Develop Reference

OpenLDAP Invalid credentials for readonly user

I try to follow this guide https://www.talkingquickly.co.uk/gitea-sso-with-keycloak-openldap-openid-connect to create SSO solution with OpenLDAP and Keycloak. I'm trying to add the readonly user. It should be the same LDIFs as here https://github.com/osixia/docker-openldap/tree/master/image/service/slapd/assets/config/bootstrap/ldif/readonly-user
I apply those LDIFs for the readonly user but I get
$ ldapsearch -x -H ldap://localhost:1389 -b "dc=muellerpublic,dc=de" -D "cn=readonly,dc=muellerpublic,dc=de" "+" -w xxx
Handling connection for 1389
ldap_bind: Invalid credentials (49)
Here are the users/groups:
$ ldapsearch -x -H ldap://localhost:1389 -b "dc=muellerpublic,dc=de" -D "cn=admin,dc=muellerpublic,dc=de" "+" -w xxx
Handling connection for 1389
# extended LDIF
#
# LDAPv3
# base <dc=muellerpublic,dc=de> with scope subtree
# filter: (objectclass=*)
# requesting: +
#
# muellerpublic.de
dn: dc=muellerpublic,dc=de
structuralObjectClass: organization
entryUUID: ce600638-0d8f-103c-8fb1-1558d46de393
creatorsName: cn=admin,dc=muellerpublic,dc=de
createTimestamp: 20220119162257Z
entryCSN: 20220119162257.152328Z#000000#000#000000
modifiersName: cn=admin,dc=muellerpublic,dc=de
modifyTimestamp: 20220119162257Z
entryDN: dc=muellerpublic,dc=de
subschemaSubentry: cn=Subschema
hasSubordinates: TRUE
# users, muellerpublic.de
dn: ou=users,dc=muellerpublic,dc=de
structuralObjectClass: organizationalUnit
entryUUID: ce601dc6-0d8f-103c-8fb2-1558d46de393
creatorsName: cn=admin,dc=muellerpublic,dc=de
createTimestamp: 20220119162257Z
entryCSN: 20220119162257.152933Z#000000#000#000000
modifiersName: cn=admin,dc=muellerpublic,dc=de
modifyTimestamp: 20220119162257Z
entryDN: ou=users,dc=muellerpublic,dc=de
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
# readonly, muellerpublic.de
dn: cn=readonly,dc=muellerpublic,dc=de
structuralObjectClass: organizationalRole
entryUUID: ce60b6a0-0d8f-103c-8fb3-1558d46de393
creatorsName: cn=admin,dc=muellerpublic,dc=de
createTimestamp: 20220119162257Z
entryCSN: 20220119162257.156845Z#000000#000#000000
modifiersName: cn=admin,dc=muellerpublic,dc=de
modifyTimestamp: 20220119162257Z
entryDN: cn=readonly,dc=muellerpublic,dc=de
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
Here are the LDIFs created:
20-readonly-user.ldif: |
# Paths
dn: cn=readonly,dc=muellerpublic,dc=de
changetype: add
cn: readonly
objectClass: simpleSecurityObject
objectClass: organizationalRole
userPassword: {SSHA}5Y0mPhzRCYDBRltdvF6hp+m0DWgPTdjD
description: LDAP read only user
21-readonly-user-acl.config.ldif: |
dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=muellerpublic,dc=de" write by anonymous auth by * none
olcAccess: to * by self read by dn="cn=admin,dc=muellerpublic,dc=de" write by dn="cn=readonly,dc=muellerpublic,dc=de" read by * none

WSO2 API Manager(2.1.0) solr issue: undefined field

In WSO2 APIM-2.1.0 I'm facing solrException as: ERROR {org.apache.solr.core.SolrCore} - org.apache.solr.common.SolrException: undefined field c/o
Due to above issue, unable to view API listing & Application Listing in /store url.
I will give background of why above issue is happening:
(For all below steps I've referred this documentation.
1. I've created couple of applications (around 1000) using Create New Application.
2. Generated the keys for newly created application using Generate Keys for Application.
3. Subscribed these application to the existing APIs using Subscription.
Performed above steps for 1000 applications, I'm able to regenerate tokens, get details of it & make an API calls using keys. This all is happening without errors using API (not from UI).
After that I realized that WSO2-APIM-1.9.0 was throwing an error for creating applications with special characters like '/', ','. Because in exception it mentioned that undefined field c/o, I've added c/o in many application names as XYZ Inc c/o.
Next debug step I've performed is to remove / from all application names wherever exist, so updated AM_APPLICATION table.
Also updated same thing in UM_HYBRID_ROLE table.
But somehow I'm unable to see these entries in UM_ROLE_PERMISSION table.
After performing I'm seeing the error as org.apache.solr.common.SolrException: undefined field co. This made me realize that error is associated with UM_ROLE_PERMISSION.
What will be my next step to solve this issue ?
Here is the complete stack trace I'm getting as soon as logged in to /store:
TID: [-1234] [] [2018-03-02 12:21:00,189] INFO {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} - Permission cache updated for tenant -1234 {org.wso2.carbon.core.internal.permission.update.PermissionUpdater}
TID: [-1234] [] [2018-03-02 12:21:00,532] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2018-03-02 12:21:00,531-0600] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1234] [] [2018-03-02 12:21:06,575] ERROR {org.apache.solr.core.SolrCore} - org.apache.solr.common.SolrException: undefined field co
at org.apache.solr.schema.IndexSchema.getDynamicFieldType(IndexSchema.java:1298)
at org.apache.solr.schema.IndexSchema$SolrQueryAnalyzer.getWrappedAnalyzer(IndexSchema.java:444)
at org.apache.lucene.analysis.DelegatingAnalyzerWrapper$DelegatingReuseStrategy.getReusableComponents(DelegatingAnalyzerWrapper.java:74)
at org.apache.lucene.analysis.Analyzer.tokenStream(Analyzer.java:172)
at org.apache.lucene.util.QueryBuilder.createFieldQuery(QueryBuilder.java:199)
at org.apache.solr.parser.SolrQueryParserBase.newFieldQuery(SolrQueryParserBase.java:370)
at org.apache.solr.parser.SolrQueryParserBase.getFieldQuery(SolrQueryParserBase.java:753)
at org.apache.solr.parser.SolrQueryParserBase.handleBareTokenQuery(SolrQueryParserBase.java:537)
at org.apache.solr.parser.QueryParser.Term(QueryParser.java:299)
at org.apache.solr.parser.QueryParser.Clause(QueryParser.java:185)
at org.apache.solr.parser.QueryParser.Query(QueryParser.java:139)
at org.apache.solr.parser.QueryParser.Clause(QueryParser.java:189)
at org.apache.solr.parser.QueryParser.Query(QueryParser.java:107)
at org.apache.solr.parser.QueryParser.TopLevelQuery(QueryParser.java:96)
at org.apache.solr.parser.SolrQueryParserBase.parse(SolrQueryParserBase.java:151)
at org.apache.solr.search.LuceneQParser.parse(LuceneQParser.java:50)
at org.apache.solr.search.QParser.getQuery(QParser.java:141)
at org.apache.solr.handler.component.QueryComponent.prepare(QueryComponent.java:203)
at org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHandler.java:229)
at org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:143)
at org.apache.solr.core.SolrCore.execute(SolrCore.java:2064)
at org.apache.solr.client.solrj.embedded.EmbeddedSolrServer.request(EmbeddedSolrServer.java:179)
at org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:135)
at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:943)
at org.apache.solr.client.solrj.SolrClient.query(SolrClient.java:958)
at org.wso2.carbon.registry.indexing.solr.SolrClient.query(SolrClient.java:613)
at org.wso2.carbon.registry.indexing.solr.SolrClient.query(SolrClient.java:528)
at org.wso2.carbon.registry.indexing.service.ContentBasedSearchService.searchContentInternal(ContentBasedSearchService.java:166)
at org.wso2.carbon.registry.indexing.service.ContentBasedSearchService.searchByAttribute(ContentBasedSearchService.java:279)
at org.wso2.carbon.registry.indexing.internal.IndexingServiceComponent$AttributeSearchServiceImpl.search(IndexingServiceComponent.java:162)
at org.wso2.carbon.registry.indexing.internal.IndexingServiceComponent$AttributeSearchServiceImpl.search(IndexingServiceComponent.java:175)
at org.wso2.carbon.registry.indexing.internal.IndexingServiceComponent$AttributeSearchServiceImpl.search(IndexingServiceComponent.java:189)
at org.wso2.carbon.registry.indexing.internal.IndexingServiceComponent$AttributeSearchServiceImpl.search(IndexingServiceComponent.java:156)
at org.wso2.carbon.governance.api.util.GovernanceUtils.performAttributeSearch(GovernanceUtils.java:2118)
at org.wso2.carbon.governance.api.util.GovernanceUtils.findGovernanceArtifacts(GovernanceUtils.java:2016)
at org.wso2.carbon.apimgt.impl.APIConsumerImpl.getAllPaginatedAPIsByStatus(APIConsumerImpl.java:573)
at org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.getAllPaginatedAPIsByStatus(UserAwareAPIConsumer.java:36)
at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.getPaginatedAPIsByStatus(APIStoreHostObject.java:1739)
at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getAllPaginatedAPIs(APIStoreHostObject.java:1669)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
at org.jaggeryjs.rhino.store.modules.api.c1._c_anonymous_5(/store/modules/api/api.jag:136)
at org.jaggeryjs.rhino.store.modules.api.c1.call(/store/modules/api/api.jag)
at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430)
at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269)
at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97)
at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
at org.jaggeryjs.rhino.store.modules.api.c0._c_anonymous_16(/store/modules/api/module.jag:54)
at org.jaggeryjs.rhino.store.modules.api.c0.call(/store/modules/api/module.jag)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
at org.jaggeryjs.rhino.store.site.blocks.api.api_listing_all.c0._c_anonymous_3(/store/site/blocks/api/api-listing-all/block.jag:74)
at org.jaggeryjs.rhino.store.site.blocks.api.api_listing_all.c0.call(/store/site/blocks/api/api-listing-all/block.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.store.jagg.c0._c_anonymous_26(/store/jagg/jagg.jag:232)
at org.jaggeryjs.rhino.store.jagg.c0.call(/store/jagg/jagg.jag)
at org.mozilla.javascript.optimizer.OptRuntime.callName(OptRuntime.java:63)
at org.jaggeryjs.rhino.store.jagg.c0._c_anonymous_51(/store/jagg/jagg.jag:682)
at org.jaggeryjs.rhino.store.jagg.c0.call(/store/jagg/jagg.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.store.site.themes.wso_2.templates.api.listing.c0._c_anonymous_1(/store/site/themes/wso2/templates/api/listing/template.jag:16)
at org.jaggeryjs.rhino.store.site.themes.wso_2.templates.api.listing.c0.call(/store/site/themes/wso2/templates/api/listing/template.jag)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
at org.jaggeryjs.rhino.store.jagg.c0._c_anonymous_26(/store/jagg/jagg.jag:243)
at org.jaggeryjs.rhino.store.jagg.c0.call(/store/jagg/jagg.jag)
at org.mozilla.javascript.optimizer.OptRuntime.callName(OptRuntime.java:63)
at org.jaggeryjs.rhino.store.jagg.c0._c_anonymous_52(/store/jagg/jagg.jag:698)
at org.jaggeryjs.rhino.store.jagg.c0.call(/store/jagg/jagg.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.store.site.themes.wso_2.templates.layout.base.c0._c_anonymous_1(/store/site/themes/wso2/templates/layout/base/template.jag:42)
at org.jaggeryjs.rhino.store.site.themes.wso_2.templates.layout.base.c0.call(/store/site/themes/wso2/templates/layout/base/template.jag)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
at org.jaggeryjs.rhino.store.jagg.c0._c_anonymous_26(/store/jagg/jagg.jag:243)
at org.jaggeryjs.rhino.store.jagg.c0.call(/store/jagg/jagg.jag)
at org.mozilla.javascript.optimizer.OptRuntime.callName(OptRuntime.java:63)
at org.jaggeryjs.rhino.store.jagg.c0._c_anonymous_52(/store/jagg/jagg.jag:695)
at org.jaggeryjs.rhino.store.jagg.c0.call(/store/jagg/jagg.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.store.site.themes.wso_2.templates.page.base.c0._c_anonymous_1(/store/site/themes/wso2/templates/page/base/template.jag:70)
at org.jaggeryjs.rhino.store.site.themes.wso_2.templates.page.base.c0.call(/store/site/themes/wso2/templates/page/base/template.jag)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)
at org.jaggeryjs.rhino.store.jagg.c0._c_anonymous_50(/store/jagg/jagg.jag:678)
at org.jaggeryjs.rhino.store.jagg.c0.call(/store/jagg/jagg.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.store.site.pages.c0._c_anonymous_1(/store/site/pages/list-apis.jag:24)
at org.jaggeryjs.rhino.store.site.pages.c0.call(/store/site/pages/list-apis.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
at org.jaggeryjs.rhino.store.site.pages.c0._c_script_0(/store/site/pages/list-apis.jag:10)
at org.jaggeryjs.rhino.store.site.pages.c0.call(/store/site/pages/list-apis.jag)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
at org.jaggeryjs.rhino.store.site.pages.c0.call(/store/site/pages/list-apis.jag)
at org.jaggeryjs.rhino.store.site.pages.c0.exec(/store/site/pages/list-apis.jag)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
at org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588)
at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508)
at org.jaggeryjs.jaggery.core.JaggeryServlet.doGet(JaggeryServlet.java:24)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
{org.apache.solr.core.SolrCore}

I've found the solution to above problem. The issue was coming because WSO2-APIM unable to generate correct solr query, when Application Name contains : character.
I removed : from table AM_APPLICATION (column Name: NAME) & from table UM_HYBRID_ROLE (column name: UM_ROLE_NAME).
Then I've performed following steps:
stopped the WSO2-APIM
deleted solr directory
Rename the <lastAccessTimeLocation> element in the <APIM_2.0.0_HOME>/repository/conf/registry.xml file. If you use a clustered/distributed API Manager setup, change the file in the API Publisher node.
For example, change the
/_system/local/repository/components/org.wso2.carbon.registry/indexing/lastaccesstime registry path to
/_system/local/repository/components/org.wso2.carbon.registry/indexing/lastaccesstime_1.
This has solved my problem. But now I ran into another performance issue.

OpenLdap "Server is unwilling to perform (53) additional info: no global superior knowledge"

I am new in Ldap, and I can't understand why is giving me that error, when I try to import that file.
I've tried this command:
ldapadd -h elara.alu.com -x -W -D "cn=Manager,dc=alu,dc=com" -f /root/usersFromDavid.ldif
And my olcDatabase={2}bdb.ldif look like this:
#CRC32 dd2c457a
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=alu,dc=com
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Manager,dc=alu,dc=com
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 7f7892aa-66a8-1034-968b-61cac64128b9
creatorsName: cn=config
createTimestamp: 20150324193414Z
entryCSN: 20150324193414.304614Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150324193414Z
olcRootPW: {SSHA}Ih6JIB2w69nqoZksZsa46ORHNnHBKNbI
olcTLSCertificateFile: /etc/pki/tls/certs/example.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/examplekey.pem
I tried to add:
dn: o=users
objectclass: extensibleObject
objectclass: top
objectclass: domain
dc: users
o: users
dn: ou=People,o=users,cn=Manager, dc=alu, dc=com
objectclass: top
objectclass: organizationalunit
ou: People
dn: uid=caterinca,ou=People,o=users,cn=Manager, dc=alu, dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
cn: Caterinca
sn: Caterinca
description: enabled
mail: caterinca#caterinca
title: admin
uid: caterinca
userPassword:: e1NTSEF9Nk0vd2tUY3JSdEpiZUZWU2RzYWszbjhlVWV2eEk4aitCb3psNGc9P

Error install OpenLdap for RedHat6(checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif")

I tried to install OpenLdap for linux redhat6, but i recive an error and looks like this
"5511c732 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
below is the code
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 03c4de5f
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externa
l,cn=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 7f788d0a-66a8-1034-968a-61cac64128b9
creatorsName: cn=config
createTimestamp: 20150324193414Z
entryCSN: 20150324193414.304614Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150324193414Z
and
5511c732 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif"
below is the code :
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 dd2c457a
dn: olcDatabase={2}bdb
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {2}bdb
olcSuffix: dc=example,dc=com
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=Manager,dc=example,dc=com
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 1024 15
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass pres,eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: uidNumber pres,eq
olcDbIndex: gidNumber pres,eq
olcDbIndex: ou pres,eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbIndex: memberUid pres,eq,sub
olcDbIndex: loginShell pres,eq
olcDbIndex: nisMapName pres,eq,sub
olcDbIndex: nisMapEntry pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 7f7892aa-66a8-1034-968b-61cac64128b9
creatorsName: cn=config
createTimestamp: 20150324193414Z
entryCSN: 20150324193414.304614Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20150324193414Z
olcRootPW: {SSHA}dGaM0fyxrjotXLEKz8Jjl5yoBhpNxLXX
olcTLSCertificateFile: /etc/pki/tls/certs/example.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/examplekey.pem
At first error I had modified dn.base="cn=Manager,dc=my-domain,dc=com" =>Manager was with low letter dn.base="cn=manager,dc=my-domain,dc=com"
Second error: - olcSuffix: dc=example,dc=com => was olcSuffix: dc=my-domain,dc=com
- olcRootPW: {SSHA}dGaM0fyxrjotXLEKz8Jjl5yoBhpNxLXX (add)
- olcTLSCertificateFile: /etc/pki/tls/certs/example.pem (add)
- olcTLSCertificateKeyFile: /etc/pki/tls/certs/examplekey.pem(add)

Try the below settings:
vim /etc/profile
press SHIFT + g key combination to go to EOF and add export LC_ALL="en_US.UTF-8"
source /etc/profile

OpenLdap Master / Master Replication Stops When Node Goes Offline

I'm currently using Ubuntu 10.04 (I've set this up on RHEL 5.x but the config is way different in Ubuntu).
Anyway, at first I figured I had everything working. When I made an update to ldap01 I immediately saw the change on ldap02. However, if I take down slapd on ldap02 (or 01) and I add LDAP entries into ldap01, then bring ldap02's slapd process back online I never see the entries created while slapd was down on ldap02. New entries continue to propigate between ldap01 and ldap02 and long as both servers have the slapd process running, but the entries created when slapd was down on ldap02 never propagate to 02.
Here are my configs and ldap versions:
ii slapd 2.4.21-0ubuntu5.7 OpenLDAP server (slapd)
---- /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif -----
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 deacdc79
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=example,dc=net" write by * none
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=net" write b
y * read
structuralObjectClass: olcDatabaseConfig
entryUUID: 19eb3cc6-3898-1031-954c-351a2fbb42e9
creatorsName: cn=config
createTimestamp: 20120522202605Z
olcSyncrepl: {0}rid=001 provider="ldap://ldap-01:389" type=refreshAndPer
sist retry="5 5 300 +" searchbase="cn=config" attrs="*,+" bindmethod=simple b
inddn="cn=admin,dc=example,dc=net" credentials="secret"
olcSyncrepl: {1}rid=002 provider="ldap://ldap-02:389" type=refreshAndPer
sist retry="5 5 300 +" searchbase="cn=config" attrs="*,+" bindmethod=simple b
inddn="cn=admin,dc=example,dc=net" credentials="secret"
olcMirrorMode: TRUE
entryCSN: 20120528195647.027315Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20120528195647Z
---- /etc/ldap/slapd.d/cn=config/olcDatabase={0}config/olcOverlay={0}syncprov.ldif ----
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 807029fa
dn: olcOverlay={0}syncprov
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 3be00cb6-3dee-1031-8f60-519aa1b6f74f
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20120529152514Z
entryCSN: 20120529152514.987191Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20120529152514Z
---- /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif ----
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 1b0a3130
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=net
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=example,dc=net" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=net" write b
y * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=example,dc=net
olcRootPW:: e1NTSEF9Ni9IZWJCczRTbmJQYlc4NHFOMWxHWUI5NVNoVUl4U20=
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
structuralObjectClass: olcHdbConfig
entryUUID: 19ebfdc8-3898-1031-9554-351a2fbb42e9
creatorsName: cn=config
createTimestamp: 20120522202605Z
olcSyncrepl: {0}rid=001 provider="ldap://ldap-01:389" type=refreshAndPer
sist retry="5 5 300 +" searchbase="dc=example,dc=net" attrs="*,+" bindmeth
od=simple binddn="cn=admin,dc=example,dc=net" credentials="secret"
olcSyncrepl: {1}rid=002 provider="ldap://ldap-02:389" type=refreshAndPer
sist retry="5 5 300 +" searchbase="dc=example,dc=net" attrs="*,+" bindmeth
od=simple binddn="cn=admin,dc=example,dc=net" credentials="secret"
olcMirrorMode: TRUE
entryCSN: 20120528195647.026244Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20120528195647Z
----- /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb/olcOverlay={0}syncprov.ldif ----
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 807029fa
dn: olcOverlay={0}syncprov
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov
olcSpNoPresent: TRUE
structuralObjectClass: olcSyncProvConfig
entryUUID: 3be00cb6-3dee-1031-8f60-519aa1b6f74f
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20120529152514Z
entryCSN: 20120529152514.987191Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20120529152514Z

Upgraded my version of OpenLDAP and my problem went away