>>> Executing all LDAP tests... >>>>> Test Directory: . >>>>> Backend: bdb >>>>> Starting test000-rootdse ... running defines.sh Datadir is ./data Cleaning up in ./test-db... Starting slapd on TCP/IP port 9009... Using ldapsearch to retrieve the root DSE... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... ./scripts/test000-rootdse: line 57: kill: (3022) - No such process ldap_bind: Can't contact LDAP server (81) >>>>> Test failed >>>>> ./scripts/test000-rootdse failed (exit 1) make[1]: *** [test-bdb] Error 1 make[1]: Leaving directory `/var/tmp/portage/openldap-2.1.30/work/openldap-2.1.30/tests' make: *** [test] Error 2
Same here. Doesn't depend on hosts.{allow,deny}. Didn't have them, compile failed; made hosts files, compile still failes. Starting slapd (from /etc/init.d) gives no error, but also nothing visible with netstat on port 9009 and no entry in ps -A. This is what the log (var/log/messages) sais: May 26 13:56:53 timo slapd[11012]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) May 26 13:56:53 timo slapd[11012]: bdb_db_init: Initializing BDB database May 26 13:56:54 timo slapd[11013]: bdb(dc=my-domain,dc=com): architecture lacks fast mutexes: applications cannot be threaded May 26 13:56:54 timo slapd[11013]: bdb_db_open: dbenv_open failed: Invalid argument (22) May 26 13:56:54 timo slapd[11013]: backend_startup: bi_db_open(0) failed! (22) May 26 13:56:54 timo slapd[11013]: bdb(dc=my-domain,dc=com): txn_checkpoint interface requires an environment configured for the transaction subsystem May 26 13:56:54 timo slapd[11013]: bdb_db_destroy: txn_checkpoint failed: Invalid argument (22) May 26 13:56:54 timo slapd[11013]: slapd stopped. May 26 13:56:54 timo slapd[11013]: connections_destroy: nothing to destroy. Something wrong with bdb?
me too... same failure as comment 0 i didn't have any hosts.* files either, but i added a hosts.allow with one line as per comment 8. same error. USE="-tcpd" didn't help either i don't have inetd installed on this box, hardly any of the basic network stuff, and my installation is only a month old, so i have a reasonably clean system if you want more details...
I don't have a hosts.allow or .deny either, and creating them with the proposed addition didn't help. During the end of the emerge, this is what shows up in /var/log/messages: lt-slapd[24580]: sql_select option missing lt-slapd[24580]: auxpropfunc error no mechanism available lt-slapd[24580]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql I also get the same errors as comment 25 when I manually try to start slapd.
As a followup to comment 24, here are the contents of the file: /var/tmp/portage/openldap-2.1.30/work/openldap-2.1.30/tests/test-db/master.log @(#) $OpenLDAP: slapd 2.1.30 (Jun 1 2004 16:25:02) $ portage@haroon.sis.utoronto.ca:/var/tmp/portage/openldap-2.1.30/work/ope nldap-2.1.30/servers/slapd daemon_init: ldap://localhost:9009/ daemon_init: listen on ldap://localhost:9009/ daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap://localhost:9009/) slap_get_listener_addresses: getaddrinfo ai_addr is NULL? slapd stopped. connections_destroy: nothing to destroy. Sounds very similar to: http://www.openldap.org/lists/openldap-software/200206/msg00324.html Following that thread points us to: http://www.openldap.org/its/?findid=1416 and http://www.openldap.org/its/?findid=1665 which suggests to change the order of looking for res_query to first look for libresolv (whatever that means).
Continuation of my previous comment #25: indeed appears to be a bdb problem. Emerging with 'USE="-berkdb" emerge openldap" works fine. See also bug# 47174, which seems to mark this as an amd64 problem. Indeed do I work on an amd64. How about the others that see this specific behaviour? Well, at least there is a workaround now: compile without berkdb support.
It is _not_ an AMD64 problem. I'm running it on an AMD Athlon XP.
Vincent, I am on x86. Following your advice in comment 29, I tried USE="-berkdb" emerge openldap and still got: ln: `./data': cannot overwrite directory make: [test-bdb] Error 1 (ignored) run configure with --enable-bdb ln: `./data': cannot overwrite directory make: [test-ldbm] Error 1 (ignored) ln: `./schema': File exists make: [test-ldbm] Error 1 (ignored) Initiating LDAP tests for LDBM... >>>>> Executing all LDAP tests... >>>>> Test Directory: . >>>>> Backend: ldbm >>>>> Starting test000-rootdse ... running defines.sh Datadir is ./data Cleaning up in ./test-db... Starting slapd on TCP/IP port 9009... Using ldapsearch to retrieve the root DSE... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... ./scripts/test000-rootdse: line 57: kill: (13636) - No such process ldap_bind: Can't contact LDAP server (81) >>>>> Test failed >>>>> ./scripts/test000-rootdse failed (exit 1) make: *** [test-ldbm] Error 1 !!! ERROR: net-nds/openldap-2.1.30 failed. !!! Function src_compile, Line 137, Exitcode 2 !!! make tests failed So, its not a work around. /var/tmp/portage/openldap-2.1.30/work/openldap-2.1.30/tests/test-db/master.log shows identical contents as in comment 28.
i've moved the tests to the new src_test functionality for the next version of portage, but i'm still expected that your openldap's will show some errors. haroon: could you please tar up your entire /var/tmp/portage/openldap-2.1.30 that exhibits the "slap_get_listener_addresses: getaddrinfo ai_addr is NULL?" and post it up on the web somewhere for me?
Hi Robin, as requested: http://haroon.sis.utoronto.ca/gentoo_bugzilla/openldap-2.1.30-portage.tar.bz2
haroon: your system contains a libbind.* file somewhere, could you please trace down where it came from? sorry about the lack of response, but i've been way too busy :-(
No problem re: being busy (I understand the feeling). Funnily enough, I recently came to the realization about the libbind.* as well (just this Friday. Funny that, eh?). It belongs to net-dns/bind-9.2.3. Trying to remove the bind package all together totally borked various packages on my system. perl wouldn't run any more. Kept complaining about libbind.so.2 not found. Recompiling fixed it. vim wouldn't run any more. Recompiling did NOT fix it. Kept complaining about libbind.so.2 not being found. So, rather than risk a broken system, I re-emerged bind. I also tried recompiling glibc after vim kept complaining about libbind. So, now that we have a suspicions that libbind from the net-dns/bind package might be to blame, how do I go about taking it out all together and have a working system at the same time? Thanks in advance
Just to let you know another intersting observation. To my knowledge, the only ldap related thing that works currently is the LDAP directory in pine. The ldap functions in evolution and balsa fail miserably. ldapsearch itself fails with: ldap_bind: Can't contact LDAP server (81) I'm pretty positive its all related to the presence of net-dns/bind.
9.2.3 is masked -arch. I'd strongly suggest going back to 9.2.2* unless you really need 9.2.3. Doing a revdep-rebuild afterwards will fix stuff up.
Thanks for jogging my memory about 9.2.3 being masked -arch. Here's what happened. I had an older version of bind which had --enable-libbind. Once I unmerged that older version of bind, bunch of packages broke since there was no more libbind.so.2. revdep-rebuild did not fix vi. It did fix perl. That's why I resorted to using bind-9.2.3 (the only ebuild that I could find which had --enable-libbind). I will try downgrading bind to 9.2.2-r4 and do a revdep-rebuild to see if it helps matters.
libbind causes a LOT of problems.
Happy to report that downgrading to bind-9.2.2-r4 seems to be helping. My lists of broken systems as reported by revdep-rebuild -p was: app-crypt/gnupg-1.2.5 dev-php/mod_php-5.0.1 dev-php/php-5.0.1 kde-base/kdebase-3.3.0 mail-client/balsa-2.0.15-r2 mail-client/evolution-1.4.6 mail-client/pine-4.61-r1 mail-mta/postfix-2.1.3 net-fs/samba-3.0.6-r1 net-im/gaim-0.81-r2 net-nds/openldap-2.1.30-r3 Systems seems to be much happier now. I emerged openldap first and then some of the rest of these "broken" systems were fixed just by emerging openldap (e.g., pine,samba,gaim,gpg did not need to be recompiled). I am in the process of recompiling php,mod_php,and the rest. For others following this bug (or new people encountering this) make sure your bind ebuild does not create /usr/lib/libbind* files or you will run into similar LDAP related problems as reported above.
ok, i'm going to close as INVALID since it was your use of libbind that was screwing things over, and not any fault of openldap.
No problem (regarding resolving as invalid). Few points though: 1) I'm not the OP (you should ask Keith if this indeed was his problem and if indeed it is fixed). 2) Shouldn't we try and detect this somehow before it happens? 3) What's going on with the src_test() function? As it is right now, the "make test" section never gets executed. We should put the make test line back in the src_compile() section. Otherwise we won't know what other tests might be failing. (In comment 32, you did mention new src_test functionality in new version of portage, but I failed to find anything yet).
haroon: 1. the OP problem was caused by his overly strict tcpwrappers setup. 2. we're working on trying to get libbind to not break things rather ;-) 3. put 'maketest' in your FEATURES and use the very latest .51pre20 portage.