Author Topic: 1.3: Nasty Error when activating UsersAndGroups-module on slave  (Read 3649 times)

philmills

  • Zen Warrior
  • ***
  • Posts: 161
  • Karma: +8/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #15 on: January 19, 2010, 02:54:55 pm »
well - it sounds like this master/slave thing is well and truly broken, which is comforting to know i'm not the only one, but i do sympathise that your master is now broken from trying to get to the bottom of this...

peterr

  • Zen Monk
  • **
  • Posts: 83
  • Karma: +0/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #16 on: January 19, 2010, 02:58:05 pm »
Well it is only a development version so the more we find wrong now the better things will be when 1.4 is released - if we don't find the problems, nobody is going to fix them!

philmills

  • Zen Warrior
  • ***
  • Posts: 161
  • Karma: +8/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #17 on: January 19, 2010, 03:08:15 pm »
i was kinda hoping that it would be fixed in 1.3 stable - if not then its not stable (if you see what i mean)

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #18 on: January 19, 2010, 03:25:26 pm »
Hi peterr. The restriction is still there and will be in 1.4. It requires a lot of changes in the LDAP code and it can't be done right before a release.

The master can only contain 'usersandgroups', and no other modules that use groups such as mail or samba.

Cheers!

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #19 on: January 19, 2010, 03:26:56 pm »
@philmills: it's not 'well and truly' broken at all. what happened is that we upgraded to a new openldap version and it turned out to be 'quite' broken. i have a fixed openldap version that i am uploading right now. it should be available in a few hours.

cheers

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #20 on: January 19, 2010, 03:29:43 pm »
The OpenLDAP version that we were using (different than the one we developed the master/slave with) had a bug that caused replication to not work.

I have just packaged a fixed version and things seem to work with it. It will be uploaded to the 1.3 repositories in a few hours.

peterr

  • Zen Monk
  • **
  • Posts: 83
  • Karma: +0/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #21 on: January 20, 2010, 07:46:51 pm »
Thanks Isaac
Pity about the u&g only feature remaining in 1.4 but that can be worked around - is it possible to authenticate a linux client on a slave though? I had not luck previously. I have just read an email on how to clear out the ldap settngs so i will try and put things back as they were then I can go back to trying linux auth.

Andy

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #22 on: January 21, 2010, 08:27:52 am »
Hello!

I set up the master and slave again and replication seems to work.
On the slave I can see the user & groups I created on the master.

But what do you mean with:
Quote
The master can only contain 'usersandgroups', and no other modules that use groups such as mail or samba.

You can use the master only for administrate the users & groups? No file- and/or printersharing?
My idea was to use the master as a PDC with Samba for file- and printer-sharing and a slave for communication (gateway, proxy, mail). The users can fetch their mail from the slave and in the background the authentication aould be checked via LDAP on the master.
Am I wrong?

By the way:
I tried to use the UserCorner on the slave, but whe I try to log on with a user that exists in LDAP the UserCorner says "Incorrect password".
But on the master it worked...
« Last Edit: January 21, 2010, 08:30:26 am by Andy »

peterr

  • Zen Monk
  • **
  • Posts: 83
  • Karma: +0/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #23 on: January 21, 2010, 09:27:37 am »
your master can run anything that does not depend on userandgroups e.g web server, dchp, dns etc but the only ldap based service can be usersandgroups.
I was rather hoping to do something similar to what you want but find I can not - However I have a web server that I can use as the master for usersandgroups (though currently that is not working as I can not reinstall ebox and get the usersandgroups module to work)

Andy

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +0/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #24 on: January 21, 2010, 10:31:37 am »
Before I read this I activated File- and Printersharing on the master, and Email on the slave.
Now it's not possible to access Users or Groups on the slave anymore.

The same stupid error message appears:
Code: [Select]
An internal error has occurred. This is most probably a bug, relevant information can be found in the logs.It would be nice to know in WHICH log I have to look.

In /varlog/ebox/ebox.log  on the slave I found some errors:
Code: [Select]

2010/01/21 10:13:26 ERROR> Ldap.pm:682 EBox::Ldap::_errorOnLdap - $VAR1 = {
          'base' => 'ou=Groups,dc=ebox,dc=domain,dc=tst',
          'attrs' => [
                       'cn',
                       'gidNumber',
                       'description'
                     ],
          'filter' => '(objectclass=*)',
          'scope' => 'one'
        };
2010/01/21 10:13:26 ERROR> Ldap.pm:684 EBox::Ldap::_errorOnLdap - Unknown error at EBox::UsersAndGroups::groups Referral received
2010/01/21 10:17:03 INFO> Service.pm:615 EBox::Module::Service::restartService - Skipping restart for events as it's disabled
2010/01/21 10:17:20 ERROR> Ldap.pm:682 EBox::Ldap::_errorOnLdap - $VAR1 = {
          'base' => 'ou=Users,dc=ebox,dc=domain,dc=tst',
          'attrs' => [
                       'uid',
                       'uidNumber'
                     ],
          'filter' => 'objectclass=*',
          'scope' => 'one'
        };
2010/01/21 10:17:20 ERROR> Ldap.pm:684 EBox::Ldap::_errorOnLdap - Unknown error at EBox::UsersAndGroups::uidList Referral received
2010/01/21 10:18:19 INFO> Service.pm:619 EBox::Module::Service::restartService - Restarting service for module: usercorner
2010/01/21 10:18:48 ERROR> Ldap.pm:682 EBox::Ldap::_errorOnLdap - $VAR1 = {
          'base' => 'ou=Users,dc=ebox,dc=domain,dc=tst',
          'attrs' => [
                       'uid',
                       'uidNumber'
                     ],
          'filter' => 'objectclass=*',
          'scope' => 'one'
        };
2010/01/21 10:18:48 ERROR> Ldap.pm:684 EBox::Ldap::_errorOnLdap - Unknown error at EBox::UsersAndGroups::uidList Referral received

Now I'm a little bit confused:
ebox is a user but also the name of the master machine.
Does the BaseDN (cn=) contain the machine's name or the user's name?

Is it possible to get the slave working again?
And where can I find (in the filesystem) the LDAP-server's configuration?
And where's the LDAP-client's config?


Saturn2888

  • Zen Hero
  • *****
  • Posts: 707
  • Karma: +1/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #25 on: February 04, 2010, 01:22:05 pm »
I looked after that line
Code: [Select]
write_file(SSL_DIR . 'master.cert', $cert); and here's what did the trick for me:
In
Code: [Select]
/var/lib/ebox/confthere are the two dirs "ssl" and "ssl-ca"
Look at the rights for the dirs and the files in "ssl".
With chmod I set them to rwxrwxrwx (for the dirs) and rw-rw-rw- for the files, then I activated UsersAndGroups again. It worked. After that I set the rights back.

Uhm, weird, the default rights in my system after a new installation are:
Code: [Select]
drwx------ 2 ebox adm 4096 2010-01-11 14:41 /var/lib/ebox/conf/ssl/
drwxr-xr-x 2 ebox adm 4096 2009-12-24 14:19 /var/lib/ebox/conf/ssl-ca/
which should be just fine.

I had my settings like yours, but my error says "Failed to enable: write_file '/var/lib/ebox/conf/ssl/master.cert' - sysopen: Permission denied at /usr/share/perl5/EBox/UsersAndGroups.pm line 2594." I tried setting the directory to 700 or 777, no fix. Then I got the great idea to create the file (which I've done before), no fix. Finally, I said, let me edit the permissions on that file I created and see what happens. After setting the permissions on the file itself to 777, it worked. I changed it to 660 just in case.

ymangolds

  • Zen Apprentice
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: 1.3: Nasty Error when activating UsersAndGroups-module on slave
« Reply #26 on: February 10, 2010, 07:07:57 am »
I have the same situation but a slightly different error
Code: [Select]
A really nasty bug has occurred
Exception
Failed to enable: Can't call method "get_value" on an undefined value at /usr/share/perl5/EBox/UsersAndGroups.pm line 2590.
Trace
Failed to enable: Can't call method "get_value" on an undefined value at /usr/share/perl5/EBox/UsersAndGroups.pm line 2590.
at /usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm line 74
EBox::CGI::ServiceModule::ConfigureModuleController::_process('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x8f...') called at /usr/share/perl5/EBox/CGI/Base.pm line 262
EBox::CGI::Base::run('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x8f...') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'ServiceModule/ConfigureModuleController', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0x9019f78)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x9019b28)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x9019b28)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x9019f78)') called at -e line 0
eval {...} called at -e line 0

Is there any estimate on when having a PDC on the same machine as the master will be available? I recently bought a new file server and upgraded my old one to 1.4 (which currently has the PDC). Is there a way to transfer the PDC over to the new fileserver (recreating it from scratch may cause problems with things like MS project server)?

Also, will disabling the things requiring users and groups be enough to have it be the master LDAP, or will i need a complete reinstall?

BTW, eBox is by far the best thing to happen to my IT dept (which consists of me, and I'm not an IT guru) and has made life much more enjoyable. Awesome work guys  ;D.
« Last Edit: February 10, 2010, 07:11:16 am by ymangolds »