Could not find any available LDAP server

[Tony Hawker]

Hi

I am using the RCDevs appliance, most settings out of the box, 

when i try to access webadm I get the error "Could not find any available LDAP server"  and that's it, no login or anything like that

I can't find much in the doco that would tell me where to trobuleshoot this, or which logs to check etc

we are just using the default LDAP that comes set up on the appliance

and obviously our tokens are not working any more for the same reason i assume, that the ldap server is not contactable

what is the service name for the RCDevs LDAP server? as i don't see anything like it running 

can anyone point me in the right direction here?

Thanks for your help 

[Administrators]

The service name is slapd. and you can start manually from /opt/slapd/bin/slapd.

You are not the only one to report issues with the directory. We check...

[Tony Hawker]

Hi

sorry my other replies got posted into the wrong thread, I have found the following error logs:

537de47f bdb_db_open: database "": unclean shutdown detected; attempting recovery.

537de47f bdb_db_open: database "": recovery skipped in read-only mode. Run manual recovery if errors are encountered.

537de47f bdb(): BDB0060 PANIC: fatal region error detected; run recovery

537de47f bdb_db_open: database "" cannot be opened, err -30973. Restore from backup!

537de47f backend_startup_one (type=bdb, suffix=""): bi_db_open failed! (-30973)

slap_startup failed (test would succeed using the -u switch)

-bash-3.2#

 i have found that if I run the following it will bring the database back, but only until i try and do something with it, then it seems to corrupt again

cd opt/slapd/data

/opt/slapd/libexec/db_recover

Then after i try to restart the slapd serivce the logs are:

537da3b0 bdb_db_open: database "": unclean shutdown detected; attempting recovery.

537da3b0 bdb_db_open: database "": recovery skipped in read-only mode. Run manual recovery if errors are encountered.

537da3b0 bdb(): BDB0060 PANIC: fatal region error detected; run recovery

537da3b0 bdb_db_open: database "" cannot be opened, err -30973. Restore from backup!

537da3b0 backend_startup_one (type=bdb, suffix=""): bi_db_open failed! (-30973)

-

I have found the LDAP logs, looks like my DB has corrupted

is there a way i can run a recovery as it says?

I don't suppose this system auto backs its self up every so often that i could restore from?

and how do I create a new DB if none of the above work?

So

this seems to recover the DB, but if i try and test a token or anything like that in webadm everything disappears from the LDAP tree, and if I try and restart the slapd service it goes back to the same erros as before

any ideas on why this would be happening?

and is there a way I can export my LDAP db while it working?

[Tony Hawker]

the more I look at this, the more it seems that I can recover the database OK, but Webadm is corrupting it again every time it tries to write to it

any ideas?

--
You received this message because you are subscribed to a topic in the Google Groups "RCDevs Security Solutions - Technical" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rcdevs-technical/vZfxBMvlUCk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rcdevs-technic...@googlegroups.com.
To post to this group, send email to rcdevs-t...@googlegroups.com.
Visit this group at http://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/d/optout.

--
Tud

  _.-_:\
/          \
\ _. --.x/
         v

[Administrators]

WebADM cannot corrupt the database. It only uses the LDAP API.

The problem is elsewhere (not with WebADM).

Either there is a filesystem permission issue or the LDAP is not cleanly shut-down.

Do you use a VM? 

To unsubscribe from this group and all its topics, send an email to rcdevs-technical+unsubscribe@googlegroups.com.
To post to this group, send email to rcdevs-technical@googlegroups.com.

Visit this group at http://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/d/optout.

[Tony Hawker]

Yes I use a VM

It is possible that the LDAP was not shut down correctly, but if I run "/opt/slapd/libexec/db_recover" the slapd service will start again, and I can see all of my LDAP info in webadmn, but as soon as i try and write to the database it goes off line agian

other than running "/opt/slapd/libexec/db_recover" what else can I do to recover this? clearly the data is all there, as I can see it all when the service comes online

is there a way i can export  the database while it is online then impory it into a new one?

To unsubscribe from this group and all its topics, send an email to rcdevs-technic...@googlegroups.com.
To post to this group, send email to rcdevs-t...@googlegroups.com.

Visit this group at http://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/d/optout.

[Administrators]

I think the ldap crashes and then of course the db has to be recovered.

Check permissions. What do you see when you do "ls -al /opt/slapd/"?

You should see groups access for slapd user to the db like:

-rw-r--r-- 1 root root  1.3K Jun  5 18:08 CHANGELOG

-rw-r--r-- 1 root root  1.5K Jun  5 18:08 COPYRIGHT

-rw-r--r-- 1 root root  1.7K Jun  5 18:08 INSTALL

-rw-r--r-- 1 root root  1.6K Jun  5 18:08 README

-rw-r--r-- 1 root root   155 Jun  5 18:08 VERSION

drwxr-xr-x 2 root root  4.0K May  9 22:05 bin

drwxr-x--- 3 root slapd 4.0K May 26 15:19 conf

drwxrwx--- 2 root slapd 4.0K Jun  5 18:18 data

drwx------ 2 root root  4.0K Jun  5 18:18 data.bak

drwxr-xr-x 5 root root  4.0K Jan 26  2011 doc

drwxr-xr-x 3 root root  4.0K Jun  5 18:08 lib

drwxr-xr-x 2 root root  4.0K Apr 23 15:42 libexec

drwxrwx--- 2 root slapd 4.0K Jun  5 18:18 logs

[Tony Hawker]

Hi, here is my output, does this look correct?

drwxr-xr-x 10 root root  4096 Dec 26 21:47 .

drwxr-xr-x  5 root root  4096 Jan 27  2011 ..

drwxr-xr-x  2 root root  4096 Dec 16 22:18 bin

-rw-r--r--  1 root root  1210 Nov 17  2013 CHANGELOG

drwxr-x---  3 root slapd 4096 Dec 12  2013 conf

-rw-r--r--  1 root root  1519 Feb 10  2013 COPYRIGHT

drwxrwx---  2 root slapd 4096 May 23 16:47 data

drwx------  2 root root  4096 May 23 16:46 data.bak

drwxr-xr-x  5 root root  4096 Jan 26  2011 doc

-rw-r--r--  1 root root  1713 Mar 15  2011 INSTALL

drwxr-xr-x  3 root root  4096 Dec 26 21:45 lib

drwxr-xr-x  2 root root  4096 Dec 26 21:47 libexec

drwxrwx---  2 root slapd 4096 May 24 04:02 logs

-rw-r--r--  1 root root  1605 Mar 15  2011 README

-rw-r--r--  1 root root   159 Dec 26 21:47 VERSION

-bash-3.2#

if my db is not in clean shutdown, how do I fix this? the dbrecover only makes it available until webadm tries to write to it

To unsubscribe from this group and all its topics, send an email to rcdevs-technic...@googlegroups.com.
To post to this group, send email to rcdevs-t...@googlegroups.com.

Visit this group at http://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/d/optout.

[Administrators]

One thing  you can try:

Once started - backup the db with /opt/slapd/bin/backup bkp.ldif

Then rm /opt/slapd/data/*

And restore with /opt/slapd/bin/restore bkp.ldif

[Tony Hawker]

Thanks this seems to have gotten the LDAP database working again

Now I am not able to sync any of my tokens any more, I get the message below, does this mean they are all corrupted? is there a way to troubleshoot this?

Could not resynchronize Token

To unsubscribe from this group and all its topics, send an email to rcdevs-technic...@googlegroups.com.
To post to this group, send email to rcdevs-t...@googlegroups.com.

Visit this group at http://groups.google.com/group/rcdevs-technical.
For more options, visit https://groups.google.com/d/optout.

[Administrators]

If it's time-based tokens - the problem is time not set correctly on the mobile or on the server.

But it's certainly time on server.

Check that you run NTPd on the server and that the NTP time syncronization to external time references works as expected.

rpm -q ntp => tells is ntp is installed or not.

Most configuration we see are lacking correct time/timezone settings:

You need correct UTC time (set via NTP) and correct timezone as below.

1) NTP is a standard package installed with "yum install ntp" and activated with "/etc/init.d/ntpd start" & "chkconfig ntpd on" (this is to start at boot time).

2) Set timezone by creating a symlink in /etc/ to the correct timezone file.

Ex. for Paris : "ln -s /usr/share/zoneinfo/Europe/Paris localtime"
And in /opt/webadm/conf/webadm.conf: set time_zone "Europe/Paris"