fintanr's weblog

Archives
« November 2009
MonTueWedThuFriSatSun
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
      
Today

the links



Twitter Updates

    follow me on Twitter













    blogs.sun.com
    Weblog
    Login



    All | Books | Gadgets | General | JES | OpenSolaris | Perl | Services | Slamd | Solaris | Travels | Tunes

    « semi work related...... | Main | Quick ksh tip »
    20050727 Wednesday July 27, 2005

    Working Around idsconfig "Can not determine the top of tree" errors
    Currently we doing a bit of work that requires native ldap, and as part of your setup you use idsconfig(1M) to do some configuration work on your directory server, and unfortunately in some scenarios on Solaris 9 it can throw the following rather cryptic error message 

    ERROR: Can not determine the top of tree
    which is not very usefull.

    I hadn't seen this issue recently as it was fixed as bugid 4510686 in Solaris 10 which I had been using for my initial exploration, and I had also hand installed my directory server without allowing it to put in sample data. But as I moved to a box reinstalled with Solaris 9 earlier today to replicate a known customer environment and after being jumpstarted it ran through a base install of the Sun Java System Directory Server using a silent install file that I had for a different rig, and just tried to use a previously generated server config file from idsconfig (sometimes trying to be too smart with automation can bite :( ).

    Now the silent install file I had used to install the directory server also created some sample data, leading to multiple namingContexts in the ldap server with was the cause of my problem. In our case we are using a DN of dc=jestest,dc=sun,dc=com, which is what I expected idsconfig to pick up, but if you do an ldapsearch against this you get the following 

    # /usr/bin/ldapsearch -h ds -p 389 -D "cn=Directory Manager" -w "daPasswd" \
  -b "" -s base objectclass=* | grep namingContext
namingContexts=dc=example, dc=com
namingContexts=dc=jestest,dc=sun,dc=com
namingContexts=o=NetscapeRoot

    Within idsconfig there is a function discover_serv_info(), with the following code 

    discover_serv_info()
{
    [ $DEBUG -eq 1 ] && ${ECHO} "In discover_serv_info()"

    # Search the server for the TOP of the TREE.
    ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" > ${TMPDIR}/checkTOP 2>&1
    ${GREP} -i namingcontexts ${TMPDIR}/checkTOP | \
        ${GREP} -i -v NetscapeRoot > ${TMPDIR}/treeTOP
    NUM_TOP=`wc -l ${TMPDIR}/treeTOP | awk '{print $1}'`
    if [ $NUM_TOP -ne 1 ]; then
        ${ECHO} "ERROR: Can not determine the top of tree"
        exit 1
    fi
    LDAP_TREETOP=`cat ${TMPDIR}/treeTOP | cut -f2- -d='`

    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_TREETOP = $LDAP_TREETOP"
}

    As we can see our extra "dc=example,dc=com" line is going to cause a few problems. So the quick hack (and completely unsupported) work around is do and in an extra grep -i <our naming context> in our namingcontexts section, giving us the following line 

        ${GREP} -i namingcontexts ${TMPDIR}/checkTOP | \
        ${GREP} -i -v NetscapeRoot | ${GREP} -i jestest > ${TMPDIR}/treeTOP
    And of course the correct work around is to upgrade to Solaris 10 ;).
    Technorati Tag(s) :

    (2005-07-27 13:03:33.0) Permalink Comments [0]

    Trackback URL: http://blogs.sun.com/fintanr/entry/working_around_idsconfig_can_not
    Comments:

    Post a Comment:

    Name:
    E-Mail:
    URL:

    Your Comment:

    HTML Syntax: NOT allowed