I keep getting the following error on restart of the opendj service. bin/stop-ds --restart.
[20/Dec/2022:15:32:30 -0500] category=CORE severity=NOTICE msgID=134 msg=OpenDJ Server 4.4.11 (build 20210621115558, revision number 3f83673) starting up
[20/Dec/2022:15:32:30 -0500] category=CONFIG severity=WARNING msgID=761 msg=The config schema file '04-rfc2307bis.ldif' generated warning when trying to update schema with its content: [Unable to register attribute type name with the server schema because its OID 2.5.4.41 conflicts with the OID of an existing attribute type name]
bin/stop-ds --restart
egrep -R 2.5.4.41 /opt/opendj/config/schema
04-rfc2307bis.ldif:attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-SCHEMA-FILE '00-core.ldif' )
00-core.ldif:attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-SCHEMA-FILE '00-core.ldif' )
I've tried removing the duplicate attributeType with ldapmodify and manually removing from the schema files. The duplicates always come back.
Expected behavior
When restarting OpenDJ, there should be normal output and no WARNINGS about duplicate OIDs.
OS: RHEL 7.9
Version: 4.4.11
Additional context
I noticed the file /opt/opendj/config/upgrade/schem.ldif.current was not synced with my replica. I removed both files and created empty ones. Restart OpenDJ, the error goes away for a few minutes then comes back every time. What can I do to resolve this?
Sorry for any confusion. I believe I've solved this as a "user error".
I had a custom schema file not prepended with "99-". After adding the correct prefix things seem to be working as expected. Closing.
Related
I have configured an openLDAP server for testing purposes and am trying to add a few users from the actual LDAP server. The problem is that they have some attributes that are not defined in the default object classes- top, person or organizationalPerson. So I am trying to define my own object class- user with one new attribute for start called instanceType. This is the schema file I created- object_class.schema:
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.6
NAME 'instanceType'
DESC 'instanceType attribute'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.42.2.27.4.2.1
NAME 'user'
DESC 'user object'
SUP top
STRUCTURAL
MUST ( cn $ instanceType ) )
I also created object_class.conf:
include /ldap-data/object_class.schema
After that I am running slaptest -f /ldap-data/object_class.conf -F /ldap-data/schemas/ which produces the following file- /ldap-data/schemas/cn=config/cn=schema/cn={0}object_class.ldif
I am stopping the slapd service but when I run slapadd -l /ldap-data/schemas/cn\=config/cn\=schema/cn\=\{0\}object_class.ldif -n 0
I receive:
slapadd: line 1: database #0 (cn=config) not configured to hold "cn={0}object_class"; no database configured for that naming context
_#################### 100.00% eta none elapsed none fast!
Closing DB...
Is my schema wrong? I tried finding the attributes for the "user" data class which I thought are standard but I couldn't.
CREATE DATABASE test.fdb -user ZZZZZ -password *******;
I am using above command to create a database for my project in windows 7. I am new to Firebird SQL, I used my system credentials for log in but it is showing some error. So, How can I reset my password?
SQL error code = -104
Token unknown.
I don't even know the significance of SQLCODE = -104.
The error shown is not caused by not knowing the database password, you have a syntax error in the CREATE DATABASE statement. The error Token unknown means that the statement parser read something it didn't expect; the error is usually followed by the offending token.
If I execute your statement using ISQL on Firebird 3.0, I get the following full error:
SQL> CREATE DATABASE test.fdb -user SYSDBA -password *******;
Statement failed, SQLSTATE = 42000
SQL error code = -104
-Token unknown
-test
Which means that at (or before) test something in your query is wrong.
The right syntax for CREATE DATABASE is:
CREATE {DATABASE | SCHEMA} '<filespec>'
[USER 'username' [PASSWORD 'password']]
[PAGE_SIZE [=] size]
[LENGTH [=] num [PAGE[S]]
[SET NAMES 'charset']
[DEFAULT CHARACTER SET default_charset
[COLLATION collation]] -- not supported in ESQL
[<sec_file> [<sec_file> ...]]
[DIFFERENCE FILE 'diff_file']; -- not supported in ESQL
<filespec> ::= [<server_spec>]{filepath | db_alias}
<server_spec> ::= servername [/{port|service}]: | \\servername\
<sec_file> ::= FILE 'filepath'
[LENGTH [=] num [PAGE[S]] [STARTING [AT [PAGE]] pagenum]
In other words your statement should be:
create database 'test.fdb' user SYSDBA password '*******';
So:
Quotes around the path to the database file (or alias)
No - before the user and password clause
Quotes around the password (contrary to the syntax shown, quotes are optional around the user name)
As an aside, the SQL error code is usually not very interesting (as some of them can cover several different errors).
I'm currently implementing a pwdCheckModule library for Openldap version 2.4.14 (Version cannot be changed). During that I'd like to read some attributes from the LDAP database. One of these attributes is called pcpMinNumberLowerUpper and holds minimum number of lower and/or upper characters. The attribute should be part of an already existing objectClass called pwdPolicy located under the cn:schema which already has some other attributes like pwdMaxAge etc.
I'd like to use the ldapmodify terminal command in order to add the attribute to the already existing LDAP database. The command I'v just used looks like the following:
ldapmodify -h localhost -p 389 -D "cn=Administrator,dc=<mydc>,dc=<mydc>..." -w "<mysecret>" -x -f pcp_attribute_upgrade.ldif
The corresponding ldif-file has the following content:
dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.42.2.27.8.1.18 NAME 'pcpMinNumberLowerUpper' DESC 'Minimum of upper or lower characters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUED USAGE userApplications )
Now, if I execute the command above it raises the following error message to the terminal output:
ldap_start_tls: Protocol error (2)
additional info: unsupported extended operation
modifying entry "cn=schema"
ldap_modify: Invalid syntax (21)
additional info: attributetypes: value #0 invalid per syntax
I already tried to use olcAttributeTypes instead of attributeTypes but it did not help. Any help would be nice :-)
Thanks in advance,
Flo
With default OpenLdap configuration, for schema modification usually you have to use external authentication from local ldap servers root account:
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f pcp.ldif
and pcp.ldif should be:
dn: cn=schema,cn=config
changetype: modify
add: olcAttributetypes
olcAttributetypes: ( 1.3.6.1.4.1.42.2.27.8.1.18 NAME 'pcpMinNumberLowerUpper' DESC 'Minimum of upper or lower characters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications )
(changed dn, "attributeTypes" replaced to "olcAttributetypes" and "SINGLE-VALUED" to "SINGLE-VALUE")
The keyword for single valued attribute is SINGLE-VALUE, as reported when trying to add the schema definition to the OpenDJ LDAP directory server :
The provided value "( 1.3.6.1.4.1.42.2.27.8.1.18 NAME
'pcpMinNumberLowerUpper' DESC 'Minimum of upper or lower characters'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUED USAGE
userApplications )"could not be parsed as a valid attribute type
description because it contains an illegal token "SINGLE-VALUED"
Change it as below and it'll work.
dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.42.2.27.8.1.18 NAME 'pcpMinNumberLowerUpper' DESC 'Minimum of upper or lower characters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications )
I am trying to set up an openLDAP LDAP on Ubuntu 14.04, and I would like to add a custom schema to the dynamic ldap conf. As I understood, I have to add dynamically a ldif entry to my ldap, under the DN: cn=myCustomSchema,cn=schema,cn=config.
What I wanted to do was:
creation of a schema file
creation of a .conf file linking to my schema file
conversion of the schema to a ldif file, thanks to a slaptest or slapcat command and the .conf file
addition of the .ldif to the LDAP
I can't go through point 3., since both slaptest and slapcat command return: line xxx: unknown directive outside backend info and database definitions.
I've read a thousand time my schema file, but I can't find my error. I also couldn't find anything usefull about such an error.
Here is a part of my schema file:
attributeTypes: (1.2.840.113556.1.8000.2554.48931.2232.50796
NAME 'altitudeEntity'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE USAGE userApplications )
attributeTypes: ( 1.2.840.113556.1.8000.17728.40464.13370.25661.2712
NAME 'descriptionEntity'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
.
. other attributes
.
ObjectClass: ( 1.2.840.113556.45669.16975.37105.36062
NAME 'principalClass'
SUP top STRUCTURAL
MUST RDNFragment
MAY ( altitudeEntity $ descriptionEntity $ ...) )
.
. other classes extending principalClass (SUP principalClass)
.
Also: when keeping only attributes, the commands succeed and the ldif files are generated. The error is always on the first objectClass.
Thanks for any help :)
Found the error this morning, I guess I was tired yesterday.
The correct syntax is objectclass ( OID ... without " : ". I changed also attributeTypes: ( OID... to attributetype ( OID... and everything worked fine.
Using H2 database, is it possible to use the split file option while in (SSL) server mode and using encryption? If so, how can I do it?
I created a split database using this JDBC string:
jdbc:h2:split:28:/g:/db_split;CIPHER=AES
It is stated that a split database always needs the :split option afterwards, which seems true because I get errors about corrupted files when connecting with
jdbc:h2:ssl://g:/db_split;CIPHER=AES
General error: "java.lang.NumberFormatException: Zero length string" [50000-170] HY000/50000
But when I attach the appropriate option, another error follows:
jdbc:h2:split:ssl://g:/db_split;CIPHER=AES
IO Exception: "java.io.IOException: A sintaxe do nome do arquivo, do nome do diretório ou do rótulo do volume está incorreta"; "ssl://g:/db_split.h2.db" [90031-170] 90031/90031 (Error message localized in Portuguese - something like "The syntax for file name, folder name or volume label is incorrect")
Is there a way to make these options coexist? I am considering AUTO_SERVER, but it would be a lousy option.
For the server mode, use:
jdbc:h2:tcp://localhost/split:28:/g:/db_split;CIPHER=AES
When using SSL:
jdbc:h2:ssl://localhost/split:28:/g:/db_split;CIPHER=AES
For embedded mode, use:
jdbc:h2:split:28:/g:/db_split;CIPHER=AES