directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <>
Subject Re: [Fortress] Install of fortess core with Open Ldap 2-4.31 fails
Date Thu, 06 Apr 2017 13:32:54 GMT

> On Apr 5, 2017, at 10:00 PM, Gigen Thomas <> wrote:
> I am trying to install directory-fortress-core with openldap-2.4.31 and am following
the instructions from

Hello Gigen, welcome!

> On Apr 5, 2017, at 10:00 PM, Gigen Thomas <> wrote:
> What's missing in the above referenced documentation is that open ldap 2.4 and above
versions uses the dynamic config and hence require the conversion of slapd.conf

The usage of the openldap dynamic config is not yet required and so the static config (slapd.conf)
continues to work.  

Regardless, you should be able to use either option.

> On Apr 5, 2017, at 10:00 PM, Gigen Thomas <> wrote:
> and here's command that I use for the conversion: 
> sudo -u openldap slaptest -f slapd.conf -F slapd.d   -v 
> 58e59f4d slapd.conf: line 67: rootdn is always granted unlimited privileges.
> 58e59f4d mdb_db_open: database "cn=log" cannot be opened, err 2. Restore from backup!
> 58e59f4d backend_startup_one (type=mdb, suffix="cn=log"): bi_db_open failed! (2)
> slap_startup failed (test would succeed using the -u switch)
> The Conversion fails to create the required databases ( log and fortress )
> Have checked permissions on the various ldap folders and have not been able to resolve
this. Hoping that someone on this mailing list has run into this. Any help will be greatly
appreciated !!

I don’t have much experience with the dynamic configuration utility in slapd so this specific
error is unfamiliar, but I can offer some ideas.

There’s a problem with the slapd history DB setup used by fortress' audit log.  What is
the config for yours?  For example, the README has this:

# History DB Settings  (optional)
database	 mdb
directory	 "/var/openldap/hist"

Here we see a DB that has been mapped to the /var/openldap/hist folder.  Does that corresponding
folder exist on your machine and does it have the proper permissions to allow your openldap
user write access? 
View raw message