View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005494||CentOS-6||openldap||public||2012-02-06 08:25||2012-07-13 18:03|
|Priority||normal||Severity||major||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Summary||0005494: Upgrading from openldap-servers (<=2.4.19-15) with data stored in berkeley database will break openldap service|
|Description||Openldap ( openldap-servers-2.4.19-15.el6_0.2.x86_64 ) on CentOS 6 is packaged with a db4 library ( /usr/lib64/libslapd_db-4.8.so )|
When upgrading with yum to a newer openlsap-servers package, the included db library is gone and ldap will use the systems db4 libraries. But the db4 packages for Centos are still at 4.7 (As far as I can see, also in CentOS 6.1 and CentOs 6.2 - os and updates)
So when upgrading to a newer openldap-servers and you are using the berkeley database for ldap storage, you will get a error message when the ldap service is restarted:
bdb(dc=xxx,dc=xxx): Program version 4.7 doesn't match environment version 4.8
And ldap is not able to start the service.
Because at that moment there are no berkeley 4.8 libraries anymore on the system, you can't do db_dump / db_hotbackup access your data.
I tried to find out of this problem also exists in RHEL, but could not find any information. In ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ I do see that the openldap package lost some weight between 2.4.19-15 and 2.4.23-15 and the db4 source package is still at 4.7, so i assume the problem also exists upstream.
|Steps To Reproduce||1) Install CentOS 6.0 with openldapservers <= 2.4.19-15.|
2) Setup ldap with berkeley database.
3) Upgrade to a newer openldap.
|Additional Information||The workaround I did was to do a yum downgrade openldap-servers|
Maybe you need to downgrade a few times to get back to openldap-servers 2.4.19-15, which still includes the db4 library
Another workaround would be to backup the database before upgrading (or after downgrading back to the 2.4.19-15 version) then upgrade and restore the database with the db4 4.7 tools (I did not do that)
I had this issue already some weeks ago, but yesterday I talked to someone on fosdem, and told me this was not a known issue and a bug report should be submitted.
|Tags||No tags attached.|
This is an upstream error and CentOS directly mirrors RHEL with this issue:
We will fix it when they fix it.
In the mean time, you should be able to do a something like this:
slapcat > slapcat.out
THEN update, then:
remove all the database info in /var/lib/ldap
slapadd -l ~/slapcat.out
You will then need to chown ldap.ldap all the files before restarting ldap ... that should export the data (into ldif format) and import it into the older bdb version.
|Thanks exarv for having reported that here (as discussed at the CentOS booth during Fosdem 2012) ;-)|
|According to the upstream notes this looks like the above mentioned behaviour is intentional and won't change/get fixed.|