View Issue Details

IDProjectCategoryView StatusLast Update
0005494CentOS-6openldappublic2012-07-13 18:03
PrioritynormalSeveritymajorReproducibilityhave not tried
Status feedbackResolutionopen 
Platformx86_64OSCentOSOS Version6.0
Product Version6.0 
Target VersionFixed in Version 
Summary0005494: Upgrading from openldap-servers (<=2.4.19-15) with data stored in berkeley database will break openldap service
DescriptionOpenldap ( openldap-servers-2.4.19-15.el6_0.2.x86_64 ) on CentOS 6 is packaged with a db4 library ( /usr/lib64/ )
When upgrading with yum to a newer openlsap-servers package, the included db library is gone and ldap will use the systems db4 libraries. But the db4 packages for Centos are still at 4.7 (As far as I can see, also in CentOS 6.1 and CentOs 6.2 - os and updates)

So when upgrading to a newer openldap-servers and you are using the berkeley database for ldap storage, you will get a error message when the ldap service is restarted:

bdb(dc=xxx,dc=xxx): Program version 4.7 doesn't match environment version 4.8

And ldap is not able to start the service.

Because at that moment there are no berkeley 4.8 libraries anymore on the system, you can't do db_dump / db_hotbackup access your data.

I tried to find out of this problem also exists in RHEL, but could not find any information. In I do see that the openldap package lost some weight between 2.4.19-15 and 2.4.23-15 and the db4 source package is still at 4.7, so i assume the problem also exists upstream.
Steps To Reproduce1) Install CentOS 6.0 with openldapservers <= 2.4.19-15.
2) Setup ldap with berkeley database.
3) Upgrade to a newer openldap.
Additional InformationThe workaround I did was to do a yum downgrade openldap-servers

Maybe you need to downgrade a few times to get back to openldap-servers 2.4.19-15, which still includes the db4 library

Another workaround would be to backup the database before upgrading (or after downgrading back to the 2.4.19-15 version) then upgrade and restore the database with the db4 4.7 tools (I did not do that)

I had this issue already some weeks ago, but yesterday I talked to someone on fosdem, and told me this was not a known issue and a bug report should be submitted.
TagsNo tags attached.




2012-02-06 22:38

administrator   ~0014415

This is an upstream error and CentOS directly mirrors RHEL with this issue:

We will fix it when they fix it.

In the mean time, you should be able to do a something like this:

slapcat > slapcat.out

THEN update, then:

remove all the database info in /var/lib/ldap


slapadd -l ~/slapcat.out

You will then need to chown ldap.ldap all the files before restarting ldap ... that should export the data (into ldif format) and import it into the older bdb version.


2012-02-07 08:58

administrator   ~0014416

Thanks exarv for having reported that here (as discussed at the CentOS booth during Fosdem 2012) ;-)


2012-07-13 18:03

manager   ~0015428

According to the upstream notes this looks like the above mentioned behaviour is intentional and won't change/get fixed.

Issue History

Date Modified Username Field Change
2012-02-06 08:25 exarv New Issue
2012-02-06 22:38 JohnnyHughes Note Added: 0014415
2012-02-07 08:58 arrfab Note Added: 0014416
2012-07-13 18:03 tigalch Note Added: 0015428
2012-07-13 18:03 tigalch Status new => feedback