Bug 47598

Summary: Slave fails to join - ldap/data.mdb missing
Product: UCS Reporter: Philipp Hahn <hahn>
Component: LDAPAssignee: UCS maintainers <ucs-maintainers>
Status: RESOLVED WONTFIX QA Contact: UCS maintainers <ucs-maintainers>
Severity: normal    
Priority: P5 CC: gohmann, hahn, requate, scheinig, schwardt
Version: UCS 4.2   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 1: Will affect a very few installed domains How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.171 Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: 2018080921000496 Bug group (optional): Troubleshooting
Max CVSS v3 score:
Bug Depends on: 41782, 47603    
Bug Blocks:    

Description Philipp Hahn univentionstaff 2018-08-16 14:01:20 CEST 
+++ This bug was initially created as a clone of Bug #41782 +++
A customer tried to join a new UCS Slave, but the local LDAP server does not get started.
Both
> slaptest -f /etc/ldap/slapd.conf
and
> slapschema -f /etc/ldap/slapd.conf
error out with
> mdb_db_open: database "dc=im,dc=dew,dc=ngo" cannot be opened: No such file or directory (2). Restore from backup!
which indicates that /var/lib/univention-ldap/ldap/data.mdb is missing.

On the DC Master that file is supposed to be created by management/univention-ldap/01univention-ldap-server-init.inst, on all other system roles I found no explicit `slapadd` except in "base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/14ldap_basis".

If I manually start
> slapd -f /etc/ldap/slapd.conf -d 1
the missing file is created and afterwards `slaptest` and `slapschema` run fine.

For some yet unknown reason starting the LDAP server slapd seems to fail; I checked the init script and it only runs "slapschema" *after* slapd has been started, but maybe something other prevents the slapd from starting.

$ journalctl -u slapd.service
shows the following interesting events:

First Bug #41782 hits:
>15:26:06 slapd[9469]: Starting ldap server(s): slapd ...failed.
>15:26:06 slapd[9469]: ... 5b7186ee /etc/ldap/slapd.conf: line 118: unknown attr "@univentionVirtualMachine" in to clause ...
>15:26:06 systemd[1]: slapd.service: control process exited, code=exited status=1

The the subsequent start fails because the LMDB files are missing:
>15:26:09 slapd[9546]: Starting ldap server(s): slapd ...failed.
>15:26:09 slapd[9546]: ... 5b7186f1 mdb_db_open: database "dc=im,dc=dew,dc=ngo" cannot be opened: No such file or directory (2). Restore from backup! ...
>15:26:09 systemd[1]: slapd.service: control process exited, code=exited status=1

But I have no idea why that process does not create the missing file itself.
Comment 1 Philipp Hahn univentionstaff 2018-08-17 11:50:51 CEST 
slapd failed to start because the client TLS certificate was empty (0 bytes).

Creating certificates on the master failed because of an empty /etc/univention/ssl/ucsCA/serial file (reason unknown)

Afterwards the join failed again because the first start of slapd tried to apply the /var/lib/univention-directory-replication/failed.ldif from the previous run. (→ Bug #47603)
Comment 2 Ingo Steuwer univentionstaff 2020-07-03 20:53:24 CEST 
This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.