Univention Bugzilla – Bug 43829
slapd fails to start during update to 4.2 due to unknown attr univentionPortalEntry
Last modified: 2019-01-03 07:18:49 CET
[FAIL] Starting ldap server(s): slapd ...failed. [info] 58c6a0bf OVER: Loading Translog Overlay 58c6a0bf OVER: db_init 58c6a0bf OVER: Configuring Translog Overlay 58c6a0bf OVER: Configured Translog Overlay to use file "/var/lib/univention-ldap/listener/listener" 58c6a0bf /etc/ldap/slapd.conf: line 175: unknown attr "@univentionPortalEntry" in to clause 58c6a0bf <access clause> ::= access to <what> [ by <who> [ <access> ] [ <control> ] ]+ <what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>] <attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist> <attrlist> ::= <attr> [ , <attrlist> ] <attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children <who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ] [ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ] [dnattr=<attrname>] [realdnattr=<attrname>] [group[/<objectclass>[/<attrname>]][.<style>]=<group>] [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>] [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>] [dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]] [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>] <style> ::= exact | regex | base(Object) <dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact | regex <attrstyle> ::= exact | regex | base(Object) | one(level) | sub(tree) | children <peernamestyle> ::= exact | regex | ip | ipv6 | path <domainstyle> ::= exact | regex | base(Object) | sub(tree) <access> ::= [[real]self]{<level>|<priv>} <level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage <priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+ <control> ::= [ stop | continue | break ] dynacl: <name>=ACI <pattern>=<attrname> slapschema: bad configuration file!. The update works though, maybe this is just cosmetic
It is the same as Bug #41782
(In reply to Florian Best from comment #1) > It is the same as Bug #41782 so it's the same but not a duplicate? Why this only is a cosmetic issue, it prevents slapd from starting?
(In reply to Nico Stöckigt from comment #2) > (In reply to Florian Best from comment #1) > > It is the same as Bug #41782 > > so it's the same but not a duplicate? > Why this only is a cosmetic issue, it prevents slapd from starting? Yes, it prevents slapd from starting but only temporary. The problem is that at this time the attribute is not yet part of the schema but a little bit later the schema is registered and slapd can start again. So it only produces an error in the logfiles but after the upgrade anything works fine!?!
A snippet of the Logfile from a customer. Slapd does not start after the upgrade at all. root@ucs:~# systemctl status slapd.service -l ? slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol) Loaded: loaded (/etc/init.d/slapd) Active: failed (Result: exit-code) since Do 2017-04-06 07:40:33 CEST; 29s ago Process: 3135 ExecStart=/etc/init.d/slapd start (code=exited, status=1/FAILURE) Apr 06 07:40:33 ucs slapd[3169]: @(#) $OpenLDAP: slapd (Mar 8 2017 17:32:20) $ pbuser@ladda:/var/build/temp/tmp.gwUsk6kDX6/pbuilder/openldap-2.4.42+dfsg/debian/build/servers/slapd Apr 06 07:40:33 ucs slapd[3169]: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-sso.chang.ed.xml" Apr 06 07:40:33 ucs slapd[3169]: DIGEST-MD5 common mech free Apr 06 07:40:33 ucs slapd[3135]: Starting ldap server(s): slapd ...failed. Apr 06 07:40:33 ucs slapschema[3172]: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-sso.chang.ed.xml" Apr 06 07:40:33 ucs slapd[3135]: 58e5d4d1 OVER: Loading Translog Overlay 58e5d4d1 OVER: db_init 58e5d4d1 OVER: Configuring Translog Overlay 58e5d4d1 OVER: Configured Translog Overlay to use file "/var/lib/univention-ldap/listener/listener" 58e5d4d1 /etc/ldap/slapd.conf: line 188: unknown attr "@univentionPortalEntry" in to clause 58e5d4d1 <access clause> ::= access to <what> [ by <who> [ <access> ] [ <control> ] ]+ <what> ::= bin boot cdrom dev etc floppy home initrd.img initrd.img.install initrd.img.old lib lib32 lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var vmlinuz vmlinuz.install vmlinuz.old | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>] <attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist> <attrlist> ::= <attr> [ , <attrlist> ] <attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children <who> ::= [ bin boot cdrom dev etc floppy home initrd.img initrd.img.install initrd.img.old lib lib32 lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var vmlinuz vmlinuz.install vmlinuz.old | anonymous | users | self | dn[.<dnstyle>]=<DN> ] [ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ] [dnattr=<attrname>] [realdnattr=<attrname>] [group[/<objectclass>[/<attrname>]][.<style>]=<group>] [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>] [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>] [dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]] [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>] <style> ::= exact | regex | base(Object) <dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact | regex <attrstyle> ::= exact | regex | base(Object) | one(level) | sub(tree) | children <peernamestyle> ::= exact | regex | ip | ipv6 | path <domainstyle> ::= exact | regex | base(Object) | sub(tree) <access> ::= [[real]self]{<level>|<priv>} <level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage <priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+ <control> ::= [ stop | continue | break ] dynacl: <name>=ACI < Apr 06 07:40:33 ucs systemd[1]: slapd.service: control process exited, code=exited status=1 Apr 06 07:40:33 ucs systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol). Apr 06 07:40:33 ucs systemd[1]: Unit slapd.service entered failed state. Apr 06 07:40:33 ucs slapd[3135]: pattern>=<attrname> slapschema: bad configuration file!.
The customer tried to upgrade to 4.2 again. We have now some more information at the ticket. Please have a look at comment 14 and 15.
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.