[Pkg-openldap-devel] Bug#394887: Index-Files are created as root

Thorsten Schmidt meine_mailings at web.de
Mon Oct 23 18:48:53 CEST 2006 

Package: slapd
Version: 2.3.27-1
Severity: Important

Hello,

I noticed that I (slapd? slapindex?) created some index files owned by root by 
accident after introducing new index-directives for samba in slapd.conf

effect:
bdb_db_open: dbenv_open(/var/lib/ldap)
bdb_db_open: Database cannot be opened, err 13. Restore from backup!
====> bdb_cache_release_all
bdb(dc=schule): DB_ENV->lock_id_free interface requires an environment 
configured for the locking subsystem
bdb(dc=schule): txn_checkpoint interface requires an environment configured 
for the transaction subsystem
bdb_db_close: txn_checkpoint failed: Invalid argument (22)
backend_startup_one: bi_db_open failed! (13)
slapd shutdown: initiated

cause:
rw-r--r-- 1 openldap openldap 4,0K 2006-10-23 18:03 alock
-rw------- 1 openldap openldap 344K 2006-10-23 17:53 cn.bdb
-rw------- 1 root     root     8,0K 2006-10-23 17:59 __db.001
-rw------- 1 root     root     2,6M 2006-10-23 17:59 __db.002
-rw------- 1 root     root      96K 2006-10-23 17:59 __db.003
-rw------- 1 root     root     552K 2006-10-23 17:59 __db.004
-rw------- 1 root     root      24K 2006-10-23 17:59 __db.005
-rw-r--r-- 1 openldap openldap   96 2006-10-12 22:41 DB_CONFIG
-rw------- 1 openldap openldap 500K 2006-10-23 17:59 dn2id.bdb
-rw------- 1 openldap openldap  24K 2006-10-23 17:53 gidNumber.bdb
-rw------- 1 root     root     696K 2006-10-23 17:53 givenName.bdb
-rw------- 1 openldap openldap 4,3M 2006-10-23 17:59 id2entry.bdb
-rw------- 1 openldap openldap  10M 2006-10-18 11:58 log.0000000001
-rw------- 1 openldap openldap  10M 2006-10-18 12:02 log.0000000002
-rw------- 1 openldap openldap  10M 2006-10-18 12:05 log.0000000003
-rw------- 1 openldap openldap  10M 2006-10-18 12:07 log.0000000004
-rw------- 1 openldap openldap  10M 2006-10-18 12:10 log.0000000005
-rw------- 1 openldap openldap  10M 2006-10-18 12:14 log.0000000006
-rw------- 1 openldap openldap  10M 2006-10-18 12:21 log.0000000007
-rw------- 1 openldap openldap  10M 2006-10-18 12:23 log.0000000008
-rw------- 1 openldap openldap  10M 2006-10-18 12:25 log.0000000009
-rw------- 1 openldap openldap  10M 2006-10-18 12:26 log.0000000010
-rw------- 1 openldap openldap  10M 2006-10-18 12:31 log.0000000011
-rw------- 1 openldap openldap  10M 2006-10-18 12:45 log.0000000012
-rw------- 1 openldap openldap  10M 2006-10-18 12:49 log.0000000013
-rw------- 1 openldap openldap  10M 2006-10-18 12:51 log.0000000014
-rw------- 1 openldap openldap  10M 2006-10-18 12:53 log.0000000015
-rw------- 1 openldap openldap  10M 2006-10-18 12:55 log.0000000016
-rw------- 1 openldap openldap  10M 2006-10-18 12:56 log.0000000017
-rw------- 1 openldap openldap  10M 2006-10-18 12:58 log.0000000018
-rw------- 1 openldap openldap  10M 2006-10-18 13:07 log.0000000019
-rw------- 1 openldap openldap  10M 2006-10-19 22:17 log.0000000020
-rw------- 1 openldap openldap  10M 2006-10-23 17:53 log.0000000021
-rw------- 1 root     root     5,1M 2006-10-23 17:59 log.0000000022
-rw------- 1 openldap openldap  68K 2006-10-23 17:53 memberUid.bdb
-rw------- 1 openldap openldap 164K 2006-10-23 17:59 objectClass.bdb
-rw------- 1 openldap openldap 8,0K 2006-10-23 17:53 sambaDomainName.bdb
-rw------- 1 root     root      24K 2006-10-23 17:53 sambaPrimaryGroupSID.bdb
-rw------- 1 openldap openldap  44K 2006-10-23 17:53 sambaSID.bdb
-rw------- 1 root     root     344K 2006-10-23 17:53 sn.bdb
-rw------- 1 openldap openldap  40K 2006-10-23 17:59 uid.bdb
-rw------- 1 openldap openldap  40K 2006-10-23 17:59 uidNumber.bdb

Saldy I cannot say, what exactly caused this, because I'm quite new in LDAP. 
What I've done is:
1st Modifying slapd.conf based on the smbldap-tools suggestions
2nd Restarted sldapd, noticed it didn't worked.
3rd Run slapindex as root, since is what introduced as index building utility
4th Noticed, that slapd still didn't start
5th Turned debugging on
6th Noticed potential permission / read trouble by checking /var/lib/ldap
7th chown openldap.openldap *
8th problem solved.

However, even if I've done terrible wrong by running slapindex as root, I 
strongly recommend showing a warning message if slapindex is up to produce an 
inconsistent database (database, that openldap is unable to read by debian 
defaults).

Btw. I've set serverity: important, since inconsitent LDAP-DBs might cause 
system to fail as a whole. Feel free to set it to wishlist.

Greets,
Thorsten.

More information about the Pkg-openldap-devel mailing list